def github_oauth(github_authbp, token): if not github.authorized: return redirect(url_for("github.login")) resp = github.get("/user") if not resp.ok: return redirect(url_for("github.login")) info = resp.json() auth = oauth.OAuth.query.filter_by(provider_user_id=info["id"]).first() if auth is None: auth = oauth.OAuth(provider="github", provider_user_id=info["id"], token=token) if auth.user: login_user(auth.user) return redirect("/home", 302) else: if not validate_username(info["login"]): return redirect("/register") if info["login"] == "fwordadmin": user = users.User(username=info["login"], email=info["email"], is_admin=True) else: user = users.User(username=info["login"], email=info["email"]) auth.user = user base.db_session.add_all([user, auth]) base.db_session.commit() login_user(user) return redirect("/home", 302) else: login_user(auth.user) return redirect("/home", 302)
def user_test(): name=request.args.get('name') age=request.args.get('age') user=users.User(name,age) userlist=[] for i in range(11): user_model=users.User("name"+str(i),i) userlist.append(user_model) # 消息提示 flash("hello world") return render_template('user_test.html',user=user,users=userlist)
def create(username, email, password): usr = users.User("", email, "") # on creer notre modele utilisateur usr = usr.get_by_email() # on appel la db avec l email quon a remplit if usr != None: # si l utilisateur avec cet email n existe pas return None, "user already exist" hashed_pw = sha256_crypt.encrypt(password) usr = users.User(username, email, hashed_pw) usr.save() usr.get_by_email( ) # recupere l utilisateur d apres son email (gestion des id = -1) return usr, None
def create(email, password): # etape 1 : verifier que l utilisateur existe usr = users.User() usr.email = email usr = usr.get_by_email() if usr == None: return None, None, 'User not found' # on renvoit juste l EEREUR # etape 2 : verifier le mot de passe correspond if sha256_crypt.verify(password, usr.password) == False: return None, None, 'Bad password' # on renvoit juste l EEREUR # etape 3 : creer un token(str) (si etape 1 et 2 validees) encoded = str( jwt.encode({ 'username': usr.username, 'email': usr.email }, 'l4ur45k', algorithm='HS256')) # etape 4 : appeler la db (create) sess = sessions.Session(encoded) sess.user_id = usr.id sess.create() # etape 5 : retourner un token(str) et un user(objet json)(username, email, id, password) # None => pas d'erreur return encoded, usr, None
def get_token(check_pw=True, user_id=False): """ Tries to get credentials from the request headers. Fails verbosely.""" U = None if check_pw: if request.json is None: return Response( response="JSON payload missing from /login request!", status=422) U = users.authenticate(request.json.get("username", None), request.json.get("password", None)) else: U = users.User(_id=user_id) if U is None: return utils.http_401 tok = { 'access_token': flask_jwt_extended.create_access_token(identity=U.jsonize()), "_id": str(U.user["_id"]), } return Response(response=json.dumps(tok), status=200, mimetype="application/json")
def create_user(db: Session, user: schema.UserCreate): fake_hashed_password = user.password + "jhaihfndsh" db_user = users.User(email=user.username, hashed_password=fake_hashed_password) db.add(db_user) db.commit() db.refresh(db_user) return db_user
def get_user_by_email(email): usr = users.User() usr.email = email usr = usr.get_by_email() if usr == None: return None, "user not found" return usr, None
def put(self, phonenum, pwd): try: user = users.User(username=phonenum, phonenum=phonenum, pwd) users.db.session.add(user) users.db.session.commit() return {'flag': True} except Exception, e: return {'flag': False}
def get_user_by_id(_id): usr = users.User() usr.id = _id usr = usr.get_by_id() if usr == None: return None, "user not found" return usr, None
def __init__(self, oid=None): if not ObjectId.is_valid(oid): print("The user ID '%s' is not a valid Object ID." % (oid)) sys.exit(1) self._id = ObjectId(oid) self.User = users.User(_id=self._id) self.login = self.User.user['login'] print("\n Working with user \x1b[1;33;40m %s \x1b[0m [%s]" % (self.login, self._id))
def update(self, *args, **kwargs): #try try: users.User().save() except: print "error @ post" finally: response = make_response() return response()
def delete(_id, token): sess = sessions.Session(token) sess = sess.get_by_token() if sess == None: return "your are not logined" # if sess.user_id != id : # return "You don't have the right to do it" usr = users.User() usr.id = _id usr.delete() return True
def add_user(login, password_hash, name, surname, email, type_id): session = create_session() user = users.User() user.login = login user.hashed_password = password_hash user.name = name user.surname = surname user.email = email user.type_id = type_id session.add(user) session.commit() return [0, user.id] # SUCCESS
