def post(self, topic_id):
logged_user = users.get_current_user()
if not logged_user:
return self.write("Please, login first")
csrf_token = self.request.get('csrf-token')
mem_token = memcache.get(key=csrf_token)
if not mem_token or mem_token != logged_user.email():
return self.write("This website is protected against CSRF")
comment = self.request.get('comment')
topic = Topic.get_by_id(int(topic_id))
if not comment:
return self.write("Text field is requiered")
Comment.create(content=comment, user=logged_user, topic=topic)
# new_comment = Comment(
# content = comment,
# author_email = logged_user.email(),
# topic_id = int(topic_id),
# topic_title = Topic.get_by_id(int(topic_id)).title,
# )
#new_comment.put()
return self.redirect_to("topic-details", topic_id=topic_id)
def post(self, topicid):
user = users.get_current_user()
if not user:
return self.write("Please, login before")
csrf_token = self.request.get("paco")
mem_token = memcache.get(key=csrf_token)
if not mem_token:
return self.write("This website es protected")
comment_value = self.request.get("comment")
if "<script>" in comment_value:
return self.write("No Hack script")
if not comment_value:
return self.write("Required")
topic = Topic.get_by_id(int(topicid))
#new_comment = Comment(
# content=comment_value,
# author_email=user.email(),
# topicid=topic.key.id(),
#topic_title=topic.title
#)
#new_comment.put()
Comment.create(content=comment_value, user=user, topic=topic)
return self.redirect_to("topic-detail", topicid=topic.key.id())
def post(self, topic_id):
""" save new comment to database """
user = User.logged_in_user()
topic = Topic.get_by_id(int(topic_id))
content = self.request.get('content')
Comment.create(content, user, topic)
return self.redirect_to('topic-details', topic_id=int(topic_id))
def post(self, content_id):
user = users.get_current_user()
comment = {
'nickname': user.nickname(),
'content_id': content_id,
'comment': self.request.get('comment')
}
Comment.create(comment)
self.redirect('/content/' + content_id + "?action=comment.post")
def post(self, topic_id):
user = users.get_current_user()
text = self.request.get('comment-text')
topic = Topic.get_by_id(int(topic_id))
Comment.create(content=text, user=user, topic=topic)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id):
user = users.get_current_user()
if not user:
return self.write("Please login before you're allowed to post a topic.")
text = self.request.get("comment-text")
topic = Topic.get_by_id(int(topic_id))
Comment.create(content=text, user=user, topic=topic)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id):
# check if user is logged
user = users.get_current_user()
if not user:
return self.write("Please login ! You are not allowed to post...")
text = self.request.get("comment-text")
topic = Topic.get_by_id(int(topic_id))
Comment.create(content=text, author=user.email(), topic=topic)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def test_post_topic_details_handler(self):
# POST
topic = Topic(title = "New topic", content = "Content of new topic!", author_email = '*****@*****.**')
topic.put()
topic_query = Topic.query().get()
self.assertTrue(topic_query) # pošjem v bazo
csrf_token = str(uuid.uuid4())
memcache.add(key=csrf_token, value='*****@*****.**', time=600)
comment_content = "That is my comment!"
Comment.create(comment_content, '*****@*****.**', int(topic.key.id()), topic)
params = {"get_comment": comment_content, "csrf_token": csrf_token}
post = self.testapp.post('/topic/details/{0}'.format(topic.key.id()), params = params)
self.assertEqual(post.status_int, 302)
def comment_create(topic_id):
# get current user (comment author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a comment
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf") # csrf from HTML
if validate_csrf(csrf, user.username):
text = request.form.get("text")
# query the topic object from the database
topic = db.query(Topic).get(int(topic_id))
# create a Comment object
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(
url_for('topic.topic_details',
topic_id=topic_id,
csrf_token=create_csrf_token(user.username)))
else:
return "CSRF token is not valid!"
