This is the last quiz in MCS 275. Thanks for sticking with it. You should be proud of all that you've accomplished.
This quiz must be submitted in Gradescope by 12:00pm CST on Tuesday, April 27, 2021.
This quiz covers making web applications with Flask and SQLite.
Complete this quiz individually, and only refer to the following materials.
(I've tried to sort them so that the most helpful references are at the top of the list.)
There are is just one problem on this quiz. The point breakdown is:
| Points | Item |
|---|---|
| 3 | autograder |
| 5 | problem 2 |
| 8 | total |
This problem is based on the web application Whinge that we developed in Lectures 36-38 and which you worked on in Worksheet 14. The source code for that application is available in this zip file:
Suppose we'd like to add another page to this application which allows an administrator to reset the database, deleting all existing posts. This is a destructive action, so it will be protected by a layer of authentication. Visiting /reset/ will display a form that asks for an authentication code, and submitting that form will reset the database only if the correct code is given. The URL that handles the submission of the form will be /reset/confirm, so that's the route which will contain the actual logic to check the code and reset the database.
For the purposes of this quiz, the authentication code is fixed as 481516. (In a real application you'd have a separate login system, and perhaps use a TOTP-based second layer of authentication for certain actions.)
The reset form and authentication code checking functions have already been written. All that remains is for you to write the function that receives the form data and resets the database if appropriate. (You can either handle the reset by dropping the table and building it again, or you can delete all the rows; either is acceptable.)
# Add these functions to `whinge.py` to create the db reset page
# (This is not a complete script that can run on its own.)
def check_auth_code(s):
"""Determine whether `s` is the correct authorization code for
a database reset operation."""
# TODO: Replace hard-coded auth code with actual TOTP algorithm
return s == "481516"
@app.route("/reset/")
def db_reset_form():
return """<!DOCTYPE html>
<html>
<head>
<title>Whinge DB reset</title>
<link rel="stylesheet" href="/static/whinge.css">
</head>
<body>
<h1>Whinge</h1>
<h2>Database reset</h2>
<p>This action will delete all whinges. To proceed, enter the
authentication code.</p>
<form action="/reset/confirm" method="post">
<div>
<label for="code">Auth code:</label>
<input type="text" id="code" name="code">
</div>
<input type="submit" value="Reset database">
</form>
</body>
</html>
"""
#------------------- BEGINNING OF THE PART YOU SHOULD SUBMIT ------------------
@app.route("/reset/confirm",methods=["GET","POST"])
def db_reset():
"""Route that handles submission of the database reset form. The auth code
entered in that form is checked by `check_auth_code`. If that function
returns True, all rows are deleted from table `posts`. Otherwise, no change
is made to the database. In either case, the user is redirected to the top
posts page."""
# YOUR ASSIGNMENT IS TO DELETE THIS COMMENT AND WRITE THIS FUNCTION BODY
# (You may call other functions defined in whinge.py)
#--------------------- END OF THE PART YOU SHOULD SUBMIT -----------------------
Write the body of the function db_reset so that it performs exactly as described above.
Submit the function db_reset to gradescopre in a file called quiz14prob2.py. Do not submit the entire Whinge app, or even the entire whinge.py script. Only submit the function db_reset. This means that the script you submit will not work on its own. (You'll also need to add a docstring at the top of the file quiz14prob2.py since the autograder requires every submitted python file to have a file-level docstring.)
It is recommended that you work on this problem by adding the entire block of code shown above to whinge.py, which will allow you to test the reset functionality. If you test the application before writing a body for db_reset, it should display the reset form when you visit http://localhost:5000/reset/ , but submitting that form will give a HTTP 500 error (internal server error). After you finish your work, submitting the reset form should always return the user to the main page, resetting the database only if the auth code was correct.