Merge pull request #20 from codewizardshq/user-model-update

Landing Page + User model update

Author: usrbinsam

CodeChallenge/__init__.py

@@ -1,7 +1,11 @@
-from flask import Flask, jsonify, make_response, send_from_directory
+import os
+
+from flask import Flask, jsonify, make_response, send_from_directory, redirect
 from flask_cors import CORS
 from werkzeug.middleware.proxy_fix import ProxyFix
+from werkzeug.utils import import_string
 
+from . import core
 from .api.eb import bp as eb_bp
 from .api.questions import bp as questions_bp
 from .api.users import bp as users_bp
@@ -27,8 +31,9 @@ def create_app(config):
     # prevent IP spoofing the rate limiter behind a reverse proxy
     app.wsgi_app = ProxyFix(app.wsgi_app, x_for=1)
 
+    cfg = import_string(f"CodeChallenge.config.{config}")()
     app.config.from_object(__name__)
-    app.config.from_object(f"CodeChallenge.config.{config}")
+    app.config.from_object(cfg)
 
     # Initialize Plugins
     CORS(app)
@@ -53,29 +58,50 @@ def ratelimit_handler(e):
                 status="error",
                 reason=f"rate limit exceeded ({e.description})"), 429)
 
+    js_dir = os.path.join(app.config["DIST_DIR"], "js")
+    css_dir = os.path.join(app.config["DIST_DIR"], "css")
+    fonts_dir = os.path.join(app.config["DIST_DIR"], "fonts")
+    images_dir = os.path.join(app.config["DIST_DIR"], "images")
+
     @app.route("/js/<path:path>")
     def send_js(path):
-        return send_from_directory("../dist/js", path)
+        return send_from_directory(js_dir, path)
 
     @app.route("/css/<path:path>")
     def send_css(path):
-        return send_from_directory("../dist/css", path)
+        return send_from_directory(css_dir, path)
 
     @app.route("/fonts/<path:path>")
     def send_fonts(path):
-        return send_from_directory("../dist/fonts", path)
+        return send_from_directory(fonts_dir, path)
 
     @app.route("/images/<path:path>")
     def send_images(path):
-        return send_from_directory("../dist/images", path)
+        return send_from_directory(images_dir, path)
 
     @app.route("/assets/<path:path>")
     def send_assets(path):
         return send_from_directory("assets", path)
 
+    @app.route("/landing", defaults={"path": ""})
+    @app.route("/landing/<path:path>")
+    def send_landing(path):
+
+        if core.current_rank() != -1:
+            return redirect("/")
+
+        if path:
+            return send_from_directory("../landing/", path)
+        return send_from_directory("../landing/", "index.html")
+
     @app.route("/", defaults={"path": ""})
     @app.route("/<path:path>")
     def catch_all(path):
-        return send_from_directory("../dist/", "index.html")
+
+        # show landing page
+        if core.current_rank() == -1 and not path or path == "home":
+            return redirect("/landing")
+
+        return send_from_directory(app.config["DIST_DIR"], "index.html")
 
     return app

CodeChallenge/api/questions.py

@@ -15,10 +15,11 @@ def json_error(reason, status=400):
 
 
 @bp.route("/rank", methods=["GET"])
-@jwt_required
 def get_rank():
     return jsonify(status="success", rank=core.current_rank(),
-                   timeUntilNextRank=core.time_until_next_rank())
+                   maxRank=core.max_rank(),
+                   timeUntilNextRank=core.time_until_next_rank(),
+                   startsOn=core.friendly_starts_on())
 
 
 @bp.route("/next", methods=["GET"])
@@ -61,15 +62,13 @@ def answer_limit_attempts():
     return current_app.config.get("ANSWER_ATTEMPT_LIMIT", "3 per 30 minutes")
 
 
-# XXX: do we want to add a rate-limiter here?
-# https://flask-limiter.readthedocs.io/en/stable/
 @bp.route("/answer", methods=["POST"])
 @jwt_required
 @limiter.limit(answer_limit_attempts, key_func=user_rank)
 def answer_next_question():
     user = get_current_user()
     if core.current_rank() == user.rank:
-        # all questions have been answered up to the corrent rank
+        # all questions have been answered up to the current rank
         return jsonify({"status": "error",
                         "reason": "no more questions to answer"}), 404
 

