bton/matekasse
2
1
Fork 2
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: bton:f4181ade0716fd86eaee56ff0019101598a4b7f4
Branches Tags
bton:master
..
compare: bton:364dfb69b684f5cd5c97db135199630ca337d461
Branches Tags
bton:master

No commits in common. "f4181ade0716fd86eaee56ff0019101598a4b7f4" and "364dfb69b684f5cd5c97db135199630ca337d461" have entirely different histories.
f4181ade07 ... 364dfb69b6

3 changed files with 38 additions and 74 deletions
Show stats Expand all files Collapse all files

47
Website/__init__.py
View file

@ -3,8 +3,7 @@ from flask import Flask, render_template, render_template_string, request, make_
from flask_socketio import SocketIO, join_room, leave_room from flask_socketio import SocketIO, join_room, leave_room
from flask_session import Session from flask_session import Session
from markupsafe import escape from markupsafe import escape
from Website.db import get_db from .db import get_db, change_db
import Website.db as db
from datetime import datetime from datetime import datetime
finished = None finished = None
preis = 150 #Ein Getraenk preis = 150 #Ein Getraenk
@ -64,7 +63,7 @@ def create_app(test_config=None):
c = db.cursor() c = db.cursor()
c.execute("SELECT * FROM users") c.execute("SELECT * FROM users")
users = c.fetchall() users = c.fetchall()
return render_template("list.html", users=escape(users), preis=escape(preis/100)) return render_template("list.html", users=users, preis=preis/100)
@app.route("/transactionlist") @app.route("/transactionlist")
def transactionlist(): def transactionlist():
@ -124,7 +123,7 @@ def create_app(test_config=None):
if user != None : if user != None :
c.execute(f"SELECT * FROM tags WHERE userid={user[0]}") c.execute(f"SELECT * FROM tags WHERE userid={user[0]}")
tags = c.fetchall() tags = c.fetchall()
return render_template("user.html", user=escape(user), tags=escape(tags)) return render_template("user.html", user=user, tags=tags)
else: else:
return render_template("error.html", error_code="043") return render_template("error.html", error_code="043")
@ -142,9 +141,9 @@ def create_app(test_config=None):
user = c.fetchone() user = c.fetchone()
if user != None: if user != None:
user_name = user[1] user_name = user[1]
db.remove_user(user_id) change_db("removeuser", user_id=user_id, before=user_name)
socketio.emit("update", "update") socketio.emit("update", "update")
return render_template("removeuser.html", user_name=escape(user_name)) return render_template("removeuser.html", user_name=user_name)
else: else:
return render_template("error.html", error_code="043") return render_template("error.html", error_code="043")
@ -157,7 +156,7 @@ def create_app(test_config=None):
return render_template("error.html", error_code="418") return render_template("error.html", error_code="418")
c.execute("SELECT * FROM users WHERE username=?", [username]) c.execute("SELECT * FROM users WHERE username=?", [username])
if c.fetchall() == []: if c.fetchall() == []:
db.add_user(username) change_db("adduser", after=username)
socketio.emit("update", "update") socketio.emit("update", "update")
c.execute(f"SELECT * FROM users WHERE username=?", [username]) c.execute(f"SELECT * FROM users WHERE username=?", [username])
user = c.fetchone() user = c.fetchone()
@ -179,7 +178,7 @@ def create_app(test_config=None):
users = c.fetchall() users = c.fetchall()
if users != []: if users != []:
balance_old = users[0][2] balance_old = users[0][2]
db.change_balance(user_id, change) change_db("balance", change=change, user_id=user_id)
socketio.emit("update", "update") socketio.emit("update", "update")
return render_template("redirect.html") return render_template("redirect.html")
else: else:
@ -194,7 +193,7 @@ def create_app(test_config=None):
session_id = uuid.uuid4() session_id = uuid.uuid4()
session[id] = session_id session[id] = session_id
user_queue.put([user_id, "add", session_id]) user_queue.put([user_id, "add", session_id])
return render_template("addtag.html", user=escape(user_id)) return render_template("addtag.html", user=user_id)
