def user_edit(request):
if not request.user.is_super:
return render_to_response("user_edit.html", {'error1': u'无权限'},
context_instance=RequestContext(request))
if request.method == 'POST':
post = request.POST
uid = post.get('uid', '')
state = post.get('state', '')
role = post.get('role', "1")
name = post.get('name', '')
if uid:
User.objects.filter(pk=uid).update(
role=role,
first_name=name,
is_active=True if state == '1' else False)
return HttpResponseRedirect(reverse('user_list'))
else:
_get = request.GET
uid = _get.get('uid', '')
if uid:
try:
user = User.objects.get(pk=uid)
except User.DoesNotExist:
user = User()
else:
user = User()
user.id = ''
return render_to_response("user_edit.html", {
'user_l': user,
'id': user.id
},
context_instance=RequestContext(request))
def populate_db(num_users=5):
"""
Fills the database with fake data.
"""
from faker import Factory
from app.user.models import User
fake = Factory.create()
admin_username = '******'
admin_email = '*****@*****.**'
admin_password = '******'
users = []
for _ in range(int(num_users)):
users.append(
User(fake.userName(), fake.email(),
fake.word() + fake.word(), fake.ipv4()))
users.append(
User(admin_username,
admin_email,
admin_password,
fake.ipv4(),
active=True,
is_admin=True))
for user in users:
db.session.add(user)
db.session.commit()
def system_user_new(request):
if request.method == 'POST':
qd = request.POST
_id = qd.get("itemid", "")
if _id:
item = User.objects.get(pk=_id)
else:
item = User()
item.set_password(qd.get("password", ''))
item.role = qd.get("role", 0)
item.username = qd.get("username", '')
item.email = qd.get("email", '')
item.first_name = qd.get("first_name", '')
item.last_name = qd.get("last_name", '')
item.save()
return HttpResponseRedirect(reverse("system_user_list"))
else:
qd = request.GET
_id = qd.get("itemid", "")
if _id:
item = User.objects.get(pk=_id)
else:
item = User()
context = {
"item": item,
"current_user": request.user,
}
return render(request, 'system_user/user_new.html', context)
def load_user_from_request(request):
# first, try to login using the api_key url arg
api_key = request.args.get('api_key')
if api_key:
db = get_db()
res = db.user.find_one({'openid': api_key})
if res:
user = User(res.get('openid'))
return user
# next, try to login using Basic Auth
api_key = request.headers.get('Authorization')
# print(api_key)
if api_key:
db = get_db()
# api_key = api_key.replace('Basic ', '', 1)
# try:
# import base64
# api_key = base64.b64decode(api_key).decode('utf-8')
# print(api_key)
# except TypeError:
# pass
res = db.user.find_one({'openid': api_key})
print(res)
if res:
user = User(res.get('openid'))
return user
# finally, return None if both methods did not login the user
return None
def set_up_users(self):
self.admin = User(username="******", role=Role.Admin.value)
self.moderator = User(username="******", role=Role.Moderator.value)
self.user = User(username="******")
self.user2 = User(username="******")
self.add_all([self.admin, self.moderator, self.user, self.user2])
self.commit()
def test_follow_posts(self):
# make four users
u1 = User(nickname='john', email='*****@*****.**')
u2 = User(nickname='susan', email='*****@*****.**')
u3 = User(nickname='mary', email='*****@*****.**')
u4 = User(nickname='david', email='*****@*****.**')
db.session.add(u1)
db.session.add(u2)
db.session.add(u3)
db.session.add(u4)
# make four posts
utcnow = datetime.utcnow()
p1 = Post(body="post from john",
author=u1,
timestamp=utcnow + timedelta(seconds=1))
p2 = Post(body="post from susan",
author=u2,
timestamp=utcnow + timedelta(seconds=2))
p3 = Post(body="post from mary",
author=u3,
timestamp=utcnow + timedelta(seconds=3))
p4 = Post(body="post from david",
author=u4,
timestamp=utcnow + timedelta(seconds=4))
db.session.add(p1)
db.session.add(p2)
db.session.add(p3)
db.session.add(p4)
db.session.commit()
# setup the followers
u1.follow(u1) # john follows himself
u1.follow(u2) # john follows susan
u1.follow(u4) # john follows david
u2.follow(u2) # susan follows herself
u2.follow(u3) # susan follows mary
u3.follow(u3) # mary follows herself
u3.follow(u4) # mary follows david
