def post(self, post_id):
logging.debug('NewCommentPage/post/entered...')
if not self.user:
self.redirect('/signin?redirect=newcomment/{}'.format(post_id))
# Note - method execution continues without return after the redirect call, don't
# forget!
return
else:
jinja_env.globals['user'] = self.user.username
# Sanity checks - look up post_id:
blog = utils.valid_post(post_id)
if not blog:
self.error(404)
return
# Shouldn't need
# post_id = self.request.get('post_id')
cancel = self.request.get('cancel')
if cancel:
logging.debug(
'NewCommentPage/post/Found cancel parameter of {}.'.format(
cancel))
if post_id:
logging.debug(
'NewPostPage/post/Redirecting to /post/{}...'.format(
post_id))
self.redirect('/viewpost/{}'.format(post_id))
return
else:
logging.debug('NewCommentPage/post/Redirecting to /...')
self.redirect('/')
return
params = dict(title=self.request.get('title'),
content=self.request.get('content'),
tags=self.request.get('tags'),
title_error='',
content_error='',
tags_error='')
# New Comment - Check there's actually a comment
if params['content']:
### Switch from creating comment based strictly on parent blog to leveraging
# reference property
# c = entities.Comment(parent=blog.key(), content=params['content'],
# author=self.user.username)
c = entities.Comment(parent=blog.key(),
blog=blog,
content=params['content'],
author=self.user.username)
c.put()
self.redirect('/viewpost/{}'.format(str(blog.key().id())))
return
# No comment content
else:
params[
'content_error'] = 'Please include some content in your comment.'
self.render('cupost.html', **params)
def get(self, post_id):
logging.debug('NewCommentPage/get/entered...')
# Must be authenticated or redirect straight away...
if not self.user:
self.redirect('/signin?redirect=newcomment/{}'.format(post_id))
return
else:
jinja_env.globals['user'] = self.user.username
# Sanity checks - look up post_id:
blog = utils.valid_post(post_id)
if not blog:
self.error(404)
return
jinja_env.globals['cu_type'] = 'Create New Comment'
jinja_env.globals['new'] = True
jinja_env.globals['ro_title'] = True
# In case this is present (e.g., after visiting DeleteCommentPage) remove
if jinja_env.globals.get('ro_content'):
del jinja_env.globals['ro_content']
params = dict(title=blog.title, content='', tags=blog.tags)
logging.debug(
'NewCommentPage/get - params={}, jinja_env.globals={}'.format(
params, jinja_env.globals))
self.render('cupost.html', **params)
def get(self, post_id):
logging.debug('DelPostPage/get/entered...')
# Point of method is to delete post - if user not authenticated deal with straight away...
if not self.user:
self.redirect('/signin?redirect=delpost/{}'.format(post_id))
else:
jinja_env.globals['user'] = self.user.username
# Sanity check - look up post_id:
blog = utils.valid_post(post_id)
if not blog:
self.error(404)
return
# Authorization check:
if self.user.username != blog.author:
logging.debug(
"User {} tried to delete {}'s post - permission denied.".
format(self.user.username, blog.author))
self.redirect('/viewpost/{}?dpstat=1'.format(post_id))
return
jinja_env.globals['cu_type'] = 'Delete Existing Post'
jinja_env.globals['new'] = False
jinja_env.globals['ro_title'] = True
jinja_env.globals['ro_content'] = True
params = dict(title=blog.title,
content=blog.content,
tags=blog.tags)
self.render('cupost.html', **params)
def post(self, post_id, comment_id):
logging.debug('DelCommentPage/post/entered...')
if not self.user:
self.redirect('/signin?redirect=delcomment/{}&{}'.format(
post_id, comment_id))
# Note - method execution continues without return after the redirect call, don't
# forget!
return
else:
jinja_env.globals['user'] = self.user.username
# Sanity checks - look up post_id:
blog = utils.valid_post(post_id)
if not blog:
self.error(404)
return
### valid_comment might need some work on parent path...
### Look up comment_id:
comment = utils.valid_comment(post_id, comment_id)
if not comment:
self.error(404)
return
# Authorization check:
if self.user.username != comment.author:
logging.debug(
"User {} tried to delete {}'s comment - permission denied."
.format(self.user.username, comment.author))
self.redirect('/viewpost/{}?dcstat=1&cid={}'.format(
post_id, comment_id))
return
cancel = self.request.get('cancel')
if cancel:
if post_id:
logging.debug(
'DelCommentPage/post/Redirecting to /post/{}...'.
format(post_id))
self.redirect('/viewpost/{}'.format(post_id))
return
else:
logging.debug('DelCommentPage/post/Redirecting to /...')
self.redirect('/')
return
# If user didn't cancel, then delete comment
db.delete(comment)
self.redirect('/viewpost/{}'.format(post_id))
def get(self, post_id, comment_id):
logging.debug('EditCommentPage/get/entered...')