def profile(): # instantiate giphy, post, group and user giphy = safygiphy.Sticky(token="aYiNwV98zSwp2eeIQ1ucWNpAtEaTt51r") post = posts.Post(session["user_id"]) group = groups.Group(session["user_id"]) user = users.User(session["user_id"]) # retrieve data groupfollow = group.followed() feed = user.profilefeed() trending = giphy.trending(limit=25) trending_list = [ trending["data"][i]["images"]["fixed_width_small"]["url"] for i in range(25) ] comments = post.loadcomments() if request.method == "POST": # retrieve data gif_link = request.form.get("gif") post_id = request.form.get("post_id") comment = request.form.get("comment") # if text comment if not gif_link: post.comment(post_id, comment) comments = post.loadcomments() return render_template("profile.html", groupnames=groupfollow, feed=feed, gif_list=trending_list, comments=comments) else: post.comment_gif(post_id, gif_link) comments = post.loadcomments() return render_template("profile.html", groupnames=groupfollow, feed=feed, gif_list=trending_list, comments=comments) else: return render_template("profile.html", groupnames=groupfollow, feed=feed, gif_list=trending_list, comments=comments)
def new_asset(asset_type): """ Uses the 'Authorization' block of the header and POSTed params to create a new settlement. """ # first, check to see if this is a request to make a new user. If it is, we # don't need to try to pull the user from the token b/c it doesn't exist # yet, obvi. Instead, initialize a user obj w/ no _id to call User.new(). if asset_type == 'user': U = users.User() return U.serialize() request.collection = asset_type request.User = users.token_to_object(request) return request_broker.new_user_asset(asset_type)
def create_default_account_info(db): user_manager = SharedState().getInstance().user_mgr admin_role = users.Role(name="ADMIN") user_role = users.Role(name="USER") default_admin = users.User(username=lms_cfg.DEFAULT_LMS_ADMIN, password=user_manager.hash_password(lms_cfg.DEFAULT_LMS_PW), fullname=lms_cfg.DEFAULT_LMS_FN, email=lms_cfg.DEFAULT_LMS_EMAIL, is_active=True, confirmed_at=datetime.utcnow(), roles=[admin_role]) default_library = libraries.Library(name=lms_cfg.DEFAULT_LMS_LIBRARY, admin=lms_cfg.DEFAULT_LMS_ADMIN, is_active=True, users=[default_admin]) add_and_commit_db(db, [default_library, admin_role, user_role]) return
def update(_id, username, email, password, token): sess = sessions.Session(token) sess = sess.get_by_token() if sess == None: return "your are not logined" if password != "": hashed_pw = sha256_crypt.encrypt(password) else: hashed_pw = password usr = users.User(username, email, hashed_pw) usr.id = _id if hashed_pw != "": usr.update(True) else: usr.update(False) return usr
def get_user_asset(collection=None, asset_id=None): """ Tries to return an initialized asset from one of our collections. Returns a (bad) HTTP response if it cannot. """ R = badResponse() try: if collection == "settlement": return settlements.Settlement(_id=asset_id) elif collection == "survivor": return survivors.Survivor(_id=asset_id) elif collection == "user": return users.User(_id=asset_id) else: return R except Exception as e: return R.send_bad_response(e)
def register(): if request.method == "POST": username = validate_on_login(request.form.get("username")) password = validate_on_login(request.form.get("password")) email = request.form.get("email") if not username or not password or not email: return render_template("register.html", msg="Invalid informations") if not validate_username(username): return render_template("register.html", msg="This username is already used") user = users.User(username=username, email=email) user.set_password(password) base.db_session.add(user) base.db_session.commit() login_user(user) return redirect("/home") else: return render_template("register.html", msg="")
def update_user(oid, level, beta): """ Loads a user from the MDB, initializes it and calls the methods that set the patron level and the beta flag, etc. """ if not ObjectId.is_valid(oid): print("The user ID '%s' is not a valid Object ID." % (oid)) if type(beta) == bool: pass elif beta[0].upper() == 'T': beta = True else: beta = False U = users.User(_id=ObjectId(oid)) U.set_patron_attributes(int(level), beta) print("\n %s Updated patron attributes:\n %s\n" % (U, U.user['patron']))
def new_asset(asset_type): """ Uses the 'Authorization' block of the header and POSTed params to create a new settlement. """ # first, check to see if this is a request to make a new user. If it is, we # don't need to try to pull the user from the token b/c it doesn't exist # yet, obvi. Instead, initialize a user obj w/ no _id to call User.new(). if asset_type == 'user': U = users.User() output = U.serialize('create_new') output["Authorization"] = { 'access_token': flask_jwt_extended.create_access_token(identity=U.jsonize()), "_id": str(U.user["_id"]), } return Response(response=json.dumps(output, default=json_util.default), status=200, mimetype="application/json") request.collection = asset_type request.User = users.token_to_object(request, strict=False) return request_broker.new_user_asset(asset_type)
