def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
request_dict = raw_dict['data']['attributes']
payload = parse_token(request)
logged_user = Users.query.get(payload['sub'])
createdby = logged_user.name
updatedby = logged_user.name
password = generate_password_hash(request_dict['password'])
user = Users(
request_dict['email'],
password,
request_dict['name'],
createdby,
updatedby,
)
user.add(user)
# Should not return password hash
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def login_from_acs(acs):
if acs.get('errors'):
return jsonify({'errors': acs.get('errors')})
elif not acs.get('logged_in'):
return jsonify({"error": "login failed"})
else:
attributes = list(acs.get("attributes"))
username = attributes[0][1][0]
firstname = attributes[1][1][0]
lastname = attributes[2][1][0]
email = attributes[3][1][0]
user = Users.query.filter_by(id = username).first()
if user is None:
user = Users(id = username)
user.first_name = firstname
user.last_name = lastname
user.email = email
db.session.add(user)
db.session.commit()
login_user(user)
return redirect('/')
def addmessage(id=None,subj=None):
form = MessageForm()
if id:
recp = Users.objects(id=id).get()
form.recipients.data = recp.username
if form.validate_on_submit():
if g.user.username in form.recipients.data:
flash('Expeditorul nu poate fi si destinatar!',category='alert-danger')
return redirect(request.referrer)
else:
recs = []
for i in form.recipients.data.split(','):
try:
temp_user = Users.objects(username=i).get()
recs.append(temp_user)
except:
flash('Utilizatorul '+i+' nu exista!')
return redirect(request.referrer)
msg = Messages(sender=g.user, recipients=recs, title=form.title.data, content=form.content.data, ownerid=g.user, folder='trimise',read=True, msgid=generate_msgid())
msg.save()
for i in recs:
print i.username
temp = Messages(sender=g.user, recipients=recs, title=form.title.data, content=form.content.data, ownerid=i, folder='inbox', msgid=msg.msgid, date=msg.date)
temp.save()
flash('Mesaj trimis!',category='alert-success')
return redirect(url_for('messages.list'))
return render_template('messages/add.html',form=form)
def my_profile():
""" User profile
:return: flask.render_template / flask.redirect
"""
form_u = MyProfileForm()
form_pw = PasswordForm()
if request.method == 'POST':
if form_u.username.data == current_user.username:
form_u.username.raw_data = None
if form_u.email.data == current_user.email:
form_u.email.raw_data = None
else:
form_u.username.data = current_user.username
form_u.email.data = current_user.email
if form_u.validate_on_submit():
Users.update_user(
user_id=current_user.id,
username=form_u.username.data,
email=form_u.email.data
)
flash('You successfully updated your profile.', 'success')
return redirect(url_for('users.my_profile'))
data = {
'active_page': 'profile',
'form_u': form_u,
'form_pw': form_pw
}
return render_template('users/my_profile.html', **data)
def change_password():
""" User profile
:return: flask.render_template / flask.redirect
"""
form_u = MyProfileForm()
form_pw = PasswordForm()
form_u.username.data = current_user.username
form_u.email.data = current_user.email
if form_pw.validate_on_submit():
old_pw = form_pw.old_password.data
if Users.check_old_password(current_user, old_pw):
Users.update_user(
user_id=current_user.id,
password=form_pw.password.data
)
flash('You successfully updated your password.', 'success')
return redirect(url_for('users.my_profile'))
else:
form_pw.old_password.errors = ['Old password mismatch.']
data = {
'active_page': 'profile',
'form_u': form_u,
'form_pw': form_pw
}
return render_template('users/my_profile.html', **data)
data = {
'active_page': 'profile',
'form_u': form_u,
'form_pw': form_pw
}
return render_template('users/my_profile.html', **data)
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
user_dict = raw_dict['data']['attributes']
user = Users(
user_dict['email'],
generate_password_hash(user_dict['password']),
user_dict['name'],
user_dict['is_active'])
user.add(user)
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
request_dict = raw_dict['data']['attributes']
role = None
active = 0
user = Users(request_dict['email'],
generate_password_hash(request_dict['password']),
request_dict['name'], active, role)
user.add(user)
# Should not return password hash
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def setup_method(self, method):
db.drop_all()
db.create_all()
