etiquette/frontends/etiquette_flask/backend/endpoints/user_endpoints.py

import flask; from flask import request

from voussoirkit import flasktools

import etiquette

from .. import common
from .. import decorators
from .. import sessions

site = common.site
session_manager = common.session_manager

# Individual users #################################################################################

@site.route('/user/<username>')
def get_user_html(username):
    user = common.P_user(username, response_type='html')
    return common.render_template(request, 'user.html', user=user)

@site.route('/user/<username>.json')
def get_user_json(username):
    user = common.P_user(username, response_type='json')
    user = user.jsonify()
    return flasktools.make_json_response(user)

@site.route('/userid/<user_id>')
@site.route('/userid/<user_id>.json')
def get_user_id_redirect(user_id):
    if request.path.endswith('.json'):
        user = common.P_user_id(user_id, response_type='json')
    else:
        user = common.P_user_id(user_id, response_type='html')
    url_from = '/userid/' + user_id
    url_to = '/user/' + user.username
    url = request.url.replace(url_from, url_to)
    return flask.redirect(url)

@site.route('/user/<username>/edit', methods=['POST'])
def post_user_edit(username):
    session = session_manager.get(request)

    if not session:
        return flasktools.make_json_response(etiquette.exceptions.Unauthorized().jsonify(), status=403)
    user = common.P_user(username, response_type='json')
    if session.user != user:
        return flasktools.make_json_response(etiquette.exceptions.Unauthorized().jsonify(), status=403)

    display_name = request.form.get('display_name')
    if display_name is not None:
        user.set_display_name(display_name)

    common.P.commit()

    return flasktools.make_json_response(user.jsonify())

# Login and logout #################################################################################

@site.route('/login', methods=['GET'])
def get_login():
    response = common.render_template(
        request,
        'login.html',
        min_username_length=common.P.config['user']['min_username_length'],
        min_password_length=common.P.config['user']['min_password_length'],
    )
    return response

@site.route('/login', methods=['POST'])
@decorators.required_fields(['username', 'password'])
def post_login():
    session = session_manager.get(request)
    if session.user:
        exc = etiquette.exceptions.AlreadySignedIn()
        response = exc.jsonify()
        return flasktools.make_json_response(response, status=403)

    username = request.form['username']
    password = request.form['password']
    try:
        # Consideration: Should the server hash the password to discourage
        # information (user exists) leak via response time?
        # Currently I think not, because they can check if the account
        # page 404s anyway.
        user = common.P.login(username=username, password=password)
    except (etiquette.exceptions.NoSuchUser, etiquette.exceptions.WrongLogin):
        exc = etiquette.exceptions.WrongLogin()
        response = exc.jsonify()
        return flasktools.make_json_response(response, status=422)
    except etiquette.exceptions.FeatureDisabled as exc:
        response = exc.jsonify()
        return flasktools.make_json_response(response, status=400)
    session = sessions.Session(request, user)
    session_manager.add(session)
    return flasktools.make_json_response({})

@site.route('/logout', methods=['POST'])
def logout():
    session_manager.remove(request)
    response = flasktools.make_json_response({})
    return response

# User registration ################################################################################

@site.route('/register', methods=['GET'])
def get_register():
    return flask.redirect('/login')

@site.route('/register', methods=['POST'])
@decorators.required_fields(['username', 'password_1', 'password_2'])
def post_register():
    session = session_manager.get(request)
    if session.user:
        exc = etiquette.exceptions.AlreadySignedIn()
        response = exc.jsonify()
        return flasktools.make_json_response(response, status=403)

    username = request.form['username']
    display_name = request.form.get('display_name', None)
    password_1 = request.form['password_1']
    password_2 = request.form['password_2']

    if password_1 != password_2:
        response = {
            'error_type': 'PASSWORDS_DONT_MATCH',
            'error_message': 'Passwords do not match.',
        }
        return flasktools.make_json_response(response, status=422)

    user = common.P.new_user(username, password_1, display_name=display_name, commit=True)

    session = sessions.Session(request, user)
    session_manager.add(session)
    return flasktools.make_json_response({})
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`import flask; from flask import request`

Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`from voussoirkit import flasktools`

Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`import etiquette`

Alphabetize imports in endpoints files. 2018-07-19 01:37:21 +00:00			`from .. import common`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`from .. import decorators`
			`from .. import sessions`

			`site = common.site`
			`session_manager = common.session_manager`

			`# Individual users #################################################################################`

Remove unnecessary methods=GET. 2018-02-17 22:59:02 +00:00			`@site.route('/user/<username>')`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`def get_user_html(username):`
			`user = common.P_user(username, response_type='html')`
Centralize flask.render_template calls to simplify common args. 2019-08-14 20:40:52 +00:00			`return common.render_template(request, 'user.html', user=user)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
Remove unnecessary methods=GET. 2018-02-17 22:59:02 +00:00			`@site.route('/user/<username>.json')`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`def get_user_json(username):`
			`user = common.P_user(username, response_type='json')`
Move jsonify methods into the objects instead of separate file. 2021-01-01 20:56:05 +00:00			`user = user.jsonify()`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(user)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
			`@site.route('/userid/<user_id>')`
			`@site.route('/userid/<user_id>.json')`
			`def get_user_id_redirect(user_id):`
Use request.path instead of url for endswith conditions. Because of the query string 2021-01-08 07:04:10 +00:00			`if request.path.endswith('.json'):`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`user = common.P_user_id(user_id, response_type='json')`
			`else:`
			`user = common.P_user_id(user_id, response_type='html')`
			`url_from = '/userid/' + user_id`
			`url_to = '/user/' + user.username`
			`url = request.url.replace(url_from, url_to)`
			`return flask.redirect(url)`