CodeChallenge/api/users.py

@@ -26,7 +26,7 @@ def login():
     username = request.json.get("username", None)
     password = request.json.get("password", None)
 
-    user = Users.query.filter_by(email=username).first()
+    user = Users.query.filter_by(username=username).first()
     if user is None or not user.check_password(password):
         return json_error("invalid username or password")
 
@@ -66,31 +66,38 @@ def register():
     user_data = request.get_json()
     new_u = Users()
 
-    email = user_data.get("email", None)
+    # required fields first
+
+    parent_email = user_data.get("parentEmail", None)
     username = user_data.get("username", None)
+    dob = user_data.get("DOB", None)
+    password = user_data.get("password", None)
 
-    if email is None:
-        return json_error("email is required")
+    if parent_email is None:
+        return json_error("parent email is required")
 
     if username is None:
         return json_error("username is required")
 
-    password = user_data.get("password", None)
+    if dob is None:
+        return json_error("DOB is required")
 
-    if password is None or len(password) < 11 or len(password) > 120:
-        return json_error("invalid password length (between 11 and 120)")
-
-    if Users.query.filter_by(email=email).first():
-        return json_error("that email is already in use")
+    if password is None or len(password) < 8 or len(password) > 120:
+        return json_error("invalid password length (between 8 and 120)")
 
     if Users.query.filter_by(username=username).first():
         return json_error("that username has been taken")
 
-    new_u.email = user_data['email']
-    new_u.username = user_data['username']
+    new_u.parent_email = parent_email
+    new_u.username = username
     new_u.password = hash_password(password)
-    new_u.firstname = user_data['firstname']
-    new_u.lastname = user_data['lastname']
+
+    new_u.parentfirstname = user_data.get("parentFirstName")
+    new_u.parentlastname = user_data.get("parentLastName")
+    new_u.studentfirstname = user_data.get("studentFirstName")
+    new_u.studentlastname = user_data.get("studentLastName")
+    new_u.dob = dob
+
     new_u.active = True
 
     db.session.add(new_u)
@@ -106,11 +113,11 @@ def hello_protected():
     user = get_current_user()
 
     return jsonify({"status": "success",
-                    "message": f"Hello {user.firstname}! (id {identity})",
+                    "message": f"Hello {user.studentfirstname}! (id {identity})",
                     "username": user.username,
-                    "email": user.email,
-                    "firstname": user.firstname,
-                    "lastname": user.lastname,
+                    "email": user.parent_email,
+                    "firstname": user.studentfirstname,
+                    "lastname": user.studentfirstname,
                     "rank": user.rank,
                     "timeUntilNextRank": core.time_until_next_rank()})
 
@@ -124,7 +131,7 @@ def forgot_password():
     if email is None:
         return jsonify(status="error", reason="email missing"), 400
 
-    user = Users.query.filter_by(email=email).first()
+    user = Users.query.filter_by(parent_email=email).first()
 
     if user is None:
         return jsonify(status="error",
@@ -138,7 +145,7 @@ def forgot_password():
                   "did not make this request, you can ignore this email. "
                   "To reset your password, use this link within 24 hours. "
                   f"https://www.hackcwhq.com/reset-password?token={token}",
-                  recipients=[user.email])
+                  recipients=[user.parent_email])
 
     if current_app.config.get("TESTING", False):
         msg.extra_headers = {"X-Password-Reset-Token": token}
@@ -159,8 +166,8 @@ def reset_password():
     if token is None or password is None:
         return json_error("missing token or password")
 
-    if len(password) < 11 and len(password) > 120:
-        return json_error("invalid password length (between 11 and 120)")
+    if 8 > len(password) > 120:
+        return json_error("invalid password length (between 8 and 120)")
 
     try:
         reset_password_from_token(token, password)

