2018-01-12 03:40:56 +00:00
|
|
|
import flask; from flask import request
|
|
|
|
|
|
|
|
import etiquette
|
|
|
|
|
2018-07-19 01:37:21 +00:00
|
|
|
from .. import common
|
2018-01-12 03:40:56 +00:00
|
|
|
from .. import decorators
|
|
|
|
from .. import jsonify
|
|
|
|
from .. import sessions
|
|
|
|
|
|
|
|
site = common.site
|
|
|
|
session_manager = common.session_manager
|
|
|
|
|
|
|
|
|
|
|
|
# Individual users #################################################################################
|
|
|
|
|
2018-02-17 22:59:02 +00:00
|
|
|
@site.route('/user/<username>')
|
2018-01-12 03:40:56 +00:00
|
|
|
@session_manager.give_token
|
|
|
|
def get_user_html(username):
|
|
|
|
user = common.P_user(username, response_type='html')
|
2019-08-14 20:40:52 +00:00
|
|
|
return common.render_template(request, 'user.html', user=user)
|
2018-01-12 03:40:56 +00:00
|
|
|
|
2018-02-17 22:59:02 +00:00
|
|
|
@site.route('/user/<username>.json')
|
2018-01-12 03:40:56 +00:00
|
|
|
@session_manager.give_token
|
|
|
|
def get_user_json(username):
|
|
|
|
user = common.P_user(username, response_type='json')
|
|
|
|
user = etiquette.jsonify.user(user)
|
|
|
|
return jsonify.make_json_response(user)
|
|
|
|
|
|
|
|
@site.route('/userid/<user_id>')
|
|
|
|
@site.route('/userid/<user_id>.json')
|
|
|
|
def get_user_id_redirect(user_id):
|
|
|
|
if request.url.endswith('.json'):
|
|
|
|
user = common.P_user_id(user_id, response_type='json')
|
|
|
|
else:
|
|
|
|
user = common.P_user_id(user_id, response_type='html')
|
|
|
|
url_from = '/userid/' + user_id
|
|
|
|
url_to = '/user/' + user.username
|
|
|
|
url = request.url.replace(url_from, url_to)
|
|
|
|
return flask.redirect(url)
|
|
|
|
|
|
|
|
# Login and logout #################################################################################
|
|
|
|
|
|
|
|
@site.route('/login', methods=['GET'])
|
|
|
|
@session_manager.give_token
|
|
|
|
def get_login():
|
2019-08-14 20:40:52 +00:00
|
|
|
response = common.render_template(
|
|
|
|
request,
|
2018-04-15 20:20:08 +00:00
|
|
|
'login.html',
|
2018-04-15 21:32:18 +00:00
|
|
|
min_username_length=common.P.config['user']['min_username_length'],
|
2018-04-15 20:20:08 +00:00
|
|
|
min_password_length=common.P.config['user']['min_password_length'],
|
|
|
|
)
|
|
|
|
return response
|
2018-01-12 03:40:56 +00:00
|
|
|
|
|
|
|
@site.route('/login', methods=['POST'])
|
|
|
|
@session_manager.give_token
|
|
|
|
@decorators.required_fields(['username', 'password'])
|
|
|
|
def post_login():
|
2018-01-16 02:41:21 +00:00
|
|
|
session = session_manager.get(request)
|
|
|
|
if session.user:
|
2018-01-12 03:40:56 +00:00
|
|
|
exc = etiquette.exceptions.AlreadySignedIn()
|
|
|
|
response = etiquette.jsonify.exception(exc)
|
|
|
|
return jsonify.make_json_response(response, status=403)
|
|
|
|
|
|
|
|
username = request.form['username']
|
|
|
|
password = request.form['password']
|
|
|
|
try:
|
|
|
|
# Consideration: Should the server hash the password to discourage
|
|
|
|
# information (user exists) leak via response time?
|
|
|
|
# Currently I think not, because they can check if the account
|
|
|
|
# page 404s anyway.
|
|
|
|
user = common.P.get_user(username=username)
|
|
|
|
user = common.P.login(user.id, password)
|
|
|
|
except (etiquette.exceptions.NoSuchUser, etiquette.exceptions.WrongLogin):
|
|
|
|
exc = etiquette.exceptions.WrongLogin()
|
|
|
|
response = etiquette.jsonify.exception(exc)
|
|
|
|
return jsonify.make_json_response(response, status=422)
|
|
|
|
except etiquette.exceptions.FeatureDisabled as exc:
|
|
|
|
response = etiquette.jsonify.exception(exc)
|
|
|
|
return jsonify.make_json_response(response, status=400)
|
|
|
|
session = sessions.Session(request, user)
|
|
|
|
session_manager.add(session)
|
|
|
|
return jsonify.make_json_response({})
|
|
|
|
|
2018-08-18 05:23:40 +00:00
|
|
|
@site.route('/logout', methods=['POST'])
|
2018-01-12 03:40:56 +00:00
|
|
|
@session_manager.give_token
|
|
|
|
def logout():
|
|
|
|
session_manager.remove(request)
|
2018-08-18 05:23:40 +00:00
|
|
|
response = jsonify.make_json_response({})
|
2018-01-12 03:40:56 +00:00
|
|
|
return response
|
|
|
|
|
|
|
|
# User registration ################################################################################
|
|
|
|
|
|
|
|
@site.route('/register', methods=['GET'])
|
|
|
|
def get_register():
|
|
|
|
return flask.redirect('/login')
|
|
|
|
|
|
|
|
@site.route('/register', methods=['POST'])
|
|
|
|
@session_manager.give_token
|
|
|
|
@decorators.catch_etiquette_exception
|
|
|
|
@decorators.required_fields(['username', 'password_1', 'password_2'])
|
|
|
|
def post_register():
|
2018-01-16 02:41:21 +00:00
|
|
|
session = session_manager.get(request)
|
|
|
|
if session.user:
|
2018-01-12 03:40:56 +00:00
|
|
|
exc = etiquette.exceptions.AlreadySignedIn()
|
|
|
|
response = etiquette.jsonify.exception(exc)
|
|
|
|
return jsonify.make_json_response(response, status=403)
|
|
|
|
|
|
|
|
username = request.form['username']
|
|
|
|
password_1 = request.form['password_1']
|
|
|
|
password_2 = request.form['password_2']
|
|
|
|
|
|
|
|
if password_1 != password_2:
|
|
|
|
response = {
|
|
|
|
'error_type': 'PASSWORDS_DONT_MATCH',
|
|
|
|
'error_message': 'Passwords do not match.',
|
|
|
|
}
|
|
|
|
return jsonify.make_json_response(response, status=422)
|
|
|
|
|
|
|
|
user = common.P.register_user(username, password_1)
|
|
|
|
|
|
|
|
session = sessions.Session(request, user)
|
|
|
|
session_manager.add(session)
|
|
|
|
return jsonify.make_json_response({})
|