# Create normal user for tests.
self.user = Users(id="testuser")
self.user.first_name = "Test1"
self.user.last_name = "User"
self.user.email = "*****@*****.**"
self.user.is_admin = False
db.session.add(self.user)
db.session.commit()
self.user_token = self.user.generate_auth()
self.user_token = self.user_token.decode('ascii')
# Create admin user for tests.
self.admin_user = Users(id="adminuser")
self.admin_user.first_name = "Admin"
self.admin_user.last_name = "User"
self.admin_user.email = "*****@*****.**"
self.admin_user.is_admin = True
db.session.add(self.admin_user)
db.session.commit()
self.admin_user_token = self.admin_user.generate_auth()
self.admin_user_token = self.admin_user_token.decode('ascii')
def fetch_and_create_user(twitter_id):
user = Users.query.filter_by(twitter_id=twitter_id).first()
if user:
return user
else:
print('Fetching user from twitter with twitter_id:', twitter_id)
user_data = twitter_api.get_user(twitter_id)
user = Users(user_data)
user.add(user)
user = Users.query.get(user.id)
return user
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
request_dict = raw_dict['data']['attributes']
role = None
active = 0
classified = 0
in_queue = 0
#Check for existing entry
userCheck = Users.query.filter_by(
email=request_dict['email']).first()
if userCheck is None:
user = Users(request_dict['email'],
generate_password_hash(request_dict['password']),
request_dict['name'], active, role, classified,
in_queue)
user.add(user)
query = Users.query.get(user.id)
# Should not return password hash
query.password = "******"
results = schema.dump(query).data
fp = os.getcwd()
fp = fp.rsplit('/', 1)[0] # go back one dir
direct = fp + "/GT_USERS/USER_" + str(query.id)
if not os.path.exists(direct):
os.makedirs(direct)
os.makedirs(direct + "/cropped")
os.makedirs(direct + "/images")
os.makedirs(direct + "/json")
os.makedirs(direct + "/labelled")
os.makedirs(direct + "/packaged")
os.makedirs(direct + "/segmented")
return results, 201
else:
resp = jsonify({"error": "Email already taken"})
resp.status_code = 403
return resp
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def api_create_user():
data = request.args.to_dict(flat=True)
hashed_password = generate_password_hash(data['password'], method='sha256')
try:
new_user = Users(public_id=str(uuid.uuid4()),
name=data['name'],
password=hashed_password,)
new_user.id_role = 3
session.add(new_user)
session.commit()
return jsonify({'message': None, 'data': None, 'status': 'success'}), 201
except Exception as e:
session.rollback()
return jsonify({'message': 'Unexpected error', 'data': None, 'status': 'error'}), 400
def register():
"""Users list
:return: flask.render_template
"""
form = RegisterForm()
if form.validate_on_submit():
Users.create_user(
username=form.username.data,
email=form.email.data,
password=form.password.data
)
message = '{} has been created.'.format(form.username.data)
return render_template('modal_success.html', message=message)
return render_template('users/register.html', form=form)
def setup(self):
db.create_all()
db.session.add(
Users(id=1,
username="******",
password="******",
email="*****@*****.**"))
db.session.add(Role(id=1, name="admin"))
db.session.add(UserRoles(id=1, user_id=1, role_id=1))
db.session.add(Profile(id=1, avatar="jeff.jpg", user_id=1))
db.session.add(
Users(id=2,
username="******",
password="******",
email="*****@*****.**"))
db.session.add(Role(id=2, name="player"))
db.session.add(UserRoles(id=2, user_id=2, role_id=2))
db.session.add(Profile(id=2, avatar="finn.jpg", user_id=2))
db.session.commit()
db.session.add(
AwayTeamBet(id=1,
game_key=123,
bet_key=123,
away_team="BUF",
vs="BUF vs @NE",
away_ps=1,
amount=20,
user_id=1))
db.session.add(
HomeTeamBet(id=1,
game_key=123,
bet_key=123,
home_team="NE",
vs="BUF vs @NE",
home_ps=-1,
amount=20,
user_id=2))
db.session.add(
OverUnder(id=1,
game_key=123,
bet_key=123,
over_under="o",
total=40,
amount=20,
vs="BUF vs @NE",
user_id=1))
db.session.commit()
def validate_email(self, field):
try:
user = Users.objects(email=field.data).get()
if user:
raise ValidationError('Email este deja folosit!')
