The user list did not get updated, because only a single SqlAlchemy s…

…ession was used. This seems to have worked for earlier SQLAlchemy versions. Now, it is not recommended. Changed into explicitely creating a Session
openml · Mar 10, 2024 · cb0a60c · cb0a60c
1 parent a94978b
commit cb0a60c
Show file tree

Hide file tree

Showing 6 changed files with 216 additions and 216 deletions.
diff --git a/.env.dev b/.env.dev
@@ -1,11 +1,15 @@
 FLASK_APP=autoapp.py
 FLASK_ENV=development
 SMTP_SERVER=smtp.mailtrap.io
+EMAIL_SERVER=localhost:5000
 SMTP_PORT=2525
 DATABASE_URI=sqlite:///openml.db
-EMAIL_SENDER=[email protected]
-SMTP_LOGIN=
-SMTP_PASS=
+EMAIL_SENDER=[email protected]
+SMTP_SERVER=email-server
+SMTP_PORT=587
+SMTP_LOGIN=postmaster
+SMTP_PASS=test
+SMTP_USE_TLS=True
 APP_SECRET_KEY=abcd
 JWT_SECRET_KEY=abcd
 TESTING=True

diff --git a/server/app.py b/server/app.py
@@ -1,7 +1,5 @@
-from sqlalchemy.orm import scoped_session, sessionmaker
-
 from server import public, user, data, collection, task
-from .extensions import Base, argon2, bcrypt, db, engine, jwt
+from .extensions import argon2, bcrypt, db, jwt
 from .src.dashboard.dashapp import create_dash_app
 
 
@@ -16,19 +14,9 @@ def register_extensions(app):
     jwt.init_app(app)
     bcrypt.init_app(app)
 
-    # Initialization, see Flask Security
-    db_session = scoped_session(sessionmaker(autocommit=False, autoflush=False, bind=engine))
-    Base.query = db_session.query_property()
     db.init_app(app)
     with app.app_context():
         db.create_all()
-
-    def init_db():
-        """ " Import all modules here that might define models so that
-        they will be registered properly on the metadata.  Otherwise
-        you will have to import them first before calling init_db()"""
-        Base.metadata.create_all(bind=engine)
-
     return None
 
 

diff --git a/server/extensions.py b/server/extensions.py
@@ -11,6 +11,7 @@
 from flask_sqlalchemy import SQLAlchemy
 from sqlalchemy import create_engine
 from sqlalchemy.ext.declarative import declarative_base
+from sqlalchemy.orm import sessionmaker
 
 from server.config import Config
 
@@ -43,6 +44,9 @@
     Base = declarative_base()
     Base.metadata.reflect(engine)
 
+
+Session = sessionmaker(autoflush=False, bind=engine)
+
 argon2 = Argon2()
 db = SQLAlchemy()
 jwt = JWTManager()

diff --git a/server/public/views.py b/server/public/views.py
@@ -4,7 +4,9 @@
 from distutils.util import strtobool
 
 from flask_cors import CORS
-from server.extensions import db
+
+from server.extensions import Session
+from server.src.dashboard.helpers import logger
 from server.user.models import User, UserGroups
 from server.utils import confirmation_email, forgot_password_email, send_feedback
 
