def login():
"""The login function allow the user entry into the application
depending on whether their password is correct or not.
"""
form = LoginForm()
error = None
_set_next_variable_to_session_if_found()
if form.validate_on_submit():
user = User.objects.filter(email=form.email.data).first()
if not user:
error = errors.INCORRECT_CREDENTIALS
else:
if not _is_email_address_confirmed(user):
error = errors.EMAIL_VERIFICATION
elif Password.check_password(form.password.data, user.password):
Session.add(session_name="username",
session_value=user.username.lower())
return redirect(url_for("home_app.home"))
else:
error = errors.INCORRECT_CREDENTIALS
return render_template("users/login/login.html", error=error, form=form)
def _set_next_variable_to_session_if_found():
"""A private function that checks if there is a referral url
link and sets it to session if found.
"""
if request.method == "GET" and request.args.get("next"):
Session.add("next", session_value=request.args.get("next"))
def _get_relationship_between_logged_user_and_viewing_user_profile(user):
username = Session.get_session_by_name("username")
if username:
logged_user = User.objects.filter(username=username).first()
return Relationship.get_relationship(logged_user, user)
def _redirect_page_to_referral_url_if_found():
"""A private helper function that redirects the current page to referral url page"""
url = Session.remove_session_by_name("next")
if url and is_safe_url(url):
return redirect(url)
return "user logged in"
def _get_requesting_user_and_logged_in_user_obj(username_to_find):
logged_user = User.objects.filter(
username=Session.get_session_by_name("username")).first()
to_user = User.objects.filter(username=username_to_find.lower()).first()
return logged_user, to_user
def _get_requesting_user_and_logged_in_user_obj():
logged_user = User.objects.filter(
username=Session.get_session_by_name("username")).first()
to_user = User.objects.filter(
username=request.values.get("to_user")).first()
return logged_user, to_user
def home():
username = Session.get_session_by_name("username")
if username:
user_obj = _get_user_object(username)
feed_messages = _get_all_feed_messages(user_obj)
return render_template("users/home/home_feed.html", user=user_obj, feed_messages=feed_messages, form=FeedPostForm())
return render_template("home/home.html")
def edit():
errors = []
message = None
email_changed = False
image_time_stamp = None
user = User.objects.filter(
username=Session.get_session_by_name("username")).first()
if not user:
abort(404)
form = EditForm(obj=user)
if form.validate_on_submit():
if form.image.data:
try:
image_time_stamp, img_path = upload_image_securely_to_server(
form, save_to_path=join(UPLOADED_FOLDER, 'users'))
except FileNotFoundError:
pass
else:
ImageCropper(img_path,
path_to_save=_create_img_path(
image_time_stamp,
user)).crop_from_centre(_WIDTH, _HEIGHT)
if _has_user_changed_their_username(user, form):
_if_username_does_not_exist_update_session(form, errors)
if _has_user_changed_their_email_address(user, form):
message = constants.EMAIL_CONFIRMATION_MSG
email_changed = _if_email_not_exists_update_session(
errors, form, user)
if not errors:
form.populate_obj(user)
if image_time_stamp:
user.profile_image = image_time_stamp
if not message:
message = constants.PROFILE_UPDATE_MSG
if email_changed:
_email_user_new_confirmation_code_for_changed_email(user)
user.save()
return render_template("users/edit/edit.html",
form=form,
errors=errors,
message=message,
user=user,
image_size=IMAGE_SIZE)
def message(message_id):
form = FeedPostForm()
message = Message.objects.filter(id=message_id).first()
if not message:
abort(404)
if message and message.parent:
abort(404)
if form.validate_on_submit() and Session.get_session_by_name("username"):
from_user = User.objects.get(
username=Session.get_session_by_name("username"))
Message(from_user=from_user,
post=form.post.data,
message_type=COMMENT,
parent=message_id).save()
return redirect(url_for("feed_app.message", message_id=message.id))
return render_template("feeds/message.html", message=message, form=form)
def get_all_blocked_people(page=1):
logged_user = User.objects.filter(
username=Session.get_session_by_name("username")).first()
blocked = Relationship.objects.filter(
from_user=logged_user,
relationship_type=Relationship.BLOCKED,
status=Relationship.APPROVED)
return render_template("users/profile/blocked_friends.html",
blocked=(blocked.paginate(page=page, per_page=16)),
page=page,
user=logged_user,
image_size=IMAGE_SIZE,
relationship_type=constants.BLOCKED)
def get_all_friend_requests(page=1):
""""""
logged_user = User.objects.filter(
username=Session.get_session_by_name("username")).first()
pending = Relationship.objects.filter(
to_user=logged_user,
relationship_type=Relationship.FRIENDS,
status=Relationship.PENDING)
return render_template("users/profile/pending_friends.html",
