Permalink
Browse files

voting app with secure IDs

  • Loading branch information...
2 parents 9424413 + 88685e7 commit 90278515f14b37916f6fb76df2ca632791163ed6 unknown committed May 9, 2012
Showing with 41 additions and 45 deletions.
  1. +28 −27 main.py
  2. +6 −3 models.py
  3. BIN models.pyc
  4. +3 −9 templates/issue.html
  5. +4 −6 templates/overview.html
View
55 main.py
@@ -3,7 +3,7 @@
from google.appengine.ext.webapp import util, template
from google.appengine.api import urlfetch, memcache, users, mail
-import logging, urllib, os
+import logging, urllib, os, random
from datetime import datetime, timedelta
from models import Issue, Choice, Vote
@@ -29,8 +29,7 @@ def get(self):
recent_voted = [issue for issue in voted_on if issue.is_active()]
recent_results = Issue.recent_results(limit=20)
self.response.out.write(template.render('templates/overview.html', locals()))
-
-
+
class NewHandler(webapp.RequestHandler):
def get(self):
@@ -52,11 +51,12 @@ def post(self):
duration_amount = int(self.request.get('duration_amount'))
multiplier = int(self.request.get('duration_multiplier'))
+ hashcode = random_string()
issue = Issue(
title = cgi.escape(self.request.get('title')),
description = cgi.escape(self.request.get('description')),
duration = duration_amount * multiplier,
- )
+ urlcode = hashcode)
issue.put()
if self.request.get('option1'):
issue.add_choice(cgi.escape(self.request.get('option1')))
@@ -69,32 +69,29 @@ def post(self):
if self.request.get('option5'):
issue.add_choice(cgi.escape(self.request.get('option5')))
- self.redirect('/issue/%s' % (issue.key().id()))
-
-
+ self.redirect('/issue/%s' % issue.urlcode)
class EditHandler(webapp.RequestHandler):
- def get(self,id):
+ def get(self,urlcode):
user = users.get_current_user()
if user:
logout_url = users.create_logout_url('/')
else:
self.redirect(users.create_login_url(self.request.uri))
return
- issue = Issue.get_by_id(int(id))
+ issue = Issue.get_issue_by_urlcode(urlcode)
choices = issue.choices
self.response.out.write(template.render('templates/edit.html', locals()))
- def post(self,id):
+ def post(self,urlcode):
user = users.get_current_user()
if user:
logout_url = users.create_logout_url('/')
else:
self.redirect(users.create_login_url(self.request.uri))
return
- issue = Issue.get_by_id(int(id))
-
-
+ issue = Issue.get_issue_by_urlcode(urlcode)
+
if self.request.get('extend'):#if extending vote
choices = issue.choices
extend_amount = int(self.request.get('extend_amount')) * int(self.request.get('extend_multiplier'))
@@ -122,36 +119,38 @@ def post(self,id):
issue.add_choice(cgi.escape(self.request.get('option5')))
issue.put()
#choices = issue.choices
- self.redirect('/issue/%s' % (id))
+ self.redirect('/issue/%s' % issue.urlcode)
#self.response.out.write(template.render('templates/edit.html', locals()))
class IssueHandler(webapp.RequestHandler):
- def get(self,id):
+ def get(self,urlcode):
user = users.get_current_user()
if user:
logout_url = users.create_logout_url('/')
else:
self.redirect(users.create_login_url(self.request.uri))
return
- issue = Issue.get_by_id(int(id))
+ issue = Issue.get_issue_by_urlcode(urlcode)
issue.update_status()
- vote = issue.vote_for_member(user)
+ #vote = issue.vote_for_member(user)
- issueUrl = self.request.uri
- self.response.out.write(template.render('templates/Issue.html', locals()))
+ #issueUrl = self.request.uri
+ self.response.out.write(template.render('templates/issue.html', locals()))
- def post(self,id):
- user = users.get_current_user()
- if not user: #don't want someone who is not authenticated to be able to vote