@socketio.on('addtag') @socketio.on('addtag')
def request_addtag(data): def request_addtag(data):
@ -235,14 +234,16 @@ def create_app(test_config=None):
session_id = uuid.uuid4() session_id = uuid.uuid4()
session[id] = session_id session[id] = session_id
user_queue.put([user_id, "remove", session_id]) user_queue.put([user_id, "remove", session_id])
return render_template("removetag.html", user=escape(user_id)) return render_template("removetag.html", user=user_id)
else: else:
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute(f"SELECT * FROM tags WHERE (tagid = ? AND userid = ?)", [tag_id, user_id]) c.execute(f"SELECT * FROM tags WHERE (tagid = ? AND userid = ?)", [tag_id, user_id])
if c.fetchall != []: if c.fetchall != []:
db.remove_tag(tag_id) c.execute(f"DELETE FROM tags WHERE (tagid = ? AND userid = ?)", [tag_id, user_id])
db.commit()
message = f"Removed {tag_id} from user {user_id}" message = f"Removed {tag_id} from user {user_id}"
log(type="removetag", userid=user_id, before=tag_id)
return render_template("redirect.html") return render_template("redirect.html")
else: else:
return render_template("error.html", error_code="054") return render_template("error.html", error_code="054")
@ -287,8 +288,8 @@ def create_app(test_config=None):
try: try:
change = int(request.args.get("change")) change = int(request.args.get("change"))
except: except:
change = preis change = preis
db.change_balance(user_id, change) change_db("balance", user_id=userid, change=change)
socketio.emit("update", "update") socketio.emit("update", "update")
return make_response(json.dumps({"mode":"balance", "username":user[1], "balance":user_new[2]})) return make_response(json.dumps({"mode":"balance", "username":user[1], "balance":user_new[2]}))
else: else:
@ -336,7 +337,7 @@ def create_app(test_config=None):
finished = queue_item finished = queue_item
return make_response(json.dumps({"mode":"error","error":"170"})) return make_response(json.dumps({"mode":"error","error":"170"}))
else: else:
db.add_tag(user_id, tag_id) change_db("addtag", after=tag_id, user_id=user_id)
message = f"Added {tag_id} to {username}" message = f"Added {tag_id} to {username}"
finished = queue_item finished = queue_item
return make_response(json.dumps({"mode":"message","username":"{}".format(username),"message":"A tag was added"})) return make_response(json.dumps({"mode":"message","username":"{}".format(username),"message":"A tag was added"}))
@ -363,7 +364,7 @@ def create_app(test_config=None):
if user_list != []: if user_list != []:
balance_old = user_list[0][2] balance_old = user_list[0][2]
if user_queue.qsize() == 0: if user_queue.qsize() == 0:
db.change_balance(tag[1], preis) change_db("balance", user_id=tag[1], change=preis)
c.execute(f"SELECT * FROM users WHERE id={tag[1]}") c.execute(f"SELECT * FROM users WHERE id={tag[1]}")
user = c.fetchone() user = c.fetchone()
socketio.emit("update", "update") socketio.emit("update", "update")
@ -381,20 +382,7 @@ def create_app(test_config=None):
before = request.form["before"] before = request.form["before"]
after = request.form["after"] after = request.form["after"]
change = request.form["change"] change = request.form["change"]
change_db(statement, user_id, before, after, change)
if statement == "adduser":
db.add_user(after)
elif statement == "removeuser":
db.remove_user(user_id)
elif statement == "addtag":
db.add_tag(user_id, after)
elif statement == "removetag":
db.remove_tag(befor)
elif statement == "balance":
db.change_balance(user_id, change)
else:
return make_response(json.dumps({"mode":"error", "error":"418"})) #Error code
socketio.emit("update", "update") socketio.emit("update", "update")
return render_template("index.html") return render_template("index.html")
@ -403,5 +391,4 @@ def create_app(test_config=None):
def documentation(): def documentation():
return render_template("documentation.html") return render_template("documentation.html")
return {"app":app,"socketio":socketio} return {"app":app,"socketio":socketio}