except:
pass
def create_object(self, user_data: dict):
try:
user = Users(**user_data)
self.db.session.add(user)
except (IntegrityError, FlushError):
raise Exception(f'User {user.email} already exists')
self.db.session.commit()
def validate_username(self, field):
try:
user = Users.objects(username=field.data).get()
if user:
raise ValidationError('Utilizatorul exista!')
except:
pass
def setUp(self):
db.create_all()
db.session.add(
Users(username="******",
email="*****@*****.**",
password='******'))
db.session.commit()
def validate_username(self,field):
try:
user = Users.objects(username=field.data).get()
if user:
raise ValidationError('Utilizatorul exista!')
except:
pass
def edituser():
""" Build the view used to edit existing accounts """
user = Users.objects(id=unicode(g.user.id)).get()
form = UserForm()
if form.validate_on_submit():
user.username = form.username.data
if form.avatar.data:
image_data = request.FILES[form.avatar.name].read()
user.avatar = image_data
user.email = form.email.data
user.specialties = form.specialties.data.split(',')
user.interests = form.interests.data.split(',')
user.save()
flash('Cont modificat!', category='alert-success')
return redirect(request.referrer)
form.username.data = user.username
form.email.data = user.email
form.avatar.data = ''
form.specialties.data = ','.join(user.specialties)
form.interests.data = ','.join(user.interests)
return render_template('users/add.html',
pagetitle='Editeaza utilizator',
form=form)
def validate_email(self,field):
try:
user = Users.objects(email=field.data).get()
if user:
raise ValidationError('Email este deja folosit!')
except:
pass
def create_note(user_data):
user = Users.verify_auth(user_data.get("token", ""))
committe_id = user_data.get('committee', '')
committee = Committees.query.filter_by(id=committe_id).first()
if committee is not None:
if(user is not None and (user.is_admin or committee.head == user.id)):
committee_note = CommitteeNotes()
committee_note.committee = committee.id
committee_note.description = user_data.get('description',"")
committee_note.author = user.id
committee_note.hidden = False
db.session.add(committee_note)
try:
db.session.commit()
emit('create_committee_note', Response.AddSuccess)
get_notes(action.id, broadcast = True)
except Exception as e:
db.session.rollback()
db.session.flush()
emit("create_committee_note", Response.AddError)
else:
emit("create_committee_note", Response.UsrNotAuth)
else:
emit("create_committee_note", Response.CommitteeDoesntExist)
def test_add():
crud = CRUD()
try:
users = Users('test', 'test', 'test')
result = crud.add(users, USERS_SCHEMA)
except Exception as err:
print(err)
assert True
def adduser():
""" Build the view used to add new accounts """
form = RegisterForm()
if form.validate_on_submit():
try:
user = Users(username=form.username.data,email=form.email.data,specialties=form.specialties.data.split(','),interests=form.interests.data.split(','))
user.password = form.password.data
user.save()
token = user.generate_confirmation_token()
send_email(user.email,'Confirmare email','users/email/confirm',user=user,token=token)
flash('Contul a fost adaugat!', category='alert-success')
except Exception as err:
flash('Utilizatorul are deja cont!', category='alert-warning')
return redirect(url_for('users.list'))
return render_template('users/add.html',pagetitle='Adauga utilizator',form=form)
def registeruser():
""" Build the view used to add new accounts """
form = RegisterForm()
if form.validate_on_submit():
try:
user = Users(username=form.username.data,email=form.email.data,specialties=form.specialties.data.split(','),interests=form.interests.data.split(','))
user.password = form.password.data
user.save()
token = user.generate_confirmation_token()
send_email(user.email,'Confirmare email','users/email/confirm',user=user,token=token)
flash('Contul a fost adaugat! Va rugam confirmati adresa de email!', category='alert-success')
except Exception as err:
flash('Contul nu poate fi creat!', category='alert-warning')
return redirect(url_for('users.login'))
return render_template('users/login.html',pagetitle='Inregistrare',form=form,login=False)
def addmessage(id=None, subj=None):
form = MessageForm()
if id:
recp = Users.objects(id=id).get()
form.recipients.data = recp.username
if form.validate_on_submit():
if g.user.username in form.recipients.data:
flash('Expeditorul nu poate fi si destinatar!',
category='alert-danger')
return redirect(request.referrer)
else:
recs = []
for i in form.recipients.data.split(','):
try:
temp_user = Users.objects(username=i).get()
recs.append(temp_user)
except:
flash('Utilizatorul ' + i + ' nu exista!')