+
+ def post(self,urlcode):
+ user = users.get_current_user()
+ if user:
+ logout_url = users.create_logout_url('/')
+ else:
self.redirect(users.create_login_url(self.request.uri))
- return
- issue = Issue.get_by_id(int(id))
+ issue = Issue.get_issue_by_urlcode(urlcode)
#vote = issue.vote_for_member()
new_choice = Choice.get_by_id(int(self.request.get('choice')))
@@ -163,14 +162,16 @@ def post(self,id):
self.redirect('/?success=vote')
-
+def random_string():
+ hashbase = '1234567890abcdefghijklmnopqrstuvwxyz'
+ return ''.join(random.sample(hashbase,len(hashbase)))
def main():
application = webapp.WSGIApplication([
('/',MainPage),
('/new',NewHandler),
- ('/issue/(\d+).*',IssueHandler),
- ('/edit/(\d+).*',EditHandler)],
+ ('/issue/(\w+).*',IssueHandler),
+ ('/edit/(\w+).*',EditHandler)],
debug=True)
util.run_wsgi_app(application)
View
@@ -17,6 +17,7 @@ class Issue(db.Model):
creation_date = db.DateTimeProperty(auto_now_add=True)
start_time = db.DateTimeProperty() #time when first vote is cast
end_time = db.DateTimeProperty() #time when vote will end
+ urlcode = db.StringProperty(required=True)
#Implicit Properties:
#choices = Implicitly created list of choice objects
@@ -130,9 +131,11 @@ def recent_results(cls, member=None,limit=20):#*** Need to fix, limit will be in
return [issue for issue in recent if issue.vote_for_member()] #***this is probably slow
#member_votes = Vote.all().filter('member =',member).fetch(limit)
#return [vote.issue for vote in member_votes if vote.issue.has_results()]
-
-
-
+
+ @classmethod
+ def get_issue_by_urlcode(cls, urlcode):
+ return cls.all().filter('urlcode =',urlcode).get()
+
class Choice(db.Model):
"""Represents a possible response to an issue (e.g. Yes)"""
name = db.StringProperty(required=True)
View
Binary file not shown.
View
@@ -2,16 +2,11 @@
{% block content %}
<div id="primary">
-
{% if issue.member_is_creator %}
This issue is currently private. You may share it by copy and pasting the following url into an email: <b>{{issueUrl}}</b>
{% if issue.is_active %}
- <form method="get" action="/edit/{{issue.key.id}}"><input type = "submit" value="edit"/></form>
- <!--
- <form method="post">
- <input type = "submit" value="stop voting early"/>(coming soon)
- </form>
- -->
+ <form method="get" action="/edit/{{issue.urlcode}}"><input type = "submit" value="edit"/></form>
+
{% endif %}
{% endif %}
@@ -69,5 +64,4 @@
</div>
-
-{% endblock %}
+{% endblock %}
View
@@ -9,36 +9,34 @@
<div class="success_msg"><b>{{success_msg}}</b></div>
{% endif %}
-<!--
<h3>Current Issues</h3>
{% if user %}
{% for issue in issues %}
- <a href="/issue/{{issue.key.id}}">{{issue.title}}</a></br>
+ <a href="/issue/{{issue.urlcode}}">{{issue.title}}</a></br>
{% endfor %}
{% else %}
<b>You must log in to vote</b>
{% endif %}
<h3>Recent Results</h3>
{% for issue in recent_results %}
- <a href="/issue/{{issue.key.id}}">{{issue.title}}</a></br>
+ <a href="/issue/{{issue.urlcode}}">{{issue.title}}</a></br>
{% endfor %}
<h3>Recent Votes</h3>
{% for issue in recent_voted %}
- <a href="/issue/{{issue.key.id}}">{{issue.title}}</a></br>
+ <a href="/issue/{{issue.urlcode}}">{{issue.title}}</a></br>
{% endfor %}
{% if user %}
<h3>My Issues</h3>
{% if created_by %}
{% for issue in created_by %}
- <a href="/issue/{{issue.key.id}}">{{issue.title}}</a></br>
+ <a href="/issue/{{issue.urlcode}}">{{issue.title}}</a></br>
{% endfor %}
{% else %}
You have not created any issues yet
{% endif %}
{% endif %}
--->
{% endblock %}

0 comments on commit 9027851

Please sign in to comment.