# If user not authenticated, deal with straight away...
if not self.user:
self.redirect('/signin?redirect=editcomment/{}&{}'.format(
post_id, comment_id))
return
else:
jinja_env.globals['user'] = self.user.username
# Sanity checks - look up post_id:
blog = utils.valid_post(post_id)
if not blog:
self.error(404)
return
### valid_comment might need some work on parent path...
### Look up comment_id:
comment = utils.valid_comment(post_id, comment_id)
if not comment:
self.error(404)
return
# Authorization check:
if self.user.username != comment.author:
logging.debug(
"User {} tried to edit {}'s comment - permission denied.".
format(self.user.username, comment.author))
self.redirect('/viewpost/{}?ecstat=1&cid={}'.format(
post_id, comment_id))
return
jinja_env.globals['cu_type'] = 'Edit Existing Comment'
jinja_env.globals['new'] = False
jinja_env.globals['ro_title'] = True
# In case this is present (e.g., after visiting DeleteCommentPage) remove
if jinja_env.globals.get('ro_content'):
del jinja_env.globals['ro_content']
params = dict(title=blog.title,
content=comment.content,
tags=blog.tags)
self.render('cupost.html', **params)
def post(self, post_id):
logging.debug('DelPostPage/post/entered...')
if not self.user:
self.redirect('/signin?redirect=delpost/{}'.format(post_id))
# Note - method execution continues without return after the redirect call, don't
# forget!
return
else:
jinja_env.globals['user'] = self.user.username
blog = utils.valid_post(post_id)
cancel = self.request.get('cancel')
if cancel:
if blog:
logging.debug(
'DelPostPage/post/Redirecting to /post/{}...'.format(
post_id))
self.redirect('/viewpost/{}'.format(post_id))
return
else:
logging.debug('DelPostPage/post/Redirecting to /...')
self.redirect('/')
return
# Existing Blog Post - Validate
if not blog:
self.error(404)
return
# Authorization check:
if self.user.username != blog.author:
logging.debug(
"User {} tried to delete {}'s post - permission denied.".
format(self.user.username, blog.author))
self.redirect('/viewpost/{}?dpstat=1'.format(post_id))
return
# If user didn't cancel then delete post
db.delete(blog)
### Need small delay to allow DB to purge the post...
time.sleep(0.100)
self.redirect('/')
def reddit_post():
text = request.form['text']
response_url = request.form['response_url']
if valid_post(text):
misp_event_id = text.split(' ')[0]
reddit_post_id = text.split(' ')[1]
data = {
'misp_event_id': misp_event_id,
'reddit_post_id': reddit_post_id,
'response_url': response_url
}
q.enqueue(process_reddit_post, data)
resp = build_response(f'Adding Reddit post {reddit_post_id} to MISP Event {misp_event_id}')
requests.post(response_url, json=resp)
else:
resp = build_response('Invalid Reddit post or MISP Event: {}'.format(text))
requests.post(response_url, json=resp)
return('', 200)
def post(self, post_id, comment_id):
logging.debug('EditCommentPage/post/entered...')
if not self.user:
self.redirect('/signin?redirect=editcomment/{}&{}'.format(
post_id, comment_id))
# Note - method execution continues without return after the redirect call, don't
# forget!
return
else:
jinja_env.globals['user'] = self.user.username
# Sanity checks - look up post_id:
blog = utils.valid_post(post_id)
if not blog:
self.error(404)
return
### valid_comment might need some work on parent path...
### Look up comment_id:
comment = utils.valid_comment(post_id, comment_id)
if not comment:
self.error(404)
return
# Authorization check:
if self.user.username != comment.author:
logging.debug(
"User {} tried to edit {}'s comment - permission denied.".
format(self.user.username, comment.author))
self.redirect('/viewpost/{}?ecstat=1&cid={}'.format(
post_id, comment_id))
return
cancel = self.request.get('cancel')
if cancel:
if post_id:
logging.debug(
'EditCommentPage/post/Redirecting to /post/{}...'.
format(post_id))
self.redirect('/viewpost/{}'.format(post_id))
return
else:
logging.debug('EditCommentPage/post/Redirecting to /...')
self.redirect('/')
return
params = dict(title=self.request.get('title'),
content=self.request.get('content'),
tags=self.request.get('tags'),
title_error='',
content_error='',
tags_error='')
# Check there's actually a comment
if params['content']:
comment.content = params['content']
comment.last_modified = datetime.datetime.now()
comment.put()
self.redirect('/viewpost/{}'.format(post_id))
return
# No comment content
else:
params[
'content_error'] = 'Please include some content in your comment.'
self.render('cupost.html', **params)
def post(self, post_id):
logging.debug('EditPostPage/post/entered...')
if not self.user:
self.redirect('/signin?redirect=editpost/{}'.format(post_id))
# Note - method execution continues without return after the redirect call, don't
# forget!
return
else:
jinja_env.globals['user'] = self.user.username
blog = utils.valid_post(post_id)
cancel = self.request.get('cancel')
if cancel:
if blog:
logging.debug(
'EditPostPage/post/Redirecting to /post/{}...'.format(
post_id))
self.redirect('/viewpost/{}'.format(post_id))
return
else:
logging.debug('EditPostPage/post/Redirecting to /...')
self.redirect('/')
return
params = dict(title=self.request.get('title'),
content=self.request.get('content'),
tags=self.request.get('tags'),
title_error='',
content_error='',
tags_error='')
# Existing Blog Post - Validate
if not blog:
self.error(404)
return
# Authorization check:
if self.user.username != blog.author:
logging.debug(
"User {} tried to edit {}'s post - permission denied.".
format(self.user.username, blog.author))
self.redirect('/viewpost/{}?epstat=1'.format(post_id))
return
# Edit Existing Post
blog.title = params['title']
blog.content = params['content']
blog.tags = params['tags']
blog.last_modified = datetime.datetime.now()
# Sanity check - Blog Post missing parameters?
have_errors = False
if not params['title']:
params['title_error'] = 'Please include a title for your post.'
have_errors = True
if not params['content']:
params[
'content_error'] = 'Please include some content in your post.'
have_errors = True
if have_errors:
self.render('cupost.html', **params)
else:
blog.put()
### Need write delay here???
self.redirect('/viewpost/{}'.format(post_id))