return redirect(request.referrer)
msg = Messages(sender=g.user,
recipients=recs,
title=form.title.data,
content=form.content.data,
ownerid=g.user,
folder='trimise',
read=True,
msgid=generate_msgid())
msg.save()
for i in recs:
print i.username
temp = Messages(sender=g.user,
recipients=recs,
title=form.title.data,
content=form.content.data,
ownerid=i,
folder='inbox',
msgid=msg.msgid,
date=msg.date)
temp.save()
flash('Mesaj trimis!', category='alert-success')
return redirect(url_for('messages.list'))
return render_template('messages/add.html', form=form)
def detailuser(id):
user = Users.objects(id=id).get()
results = [(Users.username.verbose_name, user.username),
(Users.specialties.verbose_name, ','.join(user.specialties)),
(Users.interests.verbose_name, ','.join(user.interests))]
return render_template('users/details.html',
pagetitle='Detalii utilizator',
results=results)
def login():
if request.method == 'GET':
return render_template('users/nonsms_login.html')
elif request.method == 'POST':
if request.form.get('username', '').find('@') > 0:
user = Users.by_email(request.form.get('username', ''))
else:
user = Users.by_username(request.form.get('username', ''))
if user:
if pbkdf2_sha256.verify(request.form.get('password', ''), user.password):
session['user_id'] = user.id
session['phone'] = user.phone
login_user(user)
identity_changed.send(current_app._get_current_object(),
identity=Identity(user.id))
return redirect(url_for('STUFF'))
else:
return redirect(url_for('handle_splash'))
class TestModels(unittest.TestCase):
def setUp(self):
self.my_book = Books()
self.my_user = Users()
#test that put_book adds book to all_books
def test_put_book(self):
result = self.my_book.put("serah chepkirui", "coding", "1st", 1139)
self.assertIn("serah chepkirui", result['title'])
#tests get_all retrieves all books in the dictionary'''
def test_get_all_books(self):
result = self.my_book.get_all()
self.assertEqual(result, self.my_book.get_all())
#test that edit_book edits
def test_edit_book(self):
self.my_book.put("coding in Africa", "serah chepkirui", "13th", 2019)
result = self.my_book.edit_book("coding in Africa", "serah chepkirui",
"13th", 2019)
self.assertIn("coding in Africa", result["title"])
#test that get_single_book returns all books
def test_get_single_book(self):
self.my_book.put("how to join Andela", "serah chepkirui", "18th", 2)
result = self.my_book.get_single_book(2)
self.assertEqual("serah chepkirui", result['author'])
#test that get_single_book returns a book
def test_delete_book(self):
self.my_book.put("coding", "great developers", "6th", 1)
result = self.my_book.delete(1)
#test that put_user adds
def test_put_user(self):
result = self.my_user.put("great", "*****@*****.**", "blessings1")
self.assertIn("great", result)
#test verify password
def test_verify_password(self):
result = self.my_user.verify_password("great", "blessings1")
self.assertEqual(result, "True")
def load_user(user_id):
"""Load user
:param user_id: string
:return :
"""
try:
return Users.select().where(Users.id == int(user_id)).get()
except Users.DoesNotExist:
return None
def test_confirm_token_route_expired_token(self):
