def topic_create():
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a topic
if not user:
return redirect(url_for('auth.login'))
if request.method == "GET":
csrf_token = create_csrf_token(user.username)
return render_template("topic/topic_create.html",
user=user,
csrf_token=csrf_token)
elif request.method == "POST":
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
title = request.form.get("title")
text = request.form.get("text")
# create a Topic object
topic = Topic.create(title=title, text=text, author=user)
return redirect(url_for('topic.index'))
else:
return "CSRF token is not valid!"
def comment_edit(comment_id):
comment = db.query(Comment).get(int(comment_id)) # get comment from db by ID
# get current user
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token, verified=True).first()
# check if user logged in & if user is author
if not user:
return redirect(url_for('auth.login'))
elif comment.author.id != user.id:
return "You can only edit your own comments!"
# GET request
if request.method == "GET":
csrf_token = create_csrf_token(username=user.username)
return render_template("comment/comment_edit.html", comment=comment, csrf_token=csrf_token)
# POST request
elif request.method == "POST":
text = request.form.get("text")
# check CSRF tokens
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
# if it validates, edit the comment
comment.text = text
db.add(comment)
db.commit()
return redirect(url_for('topic.topic_details', topic_id=comment.topic.id))
else:
return "CSRF error: tokens don't match!"
def comment_create(topic_id):
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
text = request.form.get("text")
topic = db.query(Topic).get(int(topic_id))
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(
url_for('topic.topic_details',
topic_id=topic_id,
csrf_token=create_csrf_token(user.username)))
else:
return "CSRF Token ist not valid"
#Handler comment_edit
#Handler comment_delete
def topic_create():
user = user_from_session_token()
# only logged in users can create topic
if not user:
return redirect(url_for('auth/login'))
if request.method == "GET":
csrf_token = create_csrf_token(user.username)
return render_template(
"topics/topic_create.html", user=user,
csrf_token=csrf_token) # send CSRF token into HTML template
elif request.method == "POST":
csrf = request.form.get("csrf") # csrf from HTML
if validate_csrf(
csrf,
user.username): # if they match, allow user to create a topic
title = request.form.get("title")
text = request.form.get("text")
# create a topic object
topic = Topic.create(title=title, text=text, author=user)
return redirect(url_for('index'))
else:
return "CSRF token is not valid"
def comment_create(topic_id):
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf")
if validate_csrf(csrf, user.username):
text = request.form.get("text")
topic = db.query(Topic).get(int(topic_id))
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(url_for('topic.topic_details', topic_id=topic_id, csrf_token=create_csrf_token(user.username)))
else:
return "CSRF Token ist not valid"
@classmethod
def create(cls, text, author, topic):
comment = cls(text=text, author=author, topic=topic)
db.add(comment)
db.commit()
# only send of topic author has her/his email in the database
if topic.author.email_address:
send_email(receiver_email=topic.author.email_address, subject="New comment for your topic!",
text="Your topic {} has a new comment.".format(topic.title))
return comment
def comment_create(topic_id):
# get current user (comment author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a comment
if not user:
return redirect(url_for('auth.login'))
csrf = request.form.get("csrf") # csrf from HTML
if validate_csrf(csrf, user.username):
text = request.form.get("text")
# query the topic object from the database
topic = db.query(Topic).get(int(topic_id))
# create a Comment object
comment = Comment.create(topic=topic, text=text, author=user)
return redirect(
url_for('topic.topic_details',
topic_id=topic_id,
csrf_token=create_csrf_token(user.username)))
else:
return "CSRF token is not valid!"
def test_topic_create(client_logged_in):
csrf_token = create_csrf_token("ramuta")
# GET
response_get = client_logged_in.get('/create-topic')
assert b'Create a new topic' in response_get.data
# POST
response_post = client_logged_in.post('/create-topic', data={"csrf": csrf_token,
"title": "My topic",
"text": "Some text"}, follow_redirects=True)
assert b'My topic' in response_post.data # topic title on the index page
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
comments = db.query(Comment).filter_by(topic=topic).all()
return render_template("topic/topic_details.html",
topic=topic,
user=user,
csrf_token=create_csrf_token(user.username),
comments=comments)
def card_details(card_id):
card = db.query(Card).get(int(card_id)) # get card from db by ID
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
machine = db.query(Machine).filter_by(
name=name).all() #Verbindung zwischen machine und card db herstellen
return render_template("card/card_details.html",
card=card,
user=user,
csrf_token=create_csrf_token(user.email_adresse),
machine=machine)
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id))
user = user_from_session_token()
comments = db.query(Comment).filter_by(topic=topic).all()
# START test background tasks (TODO: delete this code later)
if os.getenv('REDIS_URL'):
from task import get_random_num
get_random_num()
# END test background tasks €wsee¸dx;:
return render_template("topics/topic_details.html",
topic=topic,
user=user,
csrf_token=create_csrf_token(user.username),
comments=comments)
def topic_details(topic_id):
topic = db.query(Topic).get(int(topic_id)) # get topic from db by ID
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# get comments for this topic
comments = db.query(Comment).filter_by(topic=topic).all()
# START test background tasks (TODO: delete this code later)
if os.getenv('REDIS_URL'):
from tasks import get_random_num
get_random_num()
# END test background tasks
return render_template("topic/topic_details.html",
topic=topic,
user=user,
csrf_token=create_csrf_token(user.username),
comments=comments)
def card_create():
# get current user (author)
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
# only logged in users can create a topic
if not user:
return redirect(url_for('auth.login'))
if request.method == "GET":
csrf_token = create_csrf_token(user.email_adresse)
return render_template("card/card_create.html",
user=user,
csrf_token=csrf_token)
elif request.method == "POST":
csrf = request.form.get("csrf")
print("CSRF-Email_adresse: " + csrf)
if validate_csrf(csrf, user.email_adresse):
name = request.form.get("name")
baujahr = request.form.get("baujahr")
maschinennummer = request.form.get("maschinennummer")
standort = request.form.get("standort")
# create a Card object
card = Card.create(name=name,
baujahr=baujahr,
maschinennummer=maschinennummer,
standort=standort,
author=user)
return redirect(url_for('card.dashboard'))
else:
return "CSRF token is not valid"
