def login(): # get the post data payload = request.get_json() email = payload.get('email').lower() try: # fetch the user data user = User.query.filter_by(email=email).first() if user and user.is_password_correct(payload.get('password')): if not user.confirmed: send_confirmation_email(user) return fail( 'Please check your email to confirm your account before logging in! It may take a few minutes to arrive. We have re-sent the email to you just in case.', 401) token, expires_in = user.generate_token() if token: response_data = { 'status': 'success', 'message': 'Successfully logged in.', 'token': token, 'user': { 'id': user.id, 'name': user.name, # do we need this? 'email': user.email, 'token': token, 'expires_in': expires_in, } } return jsonify(response_data), 200 else: return fail( 'Sorry, we couldn\'t recognize that email or password.', 404) except Exception as e: print(e) return fail('There was an unexpected error. Please try again! :)', 500)
def create_review(event_id): # TODO: check that I have access to this event event = Event.query.get(event_id) if g.json['positive'] and g.json['negative']: fail('You can\'t review positively and negatively at the same time.') g.me.review_on(event, g.json['positive'], g.json['negative'], g.json['body']) db.session.commit() return succ('Reviewed successfully.')
def update_password(): old_password = g.json.get('old_password') new_password = g.json.get('new_password') if not old_password or not new_password: return fail('Improper parameters.') if g.me.is_password_correct(old_password): g.me.set_password(new_password) db.session.commit() return succ('Successfully updated password!') return fail('Incorrect password.', 403)
def remove_tag(event_id, tag_name): event = Event.query.get_or_404(event_id) if not (g.me.admin or event.is_hosted_by(g.me)): abort(403) if not event.has_tag(tag_name): return fail('Event does not have this tag.') if event.remove_tag(tag_name): db.session.commit() return succ('Removed tag.') # Should not be reached, but just in case. return fail('Tag not removed.')
def add_tag(event_id, tag_name): event = Event.query.get_or_404(event_id) tag_name = tag_name.lower() if not (g.me.admin or event.is_hosted_by(g.me)): abort(403) # First, check if the event already has this tag. if event.has_tag(tag_name): return fail('Event already has this tag.') if event.add_tag(tag_name): db.session.commit() return succ('Added tag!') # If the tag is blacklisted or there was another problem return fail('Tag not added.')
def check_token(): if request.method != 'OPTIONS': if cas.username: g.user = User.query.get(cas.username) else: token = request.headers.get('Authorization') if not token: return fail('No token provided.') token = token.split(' ')[-1] g.user = User.from_token(token) if g.user is None: return fail('Invalid token.', code=401) g.user.last_seen = int(time.time()) db.session.commit() print('User: ' + g.user.id)
def unblock_user(user_id): user = User.query.get(user_id) if g.me.unblock(user): db.session.commit() return succ('Succesfully unblocked user.') else: return fail('You haven\'t blocked this person.')
def block_user(user_id): user = User.query.get(user_id) if g.me.block(user): db.session.commit() return succ('Succesfully blocked user.') else: return fail('You\'ve already blocked this person.')
def delete_key(key_id): key = Key.query.get(key_id) if key.user_id != g.user.id: return fail('You may not delete this key.', 403) key.deleted = True db.session.commit() return succ('Key deleted.')
def update_event_update(event_id, update_id): event = Event.query.get_or_404(event_id) if event.is_hosted_by(g.me): update = Update.query.get_or_404(update_id) update.body = g.json['body'] return jsonify(update.json(g.me)) return fail('Could not edit update.')
def register(): # get the post data payload = request.get_json() email = payload.get('email').lower().strip() # check if user already exists user = User.query.filter_by(email=email).first() if not user: try: with open('resources/email_blacklist.txt') as f: # TODO: should we just keep this in memory continuously rather than reading it every time? email_blacklist = f.read().split('\n') if email in email_blacklist: return fail( 'Sorry, a student email address is required to register.', 401) school = School.from_email(email) if school is None: # TODO: use non-Yale-specific message. return fail( 'You must use a valid .edu email address from a supported school.', 401) user = User( name=payload['name'].strip(), email=email, year=payload['year'], password=payload['password'], confirmed=False, school_id=school.id, ) # Insert the user db.session.add(user) db.session.commit() send_confirmation_email(user) return succ( 'Check your inbox at ' + email + ' to confirm! (The email may take a few moments to deliver.)', 201) except Exception as e: return fail( 'Some error occurred. Please try again. Contact the developers if this continues to happen.', 500) else: return fail('User already exists. Please log in.', 202)
def create_friend_request(user_id): user = User.query.get_or_404(user_id) if g.me.friend_request(user): db.session.commit() notifier.friend_request(g.me, user) return succ('Succesfully sent friend request!') else: return fail('You\'re already friends with this person.')
def add_host(event_id, user_id): event = Event.query.get_or_404(event_id) user = User.query.get_or_404(user_id) if g.me.admin or event.is_hosted_by(g.me): if event.add_host(user): db.session.commit() return succ('Added host.') else: return fail('User is already a host.') else: abort(403)
def get_user_current_event(user_id): # TODO: this is so repetitive stop user = User.query.get(user_id) if not g.me.is_friends_with(user): return fail( 'You must be friends with this user to view their location.', 403) if g.me.current_event_id is None: return jsonify([]) event = Event.query.get(user.current_event_id) if event is None: return jsonify([]) return jsonify([event.json(g.me)])
def send_invite(event_id, user_id): event = Event.query.get_or_404(event_id) user = User.query.get_or_404(user_id) # TODO: store who created an invitation, and allow users who aren't hosts to only remove their invitations if event.transitive_invites or event.is_hosted_by(g.me): if event.invite(user): db.session.commit() notifier.send_invite(event, user_from=g.me, user_to=user) return succ('Invited user.') else: return fail('User already invited.') else: abort(403)
def friend_remove(user_id): """ Remove friendship. """ friendship_sent = g.me.friended.filter( friendships.c.friended_id == user_id).first() friendship_received = g.me.frienders.filter( friendships.c.friender_id == user_id).first() if friendship_sent is None and friendship_received is None: return fail('Couldn\'t find a friendship with this person.') if friendship_sent is not None: g.me.friended.remove(friendship_sent) if friendship_received is not None: g.me.frienders.remove(friendship_received) db.session.commit() return succ('Succesfully removed friend.')
def internal(error): return fail('Internal server error.', 500)
def not_found(error): return fail('Not found.', 404)
def unauthorized(error): return fail('You\'re not authorized to perform this action.', 401)
def forbidden(error): return fail('You don\'t have permission to do this.', 403)