@@ -28,47 +30,46 @@
 def signupfunc():
     """Registering user and checking for already existing user"""
     register_obj = request.get_json()
-    check_user = User.query.filter_by(email=register_obj["email"]).first()
-    if check_user is None:
-        user = User(username=register_obj["email"], email=register_obj["email"])
-        user.set_password(register_obj["password"])
-        user.set_session_hash()
-        user.ip_address = request.remote_addr
-        user.activation_selector = None
-        user.activation_code = "0000"
-        user.forgotten_password_selector = None
-        user.forgotten_password_code = "0000"
-        user.forgotten_password_time = "0000"
-        user.remember_selector = None
-        user.remember_code = "0000"
-        user.created_on = "0000"
-        user.last_login = "0000"
-        user.active = "0" if DO_SEND_EMAIL else "1"
-        user.first_name = register_obj["first_name"]
-        user.last_name = register_obj["last_name"]
-        user.company = "0000"
-        user.phone = "0000"
-        user.country = "0000"
-        user.image = "0000"
-        user.bio = "No Bio"
-        user.core = "0000"
-        user.external_source = "0000"
-        user.external_id = "0000"
-        user.password_hash = "0000"
-        timestamp = datetime.datetime.now()
-        timestamp = timestamp.strftime("%d %H:%M:%S")
-        md5_digest = hashlib.md5(timestamp.encode()).hexdigest()
-        user.update_activation_code(md5_digest)
-        if DO_SEND_EMAIL:
-            confirmation_email(user.email, md5_digest)
-        db.session.add(user)
-        # db.session.commit()
-        # user_ = User.query.filter_by(email=register_obj["email"]).first()
-        db.session.commit()
-
-        return jsonify({"msg": "User created"}), 200
-    else:
-        return jsonify({"msg": "User already exists"}), 200
+    with Session() as session:
+        check_user = session.query(User).filter_by(email=register_obj["email"]).first()
+        if check_user is None:
+            user = User(username=register_obj["email"], email=register_obj["email"])
+            user.set_password(register_obj["password"])
+            user.set_session_hash()
+            user.ip_address = request.remote_addr
+            user.activation_selector = None
+            user.activation_code = "0000"
+            user.forgotten_password_selector = None
+            user.forgotten_password_code = "0000"
+            user.forgotten_password_time = "0000"
+            user.remember_selector = None
+            user.remember_code = "0000"
+            user.created_on = "0000"
+            user.last_login = "0000"
+            user.active = "0" if DO_SEND_EMAIL else "1"
+            user.first_name = register_obj["first_name"]
+            user.last_name = register_obj["last_name"]
+            user.company = "0000"
+            user.phone = "0000"
+            user.country = "0000"
+            user.image = "0000"
+            user.bio = "No Bio"
+            user.core = "0000"
+            user.external_source = "0000"
+            user.external_id = "0000"
+            user.password_hash = "0000"
+            timestamp = datetime.datetime.now()
+            timestamp = timestamp.strftime("%d %H:%M:%S")
+            md5_digest = hashlib.md5(timestamp.encode()).hexdigest()
+            user.update_activation_code(md5_digest)
+            if DO_SEND_EMAIL:
+                confirmation_email(user.email, md5_digest)
+            session.add(user)
+            session.commit()
+
+            return jsonify({"msg": "User created"}), 200
+        else:
+            return jsonify({"msg": "User already exists"}), 200
 
 
 @blueprint.route("/forgotpassword", methods=["POST"])
@@ -78,13 +79,17 @@ def password():
     timestamp = datetime.datetime.now()
     timestamp = timestamp.strftime("%d %H:%M:%S")
     md5_digest = hashlib.md5(timestamp.encode()).hexdigest()
-    user = User.query.filter_by(email=jobj["email"]).first()
-    user.update_forgotten_code(md5_digest)
-    # user.update_forgotten_time(timestamp)
-    if DO_SEND_EMAIL:
-        forgot_password_email(user.email, md5_digest)
-    db.session.merge(user)
-    db.session.commit()
+    with Session() as session:
+        user = session.query(User).filter_by(email=jobj["email"]).first()
+        if not user:
+            logger.warning(f"No user found with email {jobj['email']}")
+            return jsonify({"msg": "Token sent"}), 200  # not leaking info if email exists
+        user.update_forgotten_code(md5_digest)
+        # user.update_forgotten_time(timestamp)
+        if DO_SEND_EMAIL:
+            forgot_password_email(user.email, md5_digest)
+        session.merge(user)
+        session.commit()
     return jsonify({"msg": "Token sent"}), 200
 
 
@@ -95,15 +100,20 @@ def confirmation_token():
     timestamp = datetime.datetime.now()
     timestamp = timestamp.strftime("%d %H:%M:%S")
     md5_digest = hashlib.md5(timestamp.encode()).hexdigest()
-    user = User.query.filter_by(email=jobj["email"]).first()
-    user.update_activation_code(md5_digest)
-    if DO_SEND_EMAIL:
-        confirmation_email(user.email, md5_digest)
-    # updating user groups here
-    user_ = UserGroups(user_id=user.id, group_id=2)
-    db.session.merge(user)
-    db.session.add(user_)
-    db.session.commit()
+    with Session() as session:
+        user = session.query(User).filter_by(email=jobj["email"]).first()
+        if not user:
+            logger.warning(f"No user found with email {jobj['email']}")
+            # not leaking info if email exists
+            return jsonify({"msg": "User confirmation token sent"}), 200
+        user.update_activation_code(md5_digest)
+        if DO_SEND_EMAIL:
+            confirmation_email(user.email, md5_digest)
+        # updating user groups here
+        user_group = UserGroups(user_id=user.id, group_id=2)
+        session.merge(user)
+        session.add(user_group)
+        session.commit()
     return jsonify({"msg": "User confirmation token sent"}), 200