def post(self, topic_id): logged_user = users.get_current_user() if not logged_user: return self.write("Please, login first") csrf_token = self.request.get('csrf-token') mem_token = memcache.get(key=csrf_token) if not mem_token or mem_token != logged_user.email(): return self.write("This website is protected against CSRF") comment = self.request.get('comment') topic = Topic.get_by_id(int(topic_id)) if not comment: return self.write("Text field is requiered") Comment.create(content=comment, user=logged_user, topic=topic) # new_comment = Comment( # content = comment, # author_email = logged_user.email(), # topic_id = int(topic_id), # topic_title = Topic.get_by_id(int(topic_id)).title, # ) #new_comment.put() return self.redirect_to("topic-details", topic_id=topic_id)
def post(self, topicid): user = users.get_current_user() if not user: return self.write("Please, login before") csrf_token = self.request.get("paco") mem_token = memcache.get(key=csrf_token) if not mem_token: return self.write("This website es protected") comment_value = self.request.get("comment") if "<script>" in comment_value: return self.write("No Hack script") if not comment_value: return self.write("Required") topic = Topic.get_by_id(int(topicid)) #new_comment = Comment( # content=comment_value, # author_email=user.email(), # topicid=topic.key.id(), #topic_title=topic.title #) #new_comment.put() Comment.create(content=comment_value, user=user, topic=topic) return self.redirect_to("topic-detail", topicid=topic.key.id())
def post(self, topic_id): """ save new comment to database """ user = User.logged_in_user() topic = Topic.get_by_id(int(topic_id)) content = self.request.get('content') Comment.create(content, user, topic) return self.redirect_to('topic-details', topic_id=int(topic_id))
def post(self, content_id): user = users.get_current_user() comment = { 'nickname': user.nickname(), 'content_id': content_id, 'comment': self.request.get('comment') } Comment.create(comment) self.redirect('/content/' + content_id + "?action=comment.post")
def post(self, topic_id): user = users.get_current_user() text = self.request.get('comment-text') topic = Topic.get_by_id(int(topic_id)) Comment.create(content=text, user=user, topic=topic) return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id): user = users.get_current_user() if not user: return self.write("Please login before you're allowed to post a topic.") text = self.request.get("comment-text") topic = Topic.get_by_id(int(topic_id)) Comment.create(content=text, user=user, topic=topic) return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id): # check if user is logged user = users.get_current_user() if not user: return self.write("Please login ! You are not allowed to post...") text = self.request.get("comment-text") topic = Topic.get_by_id(int(topic_id)) Comment.create(content=text, author=user.email(), topic=topic) return self.redirect_to("topic-details", topic_id=topic.key.id())
def test_post_topic_details_handler(self): # POST topic = Topic(title = "New topic", content = "Content of new topic!", author_email = '*****@*****.**') topic.put() topic_query = Topic.query().get() self.assertTrue(topic_query) # pošjem v bazo csrf_token = str(uuid.uuid4()) memcache.add(key=csrf_token, value='*****@*****.**', time=600) comment_content = "That is my comment!" Comment.create(comment_content, '*****@*****.**', int(topic.key.id()), topic) params = {"get_comment": comment_content, "csrf_token": csrf_token} post = self.testapp.post('/topic/details/{0}'.format(topic.key.id()), params = params) self.assertEqual(post.status_int, 302)
def comment_create(topic_id): # get current user (comment author) session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() # only logged in users can create a comment if not user: return redirect(url_for('auth.login')) csrf = request.form.get("csrf") # csrf from HTML if validate_csrf(csrf, user.username): text = request.form.get("text") # query the topic object from the database topic = db.query(Topic).get(int(topic_id)) # create a Comment object comment = Comment.create(topic=topic, text=text, author=user) return redirect( url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username))) else: return "CSRF token is not valid!"
