Improve users table sanitization

This commit is contained in:
coolneng 2020-09-17 17:35:11 +02:00
parent 7573e9ab41
commit 5a5486b751
Signed by: coolneng
GPG Key ID: 9893DA236405AF57
5 changed files with 57 additions and 40 deletions

View File

@ -18,8 +18,6 @@ class UserCreate(UserBase):
user_image: Optional[str] = None user_image: Optional[str] = None
device_type: int = Query(None, ge=1, le=2) device_type: int = Query(None, ge=1, le=2)
city_id: int city_id: int
access_key: str
badge: int
class Config: class Config:
orm_mode = True orm_mode = True

View File

@ -1,3 +1,4 @@
from secrets import token_hex
from sqlalchemy import Column, DateTime, Enum, ForeignKey, Integer, String, Text, text from sqlalchemy import Column, DateTime, Enum, ForeignKey, Integer, String, Text, text
from sqlalchemy.sql import func from sqlalchemy.sql import func
@ -10,24 +11,25 @@ class Users(Base):
id = Column(Integer, primary_key=True, autoincrement=True) id = Column(Integer, primary_key=True, autoincrement=True)
social_id = Column(Text) social_id = Column(Text)
type = Column(Integer, nullable=True) type = Column(Integer, nullable=True)
full_name = Column(String(255), index=True, unique=True, nullable=False) full_name = Column(String(255), index=True, nullable=False)
email = Column(String(255), index=True, unique=True, nullable=False) email = Column(String(255), index=True, unique=True, nullable=False)
password = Column(String(255)) password = Column(String(255))
gender = Column(Integer) gender = Column(Integer)
mobile = Column(String(255), nullable=False) mobile = Column(String(255), unique=True, nullable=False)
user_image = Column(String(255)) user_image = Column(String(255))
city_id = Column(Integer, ForeignKey("cities.id")) city_id = Column(Integer, ForeignKey("cities.id"))
user_type = Column(Integer) user_type = Column(Integer)
otp = Column(String(255)) otp = Column(String(255))
otp_valid_time = Column(DateTime) otp_valid_time = Column(DateTime)
access_key = Column(Text) access_key = Column(Text, unique=True, default=token_hex)
lang_type = Column(Integer) lang_type = Column(Integer)
badge = Column(Integer) badge = Column(Integer, server_default=text("0"))
status = Column(Integer, server_default=text("0")) status = Column(Integer, server_default=text("0"))
admin_status = Column(Integer, server_default=text("0")) admin_status = Column(Integer, server_default=text("0"))
device_id = Column(Text) device_id = Column(Text)
device_type = Column(Integer) device_type = Column(Integer)
created = Column(DateTime, nullable=False, server_default=func.now()) created = Column(DateTime, nullable=False, server_default=func.now())
updated = Column(DateTime, nullable=True, onupdate=func.now())
class Cities(Base): class Cities(Base):

View File

@ -0,0 +1,25 @@
"""set default value for badge
Revision ID: 1387db583e1d
Revises: 9ee45f714f8b
Create Date: 2020-09-15 19:31:15.709945
"""
from alembic import op
import sqlalchemy as sa
# revision identifiers, used by Alembic.
revision = "1387db583e1d"
down_revision = "9ee45f714f8b"
branch_labels = None
depends_on = None
def upgrade():
with op.batch_alter_table("users") as batch_op:
batch_op.alter_column(column_name="badge", server_default=sa.text("0"))
def downgrade():
pass

View File

@ -17,40 +17,34 @@ depends_on = None
def upgrade(): def upgrade():
nullable = { nullable = {
"full_name": "users", "users": ["full_name", "email", "mobile"],
"email": "users", "cities": ["name"],
"mobile": "users", "web_bookings": ["name", "email", "contact", "message", "game", "city"],
"name": "cities", "games": ["name", "price"],
"name": "games", "venues": ["address", "name"],
"price": "games", "sports": ["spanish_name"],
"name": "web_bookings", "user_ratings": ["rating"],
"email": "web_bookings", "sports": ["name"],
"contact": "web_bookings",
"message": "web_bookings",
"game": "web_bookings",
"city": "web_bookings",
"address": "venues",
"name": "venues",
"spanish_name": "sports",
"rating": "user_ratings",
"name": "sports",
} }
non_nullable = { non_nullable = {
"social_id": "users", "users": ["social_id", "type"],
"type": "users",
} }
for field, table in nullable.items(): for table, field in nullable.items():
query = "UPDATE {0} SET {1} = '' WHERE {1} IS NULL".format(table, field) for item in field:
query = "UPDATE {0} SET {1} = '' WHERE {1} IS NULL".format(table, item)
op.execute(query) op.execute(query)
with op.batch_alter_table(table) as batch_op: with op.batch_alter_table(table) as batch_op:
batch_op.alter_column( batch_op.alter_column(
column_name=field, nullable=False, server_default=None column_name=item, nullable=False, server_default=None
) )
for field, table in non_nullable.items(): for table, field in non_nullable.items():
for item in field:
with op.batch_alter_table(table) as batch_op: with op.batch_alter_table(table) as batch_op:
batch_op.alter_column(column_name=field, nullable=True, server_default=None) batch_op.alter_column(
column_name=item, nullable=True, server_default=None
)
query = "UPDATE {0} SET {1} = NULL WHERE {1} = '' OR {1} = '0'".format( query = "UPDATE {0} SET {1} = NULL WHERE {1} = '' OR {1} = '0'".format(
table, field table, item
) )
op.execute(query) op.execute(query)

View File

@ -17,8 +17,6 @@ def test_registration():
"device_type": 1, "device_type": 1,
"device_id": token_hex(16), "device_id": token_hex(16),
"city_id": 5, "city_id": 5,
"access_key": token_hex(16),
"badge": 1,
} }
response = client.post("/register", json=user) response = client.post("/register", json=user)
assert response.status_code == 200 assert response.status_code == 200