# Ensure user cannot confirm account with expired token.
user = Users(username="******",
email='*****@*****.**',
password='******',
confirmed=False)
db.session.add(user)
db.session.commit()
token = generate_confirmation_token('*****@*****.**')
self.assertFalse(confirm_token(token, -1))
def signup():
if g.user is not None and g.user.is_authenticated:
return redirect(url_for('index'))
form = SignupForm()
if form.validate_on_submit():
new_user = Users(form.username.data, form.name.data, form.email.data,
form.password.data)
db.session.add(new_user)
db.session.commit()
flash('Signup in successfully.', category='success')
return redirect(url_for('users.login'))
return render_template('signup.html', form=form)
def editpswduser():
""" Build the view used to edit a password for an existing account """
user = Users.objects(id=unicode(g.user.id)).get()
form = PasswordForm()
if form.validate_on_submit() and user.verify_password(form.oldpasswd.data):
user.password = form.password.data
user.save()
flash('Parola modificata!', category='alert-success')
return redirect(request.referrer)
return render_template('users/add.html',pagetitle='Editeaza parola',form=form)
def index():
"""Users list
:return: flask.render_template / flask.redirect
"""
return render_template(
'users/index.html',
form=RegisterForm(),
users=Users.select(),
active_page='users'
)
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
user_dict = raw_dict["data"]["attributes"]
user = Users(user_dict["email"], user_dict["name"], user_dict["is_active"])
user.add(user)
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
request_dict = raw_dict['data']['attributes']
createdby = "Self Signup"
updatedby = "Self Signup"
password = generate_password_hash (request_dict['password'] )
user = Users(
request_dict['email'],
password,
request_dict['name'],
createdby,
updatedby ,
)
user.add(user)
# Should not return password hash
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
print(err.messages)
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e.orig.args)})
print(str(e))
resp.status_code = 403
return resp
def adduser():
""" Build the view used to add new accounts """
form = RegisterForm()
if form.validate_on_submit():
try:
user = Users(username=form.username.data,
email=form.email.data,
specialties=form.specialties.data.split(','),
interests=form.interests.data.split(','))
user.password = form.password.data
user.save()
token = user.generate_confirmation_token()
send_email(user.email,
'Confirmare email',
'users/email/confirm',
user=user,
token=token)
flash('Contul a fost adaugat!', category='alert-success')
except Exception as err:
flash('Utilizatorul are deja cont!', category='alert-warning')
return redirect(url_for('users.list'))
return render_template('users/add.html',
pagetitle='Adauga utilizator',
form=form)
def registeruser():
""" Build the view used to add new accounts """
form = RegisterForm()
if form.validate_on_submit():
try:
user = Users(username=form.username.data,
email=form.email.data,
specialties=form.specialties.data.split(','),
interests=form.interests.data.split(','))
user.password = form.password.data
user.save()
token = user.generate_confirmation_token()
send_email(user.email,
'Confirmare email',
'users/email/confirm',
user=user,
token=token)
flash(
'Contul a fost adaugat! Va rugam confirmati adresa de email!',
category='alert-success')
except Exception as err:
flash('Contul nu poate fi creat!', category='alert-warning')
return redirect(url_for('users.login'))
return render_template('users/login.html',
pagetitle='Inregistrare',
form=form,
login=False)
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
user_dict = raw_dict['data']['attributes']
user = Users(user_dict['firstname'], user_dict['lastname'],
user_dict['dob'], user_dict['zipcode'])
user.add(user)
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def wrapped(*args, **kwargs):
user = None
if (args[0].get("token", "") != "" and
args[0].get("token", "") != None):
user = Users.verify_auth(args[0].get("token",""))
elif current_user.is_authenticated:
user = current_user
if user: join_room(user.id)
return f(user, *args, **kwargs)
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
request_dict = raw_dict['data']['attributes']
createdby = "Self Signup"
updatedby = "Self Signup"
password = generate_password_hash(request_dict['password'])
user = Users(
request_dict['email'],
password,
request_dict['name'],
createdby,
updatedby,
)
user.add(user)
# Should not return password hash
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
print(err.messages)
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e.orig.args)})