def saveComment(self): results = {'result': False} text = self.request.get('commentText') pointRootUrlsafe = self.request.get('p') parentCommentUrlsafe = self.request.get('parentKey') user = self.current_user if user: try: comment = Comment.create( text, user, pointRootUrlsafe, parentCommentUrlsafe) if comment: pst_date = PST.convert(comment.date) results = { 'result': True, 'userName': user.name, 'userURL': user.url, 'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png', 'text': text, 'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'), 'parentUrlsafe': parentCommentUrlsafe, 'myUrlSafe':comment.key.urlsafe(), 'level': comment.level } except WhysaurusException as e: results['error'] = str(e) resultJSON = json.dumps(results) self.response.headers.add_header('content-type', 'application/json', charset='utf-8') self.response.out.write(resultJSON)
def create_comment(): # gets json data from client data = request.get_json() try: # gets post by its id post = Post.get(Post.id == data['post_id'], Post.soft_delete == False) # creates a new comments comment = Comment.create(**data, user=current_user.id, post=post) # converts model to dictionary comment_dict = model_to_dict(comment) return jsonify( data=comment_dict, status={'code': 201, 'message': 'successfully created comment.'} ) # if the queried post doesnt exist except DoesNotExist: return jsonify( data={}, status={'code': 404, 'message': 'Resource does not exist.'} )
def post(self, topic_id): if not topic_id: return self.write( 'Error trying to write a comment into undefined topic!') topic = Topic.get_by_id(int(topic_id)) logged_user = users.get_current_user() if not logged_user: return self.write( 'Please login to be allowed to post a new comment.') content = self.request.get('comment') if (not content) or (not content.strip()): return self.write('Empty comments are not allowed!') new_comment = Comment.create( content=content, user=logged_user, topic=topic, ) flash = { 'flash_message': 'Comment added successfully', 'flash_class': 'alert-success', } return self.redirect_to('topic-details', topic_id=topic_id, **flash)
def mutate(self, info, comment_data): point_root = PointRootModel.getByUrlsafe(comment_data.pointID) user = info.context.current_user text = comment_data.text comment = CommentModel.create(text, user, point_root, comment_data.parentCommentID) PointModel.addNotificationTask(point_root.key, user.key, 3, text) return NewComment(comment=comment)
def post(self, topic_id): user = users.get_current_user() if not user: return self.write("You're not logged in.") text = cgi.escape(self.request.get("comment")) topic = Topic.get_by_id(int(topic_id)) new_comment = Comment.create(text, user, topic) return self.redirect_to("topic-details", topic_id=topic.key.id())
def comment_create(topic_id): user = user_from_session_token() if not user: return redirect(url_for('auth.login')) csrf = request.form.get("csrf") if not validate_csrf(csrf, user.username): return "CSRF token is not valid!" text = request.form.get("text") topic = Topic.read(topic_id) Comment.create(topic=topic, text=text, author=user) return redirect(url_for('topic.topic_details', topic_id=topic_id))
def post(self, topic_id): logged_user = users.get_current_user() if not logged_user: return self.write( "Please login before you're allowed to post a topic.") text_value = self.request.get("text") topic = Topic.get_by_id(int(topic_id)) Comment.create( text_value=text_value, logged_user=logged_user, topic=topic, ) return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id): csrf_token = self.request.get("csrf_token") mem_token = memcache.get(key=csrf_token) # find if this CSRF exists in memcache if not mem_token: # if token does not exist in memcache, write the following message return self.write("You are evil attacker...") user = users.get_current_user() if not user: return self.write("Please login before you're allowed to post a topic.") text = self.request.get("comment-text") topic = Topic.get_by_id(int(topic_id)) Comment.create(content=text, user=user, topic=topic) return self.redirect_to("topic_details", topic_id=topic.key.id())
def post(self, topic_id): topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() if not user: return self.write("you are not loged in!") comment = self.request.get("content") author = User.query(User.email == user.email()).fetch() author_email = author[0].email author_avatar = author[0].avatar_url Comment.create(content=comment, author=author_email, topic=topic, avatar=author_avatar) Topic.comment_sum_add(topic=topic) return self.redirect_to("topic", topic_id=topic.key.id())
def post(self, topic_id): user = users.get_current_user() if not user: return self.write("Please login before you comment on topic!") # CSRF protection #csrf_token = self.request.get("csrf_token") #csrf_value = memcache.get(csrf_token) #if str(csrf_value) != user.email(): # return self.write("You are hecker!") current_topic = Topic.get_by_id(int(topic_id)) content = self.request.get("get_comment") Comment.create(content, user.email(), int(topic_id), current_topic) if is_local(): time.sleep(0.1) return self.redirect_to("topic-details", topic_id=int(topic_id))
def post(self, topic_id): user = users.get_current_user() if not user: return self.write("Please login.") text = cgi.escape(self.request.get("comment-text")) topic = Topic.get_by_id(int(topic_id)) new_comment = Comment.create(text, user, topic) return self.write("Comment created successfully.")
