def callback_handling():
# Handles response from token endpoint
auth0.authorize_access_token()
resp = auth0.get('userinfo')
userinfo = resp.json()
# Check if user in database
if not User.find_by_identity(userinfo['email']):
print('why I am here????')
print(f"\n\n\n{User.find_by_identity(userinfo['email'])}\n\n\n")
print(f"\n\n\n{userinfo['email']}\n\n\n")
User.create(username=userinfo['nickname'],
name=userinfo['name'],
email=userinfo['email'],
image_link=userinfo['picture'])
# Store the user information in flask session
session[constants.JWT_PAYLOAD] = userinfo
session[constants.PROFILE_KEY] = {
'user_id': userinfo['sub'],
'name': userinfo['name'],
'picture': userinfo['picture']
}
return redirect('/dashboard')
def seed():
"""
Seed the database with an initial user.
:return: User instance
"""
if User.find_by_identity(app.config['SEED_ADMIN_EMAIL']) is not None:
return None
params = {
'role': 'admin',
'email': app.config['SEED_ADMIN_EMAIL'],
'username': app.config['SEED_ADMIN_USERNAME'],
'password': app.config['SEED_ADMIN_PASSWORD']
}
member = {
'role': 'member',
'email': app.config['SEED_MEMBER_EMAIL'],
'username': app.config['SEED_MEMBER_USERNAME'],
'password': app.config['SEED_ADMIN_PASSWORD']
}
member2 = {
'role': 'member',
'email': app.config['SEED_TEST_EMAIL'],
'password': app.config['SEED_ADMIN_PASSWORD']
}
User(**member).save()
User(**member2).save()
return User(**params).save()
def init(with_testdb, with_data):
"""
Initialize the database.
:param with_data:
:param with_testdb: Create a test database
:return: None
"""
uri = app.config['SQLALCHEMY_DATABASE_URI']
print(f"Database uri is {uri}")
if not database_exists(uri):
create_database(uri)
db.create_all()
else:
db.drop_all()
db.create_all()
if with_testdb:
db_uri = '{0}_test'.format(app.config['SQLALCHEMY_DATABASE_URI'])
if not database_exists(db_uri):
create_database(db_uri)
user = User()
user.username = "******"
user.save()
if with_data:
_seed_catalog()
return None
def login():
form = LoginForm(next=request.args.get('next'))
if form.validate_on_submit():
u = User.find_by_identity(request.form.get('identity'))
if u and u.authenticated(password=request.form.get('password')):
# As you can see remember me is always enabled, this was a design
# decision I made because more often than not users want this
# enabled. This allows for a less complicated login form.
#
# If however you want them to be able to select whether or not they
# should remain logged in then perform the following 3 steps:
# 1) Replace 'True' below with: request.form.get('remember', False)
# 2) Uncomment the 'remember' field in user/forms.py#LoginForm
# 3) Add a checkbox to the login form with the id/name 'remember'
if login_user(u, remember=True) and u.is_active():
u.update_activity_tracking(request.remote_addr)
# Handle optionally redirecting to the next URL safely.
next_url = request.form.get('next')
if next_url:
return redirect(safe_next_url(next_url))
return redirect(url_for('user.settings'))
else:
flash('This account has been disabled.', 'error')
else:
flash('Identity or password is incorrect.', 'error')
return render_template('user/login.html', form=form)
def users(db):
"""
Create user fixtures. They reset per test.
:param db: Pytest fixture
:return: SQLAlchemy database session
"""
db.session.query(User).delete()
users = [
{
'role': 'admin',
'email': '*****@*****.**',
'password': '******'
},
{
'active': False,
'email': '*****@*****.**',
'password': '******'
}
]
for user in users:
db.session.add(User(**user))
db.session.commit()
return db
def register_user(self, seed):
user = User(email='user' + str(seed) + '@example.com',
username='******' + str(seed),
password='******')
db.session.add(user)
db.session.commit()
return user
def db(app):
"""
Set up test database, this only gets executed once per session.