print(str(e))
resp.status_code = 403
return resp
def unset_admin():
"""Users list
:return: flask.render_template
"""
form = ManageUserForm()
if request.method == 'GET':
try:
user_id = int(request.args['user'])
except ValueError:
return abort(500)
user = Users.get_user(user_id)
if not user_id or not user:
return abort(500)
else:
user = Users.get_user(form.user.data)
if form.validate_on_submit():
if Users.unset_admin(form.user.data):
message = '{} is not an Admin anymore.'.format(user.username)
else:
message = 'unable to remove Admin privileges for {}.'.format(user.username)
return render_template('modal_success.html', message=message)
return render_template('users/unset_admin.html', user=user)
def editpswduser():
""" Build the view used to edit a password for an existing account """
user = Users.objects(id=unicode(g.user.id)).get()
form = PasswordForm()
if form.validate_on_submit() and user.verify_password(form.oldpasswd.data):
user.password = form.password.data
user.save()
flash('Parola modificata!', category='alert-success')
return redirect(request.referrer)
return render_template('users/add.html',
pagetitle='Editeaza parola',
form=form)
def delete():
"""Delete user
:return: flask.render_template
"""
form = ManageUserForm()
if request.method == 'GET':
try:
user_id = int(request.args['user'])
except ValueError:
return abort(500)
user = Users.get_user(user_id)
if not user_id or not user:
return abort(500)
else:
user = Users.get_user(form.user.data)
if form.validate_on_submit():
if Users.delete_user(form.user.data):
message = '{} has been deleted.'.format(user.username)
else:
message = 'unable to delete {}.'.format(user.username)
return render_template('modal_success.html', message=message)
return render_template('users/delete.html', user=user)
def login_ldap(credentials):
ldap_server = "ldaps://ldap.rit.edu"
if credentials.get("username", "") == "" or credentials.get(
"password", "") == "":
emit('auth', {'error': "Authentication error."})
return
user_dn = "uid=" + credentials.get("username",
"") + ",ou=People,dc=rit,dc=edu"
search_filter = "uid=" + credentials.get("username", "")
connect = ldap.initialize(ldap_server)
try:
connect.bind_s(user_dn, credentials.get("password", ""))
result = connect.search_s(user_dn, ldap.SCOPE_SUBTREE, search_filter)
connect.unbind_s()
values = result[0][1]
username = values["uid"][0].decode('utf-8')
firstname = values["givenName"][0].decode('utf-8')
lastname = values["sn"][0].decode('utf-8')
email = values["mail"][0].decode('utf-8')
# Check if a user exists.
if Users.query.filter_by(id=username).first() is not None:
user = Users.query.filter_by(id=username).first()
token = user.generate_auth()
admin = user.is_admin
emit(
'auth', {
'token': token.decode('ascii'),
'admin': admin,
'super': user.is_super,
'username': username
})
else:
user = Users(id=username)
user.first_name = firstname
user.last_name = lastname
user.email = email
db.session.add(user)
db.session.commit()
token = user.generate_auth()
emit('auth', {'token': token.decode('ascii')})
except ldap.LDAPError:
connect.unbind_s()
emit('auth', Response.AuthError)
return
def init_db():
DATABASE.connect()
DATABASE.create_tables([
Users,
Servers,
ArchiveServers,
ServersSupervisor,
EasyRsa,
ArchiveEasyRsa,
ServersProfiles,
ArchiveServersProfiles,
Clients,
Logger
], safe=True)
try:
Users.create_user(
username='******',
email='*****@*****.**',
password='******',
admin=True
)
except ValueError:
pass
DATABASE.close()
def login():
form = LoginForm()
if form.validate_on_submit():
try:
user = Users.objects(email=form.email.data).get()
if user.verify_password(form.password.data):
login_user(user,form.remember_me.data)
return redirect(request.args.get('next') or url_for('wall.list'))
else:
raise Exception('Not authorised')
except Exception as err:
flash('Invalid username or password!', category='alert-danger')
return render_template('users/login.html', pagetitle='Login',form=form,login=True)
def resetlink():
form = ResetPassForm()
if form.validate_on_submit():
try:
user = Users.objects(email=form.email.data).get()
token = user.generate_reset_token()
send_email(user.email,'Resetare parola','/users/email/passwdreset',user=user,token=token)
flash('Parola a fost resetata! Va rugam urmati instructiunile primite pe email!',category='alert-success')
return redirect(request.referrer)
except Exception as err:
flash('Adresa de email nu exista!',category='alert-danger')
return redirect(request.referrer)
return render_template('users/login.html',pagetitle='Resetare parola',form=form,login=False)
def user_add():
if request.method == 'POST':
