def list(): account = load_account() if account is None: flash( 'We now support accounts! Register for an account and your current favorites will automatically be added to your account.' ) return redirect(url_for('account.get_login')) props = {'currentPage': 'favorites'} base = request.args.to_dict() base.pop('o', None) favorites = [] fave_type = get_value(request.args, 'type', 'artist') if fave_type == 'post': favorites = get_favorite_posts(account['id']) sort_field = restrict_value(get_value(request.args, 'sort'), ['faved_seq', 'published'], 'faved_seq') else: favorites = get_favorite_artists(account['id']) sort_field = restrict_value(get_value(request.args, 'sort'), ['faved_seq', 'updated'], 'updated') offset = parse_int(request.args.get('o'), 0) sort_asc = True if get_value(request.args, 'order') == 'asc' else False results = sort_and_filter_favorites(favorites, offset, sort_field, sort_asc) props['fave_type'] = fave_type props['sort_field'] = sort_field props['sort_asc'] = sort_asc props['count'] = len(favorites) props['limit'] = 25 response = make_response( render_template( 'favorites.html', props=props, base=base, source='account', results=results, ), 200) response.headers['Cache-Control'] = 's-maxage=60' return response
def post_login(): account = load_account() if account is not None: return redirect(set_query_parameter(url_for('artists.list'), 'logged_in', 'yes')) query = request.query_string.decode('utf-8') if len(query) > 0: query = '?' + query username = get_value(request.form, 'username') password = get_value(request.form, 'password') success = attempt_login(username, password) if not success: return redirect(url_for('account.get_login') + query) redir = get_value(request.args, 'redir') if redir is not None: return redirect(set_query_parameter(redir, 'logged_in', 'yes')) return redirect(set_query_parameter(url_for('artists.list'), 'logged_in', 'yes'))
def list_account_favorites(): account = load_account() favorites = [] fave_type = get_value(request.args, 'type', 'artist') if fave_type == 'post': favorites = get_favorite_posts(account['id']) else: favorites = get_favorite_artists(account['id']) results = favorites response = make_response(jsonify(results), 200) response.headers['Cache-Control'] = 's-maxage=60' return response
def attempt_login(username, password): if username is None or password is None: return False account_info = get_login_info_for_username(username) if account_info is None: flash('Username or password is incorrect') return False if get_value(current_app.config, 'ENABLE_LOGIN_RATE_LIMITING') and is_login_rate_limited( account_info['id']): flash('You\'re doing that too much. Try again in a little bit.') return False if bcrypt.checkpw(get_base_password_hash(password), account_info['password_hash'].encode('utf-8')): account = load_account(account_info['id'], True) session['account_id'] = account['id'] return True flash('Username or password is incorrect') return False
def get_artist_last_updated(service, artist_id, reload=False): redis = get_conn() key = 'artist_last_updated:' + service + ':' + str(artist_id) last_updated = redis.get(key) if last_updated is None or reload: lock = KemonoRedisLock(redis, key, expire=60, auto_renewal=True) if lock.acquire(blocking=False): cursor = get_cursor() query = 'SELECT max(added) as max FROM posts WHERE service = %s AND "user" = %s' cursor.execute(query, (service, artist_id,)) last_updated = cursor.fetchone() if get_value(last_updated, 'max') is not None: last_updated = last_updated['max'] else: last_updated = datetime.min redis.set(key, last_updated.isoformat(), ex=600) lock.release() else: time.sleep(0.1) get_artist_last_updated(service, artist_id, reload=reload) else: last_updated = dateutil.parser.parse(last_updated) return last_updated
def post_register(): props = { 'query_string': '' } query = request.query_string.decode('utf-8') if len(query) > 0: props['query_string'] = '?' + query username = get_value(request.form, 'username') password = get_value(request.form, 'password') favorites_json = get_value(request.form, 'favorites', '[]') confirm_password = get_value(request.form, 'confirm_password') favorites = [] if favorites_json != '': favorites = json.loads(favorites_json) errors = False if username.strip() == '': flash('Username cannot be empty') errors = True if password.strip() == '': flash('Password cannot be empty') errors = True if password != confirm_password: flash('Passwords do not match') errors = True if is_username_taken(username): flash('Username already taken') errors = True if get_value(current_app.config, 'ENABLE_PASSWORD_VALIDATOR') and is_password_compromised(password): flash('We\'ve detected that password was compromised in a data breach on another site. Please choose a different password.') errors = True if not errors: success = create_account(username, password, favorites) if not success: flash('Username already taken') errors = True if not errors: account = attempt_login(username, password) if account is None: current_app.logger.warning("Error logging into account immediately after creation") flash('Account created successfully.') redir = get_value(request.args, 'redir') if redir is not None: return redirect(redir) return redirect(url_for('artists.list', logged_in='yes')) return make_response(render_template( 'account/register.html', props = props ), 200)