def category(category_name):
'''Shows categories and all items in a selected category'''
category_id = db.get_category_id_by_name(category_name)
items = db.get_items_by_category_id(category_id)
categories = db.get_categories()
num_items = len(items)
items_string = 'items'
if (num_items == 1):
items_string = 'item'
(state, logged_in, username) = gplus.get_login_state()
data = {
'category_name': category_name,
'categories': [category.name for category in categories],
'items': [[db.get_category_name_by_id(item.category_id), item.name] for item in items], #NOQA
'num_items': num_items,
'items_string': items_string,
'state': state,
'logged_in': logged_in,
'username': username
}
return render_template('category.html', data = data)
def delete_item(item_name):
'''Allows a logged-in user to delete an item they created'''
# Ensure there is a user logged in:
if not gplus.is_logged_in():
return redirect('/')
# Ensure the item being edited exists:
query = db.session.query(Item).filter_by(name = item_name)
if not db.session.query(query.exists()):
return redirect('/')
# Ensure the logged-in user owns this item:
item = query.one()
if item.user_id != login_session['user_id']:
return redirect('/')
if request.method == 'POST':
category_id = item.category_id
category_name = db.get_category_name_by_id(category_id)
db.session.delete(item)
return redirect('/catalog/%s/items' % category_name)
elif request.method == 'GET':
(state, logged_in, username) = gplus.get_login_state()
data = {
'item_name': item_name,
'state': state,
'logged_in': logged_in,
'username': username
}
return render_template('delete.html', data = data)
def category(category_name):
'''Shows categories and all items in a selected category'''
category_id = db.get_category_id_by_name(category_name)
items = db.get_items_by_category_id(category_id)
categories = db.get_categories()
num_items = len(items)
items_string = 'items'
if (num_items == 1):
items_string = 'item'
(state, logged_in, username) = gplus.get_login_state()
data = {
'category_name':
category_name,
'categories': [category.name for category in categories],
'items': [[db.get_category_name_by_id(item.category_id), item.name]
for item in items], #NOQA
'num_items':
num_items,
'items_string':
items_string,
'state':
state,
'logged_in':
logged_in,
'username':
username
}
return render_template('category.html', data=data)
def delete_item(item_name):
'''Allows a logged-in user to delete an item they created'''
# Ensure there is a user logged in:
if not gplus.is_logged_in():
return redirect('/')
# Ensure the item being edited exists:
query = db.session.query(Item).filter_by(name=item_name)
if not db.session.query(query.exists()):
return redirect('/')
# Ensure the logged-in user owns this item:
item = query.one()
if item.user_id != login_session['user_id']:
return redirect('/')
if request.method == 'POST':
category_id = item.category_id
category_name = db.get_category_name_by_id(category_id)
db.session.delete(item)
return redirect('/catalog/%s/items' % category_name)
elif request.method == 'GET':
(state, logged_in, username) = gplus.get_login_state()
data = {
'item_name': item_name,
'state': state,
'logged_in': logged_in,
'username': username
}
return render_template('delete.html', data=data)
def index():
'''Shows categories and latest items'''
categories = db.get_categories()
categories = [category.name for category in categories]
items = db.get_items()
latest_items = [[item.name, db.get_category_name_by_id(item.category_id)] for item in items] #NOQA
(state, logged_in, username) = gplus.get_login_state()
data = {
'categories': categories,
'latest_items': latest_items,
'state': state,
'logged_in': logged_in,
'username': username
}
return render_template('index.html', data = data)
def index():
'''Shows categories and latest items'''
categories = db.get_categories()
categories = [category.name for category in categories]
items = db.get_items()
latest_items = [[item.name,
db.get_category_name_by_id(item.category_id)]
for item in items] #NOQA
(state, logged_in, username) = gplus.get_login_state()
data = {
'categories': categories,
'latest_items': latest_items,
'state': state,
'logged_in': logged_in,
'username': username
}
return render_template('index.html', data=data)
def gconnect():
if is_logged_in():
categories = db.get_categories()
categories = [category.name for category in categories]
latest_items = db.get_items()
latest_items = [[item.name, db.get_category_name_by_id(item.category_id)] for item in latest_items] #NOQA
data = {
'categories': categories,
'latest_items': latest_items,
'logged_in': True,
'username': views.login_session['username']
}
return render_template('index.html', data = data)
if request.args.get('state') != views.login_session['state']:
response = make_response(views.json.dumps('Invalid state paremeter'), 401)
response.headers['Content-Type'] = 'application/json'
return response
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = views.flow_from_clientsecrets('client_secrets.json', scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except views.FlowExchangeError:
response = make_response(views.json.dumps('Failed to upgrade the authorization code.'), 401) #NOQA
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid:
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' % access_token) #NOQA
http = httplib2.Http()
result = views.json.loads(http.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(views.json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# Verify that the access token is used for the intended user:
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response("Token's user ID doesn't match given user ID.", 401) #NOQA
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app:
if result['issued_to'] != views.CLIENT_ID:
response = make_response(views.json.dumps("Token's client ID does not match app's."), 401) #NOQA
print("Token's client ID does not match app's.")