#Validate form values by de-serializing the request, http://marshmallow.readthedocs.org/en/latest/quickstart.html#validation
form_errors = schema.validate(request.form.to_dict())
if not form_errors:
name = request.form['name']
email = request.form['email']
user = Users(email, name)
return add(user,
success_url='users.user_index',
fail_url='users.user_add')
else:
flash(form_errors)
return render_template('/users/add.html')
def post(self):
raw_dict = request.get_json(force=True)
try:
schema.validate(raw_dict)
request_dict = raw_dict['data']['attributes']
payload = parse_token(request)
logged_user = Users.query.get(payload['sub'])
createdby = logged_user.name
updatedby = logged_user.name
password = generate_password_hash (request_dict['password'] )
user = Users(
request_dict['email'],
password,
request_dict['name'],
createdby,
updatedby ,
)
user.add(user)
# Should not return password hash
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def post(self):
raw_dict = request.get_json(force=True)
user_dict = raw_dict['data']['attributes']
try:
schema.validate(user_dict)
user = Users(user_dict['name'], user_dict['email'],
user_dict['address'], user_dict['website'],
user_dict['is_active'], user_dict['mobile'],
user_dict['Birthday'])
user.add(user)
query = Users.query.get(user.id)
results = schema.dump(query).data
return results, 201
except ValidationError as err:
resp = jsonify({"error": err.messages})
resp.status_code = 403
return resp
except SQLAlchemyError as e:
db.session.rollback()
resp = jsonify({"error": str(e)})
resp.status_code = 403
return resp
def create_admins(admin):
from app.users.models import Users
try:
user = Users.objects(email=admin['email']).get()
except:
user = Users(email=admin['email'],username=admin['username'],permissions='full',status=True)
user.password = admin['password']
user.save()
def resetpassword(email,token):
form = NewPassForm()
if form.validate_on_submit():
try:
user = Users.objects(email=email).get()
if user.id == user.resetpass(token):
user.password = form.password.data
user.save()
flash('Parola schimbata!',category='alert-success')
return redirect(url_for('users.login'))
else:
raise Exception
except:
flash('Token invalid!',category='alert-danger')
return redirect(url_for('users.resetlink'))
return render_template('users/login.html',pagetitle='Resetare parola',form=form,login=False)
def login():
"""Login view
:return:
"""
form = LoginForm()
if form.validate_on_submit():
print()
user = Users.check_identifier(form.identifier.data)
if not user:
flash("Your email or password doesn't match!", "error")
else:
if check_password_hash(user.password, form.password.data):
login_user(user)
flash("You've been logged in!", "success")
return redirect(url_for('index'))
else:
flash("Your identifier or password doesn't match!", "error")
return render_template('users/login.html', form=form)
def ajaxedit(action,id):
user = Users.objects(id=id).get()
if action == 'delete' and id != unicode(g.user.id):
user.delete()
if action == 'mkadmin' and id != unicode(g.user.id):
user.permissions = 'full'
user.save()
if action == 'mkuser' and id != unicode(g.user.id):
user.permissions = 'user'
user.save()
if action == 'deactivate' and id != unicode(g.user.id):
user.status = False
user.save()
if action == 'activate' and id != unicode(g.user.id):
user.status = True
user.save()
return redirect(request.referrer)
def edituser():
""" Build the view used to edit existing accounts """
user = Users.objects(id=unicode(g.user.id)).get()
form = UserForm()
if form.validate_on_submit():
user.username = form.username.data
if form.avatar.data:
image_data = request.FILES[form.avatar.name].read()
user.avatar = image_data
user.email = form.email.data
user.specialties = form.specialties.data.split(',')
user.interests = form.interests.data.split(',')
user.save()
flash('Cont modificat!',category='alert-success')
return redirect(request.referrer)
form.username.data = user.username
form.email.data = user.email
form.avatar.data = ''
form.specialties.data = ','.join(user.specialties)
form.interests.data = ','.join(user.interests)
return render_template('users/add.html',pagetitle='Editeaza utilizator',form=form)
def load_user(userid):
return Users.by_id(userid)
def load_session_data():
if 'user_id' in session.keys():
g.user = Users.objects(id=session['user_id']).get()
session.inbox = getnewmessages(g.user.id)
def detailuser(id):
user = Users.objects(id=id).get()
results = [(Users.username.verbose_name,user.username),(Users.specialties.verbose_name,','.join(user.specialties)),(Users.interests.verbose_name,','.join(user.interests))]
return render_template('users/details.html',pagetitle='Detalii utilizator',results=results)