:param app: Pytest fixture
:return: SQLAlchemy database session
"""
_db.drop_all()
_db.create_all()
# Create a single user, a lot of tests will not mutate this user
params = {
'role': 'admin',
'email': '*****@*****.**',
'username': '******',
'password': '******'
}
admin = User(**params)
_db.session.add(admin)
_db.session.commit()
return _db
def post(self):
json_data = request.get_json()
if not json_data:
response = jsonify({'error': 'Invalid input.'})
return response, 400
try:
data = auth_schema.load(json_data)
except ValidationError as err:
response = jsonify({'error': err.messages})
return response, 422
user = User.find_by_identity(data['identity'])
if user and user.authenticated(password=data['password']):
# identity is used to lookup a user on protected endpoints
access_token = create_access_token(identity=user.username)
response = jsonify({'data': {'access_token': access_token}})
return response, 200
response = jsonify({'error': 'Invalid credentials.'})
return response, 401
def subscriptions(db):
"""
Create subscription fixtures.
:param db: Pytest fixture
:return: SQLAlchemy database session
"""
subscriber = User.find_by_identity('*****@*****.**')
if subscriber:
subscriber.delete()
db.session.query(Subscription).delete()
params = {
'role': 'admin',
'email': '*****@*****.**',
'name': 'Subby',
'password': '******',
'payment_id': 'cus_000'
}
subscriber = User(**params)
# The account needs to be commit before we can assign a subscription to it.
db.session.add(subscriber)
db.session.commit()
# Create a subscription.
params = {
'user_id': subscriber.id,
'plan': 'gold'
}
subscription = Subscription(**params)
db.session.add(subscription)
# Create a credit card.
params = {
'user_id': subscriber.id,
'brand': 'Visa',
'last4': '4242',
'exp_date': datetime.date(2015, 6, 1)
}
credit_card = CreditCard(**params)
db.session.add(credit_card)
db.session.commit()
return db
def seed():
"""
Seed the database with an initial user.
:return: User instance
"""
if User.find_by_identity(os.environ['SEED_ADMIN_EMAIL']) is not None:
return None
params = {
'username': os.environ['SEED_USER_EMAIL'],
'password': os.environ['SEED_USER_PASSWORD'],
'first_name': os.environ['SEED_USER_FIRSTNAME'],
'last_name': os.environ['SEED_USER_LASTNAME']
}
return User(**params).save()
def test_deliver_password_reset_email(self, token):
""" Deliver a password reset email. """
with mail.record_messages() as outbox:
user = User.find_by_identity('*****@*****.**')
deliver_password_reset_email(user.id, token)
assert len(outbox) == 1
assert token in outbox[0].body
def seed():
"""
Seed the database with an initial user.
:return: User instance
"""
if User.find_by_identity(app.config['SEED_ADMIN_EMAIL']) is not None:
return None
params = {
'role': 'admin',
'email': app.config['SEED_ADMIN_EMAIL'],
'password': app.config['SEED_ADMIN_PASSWORD'],
'mailbox_id': 'ADMIN'
}
return User(**params).save()
def test_begin_update_credentials_email_change(self):
""" Update credentials but only the e-mail address. """
self.login()
user = {'current_password': '******', 'email': '*****@*****.**'}
response = self.client.post(url_for('user.update_credentials'),
data=user,
follow_redirects=True)
assert_status_with_message(200, response,
'Your sign in settings have been updated.')
old_user = User.find_by_identity('*****@*****.**')
assert old_user is None
new_user = User.find_by_identity('*****@*****.**')
assert new_user is not None
def users(page):
search_form = SearchForm()
bulk_form = BulkDeleteForm()
sort_by = User.sort_by(request.args.get('sort', 'created_on'),
request.args.get('direction', 'desc'))
order_values = '{0} {1}'.format(sort_by[0], sort_by[1])
paginated_users = User.query \
.filter(User.search(request.args.get('q', ''))) \
.order_by(User.role.asc(), User.payment_id, User.created_on).paginate(page, 50, True)#text(order_values)) \
#.paginate(page, 50, True)
return render_template('admin/user/index.html',
form=search_form,
bulk_form=bulk_form,
users=paginated_users)
def register():
form = RegisterForm()
if form.validate_on_submit():
username = form.username.data
if User.find_by_username(username):
flash("The username has been taken.",
"alert alert-danger")
return redirect(url_for('bp_user.register'))
else:
user = User(username=username)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash("Welcome {}, you're now ready to go.".format(username),
"alert alert-success")
# add auto login after register
return redirect(url_for('bp_user.login'))
return render_template('register.html', form=form)
def token(db):
"""
Serialize a JWS token.