def saveComment(self):
results = {'result': False}
text = self.request.get('commentText')
pointRootUrlsafe = self.request.get('p')
parentCommentUrlsafe = self.request.get('parentKey')
user = self.current_user
if user:
try:
comment = Comment.create(
text, user, pointRootUrlsafe,
parentCommentUrlsafe)
if comment:
pst_date = PST.convert(comment.date)
results = {
'result': True,
'userName': user.name,
'userURL': user.url,
'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png',
'text': text,
'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'),
'parentUrlsafe': parentCommentUrlsafe,
'myUrlSafe':comment.key.urlsafe(),
'level': comment.level
}
except WhysaurusException as e:
results['error'] = str(e)
resultJSON = json.dumps(results)
self.response.headers.add_header('content-type', 'application/json', charset='utf-8')
self.response.out.write(resultJSON)
def create_comment():
# gets json data from client
data = request.get_json()
try:
# gets post by its id
post = Post.get(Post.id == data['post_id'], Post.soft_delete == False)
# creates a new comments
comment = Comment.create(**data, user=current_user.id, post=post)
# converts model to dictionary
comment_dict = model_to_dict(comment)
return jsonify(
data=comment_dict,
status={'code': 201, 'message': 'successfully created comment.'}
)
# if the queried post doesnt exist
except DoesNotExist:
return jsonify(
data={},
status={'code': 404, 'message': 'Resource does not exist.'}
)
def post(self, topic_id):
if not topic_id:
return self.write(
'Error trying to write a comment into undefined topic!')
topic = Topic.get_by_id(int(topic_id))
logged_user = users.get_current_user()
if not logged_user:
return self.write(
'Please login to be allowed to post a new comment.')
content = self.request.get('comment')
if (not content) or (not content.strip()):
return self.write('Empty comments are not allowed!')
new_comment = Comment.create(
content=content,
user=logged_user,
topic=topic,
)
flash = {
'flash_message': 'Comment added successfully',
'flash_class': 'alert-success',
}
return self.redirect_to('topic-details', topic_id=topic_id, **flash)
def mutate(self, info, comment_data):
point_root = PointRootModel.getByUrlsafe(comment_data.pointID)
user = info.context.current_user
text = comment_data.text
comment = CommentModel.create(text, user, point_root,
comment_data.parentCommentID)
PointModel.addNotificationTask(point_root.key, user.key, 3, text)
return NewComment(comment=comment)
def post(self, topic_id):
user = users.get_current_user()
if not user:
return self.write("You're not logged in.")
text = cgi.escape(self.request.get("comment"))
topic = Topic.get_by_id(int(topic_id))
new_comment = Comment.create(text, user, topic)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def comment_create(topic_id):
user = user_from_session_token()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if not validate_csrf(csrf, user.username):
return "CSRF token is not valid!"
text = request.form.get("text")
topic = Topic.read(topic_id)
Comment.create(topic=topic, text=text, author=user)
return redirect(url_for('topic.topic_details', topic_id=topic_id))
def post(self, topic_id):
logged_user = users.get_current_user()
if not logged_user:
return self.write(
"Please login before you're allowed to post a topic.")
text_value = self.request.get("text")
topic = Topic.get_by_id(int(topic_id))
Comment.create(
text_value=text_value,
logged_user=logged_user,
topic=topic,
)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def post(self, topic_id):
csrf_token = self.request.get("csrf_token")
mem_token = memcache.get(key=csrf_token) # find if this CSRF exists in memcache
if not mem_token: # if token does not exist in memcache, write the following message
return self.write("You are evil attacker...")
user = users.get_current_user()
if not user:
return self.write("Please login before you're allowed to post a topic.")
text = self.request.get("comment-text")
topic = Topic.get_by_id(int(topic_id))
Comment.create(content=text, user=user, topic=topic)
return self.redirect_to("topic_details", topic_id=topic.key.id())
def post(self, topic_id):
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
if not user:
return self.write("you are not loged in!")
comment = self.request.get("content")
author = User.query(User.email == user.email()).fetch()
author_email = author[0].email
author_avatar = author[0].avatar_url
Comment.create(content=comment,
author=author_email,
topic=topic,
avatar=author_avatar)
Topic.comment_sum_add(topic=topic)
return self.redirect_to("topic", topic_id=topic.key.id())
def post(self, topic_id):
user = users.get_current_user()
if not user:
return self.write("Please login before you comment on topic!")