def comment_create(topic_id): user = user_from_session_token() # only logged in users can create a comment if not user: return redirect(url_for('auth.login')) csrf = request.form.get("csrf") if not is_valid_csrf(csrf, user.username): return "CSRF token is not valid!" text = request.form.get("text") # query the topic object from the database topic = Topic.read(topic_id) # create a Comment object Comment.create(topic=topic, text=text, author=user) return redirect(url_for('topic.topic_details', topic_id=topic_id))
def create_fake_comment(self, user=None, topic=None, content="This is comment only for testing"): if not user: user = self.create_fake_admin() if not topic: topic = self.create_fake_topic() comment = Comment.create(content=content, user=user, topic=topic) return comment
def post(self, topic_id): logged_user = users.get_current_user() if not logged_user: return self.write( "Please login before you're allowed to add a comment.") comment_content = self.request.get('comment-content') if not comment_content: return self.write("Comment content field is required") topic = Topic.get_by_id(int(topic_id)) Comment.create( content=comment_content, user=logged_user, topic=topic, ) return self.redirect_to("topic-details", topic_id=topic.key.id())
def exec(self, *args): if len(args) < 2: raise BadArgsException content = self.raw_command.strip() content = content[8:].strip() content = content[len(args[0]):].strip() try: p = Post.get('id', args[0]) except ObjectNotExist: self.write('Post does not exist.') return uuid = 'comment-{}'.format(gen_uuid()) username = User.get('id', p.author_id).username Comment.create(p, self.user, uuid) self.write( json.dumps({ 'username': username, 'uuid': uuid, 'content': content }))
def saveComment(self): results = {'result': False} text = self.request.get('commentText') pointRootUrlsafe = self.request.get('p') parentCommentUrlsafe = self.request.get('parentKey') user = self.current_user if user: try: pointRoot = PointRoot.getByUrlsafe(pointRootUrlsafe) if pointRoot: comment = Comment.create(text, user, pointRoot, parentCommentUrlsafe) if comment: pst_date = PST.convert(comment.date) results = { 'result': True, 'userName': user.name, 'userURL': user.url, 'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png', 'text': text, 'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'), 'parentUrlsafe': parentCommentUrlsafe, 'myUrlSafe': comment.key.urlsafe(), 'level': comment.level } Point.addNotificationTask(pointRoot.key, user.key, 3, text) else: results[ 'error'] = 'Unable to find the point to add this comment' except WhysaurusException as e: results['error'] = str(e) resultJSON = json.dumps(results) self.response.headers[ "Content-Type"] = 'application/json; charset=utf-8' self.response.out.write(resultJSON)
def comment_create(topic_id): session_token = request.cookies.get("session_token") user = db.query(User).filter_by(session_token=session_token).first() if not user: return redirect(url_for('auth.login')) csrf = request.form.get("csrf") if validate_csrf(csrf, user.username): text = request.form.get("text") topic = db.query(Topic).get(int(topic_id)) comment = Comment.create(topic=topic, text=text, author=user) return redirect(url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username))) else: return "CSRF token jest bledny!!!"
