def get(self, username):
auth_model = Users('users', username=username)
result = auth_model.getUser()
if result:
return {'exists': True, 'msg': 'already exists'}
else:
return {'exists': False, 'msg': 'register available'}
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username', required=True, location='json')
parser.add_argument('password', required=True, location='json')
args = parser.parse_args()
username, password = args.values()
auth_model = Users('users', username=username)
result = auth_model.getUser()
if result:
user_data = result[0]
if check_password_hash(user_data['password'], password):
if user_data['deactivated']:
return {'success': False, 'msg': 'You tried logging in with deactivated account'}, 400
else:
access_token = create_access_token(identity=user_data)
realname = user_data['realname']
description = user_data['description']
level = user_data['level']
return jsonify({
'success': True,
'username': username,
'access_token': access_token,
'user_data': {
'realname': realname,
'description': description,
'level': level
}
})
else:
return {'success': False, 'msg': 'Wrong username or password.'}, 400
else:
return {'success': False, 'msg': 'Wrong username or password.'}, 400
def post(self):
org_model = Org('organization')
is_available = org_model.read_all()['result'][0]['register_on']
if is_available:
parser = reqparse.RequestParser()
parser.add_argument('username', type=str, required=True, location='json')
parser.add_argument('password', type=str, required=True, location='json')
parser.add_argument('realname', type=str, required=True, location='json')
parser.add_argument('description', type=str, required=True, location='json')
args = parser.parse_args()
username, password, realname, description = args.values()
# 공백 확인
if username == '' or realname == '' or password == '':
return {'success': False, 'msg': 'Required field(s) missing'}, 400
hashed_pw = generate_password_hash(password)
users_model = Users('users', username=username, password=hashed_pw, realname=realname,
description=description, level=0, deactivated=False)
# 중복 체크
result = users_model.getUser()
if result:
return {'success': False, 'msg': 'The username already exists'}, 400
return users_model.create()
else:
return {'success': False, 'msg': 'It is not a period when you can register.'}, 400
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
auth_model = Users('users', username=username)
result = auth_model.getUser()
if result:
user_data = result[0]
if check_password_hash(user_data['password'], password):
if user_data['deactivated']:
return '<script>alert("비활성화된 계정입니다. 로그인할 수 없습니다.");\n history.go(-1);</script>'
else:
session['username'] = username
session['realname'] = user_data['realname']
session['description'] = user_data['description']
session['level'] = user_data['level']
return redirect(url_for('admin.index'))
else:
return render_template('admin/login_failed.html')
else:
return render_template('admin/login_failed.html')
elif request.method == 'GET':
return render_template('admin/login.html')
def account_delete():
isLogin = login_check()
if isLogin:
if request.method == 'GET':
return render_template('admin/sthwrong.html')
elif request.method == 'POST':
if session['level'] > 0: # 레벨 1부터 가능
user_id = request.form['id']
if request.form.get('confirm') == 'True':
users_model = Users('users', id=user_id)
try:
db_data = users_model.delete()
if db_data['success']:
return '<script>alert("성공적으로 삭제했습니다.");\n location.href="./edit";</script>'
else:
return render_template('admin/sthwrong.html')
except Exception as e:
return '<script>alert("오류가 발생했습니다.\n ' + str(
e) + '");\n location.href="./edit";</script>'
else:
return '<script>alert("확인란에 체크하셔야 삭제할 수 있습니다.");\n history.go(-1);</script>'
else:
return '<script>alert("권한이 없습니다.");\n history.go(-1);</script>'
else:
return redirect(url_for('admin.login'))
def delete(self, user_id):
level = get_jwt_claims()['level']
if level < 1:
return {
'success': False,
'msg': 'Unavailable request to level 0 user.'
}, 403
users_model = Users('users', id=user_id)
return users_model.delete()
def post(self):
level = get_jwt_claims()['level']
if level < 1:
return {
'success': False,
'msg': 'Unavailable request to level 0 user.'