u4.follow(u4) # david follows himself
db.session.add(u1)
db.session.add(u2)
db.session.add(u3)
db.session.add(u4)
db.session.commit()
# check the followed posts of each user
f1 = u1.followed_posts().all()
f2 = u2.followed_posts().all()
f3 = u3.followed_posts().all()
f4 = u4.followed_posts().all()
assert len(f1) == 3
assert len(f2) == 2
assert len(f3) == 2
assert len(f4) == 1
assert f1 == [p4, p2, p1]
assert f2 == [p3, p2]
assert f3 == [p4, p3]
assert f4 == [p4]
def test_follow_user(self):
u1 = User('foo', '*****@*****.**')
u1.save()
u2 = User('foo1', '*****@*****.**')
u2.save()
p1 = UserProfile(u1)
p2 = UserProfile(u2)
p1.save()
p2.save()
p1.follow(p2)
assert p1.is_following(p2)
def register():
result = {}
if request.method == 'POST':
username = request.values.get('username')
password = request.values.get('password')
email = request.values.get('email')
if username and password and email:
user = User.query.filter(User.username == username or User.email == email).all()
if user:
result.update(msg='用户名或者邮箱已存在', status=-2)
else:
user = User(username=username, password=password, email=email)
db.session.add(user)
db.session.commit()
# 发送激活的邮箱
msg = Message("Hello world",
body='用户您好1',
html=render_template('activate.html', username=username),
sender="*****@*****.**",
recipients=['*****@*****.**'])
mail.send(msg)
# tooken
# 将用户名缓存到redis
rds.set('username', username, ex=10 * 60)
# cache.set('key', value, timeout=10 * 60)
else:
result.update(msg='必要参数不能为空', status=-1)
else:
result.update(msg='错误的请求方式', status=400)
return jsonify(result)
def add_user():
# Check all required fields
for field in ['email', 'password']:
if field not in flask.request.json:
raise InvalidUsage('Field {0} is mising.', status_code=422, enum='POST_ERROR')
email = flask.request.json['email']
password = flask.request.json['password']
# Check if user already exists
user = User.query.filter_by(email=email).first()
if user is not None:
db.session.close()
raise InvalidUsage('User already exists', status_code=409, enum='USER_EXISTS')
user = User(email, password)
db.session.add(user)
db.session.commit()
response = {
'message': 'Registration was successful',
'username': '',
'email': user.email,
'auth_token': user.get_auth_token()
}
log.print_log(app.name, 'Registered new user {}'.format(user))
return flask.make_response(jsonify(response), 200)
def register():
result = {}
if request.method == 'POST':
username = request.values.get('username')
password = request.values.get('password')
email = request.values.get('email')
if username and password and email:
user = User.query.filter(User.username == username
or User.email == email).all()
if user:
result.update(msg='账号或者邮箱已经存在', status=-2)
else:
pwd = generate_password_hash(password)
user = User(username=username, password=pwd, email=email)
db.session.add(user)
db.session.commit()
#发送激活邮箱
msg = Message('激活邮件',
body='用户您好',
html=render_template('activate.html',
username=username),
sender='*****@*****.**',
recipients=[email])
mail.send(msg)
#将用户缓存到redis
# rds.set('username', username, ex=10 * 60)
cache.set('username', username, timeout=10 * 60)
else:
result.update(msg='必要参数不能为空', status=-1)
else:
result.update(msg='错误的请求方式', status=400)
return jsonify(result)
def add_default_admin():
print('Adding the default admin')
user = User(default_admin)
try:
store.add(user)
except Exception as e:
print('User already created')
def test_unfavorite_an_article(self):
u1 = User('foo', '*****@*****.**')
u1.save()
p1 = UserProfile(u1)
p1.save()
u2 = User('foo1', '*****@*****.**')
u2.save()
p2 = UserProfile(u2)
p2.save()
article = Article(p1, 'title', 'some body', description='some')
article.save()
assert article.favourite(p1)
assert article.unfavourite(p1)
assert not article.is_favourite(p1)
def test_get_by_id(self):
"""Get user by ID."""
user = User('foo', '*****@*****.**')
user.save()
retrieved = User.get_by_id(user.id)
assert retrieved == user
def register():
"""
Renders the HTML page where users can register new accounts. If the RegistrationForm meets criteria, a new user is
written into the database.
:return: HTML page for registration.
