From 48020fd23095d668d746a8c9da75689fdc740e0b Mon Sep 17 00:00:00 2001 From: Violeta Perez Andrade Date: Mon, 1 Apr 2024 21:52:43 -0300 Subject: [PATCH 1/3] fixes: -only update non-null fields -check valid URL -match schema types with database table --- app/exceptions/UserException.py | 6 ++++++ app/schemas/Schemas.py | 2 +- app/service/Users.py | 10 ++++++++-- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/app/exceptions/UserException.py b/app/exceptions/UserException.py index abfdeda..a3c275b 100644 --- a/app/exceptions/UserException.py +++ b/app/exceptions/UserException.py @@ -6,3 +6,9 @@ def __init__(self, id: int): status_code = status.HTTP_404_NOT_FOUND detail = f"User with id {id} not found" super().__init__(status_code=status_code, detail=detail) + +class InvalidURL(HTTPException): + def __init__(self, id: int): + status_code = status.HTTP_400_BAD_REQUEST + detail = f"Invalid URL" + super().__init__(status_code=status_code, detail=detail) diff --git a/app/schemas/Schemas.py b/app/schemas/Schemas.py index 0aa08d6..fa5a930 100644 --- a/app/schemas/Schemas.py +++ b/app/schemas/Schemas.py @@ -21,4 +21,4 @@ class LoginRequest(BaseModel): class UpdateUserSchema(BaseModel): name: Optional[str] = None gender: Optional[str] = None - photo: Optional[HttpUrl] = None + photo: str diff --git a/app/service/Users.py b/app/service/Users.py index 763237f..d0f7875 100644 --- a/app/service/Users.py +++ b/app/service/Users.py @@ -1,9 +1,10 @@ -from exceptions.UserException import UserNotFound +from exceptions.UserException import UserNotFound, InvalidURL from exceptions.LoginException import AuthenticationError from models.users import User from repository.Users import UsersRepository import requests import os +import re class UsersService: @@ -76,4 +77,9 @@ def update_user(self, user_id: int, update_data: dict): # es el propio usuario editando sus datos y no permitir # que un usuario edite los de un tercero self.get_user(user_id) - self.user_repository.edit_user(user_id, update_data) + filtered_update_data = {k: v for k, v in update_data.items() if v is not None} + if 'photo' in filtered_update_data: + photo_url = filtered_update_data['photo'] + if not re.match(r'^https?://(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$', photo_url): + raise InvalidURL("Invalid photo URL") + self.user_repository.edit_user(user_id, filtered_update_data) From 04549aa934ee3b31df2bbaf6adc87768e4fef2c9 Mon Sep 17 00:00:00 2001 From: Violeta Perez Andrade Date: Tue, 2 Apr 2024 02:29:12 -0300 Subject: [PATCH 2/3] Fix formatting and update gitignore --- .gitignore | 1 + app/exceptions/UserException.py | 3 ++- app/schemas/Schemas.py | 2 +- app/service/Users.py | 6 ++++-- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 51e9d59..c100deb 100644 --- a/.gitignore +++ b/.gitignore @@ -158,3 +158,4 @@ cython_debug/ # and can be added to the global gitignore or merged into this file. For a more nuclear # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ +.DS_Store \ No newline at end of file diff --git a/app/exceptions/UserException.py b/app/exceptions/UserException.py index a3c275b..29a4ac0 100644 --- a/app/exceptions/UserException.py +++ b/app/exceptions/UserException.py @@ -7,8 +7,9 @@ def __init__(self, id: int): detail = f"User with id {id} not found" super().__init__(status_code=status_code, detail=detail) + class InvalidURL(HTTPException): def __init__(self, id: int): status_code = status.HTTP_400_BAD_REQUEST - detail = f"Invalid URL" + detail = "Invalid URL" super().__init__(status_code=status_code, detail=detail) diff --git a/app/schemas/Schemas.py b/app/schemas/Schemas.py index fa5a930..0997343 100644 --- a/app/schemas/Schemas.py +++ b/app/schemas/Schemas.py @@ -1,4 +1,4 @@ -from pydantic import BaseModel, HttpUrl +from pydantic import BaseModel from typing import Optional diff --git a/app/service/Users.py b/app/service/Users.py index d0f7875..4ea8cc3 100644 --- a/app/service/Users.py +++ b/app/service/Users.py @@ -77,9 +77,11 @@ def update_user(self, user_id: int, update_data: dict): # es el propio usuario editando sus datos y no permitir # que un usuario edite los de un tercero self.get_user(user_id) - filtered_update_data = {k: v for k, v in update_data.items() if v is not None} + filtered_update_data = {k: v for k, v in update_data.items() + if v is not None} if 'photo' in filtered_update_data: photo_url = filtered_update_data['photo'] - if not re.match(r'^https?://(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$', photo_url): + if not re.match(r'^https?://(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}' + r'(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$', photo_url): raise InvalidURL("Invalid photo URL") self.user_repository.edit_user(user_id, filtered_update_data) From 384d9288ce80eb8e7b1c19a3db88b554dac0de0a Mon Sep 17 00:00:00 2001 From: Violeta Perez Andrade Date: Tue, 2 Apr 2024 10:04:46 -0300 Subject: [PATCH 3/3] fix linter --- app/service/Users.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/app/service/Users.py b/app/service/Users.py index 4ea8cc3..74260ee 100644 --- a/app/service/Users.py +++ b/app/service/Users.py @@ -77,11 +77,12 @@ def update_user(self, user_id: int, update_data: dict): # es el propio usuario editando sus datos y no permitir # que un usuario edite los de un tercero self.get_user(user_id) - filtered_update_data = {k: v for k, v in update_data.items() - if v is not None} + filtered_update_data = {k: v for k, v in update_data.items() + if v is not None} if 'photo' in filtered_update_data: photo_url = filtered_update_data['photo'] if not re.match(r'^https?://(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}' - r'(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$', photo_url): + r'(?:/[^/#?]+)+\.(?:jpg|jpeg|png|gif)$', + photo_url): raise InvalidURL("Invalid photo URL") self.user_repository.edit_user(user_id, filtered_update_data)