diff options
| author | Linnnus <[email protected]> | 2024-04-29 09:33:20 +0200 |
|---|---|---|
| committer | Linnnus <[email protected]> | 2024-04-29 09:33:20 +0200 |
| commit | 4ea85a09f7ab6932472ecfcf43c82515928df477 (patch) | |
| tree | d99431b87b1323e7ab9f4f2310cfe2d932c3d825 | |
| parent | 3a33268067897b8670d0d39f5fd93e499230fd63 (diff) | |
Use oath userid to identify applicants
| -rw-r--r-- | app.py | 43 | ||||
| -rw-r--r-- | views/base.html | 1 | ||||
| -rw-r--r-- | views/join_form.html | 1 | ||||
| -rw-r--r-- | views/join_intro.html | 7 |
4 files changed, 33 insertions, 19 deletions
@@ -26,7 +26,8 @@ cursor.executescript(""" CREATE TABLE IF NOT EXISTS applications ( username VARCHAR(12) NOT NULL, preferredRole VARCHAR(6) NOT NULL, - motivation TEXT NOT NULL + motivation TEXT NOT NULL, + userId INTEGER NOT NULL ); """) cursor.close() @@ -41,6 +42,10 @@ app.install(plugin) def index(): return template("index") [email protected]("/join_intro.html") +def join_intro(): + return template("join_intro") + @app.route("/battle") def battle(): state = secrets.token_urlsafe(16) @@ -49,27 +54,32 @@ def battle(): return redirect(authorization_url) @app.route('/callback') -def callback(): +def join_form(): state = request.get_cookie('oauth_state') - code = request.query.get('code') oauth2_session = OAuth2Session(CLIENT_ID, state=state, redirect_uri=REDIRECT_URI) token_response = oauth2_session.fetch_token(TOKEN_URL, authorization_response=request.url, client_secret=CLIENT_SECRET) - return f'Access token: {token_response.get("access_token")}' - [email protected]("/join_intro.html") -def join_intro(): - return template("join_intro") - [email protected]("/join_form.html") -def join_form(): - return template("join_form") - [email protected]("/join_form.html", method="POST") + # Get the user ID of the just authenticated user. As per the API + # documentation, this should be used to identify users. + # + # See: https://develop.battle.net/documentation/guides/regionality-and-apis#:~:text=Developers%20should%20use%20an%20accountId + query_parameters = { + "region": "eu", + } + response = oauth2_session.get("https://oauth.battle.net/oauth/userinfo", params=query_parameters) + response.raise_for_status() + user_info = response.json() + user_id = user_info["id"] + + # We pass the token retrieved here so it can be submitted with the rest of the application. + return template("join_form", user_id=user_id) + [email protected]("/callback", method="POST") def join_submission(db: sqlite3.Connection): name = request.forms.get("name") preferred_role = request.forms.get("preferredRole") motivation = request.forms.get("motivation") + user_id = request.forms.get("userId") if name == None or name.strip() == "": raise HTTPError(400, "Namefield is empty or missing. ( warning: this is not good )") @@ -79,8 +89,11 @@ def join_submission(db: sqlite3.Connection): raise HTTPError(400, "Preferred role must be one of the options (DPS, Tank, Healer) ( idiot )") if motivation == None or motivation.strip() == "": raise HTTPError(400, "Motivitaion field is empty or missing.") + if user_id == None or not user_id.isdigit(): + raise HTTPError(400, "Missing or invalid user id") - db.execute(f"INSERT INTO applications(username, preferredRole, motivation) VALUES (?, ?, ?)", (name, preferred_role, motivation)) + # FIXME: The user id is a 64-bit unsigned integer which may be larger than the INTEGER type of sqlite3. + db.execute(f"INSERT INTO applications(username, preferredRole, motivation, userId) VALUES (?, ?, ?, ?)", (name, preferred_role, motivation, user_id)) return template("join_success") diff --git a/views/base.html b/views/base.html index cba0c5d..3f65912 100644 --- a/views/base.html +++ b/views/base.html @@ -15,7 +15,6 @@ <li><a class="navbar__location" href="/index.html">About us</a></li> <li><a class="navbar__location" href="/history.html">History</a></li> <li><a class="navbar__location" href="/join_intro.html">Join</a></li> - <li><a class="navbar__location" href="/battle">Log in</a></li> </ul> </header> <main>{% block content %}{% endblock %}</main> diff --git a/views/join_form.html b/views/join_form.html index 0e06399..440c993 100644 --- a/views/join_form.html +++ b/views/join_form.html @@ -16,6 +16,7 @@ {% block content %} <form method="POST" class="signup" id="applicationForm"> + <input type="hidden" name="userId" value="{{ user_id | e }}"> <div class="signup__box"> <label class="signup__label" for="name">Name</label> <p> diff --git a/views/join_intro.html b/views/join_intro.html index 9ed93d5..abea4fd 100644 --- a/views/join_intro.html +++ b/views/join_intro.html @@ -16,8 +16,9 @@ feel free to send us an application! </p> <p> - Click the button below to go to the form - where you can submit your application. + In order to sync up, we'll need you to connect your battle.net account. + Click the button below to sign in with your account. + Then you'll be taken to the application form. </p> - <a class="button" href="/join_form.html">Apply</a> + <a class="button" href="/battle">Sign in</a> {% endblock %} |