"""
current_app.logger.info('Start function register() [VIEW]')
form = RegistrationForm()
if form.validate_on_submit():
user = User(email=form.email.data.lower(),
password=form.password.data,
first_name=form.first_name.data,
last_name=form.last_name.data,
division=form.division.data,
tag_id=form.tag.data,
budget_code=form.budget_code.data,
object_code=form.object_code.data,
object_name=form.object_name.data,
is_administrator=True,
is_supervisor=True,
validated=True)
db.session.add(user)
db.session.commit()
current_app.logger.info('Successfully registered user {}'.format(
user.email))
flash('User successfully registered.', category='success')
current_app.logger.info('End function register() [VIEW]')
return redirect(url_for('auth.login'))
current_app.logger.info('End function register() [VIEW]')
return render_template('auth/register.html', form=form)
def add_user():
form = json.loads(request.data)
#print('Register: ' + str(form))
firstname = form['firstname']
lastname = form['lastname']
email = form['email'].lower()
age = form['age']
gender = form['gender'].lower()
try:
if User.query.filter_by(email=email).first():
message = {'message': 'User {} already exists'.format(email)}
return jsonify(message), 500
else:
new_user = User(firstname=firstname,
lastname=lastname,
email=email,
age=age,
gender=gender)
db.session.add(new_user)
db.session.commit()
response = {
'message': 'User {} was created'.format(new_user.firstname),
'id': new_user.id
}
return jsonify(response)
except Exception as e:
print(e)
message = {'message': 'Something went wrong'}
return jsonify(message), 500
def get_user_from_ldap(self, username):
"""
# 使用管理员账号与密码登陆ldap服务,查询用户
# 是否存在,存在则用用户信息创建User实例。
:param username:
:return:
"""
client = self.ldap_login("*****@*****.**",
"JWPRj7pa^J#3NLZ3")
try:
result = client.search_s("OU=小帮规划,DC=xiaobang,DC=xyz",
ldap.SCOPE_SUBTREE,
"(cn={})".format(username))[0][1]
except IndexError:
return None
except ldap.NO_SUCH_OBJECT:
return None
user = User()
user.id = result.get("employeeID")[0].decode()
user.name = result.get("name")[0].decode()
user.display_name = result.get("displayName")[0].decode()
user.email = result.get("mail")[0].decode()
user.department = result.get("department")[0].decode()
user.role = result.get("title")[0].decode()
user.title = result.get("title")[0].decode()
return user
def register():
result = {}
if request.method == 'POST':
username = request.values.get('username')
password = request.values.get('password')
email = request.values.get('email')
if username and password and email:
user = User.query.filter(User.username == username
or User.email == email).all()
if user:
result.update(msg='账户或者邮箱已经存在', status=-2)
else:
user = User(username=username, password=password, email=email)
db.session.add(user)
db.session.commit()
msg = Message('Hello',
body='用户您好',
html=render_template('activate.html',
username=username),
sender='*****@*****.**',
recipients=['*****@*****.**'])
# cache.set(username=username)
mail.send(msg)
rds.set('username', username, ex=10 * 60)
else:
result.update(msg='必要参数不能为空', status=-1)
else:
result.update(msg='错误的请求方式', status=400)
return jsonify(result)
def post(self):
result = {"status": False, 'msg': ''}
status_code = 400
if request.method == 'POST':
email = request.json.get("email")
first_name = request.json.get("first_name")
last_name = request.json.get("last_name")
password = request.json.get("password")
user = User.query.filter_by(email=email).first()
if user:
result['msg'] = "User already exist!"