response.headers['Content-Type'] = 'application/json'
return response
# Check to see if user is already logged in
stored_credentials = views.login_session.get('credentials')
stored_gplus_id = views.login_session.get('gplus_id')
if stored_credentials is not None and gplus_id == stored_gplus_id:
response = make_response(views.json.dumps("Current user is already connected."), 200) #NOQA
response.headers['Content-Type'] = 'application/json'
# Get user info
userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params = params)
data = views.json.loads(answer.text)
# Store the access token in the session for later use.
views.login_session['credentials'] = credentials.access_token
views.login_session['gplus_id'] = gplus_id
views.login_session['username'] = data['name']
# Add a new user if this user doesn't already exist
user_id = db.get_user_id_by_name(data['name'])
if not user_id:
user_id = db.create_user(views.login_session)
views.login_session['user_id'] = user_id
return redirect('/')
def gconnect():
if is_logged_in():
categories = db.get_categories()
categories = [category.name for category in categories]
latest_items = db.get_items()
latest_items = [[
item.name, db.get_category_name_by_id(item.category_id)
] for item in latest_items] #NOQA
data = {
'categories': categories,
'latest_items': latest_items,
'logged_in': True,
'username': views.login_session['username']
}
return render_template('index.html', data=data)
if request.args.get('state') != views.login_session['state']:
response = make_response(views.json.dumps('Invalid state paremeter'),
401)
response.headers['Content-Type'] = 'application/json'
return response
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = views.flow_from_clientsecrets('client_secrets.json',
scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except views.FlowExchangeError:
response = make_response(
views.json.dumps('Failed to upgrade the authorization code.'),
401) #NOQA
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid:
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s' %
access_token) #NOQA
http = httplib2.Http()
result = views.json.loads(http.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(views.json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
# Verify that the access token is used for the intended user:
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response(
"Token's user ID doesn't match given user ID.", 401) #NOQA
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app:
if result['issued_to'] != views.CLIENT_ID:
response = make_response(
views.json.dumps("Token's client ID does not match app's."),
401) #NOQA
print("Token's client ID does not match app's.")
response.headers['Content-Type'] = 'application/json'
return response
# Check to see if user is already logged in
stored_credentials = views.login_session.get('credentials')
stored_gplus_id = views.login_session.get('gplus_id')
if stored_credentials is not None and gplus_id == stored_gplus_id:
response = make_response(
views.json.dumps("Current user is already connected."), 200) #NOQA
response.headers['Content-Type'] = 'application/json'
# Get user info
userinfo_url = 'https://www.googleapis.com/oauth2/v1/userinfo'
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = views.json.loads(answer.text)
# Store the access token in the session for later use.
views.login_session['credentials'] = credentials.access_token
views.login_session['gplus_id'] = gplus_id
views.login_session['username'] = data['name']
# Add a new user if this user doesn't already exist
user_id = db.get_user_id_by_name(data['name'])
if not user_id:
user_id = db.create_user(views.login_session)
views.login_session['user_id'] = user_id
return redirect('/')
