mirror of
https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git
synced 2024-12-25 02:44:18 +00:00
Update follow corpus by token method
This commit is contained in:
parent
ed195af6a2
commit
2dc7efbc8d
@ -66,15 +66,11 @@ def disable_corpus_is_public(corpus_id):
|
|||||||
@bp.route('/<hashid:corpus_id>/follow/<token>')
|
@bp.route('/<hashid:corpus_id>/follow/<token>')
|
||||||
@login_required
|
@login_required
|
||||||
def follow_corpus(corpus_id, token):
|
def follow_corpus(corpus_id, token):
|
||||||
corpus = current_user.verify_follow_corpus_token(token)['corpus']
|
if current_user.follow_corpus_by_token(token):
|
||||||
role = current_user.verify_follow_corpus_token(token)['role']
|
|
||||||
if not (current_user.is_authenticated and current_user.verify_follow_corpus_token(token)):
|
|
||||||
abort(403)
|
|
||||||
if not current_user.is_following_corpus(corpus) and current_user != corpus.user:
|
|
||||||
current_user.follow_corpus(corpus, role)
|
|
||||||
db.session.commit()
|
db.session.commit()
|
||||||
flash(f'You are following {corpus.title} now', category='corpus')
|
flash(f'You are following {corpus.title} now', category='corpus')
|
||||||
return redirect(url_for('corpora.corpus', corpus_id=corpus_id))
|
return redirect(url_for('corpora.corpus', corpus_id=corpus_id))
|
||||||
|
abort(403)
|
||||||
|
|
||||||
|
|
||||||
@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/unfollow', methods=['POST'])
|
@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/unfollow', methods=['POST'])
|
||||||
@ -174,12 +170,14 @@ def corpus(corpus_id):
|
|||||||
title='Corpus'
|
title='Corpus'
|
||||||
)
|
)
|
||||||
if current_user.is_following_corpus(corpus) or corpus.is_public:
|
if current_user.is_following_corpus(corpus) or corpus.is_public:
|
||||||
|
cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first_or_404()
|
||||||
corpus_files = [x.to_json_serializeable() for x in corpus.files]
|
corpus_files = [x.to_json_serializeable() for x in corpus.files]
|
||||||
owner = corpus.user.to_json_serializeable()
|
owner = corpus.user.to_json_serializeable()
|
||||||
return render_template(
|
return render_template(
|
||||||
'corpora/public_corpus.html.j2',
|
'corpora/public_corpus.html.j2',
|
||||||
corpus=corpus,
|
corpus=corpus,
|
||||||
corpus_files=corpus_files,
|
corpus_files=corpus_files,
|
||||||
|
cfa=cfa,
|
||||||
owner=owner,
|
owner=owner,
|
||||||
title='Corpus',
|
title='Corpus',
|
||||||
)
|
)
|
||||||
|
@ -792,14 +792,15 @@ class User(HashidMixin, UserMixin, db.Model):
|
|||||||
def is_following_corpus(self, corpus):
|
def is_following_corpus(self, corpus):
|
||||||
return corpus in self.followed_corpora
|
return corpus in self.followed_corpora
|
||||||
|
|
||||||
def generate_follow_corpus_token(self, corpus_id, role, expiration=7):
|
def generate_follow_corpus_token(self, corpus_hashid, role_name, expiration=7):
|
||||||
now = datetime.utcnow()
|
now = datetime.utcnow()
|
||||||
payload = {
|
payload = {
|
||||||
'exp': expiration,
|
'exp': expiration,
|
||||||
'iat': now,
|
'iat': now,
|
||||||
'iss': current_app.config['SERVER_NAME'],
|
'iss': current_app.config['SERVER_NAME'],
|
||||||
'sub': corpus_id,
|
'purpose': 'User.follow_corpus',
|
||||||
'role': role
|
'role_name': role_name,
|
||||||
|
'sub': corpus_hashid
|
||||||
}
|
}
|
||||||
return jwt.encode(
|
return jwt.encode(
|
||||||
payload,
|
payload,
|
||||||
@ -807,23 +808,31 @@ class User(HashidMixin, UserMixin, db.Model):
|
|||||||
algorithm='HS256'
|
algorithm='HS256'
|
||||||
)
|
)
|
||||||
|
|
||||||
def verify_follow_corpus_token(self, token):
|
def follow_corpus_by_token(self, token):
|
||||||
try:
|
try:
|
||||||
payload = jwt.decode(
|
payload = jwt.decode(
|
||||||
token,
|
token,
|
||||||
current_app.config['SECRET_KEY'],
|
current_app.config['SECRET_KEY'],
|
||||||
algorithms=['HS256'],
|
algorithms=['HS256'],
|
||||||
issuer=current_app.config['SERVER_NAME'],
|
issuer=current_app.config['SERVER_NAME'],
|
||||||
options={'require': ['exp', 'iat', 'iss', 'sub']}
|
options={'require': ['exp', 'iat', 'iss', 'purpose', 'role_name', 'sub']}
|
||||||
)
|
)
|
||||||
except jwt.PyJWTError:
|
except jwt.PyJWTError:
|
||||||
return False
|
return False
|
||||||
corpus_id = payload.get('sub')
|
if payload.get('purpose') != 'User.follow_corpus':
|
||||||
|
return False
|
||||||
|
corpus_hashid = payload.get('sub')
|
||||||
|
corpus_id = hashids.decode(corpus_hashid)
|
||||||
corpus = Corpus.query.get_or_404(corpus_id)
|
corpus = Corpus.query.get_or_404(corpus_id)
|
||||||
role = CorpusFollowerRole.query.filter_by(name=payload.get('role')).first()
|
|
||||||
if corpus is None:
|
if corpus is None:
|
||||||
return False
|
return False
|
||||||
return {'corpus': corpus, 'role': role}
|
role_name = payload.get('role_name')
|
||||||
|
role = CorpusFollowerRole.query.filter_by(name=role_name).first()
|
||||||
|
if role is None:
|
||||||
|
return False
|
||||||
|
self.follow_corpus(corpus, role)
|
||||||
|
db.session.add(self)
|
||||||
|
return True
|
||||||
|
|
||||||
def to_json_serializeable(self, backrefs=False, relationships=False, filter_by_privacy_settings=False):
|
def to_json_serializeable(self, backrefs=False, relationships=False, filter_by_privacy_settings=False):
|
||||||
json_serializeable = {
|
json_serializeable = {
|
||||||
|
Loading…
Reference in New Issue
Block a user