else:
user = User(email=email,
first_name=first_name,
last_name=last_name,
password=User.set_password_class_method(password))
db.session.add(user)
db.session.commit()
status_code = 201
result = {"status": True, 'msg': 'User created successfully.'}
return Response(json.dumps(result),
status=status_code,
mimetype='application/json')
def signup():
if current_user.is_authenticated:
return redirect(url_for('post.index'))
form = SignUpForm()
message = None
if form.validate_on_submit():
username = form.username.data.capitalize()
email = form.email.data.capitalize()
password = form.password.data
# Check if other user has this email or username
user_email = User.get_by_email(email)
user_name = User.query.filter_by(username=username).first()
if user_email is not None or user_name is not None:
if user_email is not None:
message = f'The email {email} already registered'
else:
message = f'Username {username} already taken'
else:
# Create user and save it
user = User(username=username, email=email)
user.set_password(password)
user.save()
if user.id == 1:
user.admin = True
db.session.commit()
# Log in the user
login_user(user, remember=True)
next_page = request.args.get('next', None)
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('post.index')
flash('Welcome to Micro-Posting')
return redirect(next_page)
return render_template('session/Signup.html', form=form, message=message)
def signup():
form = RegisterForm(form_type="inline")
if form.validate_on_submit():
#Form Values
hashed_password = generate_password_hash(form.password.data, method='sha256')
username = form.username.data
email = form.email.data
cur_check = db.engine.execute("SELECT email, username FROM users WHERE username='******' or email='{}'".format(username,email)).first()
if cur_check is not None:
error = Markup(
'<div class="alert alert-danger w-100" role="alert">Der <b>Nutzername</b> oder die <b>Mailadresse</b> ist schon registriert</div>')
return render_template('user/signup.html', form=form, error=error)
else:
new_user = User(username=username, email=email, password=hashed_password, lastname=form.lastname.data,
firstname=form.firstname.data, facility=form.facility.data, access=1,
business=form.business.data, confirmed=False)
db.session.add(new_user)
db.session.commit()
token_user = token.generate_confirmation_token(username)
confirm_url = "{}confirm/{}".format(Config.URL_ENDPOINT, token_user)
html = render_template('user/activate_mail.html', confirm_url=confirm_url)
subject = "Bitte bestätigen Sie ihre Email"
mail = Mailer(email, subject, html)
mail.send_email()
login_user(User.query.filter_by(username=username).first())
return render_template('user/signup.html')
return render_template('user/signup.html', form=form)
def create_user():
try:
username = request.form['username']
email = request.form['email']
password = request.form['password']
first_name = request.form['first_name']
middle_name = request.form['middle_name']
last_name = request.form['last_name']
except KeyError as e:
return jsonify(success=False,
message="%s not sent in the request" % e.args), 400
user_type = "user"
if '@' not in email:
return jsonify(success=False,
message="Please enter a valid email"), 400
cast = User.query.all()
length = 1
for cas in cast:
length = length + 1
user = User(first_name, middle_name, last_name, email, username, user_type,
password)
db.session.add(user)
try:
db.session.commit()
except IntegrityError as e:
return jsonify(success=False, message="This email already exists"), 400
session['user_id'] = str(length)
return redirect(url_for('user.check_login'))
def load_user(user_id):
db = get_db()
res = db.user.find_one({'openid': user_id})
if res:
user = User(res['openid'])
return user
return None
def new(self, school_id=None, form_id=None, permissions=[], roles=[]):
if school_id is None:
school_id = self.school.id
password = fake.password()
user = User(first_name=fake.first_name(),
last_name=fake.last_name(),
email=fake.email(),
password=password,
school_id=school_id,
username=fake.user_name(),
form_id=form_id)
user.raw_password = password
user.id = fake.random_int()
if len(permissions) > 0:
permission_query = Permission.query.filter(
Permission.name.in_(permissions),
Permission.school_id == school_id)
[user.permissions.append(p) for p in permission_query]
if len(roles) > 0:
role_query = Role.query.filter(Role.name.in_(roles),
Role.school_id == school_id)
[user.roles.append(r) for r in role_query]
return user
def post(self):
'''用户注册接口
:return 返回注册信息{'re_code': '0', 'msg': '注册成功'}
'''
nickname = request.json.get('nickname')
email = request.json.get('email')
password = request.json.get('password')
mailcode_client = request.json.get('mailcode')
if not all([email, nickname, password, mailcode_client]):
return jsonify(re_code=RET.PARAMERR, msg='参数不完整')
# 从Redis中获取此邮箱对应的验证码,与前端传来的数据校验
try:
mailcode_server = redis_conn.get('EMAILCODE:' + email).decode()
except Exception as e:
current_app.logger.info(e)
return jsonify(re_code=RET.DBERR, msg='查询邮箱验证码失败')
if mailcode_server != mailcode_client:
current_app.logger.info(mailcode_server)
return jsonify(re_code=RET.PARAMERR, msg='邮箱验证码错误')
user = User()
user.email = email
user.nickname = nickname
user.password = password # 利用user model中的类属性方法加密用户的密码并存入数据库
try:
db.session.add(user)
db.session.commit()
except Exception as e:
current_app.logger.info(e)
db.session.rollback()
return jsonify(re_code=RET.DBERR, msg='注册失败')
# 6.响应结果
return jsonify(re_code=RET.OK, msg='注册成功')
def register():
result = {}
if request.method == 'POST':
username = request.values.get('username')
password = request.values.get('password')
email = request.values.get('email')
if username and password and email:
user = User.query.filter(User.username == username
or User.email == email).all()
# user = User.query.withenties(username=username)
if user:
result.update(msg='账号或邮箱已存在!!', status=-2)
else:
user = User(username=username, password=password, email=email)
db.session.add(user)
db.session.commit()
msg = Message(
'激活邮件',
body='用户您好',
sender='*****@*****.**',
recipients=[email],
)
get_redis().set('username', username, ex=10 * 60)
mail.send(msg)
result.update(msg='邮件已发送', status=1)
else:
result.update(msg='必要参数不能为空!!!', status=-1)
else:
result.update(msg='错误的请求方式!!!', status=400)
return jsonify(result)
def register():
result = {}
if request.method == 'GET':
return render_template('res.html')
if request.method == 'POST':
username = request.values.get('username')
password = request.values.get('password')
email = request.values.get('email')
if username and password and email:
user = User.query.filter(User.username == username
or User.email == email).all()
if user:
result.update(msg='账号或者邮箱已经存在', status=-2)
else:
user = User(username=username, password=password, email=email)
db.session.add(user)
db.session.commit()
msg = Message("Hello",
sender="*****@*****.**",
recipients=['*****@*****.**'])
mail.send(msg)
else:
result.update(msg='必要参数不能为空', status=-1)
else:
result.update(msg='错误的请求方式', status=400)
return jsonify(result)
def create(self, db_session: Session, *, obj_in: UserCreate) -> User:
db_obj = User(name=obj_in.name,
password=get_password_hash(obj_in.password),
date=datetime.now())
db_session.add(db_obj)
db_session.commit()
db_session.refresh(db_obj)
return db_obj
def signup():
if 'user_id' in session:
return redirect(url_for('helper.load_html'))
#return redirect("http://127.0.0.1:5000/home")
form = RegisterForm()
print('/register')
if form.validate_on_submit():
print('nothing ran')
if form.password.data != form.check_password.data:
return render_template('register.html',
form=form,
message="Passwords don't match")
if '@' not in form.email.data:
return render_template('register.html',
form=form,
message="Please enter a valid email")
try:
print('user added')
new_user = User(name=form.username.data,
email=form.email.data,
password=form.password.data,
is_admin=False)
db.session.add(new_user)
db.session.commit()
k = Globalvar.query.all()
for i in k:
db.session.delete(i)
var = Globalvar(get_random_string())
db.session.add(var)
db.session.commit()
#global checker
#app.jinja_env.globals['csrf_key'] = get_random_string()
#checker = get_random_string()
#g.gvariable = get_random_string()
#print(session)
#session.pop('user_id')
#print(session)
#for key in session.keys():
# session.pop[key]
#print(session)
#session['user_id'] = new_user.id
print(new_user.id)
#print(session['user_id'])
login_user(new_user)
#print(session['user_id'])
#print(session['csrf_key'])
#print(session)
#print('checker after post request',checker)
return redirect(url_for('helper.load_html'))
#return redirect("http://127.0.0.1:5000/home")
except:
print('user not added')
return render_template('register.html',
form=form,
message="Email is already Registered")
return render_template('register.html', form=form)
def signup_school(request):
# Fetch JSON data from request
data = json_from_request(request)
# List of keys we expect to see in JSON
expected_keys = [
"school_name", "first_name", "last_name", "password", "username",
"email"
]
# Checks keys are present in JSON and throws error if not which is automatically caught and converted into a error message
check_keys(expected_keys, data)
# Checks values for keys are not blank
check_values_not_blank(expected_keys, data)
# Create school object with user's data
school = School(school_name=data['school_name'])
# Add school to db
db.session.add(school)
db.session.commit()
# Create user
# Check email not already in use
if User.query.filter_by(email=data['email']).first() is not None:
raise FieldInUseError("email")
# Check username is not already in use
if User.query.filter_by(username=data['username']).first() is not None:
raise FieldInUseError("username")
# Create user
user = User(first_name=data['first_name'],
last_name=data['last_name'],
email=data['email'],
password=data['password'],
username=data['username'],
school_id=school.id)
# Add user to db
db.session.add(user)
db.session.commit()
# Create permissions
for permission in Permission.default_permissions(school.id):
db.session.add(permission)
db.session.commit()
# Assign user to admin permissions
permission = Permission.query.filter_by(name="Administrator",
school_id=school.id).first()
user.permissions.append(permission)
db.session.add(user)
db.session.commit()
# Return success message as JSON
return jsonify({'success': True})
def process(item):
roles = item['roles']
del item['roles']
item['password'] = password_helper.generate_password_hash(
item['password'])
obj, msg = User(**item).create()
roles = [Role.get_by_name(role) for role in roles]
obj.roles = [UserRole(obj.id, role.id) for role in roles]
obj.save()
