Improve users table sanitization

2020-09-17 17:35:11 +02:00 · 2020-09-17 17:35:11 +02:00 · 5a5486b751
parent 7573e9ab41
commit 5a5486b751
5 changed files with 57 additions and 40 deletions
--- a/app/schemas.py
+++ b/app/schemas.py
@ -18,8 +18,6 @@ class UserCreate(UserBase):
    user_image: Optional[str] = None
    device_type: int = Query(None, ge=1, le=2)
    city_id: int
-    access_key: str
-    badge: int

    class Config:
        orm_mode = True
--- a/database/models.py
+++ b/database/models.py
@ -1,3 +1,4 @@
+from secrets import token_hex
 from sqlalchemy import Column, DateTime, Enum, ForeignKey, Integer, String, Text, text
 from sqlalchemy.sql import func

@ -10,24 +11,25 @@ class Users(Base):
    id = Column(Integer, primary_key=True, autoincrement=True)
    social_id = Column(Text)
    type = Column(Integer, nullable=True)
-    full_name = Column(String(255), index=True, unique=True, nullable=False)
+    full_name = Column(String(255), index=True, nullable=False)
    email = Column(String(255), index=True, unique=True, nullable=False)
    password = Column(String(255))
    gender = Column(Integer)
-    mobile = Column(String(255), nullable=False)
+    mobile = Column(String(255), unique=True, nullable=False)
    user_image = Column(String(255))
    city_id = Column(Integer, ForeignKey("cities.id"))
    user_type = Column(Integer)
    otp = Column(String(255))
    otp_valid_time = Column(DateTime)
-    access_key = Column(Text)
+    access_key = Column(Text, unique=True, default=token_hex)
    lang_type = Column(Integer)
-    badge = Column(Integer)
+    badge = Column(Integer, server_default=text("0"))
    status = Column(Integer, server_default=text("0"))
    admin_status = Column(Integer, server_default=text("0"))
    device_id = Column(Text)
    device_type = Column(Integer)
    created = Column(DateTime, nullable=False, server_default=func.now())
+    updated = Column(DateTime, nullable=True, onupdate=func.now())


 class Cities(Base):
--- a/migrations/versions/1387db583e1d_set_default_value_for_badge.py
+++ b/migrations/versions/1387db583e1d_set_default_value_for_badge.py
@ -0,0 +1,25 @@
+"""set default value for badge
+
+Revision ID: 1387db583e1d
+Revises: 9ee45f714f8b
+Create Date: 2020-09-15 19:31:15.709945
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = "1387db583e1d"
+down_revision = "9ee45f714f8b"
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    with op.batch_alter_table("users") as batch_op:
+        batch_op.alter_column(column_name="badge", server_default=sa.text("0"))
+
+
+def downgrade():
+    pass
--- a/migrations/versions/15a14d428bff_sanitize_nullable_and_non_nullable_.py
+++ b/migrations/versions/15a14d428bff_sanitize_nullable_and_non_nullable_.py
@ -17,40 +17,34 @@ depends_on = None

 def upgrade():
    nullable = {
-        "full_name": "users",
-        "email": "users",
-        "mobile": "users",
-        "name": "cities",
-        "name": "games",
-        "price": "games",
-        "name": "web_bookings",
-        "email": "web_bookings",
-        "contact": "web_bookings",
-        "message": "web_bookings",
-        "game": "web_bookings",
-        "city": "web_bookings",
-        "address": "venues",
-        "name": "venues",
-        "spanish_name": "sports",
-        "rating": "user_ratings",
-        "name": "sports",
+        "users": ["full_name", "email", "mobile"],
+        "cities": ["name"],
+        "web_bookings": ["name", "email", "contact", "message", "game", "city"],
+        "games": ["name", "price"],
+        "venues": ["address", "name"],
+        "sports": ["spanish_name"],
+        "user_ratings": ["rating"],
+        "sports": ["name"],
    }
    non_nullable = {
-        "social_id": "users",
-        "type": "users",
+        "users": ["social_id", "type"],
    }
-    for field, table in nullable.items():
-        query = "UPDATE {0} SET {1} = '' WHERE {1} IS NULL".format(table, field)
+    for table, field in nullable.items():
+        for item in field:
+            query = "UPDATE {0} SET {1} = '' WHERE {1} IS NULL".format(table, item)
            op.execute(query)
            with op.batch_alter_table(table) as batch_op:
                batch_op.alter_column(
-                column_name=field, nullable=False, server_default=None
+                    column_name=item, nullable=False, server_default=None
                )
-    for field, table in non_nullable.items():
+    for table, field in non_nullable.items():
+        for item in field:
            with op.batch_alter_table(table) as batch_op:
-            batch_op.alter_column(column_name=field, nullable=True, server_default=None)
+                batch_op.alter_column(
+                    column_name=item, nullable=True, server_default=None
+                )
            query = "UPDATE {0} SET {1} = NULL WHERE {1} = '' OR {1} = '0'".format(
-            table, field
+                table, item
            )
            op.execute(query)

--- a/tests/requests_test.py
+++ b/tests/requests_test.py
@ -17,8 +17,6 @@ def test_registration():
        "device_type": 1,
        "device_id": token_hex(16),
        "city_id": 5,
-        "access_key": token_hex(16),
-        "badge": 1,
    }
    response = client.post("/register", json=user)
    assert response.status_code == 200