def comment_create(topic_id): user = get_user() # only a logged in user can comment on a topic. if not user: render_template("signup.html") # get the topic that is to be edited topic = db.query(Topic).get(int(topic_id)) # Display the Comment Create Page if request.method == "GET": # create the csrf token csrf_token = str(uuid.uuid4()) # use the redis app redis.set(name=csrf_token, value=user.name) return render_template("comment_create.html", user=user, csrf_token=csrf_token, topic=topic) elif request.method == "POST": # Get the CSRF token back and ensure that it matches what was sent. csrf = request.form.get("csrf") redis_csrf_name = redis.get(name=csrf).decode() # see that the csrf came back and then that it matches what was sent if redis_csrf_name and redis_csrf_name == user.name: # Create the Topic Comment and post it. comment_text = request.form.get("comment-text") created = datetime.datetime.now().date() # Post it comment = Comment.create(text=comment_text, created=created, author=user, topic=topic) return redirect(url_for('all_topics')) else: return "CSRF token is not valid"
def post(self, topic_id): user = users.get_current_user() author = user.nickname() content = self.request.get("content") post_comment = self.request.get("post-comment") subscribe_button = self.request.get("subscribe-button") if post_comment: if content: comment = Comment.create(author, content, int(topic_id)) Topic.add_comment(int(topic_id), comment.created, comment.author) the_user = "" for usr in User.query(User.email == user.email()).fetch(): the_user = usr topic = Topic.get_by_id(int(topic_id)) subscriber_query = topic.subscribers for email in subscriber_query: if email != user.email( ): # don't send email update to the author of the comment email_new_comment(the_user.first_name, Topic.get_by_id(int(topic_id)).title, str(topic_id), email) self.redirect('/topic/' + str(topic_id)) else: self.redirect('/topic/' + str(topic_id)) elif subscribe_button: topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() user_email = user.email() if user_email in topic.subscribers: topic.subscribers.remove(user_email) else: topic.subscribers.append(user_email) topic.put() self.redirect("/topic/" + str(topic_id))
def post(self, topic_id): user = users.get_current_user() author = user.nickname() content = self.request.get("content") post_comment = self.request.get("post-comment") subscribe_button = self.request.get("subscribe-button") if post_comment: if content: comment = Comment.create(author, content, int(topic_id)) Topic.add_comment(int(topic_id), comment.created, comment.author) the_user = "" for usr in User.query(User.email == user.email()).fetch(): the_user = usr topic = Topic.get_by_id(int(topic_id)) subscriber_query = topic.subscribers for email in subscriber_query: if email != user.email(): # don't send email update to the author of the comment email_new_comment(the_user.first_name, Topic.get_by_id(int(topic_id)).title, str(topic_id), email) self.redirect('/topic/' + str(topic_id)) else: self.redirect('/topic/' + str(topic_id)) elif subscribe_button: topic = Topic.get_by_id(int(topic_id)) user = users.get_current_user() user_email = user.email() if user_email in topic.subscribers: topic.subscribers.remove(user_email) else: topic.subscribers.append(user_email) topic.put() self.redirect("/topic/" + str(topic_id))
def saveComment(self): results = {'result': False} text = self.request.get('commentText') pointRootUrlsafe = self.request.get('p') parentCommentUrlsafe = self.request.get('parentKey') user = self.current_user if user: try: pointRoot = PointRoot.getByUrlsafe(pointRootUrlsafe) if pointRoot: comment = Comment.create( text, user, pointRoot, parentCommentUrlsafe) if comment: pst_date = PST.convert(comment.date) results = { 'result': True, 'userName': user.name, 'userURL': user.url, 'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png', 'text': text, 'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'), 'parentUrlsafe': parentCommentUrlsafe, 'myUrlSafe':comment.key.urlsafe(), 'level': comment.level } Point.addNotificationTask(pointRoot.key, user.key, 3, text) else: results['error'] = 'Unable to find the point to add this comment' except WhysaurusException as e: results['error'] = str(e) resultJSON = json.dumps(results) self.response.headers["Content-Type"] = 'application/json; charset=utf-8' self.response.out.write(resultJSON)
def store_comment(): comment = Comment.create(request.form) return redirect(url_for('posts.show_post', post_id=comment.post_id))
def post(self): comment = Comment(**request.get_json()) comment.create() return comment.json(), 201
def comment_create(): content = request.form['content'] blog_id = request.form['blog_id'] id = Comment.create(blog_id, content, get_user().id) return redirect(url_for('blog_show',blog_id = blog_id))