DV8/GameExpo23
1
0
Fork 0
mirror of https://github.com/Fluffy-Bean/GameExpo23.git synced 2025-05-22 02:54:52 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Deepsource Python issues

Browse source
This commit is contained in:
Michał Gdula 2023-06-24 21:47:13 +00:00
parent e0fc37d48a
commit 4d912d314c
10 changed files with 162 additions and 156 deletions
Download patch file Download diff file Expand all files Collapse all files

267
TFR/server/account.py
View file

@ -21,160 +21,167 @@ from .extensions import db
blueprint = Blueprint("account", __name__, url_prefix="/account")
@blueprint.route("/settings", methods=["GET", "POST"])
@blueprint.route("/settings", methods=["GET"])
@login_required
def settings():
if request.method == "POST":
username = request.form.get("username", "").strip()
email = request.form.get("email", "").strip()
password = request.form.get("password", "").strip()
error = []
def get_settings():
action = request.args.get("action", None)
user = Users.query.filter_by(username=current_user.username).first()
if action == "logout":
logout_user()
flash("Successfully logged out!", "success")
return redirect(url_for("views.index"))
if not check_password_hash(user.password, password):
flash("Password is incorrect!", "error")
return redirect(url_for("account.settings"))
sessions = Sessions.query.filter_by(user_id=current_user.id).all()
return render_template("views/account_settings.html", sessions=sessions)
if "file" in request.files and request.files["file"].filename:
picture = request.files["file"]
file_ext = picture.filename.split(".")[-1].lower()
file_name = f"{user.id}.{file_ext}"
if file_ext not in UPLOAD_EXTENSIONS:
error.append("Picture is not a valid image!")
if picture.content_length > UPLOAD_MAX_SIZE:
error.append(
f"Picture must be less than {UPLOAD_EXTENSIONS / 1000000}MB!"
)
@blueprint.route("/settings", methods=["POST"])
@login_required
def post_settings():
username = request.form.get("username", "").strip()
email = request.form.get("email", "").strip()
password = request.form.get("password", "").strip()
error = []
image = Image.open(picture.stream)
user = Users.query.filter_by(username=current_user.username).first()
# Resizing gifs is more work than it's worth
if file_ext != "gif":
image_x, image_y = image.size
image.thumbnail(
(min(image_x, UPLOAD_RESOLUTION), min(image_y, UPLOAD_RESOLUTION))
)
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.settings"))
if user.picture:
os.remove(os.path.join(UPLOAD_DIR, user.picture))
user.picture = file_name
if file_ext == "gif":
image.save(os.path.join(UPLOAD_DIR, file_name), save_all=True)
else:
image.save(os.path.join(UPLOAD_DIR, file_name))
image.close()
if username:
if USER_REGEX.match(username):
user.username = username
else:
error.append("Username is invalid!")
if email:
if USER_EMAIL_REGEX.match(email):
user.email = email
else:
error.append("Email is invalid!")
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.settings"))
db.session.commit()
flash("Successfully updated account!", "success")
if not check_password_hash(user.password, password):
flash("Password is incorrect!", "error")
return redirect(url_for("account.settings"))
else:
action = request.args.get("action", None)
if action == "logout":
logout_user()
flash("Successfully logged out!", "success")
return redirect(url_for("views.index"))
if "file" in request.files and request.files["file"].filename:
picture = request.files["file"]
file_ext = picture.filename.split(".")[-1].lower()
file_name = f"{user.id}.{file_ext}"
sessions = Sessions.query.filter_by(user_id=current_user.id).all()
return render_template("views/account_settings.html", sessions=sessions)
if file_ext not in UPLOAD_EXTENSIONS:
error.append("Picture is not a valid image!")
if picture.content_length > UPLOAD_MAX_SIZE:
error.append(f"Picture must be less than {UPLOAD_MAX_SIZE}MB!")
image = Image.open(picture.stream)
@blueprint.route("/reset-password", methods=["GET", "POST"])
@login_required
def password_reset():
if request.method == "POST":
current = request.form.get("current", "").strip()
new = request.form.get("new", "").strip()
confirm = request.form.get("confirm", "").strip()
error = []
user = Users.query.filter_by(username=current_user.username).first()
if not current or not new or not confirm:
error.append("Please fill out all fields!")
if not check_password_hash(user.password, current):
error.append("Current password is incorrect!")
if len(new) < 8:
error.append(
"New password is too short! Must be at least 8 characters long."
# Resizing gifs is more work than it's worth
if file_ext != "gif":