pending=pending.paginate(page=page, per_page=4),
page=page,
user=logged_user,
image_size=IMAGE_SIZE,
relationship_type=None)
def test_forgotten_password_link(self):
self._enter_site()
email = USER_DATA_DICT.get("email")
rv = self.app.post("/forgotten/password", data=dict(email=email))
user = User.objects.first()
password_reset_code = user.change_configuration.get(
"password_reset_code")
username = USER_DATA_DICT.get("username")
assert password_reset_code is not None
# try wrong username
rv = self.app.get("/password/reset/username_does_exists/" +
password_reset_code)
assert rv.status_code == 404
# try wrong password reset code
rv = self.app.get("/password/reset/" + username + "/bad_code")
assert rv.status_code == 404
# do right password reset code
rv = self.app.post("/password/reset/" + username + "/" +
password_reset_code,
data=dict(password="******",
confirm="newpassword"),
follow_redirects=True)
assert "Your password has been updated" in str(rv.data)
user = User.objects.first()
assert user.change_configuration == {}
# try logging in with new password
rv = self.app.post("/login",
data=dict(username=username,
password="******"))
# check the session is set
with self.app as context:
rv = context.get("/")
assert Session.get_session_by_name(
"username").lower() == username.lower()
def profile(username, friends_page_number=1):
"""profile(str) -> returns render_obj
Takes a username and if found renders the template else returns
nothing.
:param
username: The username (str) to be rendered if found.
"""
profile_messages = []
user = User.objects.filter(username="" or username.lower()).first()
logged_user = User.objects.filter(
username=Session.get_session_by_name("username")).first()
display_message_box = False
if not user:
abort(404)
relationship_type = _get_relationship_between_logged_user_and_viewing_user_profile(
user)
friends = _get_all_my_friends(user)
total_number_of_friends = friends.count()
friends, current_friends_page_number = _friends_obj_to_friends_pagination_object(
friends, friends_page_number)
if logged_user and relationship_type == constants.VIEWING_YOUR_SELF or relationship_type == constants.FRIEND_APPROVED:
profile_messages = _get_user_messages(user, num_of_msg_to_return=15)
display_message_box = True
return render_template(
"users/profile/profile.html",
user=user,
relationship_type=relationship_type,
image_size=IMAGE_SIZE,
logged_user=user,
display_message_box=display_message_box,
friends=friends,
friends_total=total_number_of_friends,
friends_page=current_friends_page_number,
form=FeedPostForm(),
profile_messages=profile_messages,
)
def change_password():
"""Displays a new password form that enables the user to change their password"""
form = NewPasswordForm()
error = None
user = User.objects.filter(
username=Session.get_session_by_name("username").lower()).first()
if not user:
abort(404)
elif form.validate_on_submit():
if Password.check_password(form.current_password.data, user.password):
user.password = Password.hash_password(form.password.data)
user.save()
_email_user_about_password_changed(user)
return _logout_user()
error = constants.INCORRECT_CREDENTIALS
return render_template("users/password/new_password.html",
form=form,
error=error)
def like_message(message_id):
message = Message.objects.filter(id=message_id).first()
if not message:
abort(404)
if message and message.parent:
abort(404)
from_user = User.objects.get(
username=Session.get_session_by_name("username"))
existing_like = Message.objects.filter(parent=message_id,
message_type=LIKE,
from_user=from_user).count()
if not existing_like:
Message(from_user=from_user,
to_user=message.from_user,
message_type=LIKE,
parent=message_id).save()
return redirect(url_for('feed_app.message', message_id=message.id))
def _logout_user():
"""logs the user out of the application"""
if Session.get_session_by_name("username"):
Session.clear_all()
return redirect(url_for('password_app.password_successful_changed'))
def is_user_logged_in(*args, **kwargs):
if Session.get_session_by_name("username"):
return redirect(url_for("profile_app.profile", username=Session.get_session_by_name("username")))
return f(*args, **kwargs)
def login(*args, **kwargs):
if Session.get_session_by_name("username") is None:
return redirect(url_for('login_app.login', next=request.url))
return f(*args, **kwargs)
def logout():
""""""
username = Session.get_session_by_name("username")
Session.clear_all()
return redirect_to_referred_url_if_safe(username)
def _update_session_cookie(form):
Session.remove_session_by_name("username")
Session.add(session_name="username",
session_value=form.username.data.lower())
def _is_user_viewing_their_own_profile(user):
"""Returns True if the user is viewing their own profile else False"""
return True if user and Session.get_session_by_name(
"username") == user.username else False