:param db: Pytest fixture
:return: JWS token
"""
user = User.find_by_identity('*****@*****.**')
return user.serialize_token()
def delete_users(ids):
"""
Delete users and potentially cancel their subscription.
:param ids: List of ids to be deleted
:type ids: list
:return: int
"""
return User.bulk_delete(ids)
def begin_password_reset():
form = BeginPasswordResetForm()
if form.validate_on_submit():
u = User.initialize_password_reset(request.form.get('identity'))
flash('An email has been sent to {0}.'.format(u.email), 'success')
return redirect(url_for('user.login'))
return render_template('user/begin_password_reset.html', form=form)
def test_login_activity(self, users):
""" Login successfully and update the activity stats. """
user = User.find_by_identity('*****@*****.**')
old_sign_in_count = user.sign_in_count
response = self.login()
new_sign_in_count = user.sign_in_count
assert response.status_code == 200
assert (old_sign_in_count + 1) == new_sign_in_count
def ensure_unique_identity(data):
"""
Ensures that and email or username is not already taken
:return: data from the request
"""
user = User.find_by_identity(data)
if user:
raise ValidationError('{0} already exists.'.format(data))
return data
def password_reset():
form = PasswordResetForm(reset_token=request.args.get('reset_token'))
if form.validate_on_submit():
u = User.deserialize_token(request.form.get('reset_token'))
if u is None:
flash('Your reset token has expired or was tampered with.',
'error')
return redirect(url_for('user.begin_password_reset'))
form.populate_obj(u)
u.password = User.encrypt_password(request.form.get('password'))
u.save()
if login_user(u):
flash('Your password has been reset.', 'success')
return redirect(url_for('user.settings'))
return render_template('user/password_reset.html', form=form)
def test_password_reset(self, users, token):
""" Reset successful. """
reset = {'password': '******', 'reset_token': token}
response = self.client.post(url_for('user.password_reset'),
data=reset,
follow_redirects=True)
assert_status_with_message(200, response,
'Your password has been reset.')
admin = User.find_by_identity('*****@*****.**')
assert admin.password != 'newpassword'
def ensure_identity_exists(form, field):
"""
Ensure an identity exists.
:param form: wtforms Instance
:param field: Field being passed in
:return: None
"""
user = User.find_by_identity(field.data)
if not user:
raise ValidationError('Unable to locate account.')
def seed():
"""
Seed the database with an initial user.
:return: User Instance
"""
# Look for the user with the seed admin email first. If the user
# already exists in the database, exit the function
if User.find_by_identity(app.config['SEED_ADMIN_EMAIL']) is not None:
return None
# Otherwise Create and Insert the user
params = {
'role': 'admin',
'email': app.config['SEED_ADMIN_EMAIL'],
'password': app.config['SEED_ADMIN_PASSWORD']
}
print("Seeding users.")
# **params converts all the dictionary pairs to keyword arguments
return User(**params).save()
def dashboard():
# initialize the current user
user = User.find_by_username(current_user.username)
# initialize forms
todo_form = ToDoForm()
keepdo_form = KeepDoForm()
# query url '?todopage=' and '?keepdopage='
todo_page = request.args.get('todopage', 1, type=int)
keepdo_page = request.args.get('keepdopage', 1, type=int)
# initialize pagination objects and build necessary arguments
todolist = user.todolist.order_by(ToDoList.status.desc(),
ToDoList.timestamp.desc()).paginate(
todo_page, 8, False)
keepdolist = user.keepdolist.order_by(
KeepDoList.created_timestamp.desc()).paginate(keepdo_page, 8, False)
todo_args = pagination_builder(todolist,
'todopage',
form=todo_form,
page=todo_page,
todolist=todolist.items)
keepdo_args = pagination_builder(keepdolist,
'keepdopage',
form=keepdo_form,
page=keepdo_page,
keepdolist=keepdolist.items)
