def create_profile(self, request, user): if self.avatar_file.data: upload_file = request.files[self.avatar_file.name] if upload_file and allowed_file(upload_file.filename): # Don't trust any input, we use a random string as filename. # or use secure_filename: # http://flask.pocoo.org/docs/patterns/fileuploads/ user_upload_dir = os.path.join(current_app.config['UPLOAD_FOLDER'], "user_%s" % user.id) current_app.logger.debug(user_upload_dir) make_dir(user_upload_dir) root, ext = os.path.splitext(upload_file.filename) today = datetime.now().strftime('_%Y-%m-%d') # Hash file content as filename. hash_filename = hashlib.sha1(upload_file.read()).hexdigest() + "_" + today + ext user.avatar = hash_filename avatar_ab_path = os.path.join(user_upload_dir, user.avatar) # Reset file curso since we used read() upload_file.seek(0) upload_file.save(avatar_ab_path) self.populate_obj(user) self.populate_obj(user.user_detail) db.session.add(user) db.session.commit()
def avatar(): user = User.query.filter_by(name=current_user.name).first_or_404() form = AvatarForm( next = request.args.get('next'), ) if form.validate_on_submit(): if form.avatar.data: file = request.files[form.avatar.name] if file and allowed_file(file.filename): filename = secure_filename(file.filename) fn, ext = os.path.splitext(filename) avatar_filename = os.path.join(current_app.config['USER_IMG_UPLOAD_PATH'], user.name+ext) file.save(avatar_filename) user.avatar = os.path.join(user.name+ext) db.session.add(user) db.session.commit() flash('Avatar updated.', 'success') return render_template('settings/avatar.html', user=user, active="avatar", form=form)
def validate_avatar_file(form, field): if field.data and not allowed_file(field.data.filename): raise ValidationError("Please upload files with extensions: %s" % "/".join(ALLOWED_AVATAR_EXTENSIONS))