def edit_account(user_id):
form = EditAccountForm(request.form)
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if not user:
return "No user account associated with that user"
if request.method == 'GET':
return render_template("edit_account_page.html", user_id=user_id, form=form)
if request.method == 'POST' and form.validate():
errors = []
new_email = form.email.data
new_pword = form.password.data
if (not new_email) and (not new_pword):
errors += ['Please enter a new email or password']
errors += validate_password(new_pword) + validate_email(new_email)
if dbOps.user_exists(new_email):
flash("Account already exists for this email")
return render_template("edit_account_page.html", user_id=user_id, form=form)
if len(errors) is not 0:
if errors[0] !='field is required':
flash(errors[0])
return render_template("edit_account_page.html", user_id=user_id, form=form)
if new_email:
dbOps.send_verification_email(new_email, mail_manager)
flash("you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you")
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
return redirect(url_for('index'))
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
flash("Account successfully updated")
return redirect(url_for('show_user_page', user_id=user_id))
else:
flash("Please fix any errors")
return render_template("edit_account_page.html", user_id=user_id, form=form)
def login():
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
if len(email) is 0 or len(password) is 0:
flash("Please provide an email address and a password")
return render_template("index.html")
is_valid = dbOps.validate_login_credentials(email, encrypt(password))
user = dbOps.get_user_by_email(email)
if is_valid:
if dbOps.is_user_account_activated(email):
session['logged_in'] = True
session['user_id'] = user.user_id
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=20)
return redirect(url_for('show_user_page',
user_id=user.user_id))
else:
flash(
"Your account has not been activated yet. Please follow the URL in your email"
)
return render_template("index.html")
else:
flash("invalid login credentials")
return render_template("index.html")
def test_edit_invalid_password(self):
user = self.create_test_account()
self.login()
rv = self.app.post('/edit_account/{0}'.format(user.user_id),
data=dict(email="", password="******"),
follow_redirects=True)
self.assertEqual(str(user.password), encrypt("Somepass1234"))
def create_test_account_and_post(self):
DB.insert_user("*****@*****.**", encrypt("Somepass1234"))
DB.activate_user("*****@*****.**")
user = DB.get_user_by_email("*****@*****.**")
post = DB.insert_post('test_title', user.user_id, 'test_author',
user.email)
return dict(user=user, post=post)
def test_edit_invalid_password(self):
user = self.create_test_account()
self.login()
rv = self.app.post('/edit_account/{0}'.format(user.user_id), data=dict(
email="",
password="******"
), follow_redirects=True)
self.assertEqual(str(user.password), encrypt("Somepass1234"))
def edit_account(user_id):
form = EditAccountForm(request.form)
if not session.get('logged_in'):
return "You are not logged in"
user = dbOps.get_user_by_ID(user_id)
if not user:
return "No user account associated with that user"
if request.method == 'GET':
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if request.method == 'POST' and form.validate():
errors = []
new_email = form.email.data
new_pword = form.password.data
if (not new_email) and (not new_pword):
errors += ['Please enter a new email or password']
errors += validate_password(new_pword) + validate_email(new_email)
if dbOps.user_exists(new_email):
flash("Account already exists for this email")
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if len(errors) is not 0:
if errors[0] != 'field is required':
flash(errors[0])
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
if new_email:
dbOps.send_verification_email(new_email, mail_manager)
flash(
"you will receive a confirmation email with an activation URL, to prove that the new email address belongs to you"
)
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
return redirect(url_for('index'))
dbOps.edit_user_account(user_id, new_email, encrypt(new_pword))
flash("Account successfully updated")
return redirect(url_for('show_user_page', user_id=user_id))
else:
flash("Please fix any errors")
return render_template("edit_account_page.html",
user_id=user_id,
form=form)
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [error for errorSublist in errors for error in errorSublist]
if(len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def create_account():
errors = []
password = request.form['password']
email = request.form['email']
if request.method == 'POST':
errors = validate_password(password)
email_errors = validate_email(email)
if len(email_errors) is not 0:
errors.append(email_errors)
if len(errors) is 0:
if dbOps.user_exists(email):
flash("Account already exists for this email")
return render_template('signup.html', error=errors)
else:
dbOps.insert_user(email, encrypt(password))
dbOps.send_verification_email(email, mail_manager)
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in errors)
flash(formatted_error)
return render_template('signup.html')
def create_account():
errors = []
password = request.form['password']
email = request.form['email']
if request.method == 'POST':
errors = validate_password(password)
email_errors = validate_email(email)
if len(email_errors) is not 0:
errors.append(email_errors)
if len(errors) is 0:
if dbOps.user_exists(email):
flash("Account already exists for this email")
return render_template('signup.html', error=errors)
else:
dbOps.insert_user(email, encrypt(password))
dbOps.send_verification_email(email, mail_manager)
return render_template('index.html')
else:
formatted_error = '. '.join(str(error) for error in errors)
flash(formatted_error)
return render_template('signup.html')
def reset_password():
if request.method == 'GET':
token = request.args.get('token')
return render_template('update_password.html', token=token)
elif request.method == 'POST':
token = request.form['token']
email = Token.confirm_token(token)
new_password = request.form['password']
errors = []
errors.append(validate_password(new_password))
flattened_errors_list = [
error for errorSublist in errors for error in errorSublist
]
if (len(flattened_errors_list) == 0):
user = dbOps.get_user_by_email(email)
dbOps.edit_user_account(user.user_id, None, encrypt(new_password))
flash("Successfully updated password", 'Success')
return render_template('index.html')
else:
formatted_error = '. '.join(
str(error) for error in flattened_errors_list)
flash(formatted_error)
return render_template('update_password.html', token=token)
def login():
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
if len(email) is 0 or len(password) is 0:
flash("Please provide an email address and a password")
return render_template("index.html")
is_valid = dbOps.validate_login_credentials(email, encrypt(password))
user = dbOps.get_user_by_email(email)
if is_valid:
if dbOps.is_user_account_activated(email):
session['logged_in'] = True
session['user_id'] = user.user_id
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=20)
return redirect(url_for('show_user_page', user_id=user.user_id))
else:
flash("Your account has not been activated yet. Please follow the URL in your email")
return render_template("index.html")
else:
flash("invalid login credentials")
return render_template("index.html")
def create_test_account_and_post(self):
DB.insert_user("*****@*****.**", encrypt("Somepass1234"))
DB.activate_user("*****@*****.**")
user = DB.get_user_by_email("*****@*****.**")
post = DB.insert_post('test_title', user.user_id, 'test_author', user.email)
return dict(user=user, post=post)
def create_test_account(self):
DB.insert_user("*****@*****.**", encrypt("Somepass1234"))
DB.activate_user("*****@*****.**")
return DB.get_user_by_email("*****@*****.**")
def create_test_account(self):
DB.insert_user("*****@*****.**", encrypt("Somepass1234"))
DB.activate_user("*****@*****.**")
return DB.get_user_by_email("*****@*****.**")
def create_test_account(self):
DB.insert_user("*****@*****.**", encrypt("Somepass1234"))
DB.activate_user("*****@*****.**")
def create_test_account(self):
DB.insert_user(test_email, encrypt(test_password))
DB.activate_user(test_email)
def create_test_account(self):
DB.insert_user(test_email, encrypt(test_password))
DB.activate_user(test_email)