image_x, image_y = image.size
image.thumbnail(
(min(image_x, UPLOAD_RESOLUTION), min(image_y, UPLOAD_RESOLUTION))
)
if new != confirm:
error.append("New passwords do not match!")
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.password_reset"))
return redirect(url_for("account.settings"))
user.password = generate_password_hash(new, method="scrypt")
user.alt_id = str(uuid.uuid4())
db.session.commit()
if user.picture:
os.remove(os.path.join(UPLOAD_DIR, user.picture))
flash("Successfully changed password!", "success")
logout_user()
return redirect(url_for("auth.auth"))
else:
return render_template("views/reset_password.html")
user.picture = file_name
if file_ext == "gif":
image.save(os.path.join(UPLOAD_DIR, file_name), save_all=True)
else:
image.save(os.path.join(UPLOAD_DIR, file_name))
image.close()
if username:
if USER_REGEX.match(username):
user.username = username
else:
error.append("Username is invalid!")
if email:
if USER_EMAIL_REGEX.match(email):
user.email = email
else:
error.append("Email is invalid!")
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.settings"))
db.session.commit()
flash("Successfully updated account!", "success")
return redirect(url_for("account.settings"))
@blueprint.route("/delete-account", methods=["GET", "POST"])
@blueprint.route("/password", methods=["GET"])
@login_required
def delete_account():
if request.method == "POST":
username = request.form.get("username", "").strip()
password = request.form.get("password", "").strip()
error = []
def get_password_reset():
return render_template("views/reset_password.html")
user = Users.query.filter_by(username=current_user.username).first()
if username != user.username:
error.append("Username does not match!")
if not password:
error.append("Please fill out all fields!")
if not check_password_hash(user.password, password):
error.append("Password is incorrect!")
@blueprint.route("/password", methods=["POST"])
@login_required
def post_password_reset():
current = request.form.get("current", "").strip()
new = request.form.get("new", "").strip()
confirm = request.form.get("confirm", "").strip()
error = []
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.delete_account"))
user = Users.query.filter_by(username=current_user.username).first()
db.session.query(Sessions).filter_by(user_id=current_user.id).delete()
db.session.query(Scores).filter_by(user_id=current_user.id).delete()
db.session.query(ProfileTags).filter_by(user_id=current_user.id).delete()
db.session.query(PasswordReset).filter_by(user_id=current_user.id).delete()
db.session.delete(user)
db.session.commit()
if not current or not new or not confirm:
error.append("Please fill out all fields!")
if not check_password_hash(user.password, current):
error.append("Current password is incorrect!")
if len(new) < 8:
error.append(
"New password is too short! Must be at least 8 characters long."
)
if new != confirm:
error.append("New passwords do not match!")
flash("Successfully deleted account!", "success")
logout_user()
return redirect(url_for("auth.auth"))
else:
return render_template("views/delete_account.html")
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.password_reset"))
user.password = generate_password_hash(new, method="scrypt")
user.alt_id = str(uuid.uuid4())
db.session.commit()
flash("Successfully changed password!", "success")
logout_user()
return redirect(url_for("auth.auth"))
@blueprint.route("/delete-account", methods=["GET"])
@login_required
def get_delete_account():
return render_template("views/delete_account.html")
@blueprint.route("/delete", methods=["POST"])
@login_required
def post_delete_account():
username = request.form.get("username", "").strip()
password = request.form.get("password", "").strip()
error = []
user = Users.query.filter_by(username=current_user.username).first()
if username != user.username:
error.append("Username does not match!")
if not password:
error.append("Please fill out all fields!")
if not check_password_hash(user.password, password):
error.append("Password is incorrect!")
if error:
for err in error:
flash(err, "error")
return redirect(url_for("account.delete_account"))
db.session.query(Sessions).filter_by(user_id=current_user.id).delete()
db.session.query(Scores).filter_by(user_id=current_user.id).delete()
db.session.query(ProfileTags).filter_by(user_id=current_user.id).delete()
db.session.query(PasswordReset).filter_by(user_id=current_user.id).delete()
db.session.delete(user)
db.session.commit()
flash("Successfully deleted account!", "success")
logout_user()
return redirect(url_for("auth.auth"))