From 997327338e474b1667d4691fac0f51fdf9242e5c Mon Sep 17 00:00:00 2001 From: Julian Lobbes Date: Wed, 16 Nov 2022 23:40:07 +0100 Subject: [PATCH] refactor(usermanager): image from form extraction --- lumi2/usermanager.py | 71 +++++++++++++++++++++++++++++++------------- 1 file changed, 50 insertions(+), 21 deletions(-) diff --git a/lumi2/usermanager.py b/lumi2/usermanager.py index 1781752..57ce00a 100644 --- a/lumi2/usermanager.py +++ b/lumi2/usermanager.py @@ -22,9 +22,31 @@ def index(): return render_template('usermanager/index.html') -@bp.route("/user/", methods=("GET", "POST")) -def user_detail(username: str): - """Detail view for a specific User.""" +class InvalidImageException(Exception): + """Raised when an image's filename or contents are invalid.""" + pass + + +def _get_image_from_uploaded_file(file) -> Image.Image: + """Extracts a JPEG image from a file submitted via POST request. + + The file's file extension and content is checked for validity as a JPEG image. + + Parameters + ---------- + file + A file object taken from a POST request. + + Returns + ------- + PIL.Image.Image + A valid JPEG Image object. + + Raises + ------ + InvalidImageException + When the file's file extension or contents are not valid for a JPEG image. + """ def _file_extension_is_valid(filename: str): allowed_extensions = ["jpg", "jpeg"] @@ -34,6 +56,24 @@ def user_detail(username: str): return False return True + if not _file_extension_is_valid(file.filename): + raise InvalidImageException("Invalid file extension.") + + with TemporaryDirectory() as tempdir: + path_to_file = Path(tempdir) / "upload.jpg" + file.save(path_to_file) + try: + return Image.open(path_to_file, formats=['JPEG']) + except UnidentifiedImageError: + raise InvalidImageException( + "Image is either not a JPEG, or its contents are corrupted." + ) + + +@bp.route("/user/", methods=("GET", "POST")) +def user_detail(username: str): + """Detail view for a specific User.""" + try: conn = ldap.get_connection() except Exception: @@ -77,32 +117,21 @@ def user_detail(username: str): if request.form['password']: user.password_hash = User.generate_password_hash(request.form['password']) - picture_updated = False + new_picture = None if 'picture' in request.files: file = request.files['picture'] if len(file.filename): - if _file_extension_is_valid(file.filename): - with TemporaryDirectory() as tempdir: - path_to_file = Path(tempdir) / "upload.jpg" - file.save(path_to_file) - try: - picture = Image.open(path_to_file, formats=['JPEG']) - user.picture = picture - picture_updated = True - except UnidentifiedImageError: - flash( - "There was a problem with the provided picture " \ - "(it may be corrupted)." - ) - form_is_valid = False - else: - flash("Invalid file extension for picture.") + try: + new_picture = _get_image_from_uploaded_file(file) + user.picture = new_picture + except InvalidImageException as e: + flash(f"Invalid picture: {e}") form_is_valid = False if form_is_valid: ldap.update_user(conn, user) flash("User information was updated!") - if picture_updated: + if new_picture is not None: ldap.get_user(conn, user.username)._generate_static_images(force=True) conn.unbind()