Add UI for editing user's display name. 2021-01-02 03:46:31 +00:00			`@site.route('/user/<username>/edit', methods=['POST'])`
			`def post_user_edit(username):`
			`session = session_manager.get(request)`
Add Unauthorized exception. This should start to see more use as I continue to build up the user profile features. 2021-01-09 23:42:51 +00:00
Add UI for editing user's display name. 2021-01-02 03:46:31 +00:00			`if not session:`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(etiquette.exceptions.Unauthorized().jsonify(), status=403)`
Add UI for editing user's display name. 2021-01-02 03:46:31 +00:00			`user = common.P_user(username, response_type='json')`
			`if session.user != user:`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(etiquette.exceptions.Unauthorized().jsonify(), status=403)`
Add UI for editing user's display name. 2021-01-02 03:46:31 +00:00
			`display_name = request.form.get('display_name')`
			`if display_name is not None:`
			`user.set_display_name(display_name)`

			`common.P.commit()`

Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(user.jsonify())`
Add UI for editing user's display name. 2021-01-02 03:46:31 +00:00
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`# Login and logout #################################################################################`

			`@site.route('/login', methods=['GET'])`
			`def get_login():`
Centralize flask.render_template calls to simplify common args. 2019-08-14 20:40:52 +00:00			`response = common.render_template(`
			`request,`
Include username and password length requirements on form. 2018-04-15 20:20:08 +00:00			`'login.html',`
Rename config user.min_length -> min_username_length. 2018-04-15 21:32:18 +00:00			`min_username_length=common.P.config['user']['min_username_length'],`
Include username and password length requirements on form. 2018-04-15 20:20:08 +00:00			`min_password_length=common.P.config['user']['min_password_length'],`
			`)`
			`return response`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
			`@site.route('/login', methods=['POST'])`
			`@decorators.required_fields(['username', 'password'])`
			`def post_login():`
Create sessions for anons as well, instead of just logged in. It makes sense that anon sessions are still sessions. So @give_token will ensure that every request has a session. Logged in conditionals move from 'if session' to 'if session.user'. 2018-01-16 02:41:21 +00:00			`session = session_manager.get(request)`
			`if session.user:`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`exc = etiquette.exceptions.AlreadySignedIn()`
Move jsonify methods into the objects instead of separate file. 2021-01-01 20:56:05 +00:00			`response = exc.jsonify()`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(response, status=403)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
			`username = request.form['username']`
			`password = request.form['password']`
			`try:`
			`# Consideration: Should the server hash the password to discourage`
			`# information (user exists) leak via response time?`
			`# Currently I think not, because they can check if the account`
			`# page 404s anyway.`
Let login take username. This cuts back on unnecessary sql selects. 2020-09-18 04:02:55 +00:00			`user = common.P.login(username=username, password=password)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`except (etiquette.exceptions.NoSuchUser, etiquette.exceptions.WrongLogin):`
			`exc = etiquette.exceptions.WrongLogin()`
Move jsonify methods into the objects instead of separate file. 2021-01-01 20:56:05 +00:00			`response = exc.jsonify()`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(response, status=422)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`except etiquette.exceptions.FeatureDisabled as exc:`
Move jsonify methods into the objects instead of separate file. 2021-01-01 20:56:05 +00:00			`response = exc.jsonify()`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(response, status=400)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`session = sessions.Session(request, user)`
			`session_manager.add(session)`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response({})`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
Make /logout operate on POST only. 2018-08-18 05:23:40 +00:00			`@site.route('/logout', methods=['POST'])`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`def logout():`
			`session_manager.remove(request)`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`response = flasktools.make_json_response({})`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`return response`

			`# User registration ################################################################################`

			`@site.route('/register', methods=['GET'])`
			`def get_register():`
			`return flask.redirect('/login')`

			`@site.route('/register', methods=['POST'])`
			`@decorators.required_fields(['username', 'password_1', 'password_2'])`
			`def post_register():`
Create sessions for anons as well, instead of just logged in. It makes sense that anon sessions are still sessions. So @give_token will ensure that every request has a session. Logged in conditionals move from 'if session' to 'if session.user'. 2018-01-16 02:41:21 +00:00			`session = session_manager.get(request)`
			`if session.user:`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`exc = etiquette.exceptions.AlreadySignedIn()`
Move jsonify methods into the objects instead of separate file. 2021-01-01 20:56:05 +00:00			`response = exc.jsonify()`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(response, status=403)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
			`username = request.form['username']`
Allow setting display name during registration. 2019-08-26 21:32:51 +00:00			`display_name = request.form.get('display_name', None)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00			`password_1 = request.form['password_1']`
			`password_2 = request.form['password_2']`

			`if password_1 != password_2:`
			`response = {`
			`'error_type': 'PASSWORDS_DONT_MATCH',`
			`'error_message': 'Passwords do not match.',`
			`}`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response(response, status=422)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
Add commit=True to frontend where necessary. 2020-02-20 08:34:28 +00:00			`user = common.P.new_user(username, password_1, display_name=display_name, commit=True)`
Replace etiquette_flask.py with endpoints package. Split the object types' endpoints into separate files and group them better. Should be much easier to navigate and expand. 2018-01-12 03:40:56 +00:00
			`session = sessions.Session(request, user)`
			`session_manager.add(session)`
Move make_json_response to voussoirkit.flasktools. 2021-06-05 04:49:45 +00:00			`return flasktools.make_json_response({})`