CodeChallenge/auth.py

@@ -1,3 +1,5 @@
+from datetime import datetime
+
 import argon2
 from flask import current_app
 from flask_jwt_extended import JWTManager
@@ -10,10 +12,16 @@
 
 class Users(db.Model):
     id = db.Column(db.Integer, primary_key=True)
-    firstname = db.Column(db.String(80), nullable=True)
-    lastname = db.Column(db.String(80), nullable=True)
+    studentfirstname = db.Column(db.String(80), nullable=True)
+    studentlastname = db.Column(db.String(80), nullable=True)
+
+    parentfirstname = db.Column(db.String(80), nullable=True)
+    parentlastname = db.Column(db.String(80), nullable=True)
+
     username = db.Column(db.String(80), unique=True, nullable=False)
-    email = db.Column(db.String(120), unique=True, nullable=False)
+    parent_email = db.Column(db.String(120), unique=False, nullable=False)
+    student_email = db.Column(db.String(120), unique=False, nullable=True)
+    dob = db.Column(db.String(10), nullable=False)
     is_admin = db.Column(db.Boolean, nullable=True)
     password = db.Column(db.String(120), nullable=False)
     is_active = db.Column(db.Boolean, default=False, nullable=False)
@@ -36,39 +44,40 @@ def hash_password(plaintext):
 
 
 def authenticate(username, password):
-    user = Users.query.filter_by(email=username).first()
+    user = Users.query.filter_by(username=username).first()
     if user and user.check_password(password):
         return user
 
 
 @jwt.user_loader_callback_loader
-def identity(identity):
-    return Users.query.get(identity)
+def identity(ident):
+    return Users.query.get(ident)
 
 
 def create_user(email, username, password):
     u = Users()
-    u.email = email
+    u.parent_email = email
     u.username = username
     u.password = hash_password(password)
+    u.dob = datetime.now().strftime("%Y-%m-%d")
 
     db.session.add(u)
     db.session.commit()
 
 
 def reset_user(email, password):
-    u = Users.query.filter_by(email=email)
+    u = Users.query.filter_by(parent_email=email)
     u.password = hash_password(password)
 
     db.session.commit()
 
 
 def password_reset_token(user: Users) -> str:
     ts = URLSafeTimedSerializer(current_app.config["SECRET_KEY"])
-    return ts.dumps(user.email, salt="recovery-key")
+    return ts.dumps(user.parent_email, salt="recovery-key")
 
 
 def reset_password_from_token(token: str, password: str):
     ts = URLSafeTimedSerializer(current_app.config["SECRET_KEY"])
-    email = ts.loads(token, salt="recovery-key", max_age=86400)
-    reset_user(email, password)
+    parent_email = ts.loads(token, salt="recovery-key", max_age=86400)
+    reset_user(parent_email, password)

CodeChallenge/config.py

@@ -47,6 +47,7 @@ class ProductionConfig(DefaultConfig):
     MAIL_SUPPRESS_SEND = False
     MAIL_USERNAME = os.getenv("MAIL_USERNAME")
     MAIL_PASSWORD = os.getenv("MAIL_PASSWORD")
+    JWT_ACCESS_TOKEN_EXPIRES = 604800
 
 
 class DevelopmentConfig(ProductionConfig):

CodeChallenge/core.py

@@ -1,6 +1,9 @@
 from datetime import datetime, timezone, timedelta, time
 
 from flask import current_app
+from sqlalchemy import func
+
+from .models import Question, db
 
 
 def current_rank() -> int:
@@ -35,3 +38,15 @@ def time_until_next_rank() -> str:
     diff = datetime.combine(tomorrow, time.min, now.tzinfo) - now
 
     return str(diff)
+
+
+def friendly_starts_on() -> str:
+    """Formatted specifically for the landing page countdown jQuery plugin"""
+    epoch = int(current_app.config["CODE_CHALLENGE_START"])
+    start = datetime.fromtimestamp(epoch, timezone.utc)
+
+    return start.strftime("%m/%d/%Y %H:%M%S UTC")
+
+
+def max_rank() -> int:
+    return db.session.query(func.max(Question.rank)).scalar()