merge

Hanagotchi · Apr 4, 2024 · 43620a6 · 43620a6
2 parents fb3b117 + 7251a41
commit 43620a6
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 9 deletions.
diff --git a/.gitignore b/.gitignore
@@ -157,4 +157,5 @@ cython_debug/
 #  be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
 #  and can be added to the global gitignore or merged into this file.  For a more nuclear
 #  option (not recommended) you can uncomment the following to ignore the entire idea folder.
-#.idea/
+.idea/
+.DS_Store
diff --git a/app/exceptions/UserException.py b/app/exceptions/UserException.py
@@ -15,3 +15,10 @@ def __init__(self):
             status_code=status_code,
             detail="Invalid user data was provided"
         )
+
+
+class InvalidURL(HTTPException):
+    def __init__(self, id: int):
+        status_code = status.HTTP_400_BAD_REQUEST
+        detail = "Invalid URL"
+        super().__init__(status_code=status_code, detail=detail)
diff --git a/app/service/Users.py b/app/service/Users.py
@@ -1,9 +1,10 @@
-from exceptions.UserException import UserNotFound, InvalidData
+from exceptions.UserException import UserNotFound, InvalidData, InvalidURL
 from exceptions.LoginException import AuthenticationError
 from models.users import User
 from repository.Users import UsersRepository
 import requests
 import os
+import re
 
 
 class UsersService:
@@ -38,13 +39,6 @@ def login(self, auth_code: str):
 
         return user
 
-    def update_user(self, user_id: int, update_data: dict):
-        # TODO: aca habria que chequear a partir del token, session o algo que
-        # es el propio usuario editando sus datos y no permitir
-        # que un usuario edite los de un tercero
-        self.get_user(user_id)
-        self.user_repository.edit_user(user_id, update_data)
-
     def _get_access_token(self, authorization_code):
         token_url = "https://oauth2.googleapis.com/token"
         payload = {
@@ -78,6 +72,21 @@ def _get_user_info(self, access_token):
             user_data['photo'] = response.json().get("picture")
         return user_data
 
+    def update_user(self, user_id: int, update_data: dict):
+        # TODO: aca habria que chequear a partir del token, session o algo que
+        # es el propio usuario editando sus datos y no permitir
+        # que un usuario edite los de un tercero
+        self.get_user(user_id)
+        filtered_update_data = {k: v for k, v in update_data.items()
+                                if v is not None}
+        if 'photo' in filtered_update_data:
+            photo_url = filtered_update_data['photo']
+            if not re.match(r'^https?://(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}'
+                            r'(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$',
+                            photo_url):
+                raise InvalidURL("Invalid photo URL")
+        self.user_repository.edit_user(user_id, filtered_update_data)
+
     def _validate_location(self, location):
         if "lat" in location and "long" in location:
             if -90 <= location["lat"] <= 90 and \