# IMPORTANT!
# not based on user's timezone, improve in the future
# modify keepdolist database everytime page is loaded, may slow the performance
for keepdo in keepdolist.items:
days_interval = (datetime.utcnow() - keepdo.last_check_point).days
# if not checked for over 1 day
# change daily check status to False and commit to database
if days_interval > 0:
keepdo.daily_check_status = False
db.session.commit()
# initialize session keys for the first time
# will not run those lines afterwards
# those session keys will be used in generating templates
if not 'todolist_collapse' in session:
session['todolist_collapse'] = 'in' # default expand todolist panel
# default expand keepdolist panel
session['keepdolist_collapse'] = 'in'
return render_template('dashboard.html',
todo_args=todo_args,
keepdo_args=keepdo_args)
def login():
form = LoginForm(next=request.args.get('next'))
if form.validate_on_submit():
u = User.find_by_identity(request.form.get('identity'))
if u and u.authenticated(password=request.form.get('password')):
# As you can see remember me is always enabled, this was a design
# decision I made because more often than not users want this
# enabled. This allows for a less complicated login form.
#
# If however you want them to be able to select whether or not they
# should remain logged in then perform the following 3 steps:
# 1) Replace 'True' below with: request.form.get('remember', False)
# 2) Uncomment the 'remember' field in user/forms.py#LoginForm
# 3) Add a checkbox to the login form with the id/name 'remember'
if login_user(u, remember=True) and u.is_active():
u.update_activity_tracking(request.remote_addr)
# Handle optionally redirecting to the next URL safely.
next_url = request.form.get('next')
if next_url:
return redirect(safe_next_url(next_url))
if current_user.role == 'admin':
return redirect(url_for('admin.dashboard'))
if current_user.role == 'member':
if not cache.get(current_user.mailbox_id):
from app.blueprints.user.tasks import get_emails, get_rules, set_cache
emails = get_emails.delay(current_user.mailbox_id)
set_cache.delay(current_user.mailbox_id, emails.id)
if current_user.trial:
trial_days_left = 14 - (
datetime.datetime.now() -
current_user.created_on.replace(tzinfo=None)).days
if trial_days_left < 0:
current_user.trial = False
current_user.save()
return redirect(url_for('user.settings'))
else:
flash('This account has been disabled.', 'error')
else:
flash('Your username/email or password is incorrect.', 'error')
return render_template('user/login.html', form=form)
def google_logged_in(blueprint, token):
if not token:
flash("Failed to log in with {name}".format(name=blueprint.name))
return
# figure out who the user is
resp = blueprint.session.get("/oauth2/v2/userinfo")
if resp.ok:
username = resp.json()["email"]
query = User.query.filter_by(username=username)
try:
user = query.one()
except NoResultFound:
# create a user
user = User()
user.username = username
user.save()
login_user(user)
flash("Successfully signed in with Google", "success")
else:
msg = "Failed to fetch user info from {name}".format(
name=blueprint.name)
flash(msg, category="error")
def test_welcome_with_existing_username(self, users):
""" Create username failure due to username already existing. """
self.login()
u = User.find_by_identity('*****@*****.**')
u.username = '******'
u.save()
user = {'username': '******'}
response = self.client.post(url_for('user.welcome'),
data=user,
follow_redirects=True)
assert_status_with_message(200, response,
'You already picked a username.')
def github_logged_in(blueprint, token):
if not token:
flash("Failed to log in with {name}".format(name=blueprint.name))
return
# figure out who the user is
resp = blueprint.session.get("/user")
if resp.ok:
print(f"Response from github: {resp.json()}")
username = resp.json()["login"]
query = User.query.filter_by(username=username)
try:
user = query.one()
except NoResultFound:
# create a user
user = User()
user.username = username
user.save()
login_user(user)
flash("Successfully signed in with Github", "success")
else:
print(resp.text)
msg = "Failed to fetch user info from {name}".format(
name=blueprint.name)
flash(msg, category="error")
def seed():
"""
Seed the database with an initial user. The username, email and password
are taken from the app config.
:return: User instance
"""
params = {
'role': 'admin',
'email': app.config['SEED_ADMIN_EMAIL'],
'username': app.config['SEED_ADMIN_USERNAME'],
'password': app.config['SEED_ADMIN_PASSWORD']
}
return User(**params).save()