55
Website/db.py
View file

@ -10,47 +10,24 @@ def log(statement, user_id, before, after, change):
c.execute("INSERT INTO transaction_log (timestamp, type, user_id, before, after, change) VALUES (?, ?, ?, ?, ?, ?)", [datetime.now(), statement, user_id, before, after, change]) c.execute("INSERT INTO transaction_log (timestamp, type, user_id, before, after, change) VALUES (?, ?, ?, ?, ?, ?)", [datetime.now(), statement, user_id, before, after, change])
db.commit() db.commit()
def add_user(after): def change_db(statement, user_id=None, before=None, after=None, change=None):
db = get_db() db = get_db()
c = db.cursor() c = db.cursor()
c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [after]) if statement == "adduser" and after != None:
user_id = c.lastrowid c.execute("INSERT or IGNORE INTO users (username, balance) VALUES (?, 0)", [after])
log("add_user", user_id=user_id, after=after) user_id = c.lastrowid
db.commit() elif statement == "removeuser" and user_id != None and before != None:
c.execute("DELETE FROM tags WHERE userid=?", [user_id])
def remove_user(user_id): c.execute("DELETE FROM users WHERE id=?", [user_id])
db = get_db() elif statement == "addtag" and after != None and user_id != None:
c = db.cursor() c.execute("INSERT OR IGNORE INTO tags (tagid, userid) VALUES ?, ?)", [after, user_id])
c.execute("SELECT * FROM users WHERE id = ?", [user_id]) elif statement == "removetag" and before != None and user_id != None:
user_name = c.fetchone()[1] c.execute("DELETE FROM tags WHERE (tagid = ? AND userid = ?)", [before, user_id])
c.execute("SELECT * FROM tags WHERE userid = ?", [user_id]) elif statement == "balance" and change != None and user_id != None:
for tag in c.fetchall(): c.execute("UPDATE users SET balance = balance + ? WHERE id=?", [change, user_id])
remove_tag(tag[0]) else:
c.execute("DELETE FROM users WHERE id = ?", [user_id]) raise Exception("wrong or missing argument for change_db")
log("remove_user", user_id=user_id, before=user_name) log(statement, user_id, before, after, change)
db.commit()
def add_tag(user_id, tag_id):
db = get_db()
c = db.cursor()
c.execute("INSERT OR IGNORE INTO tags (tagid, userid) VALUES ?, ?)", [tag_id, user_id])
db.commit()
log("addtag", after=tag_id, user_id=user_id)
def remove_tag(tag_id):
db = get_db()
c = db.cursor()
c.execute("SELECT * FROM tags WHERE tagid = ?", [tag_id])
user_id = c.fetchone()[1]
c.execute("DELETE FROM tags WHERE tagid = ?", [tag_id])
log("removetag", before=tag_id, user_id=user_id)
db.commit()
def change_balance(user_id, change):
db = get_db()
c = db.cursor()
c.execute("UPDATE users SET balance = balance + ? WHERE id=?", [change, user_id])
log("balance", user_id=user_id, change=change)
db.commit() db.commit()
def get_db(): def get_db():

10
tests/test_website.py
View file

@ -23,14 +23,14 @@ def test_index(client):
#/adduser #/adduser
def test_adduser(client): def test_adduser(client):
response = client.post('/adduser/user', data={}) response = client.get('/adduser/user')
assert "418" in response.data.decode('utf-8') assert "418" in response.data.decode('utf-8')
def test_adduser_new(app, client): def test_adduser_new(app, client):
with app.app_context(): with app.app_context():
db = get_db() db = get_db()
assert db is get_db() assert db is get_db()
response = client.post('/adduser/user', data={user_name:"test"}) response = client.get('/adduser/user?username=test')
c = db.cursor() c = db.cursor()
c.execute("SELECT * FROM users WHERE username = ?", ["test"]) c.execute("SELECT * FROM users WHERE username = ?", ["test"])
data = c.fetchone() data = c.fetchone()
@ -40,7 +40,7 @@ def test_adduser_new(app, client):
assert data[2] == 0 assert data[2] == 0
def test_adduser_allreadyexists(client): def test_adduser_allreadyexists(client):
response = client.post('/adduser/user', data={username:"test"}) response = client.get('/adduser/user?username=test')
assert "Error: 757" in response.data.decode('utf-8') assert "Error: 757" in response.data.decode('utf-8')
#/addtag #/addtag
@ -49,7 +49,7 @@ def test_addtag(client):
assert response.data.decode('utf-8') == "Error: 095" assert response.data.decode('utf-8') == "Error: 095"
def test_addtag_userid_nan(client): def test_addtag_userid_nan(client):
response = client.post('/addtag', data={id:1}) response = client.get('/addtag?id=test')
assert response.data.decode('utf-8') == "Error: 095" assert response.data.decode('utf-8') == "Error: 095"
def test_add_tag_direktli(app): def test_add_tag_direktli(app):
@ -166,4 +166,4 @@ def test_sqlinjektion_adduser(app, client):
assert data[1] == i assert data[1] == i
assert data[2] == 0 assert data[2] == 0
assert "tag was sucsesfully added" in response.data.decode('utf-8') assert "tag was sucsesfully added" in response.data.decode('utf-8')
count += 1 count += 1