# CSRF protection
#csrf_token = self.request.get("csrf_token")
#csrf_value = memcache.get(csrf_token)
#if str(csrf_value) != user.email():
# return self.write("You are hecker!")
current_topic = Topic.get_by_id(int(topic_id))
content = self.request.get("get_comment")
Comment.create(content, user.email(), int(topic_id), current_topic)
if is_local():
time.sleep(0.1)
return self.redirect_to("topic-details", topic_id=int(topic_id))
def post(self, topic_id):
user = users.get_current_user()
if not user:
return self.write("Please login.")
text = cgi.escape(self.request.get("comment-text"))
topic = Topic.get_by_id(int(topic_id))
new_comment = Comment.create(text, user, topic)
return self.write("Comment created successfully.")
def comment_create(topic_id):
user = user_from_session_token()
# only logged in users can create a comment
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if not is_valid_csrf(csrf, user.username):
return "CSRF token is not valid!"
text = request.form.get("text")
# query the topic object from the database
topic = Topic.read(topic_id)
# create a Comment object
Comment.create(topic=topic, text=text, author=user)
return redirect(url_for('topic.topic_details', topic_id=topic_id))
def create_fake_comment(self,
user=None,
topic=None,
content="This is comment only for testing"):
if not user:
user = self.create_fake_admin()
if not topic:
topic = self.create_fake_topic()
comment = Comment.create(content=content, user=user, topic=topic)
return comment
def post(self, topic_id):
logged_user = users.get_current_user()
if not logged_user:
return self.write(
"Please login before you're allowed to add a comment.")
comment_content = self.request.get('comment-content')
if not comment_content:
return self.write("Comment content field is required")
topic = Topic.get_by_id(int(topic_id))
Comment.create(
content=comment_content,
user=logged_user,
topic=topic,
)
return self.redirect_to("topic-details", topic_id=topic.key.id())
def exec(self, *args):
if len(args) < 2:
raise BadArgsException
content = self.raw_command.strip()
content = content[8:].strip()
content = content[len(args[0]):].strip()
try:
p = Post.get('id', args[0])
except ObjectNotExist:
self.write('Post does not exist.')
return
uuid = 'comment-{}'.format(gen_uuid())
username = User.get('id', p.author_id).username
Comment.create(p, self.user, uuid)
self.write(
json.dumps({
'username': username,
'uuid': uuid,
'content': content
}))
def saveComment(self):
results = {'result': False}
text = self.request.get('commentText')
pointRootUrlsafe = self.request.get('p')
parentCommentUrlsafe = self.request.get('parentKey')
user = self.current_user
if user:
try:
pointRoot = PointRoot.getByUrlsafe(pointRootUrlsafe)
if pointRoot:
comment = Comment.create(text, user, pointRoot,
parentCommentUrlsafe)
if comment:
pst_date = PST.convert(comment.date)
results = {
'result':
True,
'userName':
user.name,
'userURL':
user.url,
'avatar_url':
user.avatar_url if hasattr(user, 'avatar_url') else
'/static/img/icon_triceratops_black_47px.png',
'text':
text,
'date':
pst_date.strftime('%b. %d, %Y, %I:%M %p'),
'parentUrlsafe':
parentCommentUrlsafe,
'myUrlSafe':
comment.key.urlsafe(),
'level':
comment.level
}
Point.addNotificationTask(pointRoot.key, user.key, 3,
text)
else:
results[
'error'] = 'Unable to find the point to add this comment'
except WhysaurusException as e:
results['error'] = str(e)
resultJSON = json.dumps(results)
self.response.headers[
"Content-Type"] = 'application/json; charset=utf-8'
self.response.out.write(resultJSON)
def comment_create(topic_id):
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
text = request.form.get("text")
topic = db.query(Topic).get(int(topic_id))
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username)))
else:
return "CSRF token jest bledny!!!"
def comment_create(topic_id):
user = get_user()
# only a logged in user can comment on a topic.
if not user:
render_template("signup.html")
# get the topic that is to be edited
topic = db.query(Topic).get(int(topic_id))
# Display the Comment Create Page
if request.method == "GET":
# create the csrf token
csrf_token = str(uuid.uuid4())
# use the redis app
redis.set(name=csrf_token, value=user.name)
return render_template("comment_create.html",
user=user,
csrf_token=csrf_token,
topic=topic)
elif request.method == "POST":
# Get the CSRF token back and ensure that it matches what was sent.
csrf = request.form.get("csrf")
redis_csrf_name = redis.get(name=csrf).decode()
# see that the csrf came back and then that it matches what was sent
if redis_csrf_name and redis_csrf_name == user.name:
# Create the Topic Comment and post it.
comment_text = request.form.get("comment-text")
created = datetime.datetime.now().date()
# Post it
comment = Comment.create(text=comment_text,
created=created,
author=user,
topic=topic)
return redirect(url_for('all_topics'))
else:
return "CSRF token is not valid"
def post(self, topic_id):
user = users.get_current_user()
author = user.nickname()
content = self.request.get("content")
post_comment = self.request.get("post-comment")
subscribe_button = self.request.get("subscribe-button")
if post_comment:
if content:
comment = Comment.create(author, content, int(topic_id))
Topic.add_comment(int(topic_id), comment.created,
comment.author)
the_user = ""
for usr in User.query(User.email == user.email()).fetch():
the_user = usr
topic = Topic.get_by_id(int(topic_id))
subscriber_query = topic.subscribers
for email in subscriber_query:
if email != user.email(
): # don't send email update to the author of the comment
email_new_comment(the_user.first_name,
Topic.get_by_id(int(topic_id)).title,
str(topic_id), email)
self.redirect('/topic/' + str(topic_id))
else:
self.redirect('/topic/' + str(topic_id))
elif subscribe_button:
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
user_email = user.email()
if user_email in topic.subscribers:
topic.subscribers.remove(user_email)
else:
topic.subscribers.append(user_email)
topic.put()
self.redirect("/topic/" + str(topic_id))
def post(self, topic_id):
user = users.get_current_user()
author = user.nickname()
content = self.request.get("content")
post_comment = self.request.get("post-comment")
subscribe_button = self.request.get("subscribe-button")
if post_comment:
if content:
comment = Comment.create(author, content, int(topic_id))
Topic.add_comment(int(topic_id), comment.created, comment.author)
the_user = ""
for usr in User.query(User.email == user.email()).fetch():
the_user = usr
topic = Topic.get_by_id(int(topic_id))
subscriber_query = topic.subscribers
for email in subscriber_query:
if email != user.email(): # don't send email update to the author of the comment
email_new_comment(the_user.first_name, Topic.get_by_id(int(topic_id)).title, str(topic_id), email)
self.redirect('/topic/' + str(topic_id))
else:
self.redirect('/topic/' + str(topic_id))
elif subscribe_button:
topic = Topic.get_by_id(int(topic_id))
user = users.get_current_user()
user_email = user.email()
if user_email in topic.subscribers:
topic.subscribers.remove(user_email)
else:
topic.subscribers.append(user_email)
topic.put()
self.redirect("/topic/" + str(topic_id))
def saveComment(self):
results = {'result': False}
text = self.request.get('commentText')
pointRootUrlsafe = self.request.get('p')
parentCommentUrlsafe = self.request.get('parentKey')
user = self.current_user
if user:
try:
pointRoot = PointRoot.getByUrlsafe(pointRootUrlsafe)
if pointRoot:
comment = Comment.create(
text, user, pointRoot,
parentCommentUrlsafe)
if comment:
pst_date = PST.convert(comment.date)
results = {
'result': True,
'userName': user.name,
'userURL': user.url,
'avatar_url': user.avatar_url if hasattr(user, 'avatar_url') else '/static/img/icon_triceratops_black_47px.png',
'text': text,
'date': pst_date.strftime('%b. %d, %Y, %I:%M %p'),
'parentUrlsafe': parentCommentUrlsafe,
'myUrlSafe':comment.key.urlsafe(),
'level': comment.level
}
Point.addNotificationTask(pointRoot.key, user.key, 3, text)
else:
results['error'] = 'Unable to find the point to add this comment'
except WhysaurusException as e:
results['error'] = str(e)
resultJSON = json.dumps(results)
self.response.headers["Content-Type"] = 'application/json; charset=utf-8'
self.response.out.write(resultJSON)
def store_comment():
comment = Comment.create(request.form)
return redirect(url_for('posts.show_post', post_id=comment.post_id))
def post(self):
comment = Comment(**request.get_json())
comment.create()
return comment.json(), 201
def comment_create():
content = request.form['content']
blog_id = request.form['blog_id']
id = Comment.create(blog_id, content, get_user().id)
return redirect(url_for('blog_show',blog_id = blog_id))