}, 403
parser = reqparse.RequestParser()
parser.add_argument('username',
type=str,
required=True,
location='json')
parser.add_argument('password',
type=str,
required=True,
location='json')
parser.add_argument('realname',
type=str,
required=True,
location='json')
parser.add_argument('description',
type=str,
required=True,
location='json')
parser.add_argument('level', type=int, required=True, location='json')
parser.add_argument('deactivated',
type=bool,
required=True,
location='json')
args = parser.parse_args()
username, password, realname, description, level, deactivated = args.values(
)
hashed_pw = generate_password_hash(password)
users_model = Users('users',
username=username,
password=hashed_pw,
realname=realname,
description=description,
level=level,
deactivated=deactivated)
# 중복 체크
result = users_model.getUser()
if result:
return {'success': True, 'msg': 'The username already exists'}, 400
return users_model.create()
def register():
org_model = Org('organization')
is_available = org_model.read_all()['result'][0]['register_on']
if is_available:
if request.method == 'POST':
username = request.form['username']
realname = request.form['realname']
description = request.form['description']
password = request.form['password']
password_again = request.form['password_again']
# 공백 확인
if username == '' or realname == '' or password == '':
return '<script>alert("아이디, 비밀번호, 이름은 반드시 입력해야합니다.");\n location.href="./register";</script>'
# 비밀번호 확인
if password != password_again:
return '<script>alert("비밀번호 확인이 일치하지 않습니다.");\n location.href="./register";</script>'
hashed_pw = generate_password_hash(password)
users_model = Users('users',
username=username,
realname=realname,
description=description,
password=hashed_pw,
level=0,
deactivated=False)
# 중복 체크
exist_check = users_model.getUser()
if exist_check:
return '<script>alert("해당하는 아이디가 이미 존재합니다. 다른 아이디로 시도하십시오.");\n location.href="./register";</script>'
try:
db_data = users_model.create()
if db_data['success']:
return '<script>alert("회원 등록이 완료되었습니다.");\n location.href="/";</script>'
else:
return render_template('admin/sthwrong.html')
except Exception as e:
return '<script>alert("오류가 발생했습니다.\n ' + str(
e) + '");\n location.href="./register";</script>'
elif request.method == 'GET':
return render_template('admin/register.html')
else:
return '<script>alert("회원 등록이 불가능한 상태입니다. 관리자에게 문의하세요.");\n history.go(-1);</script>'
def account_new():
isLogin = login_check()
if isLogin:
if request.method == 'GET':
return render_template('admin/account/new.html',
isLogin=True,
username=session['username'],
realname=session['realname'],
description=session['description'],
level=session['level'])
elif request.method == 'POST':
username = request.form['username']
realname = request.form['realname']
description = request.form['description']
level = int(request.form['level'])
password = request.form['password']
deactivated = False
if request.form.get('deactivated'):
deactivated = bool(request.form['deactivated'])
hashed_pw = generate_password_hash(password)
users_model = Users('users',
username=username,
realname=realname,
description=description,
password=hashed_pw,
level=level,
deactivated=deactivated)
# 중복 체크
exist_check = users_model.getUser()
if exist_check:
return '<script>alert("해당하는 아이디가 이미 존재합니다. 다른 아이디로 시도하십시오.");\n location.href="./new";</script>'
try:
db_data = users_model.create()
if db_data['success']:
return '<script>alert("성공적으로 추가했습니다.");\n location.href="./new";</script>'
else:
return render_template('admin/sthwrong.html')
except Exception as e:
return '<script>alert("오류가 발생했습니다.\n ' + str(
e) + '");\n location.href="./new";</script>'
else:
return redirect(url_for('admin.login'))
def get(self, user_id):
users_model = Users('users', id=user_id)
return users_model.read_one()
def get(self):
users_model = Users('users')
return users_model.read_all()
def account_edit():
isLogin = login_check()
if isLogin:
if request.method == 'GET':
selected_id = request.args.get('selected', '')
page = int(request.args.get('page', '1'))
users_model = Cnts('users')
try:
db_data = users_model.read_page((int(page) - 1) * 10, 10)
if db_data['success']:
result = db_data['result']
msg = ''
else:
result = ''
msg = db_data[0]['msg']
except Exception as e:
result = ''
msg = str(e)
selected_doc = None
if (selected_id != '') and (result != ''):
for data in result:
if data['id'] == selected_id:
selected_doc = data
break
return render_template('admin/account/edit.html',
isLogin=True,
username=session['username'],
realname=session['realname'],
description=session['description'],
level=session['level'],
result=result,
msg=msg,
page=page,
selected_id=selected_id,
selected_doc=selected_doc)
elif request.method == 'POST':
user_id = request.form['id']
username = request.form['username']
realname = request.form['realname']
description = request.form['description']
level = int(request.form['level'])
password = request.form['password']
deactivated = False
if request.form.get('deactivated'):
deactivated = bool(request.form['deactivated'])
user_model = None
if password == '':
users_model = Users('users',
id=user_id,
username=username,
realname=realname,
description=description,
level=level,
deactivated=deactivated)
else:
hashed_pw = generate_password_hash(password)
users_model = Users('users',
id=user_id,
username=username,
realname=realname,
description=description,
password=hashed_pw,
level=level,
deactivated=deactivated)
try:
db_data = users_model.update()
if db_data['success']:
return '<script>alert("성공적으로 수정했습니다.");\n location.href="./edit";</script>'
else:
return render_template('admin/sthwrong.html')
except Exception as e:
return '<script>alert("오류가 발생했습니다.\n ' + str(
e) + '");\n location.href="./edit";</script>'
else:
return redirect(url_for('admin.login'))