def post(self, *args, **kwargs): user_name = self.get_argument('user_name') password = self.get_argument('password') email = self.get_argument('email') phone = self.get_argument('phone') user = users.User.by_email(users.User,email) if user: print('用户已存在') registerSuccess = {'responseObject': {"data": "", "result": "1", "msg": '用户已存在' } } registerSuccess = json.dumps(registerSuccess) self.write(json.dumps(registerSuccess)) else: print('用户不存在,把新增用户添加到数据库') new_user = users.User() new_user.user_name = user_name new_user.password = password new_user.email = email new_user.phone_num = phone self.db.add(new_user) self.db.commit() data = { "user_name":user_name, "email":email } registerSuccess = {'responseObject': {"data":data, "result":"1", "msg":'注册成功' } } registerSuccess = json.dumps(registerSuccess) self.write(registerSuccess)
def post(self): try: data = request.get_json() hashedPassword = bcrypt.generate_password_hash( data["password"]).decode("utf-8") users.User(email=data["email"], telephone=data["telephone"], password=hashedPassword).save() obj = users.User.objects.values().get({"email": data["email"]}) sanitized = json.loads(json_util.dumps(obj)) # print(sanitized) return {**sanitized, "logged": True, "registered": True}, 201 except Exception as err: print(err) return { "message": "Email already exists", "exist": True, "logged": False }, 200
def settings(): # load grouplist in sidebar group = groups.Group(session["user_id"]) groupfollow = group.followed() if request.method == "POST": # instantiate user user = users.User(session["user_id"]) # password button pressed if request.form["action"] == "Change password": # ensure forms filled in properly if not request.form.get("current_password"): return render_template( "settings.html", missingcurrent="Current password missing", groupnames=groupfollow) if not request.form.get("new_password"): return render_template("settings.html", missingnew="New password missing", groupnames=groupfollow) if not request.form.get("check_password"): return render_template("settings.html", missingcheck="Password check missing", groupnames=groupfollow) # check if new password and password match if request.form.get("new_password") != request.form.get( "check_password"): return render_template("settings.html", nomatch="Passwords do not match", groupnames=groupfollow) change_password = user.change_password( request.form.get("current_password"), request.form.get("new_password"), request.form.get("check_password")) # if change successful if change_password == True: return render_template("settings.html", success="Password changed!", groupnames=groupfollow) else: return render_template( "settings.html", failure="Current password is incorrect!", groupnames=groupfollow) # username button pressed elif request.form["action"] == "Change username": # ensure forms filled in properly if not request.form.get("current_username"): return render_template( "settings.html", missingcurrent="Current username missing", groupnames=groupfollow) if not request.form.get("new_username"): return render_template("settings.html", missingnew2="New username missing", groupnames=groupfollow) if not request.form.get("current_password"): return render_template("settings.html", missingcheck2="Password is missing", groupnames=groupfollow) change_username = user.change_username( request.form.get("current_username"), request.form.get("new_username"), request.form.get("current_password")) if change_username is True: return render_template("settings.html", success="Username changed!", groupnames=groupfollow) if change_username is False: return render_template("settings.html", failure2="Password is incorrect!", groupnames=groupfollow) if change_username is None: return render_template("settings.html", failure2="Username already exists!", groupnames=groupfollow) else: return render_template("settings.html", groupnames=groupfollow)
def get_user_data(): """ Returns JSON about active and recently active users, as well as info about user agents, etc. """ # first, do the user agent popularity contest, since that's simple results = utils.mdb.users.group(['latest_user_agent'], {'latest_user_agent': { '$exists': True }}, {"count": 0}, "function(o, p){p.count++}") sorted_list = sorted(results, key=lambda k: k["count"], reverse=True) for i in sorted_list: i["value"] = i['latest_user_agent'] i["count"] = int(i["count"]) ua_data = sorted_list[:25] # next, get active/recent users recent_user_cutoff = datetime.now() - timedelta( hours=settings.get("application", "recent_user_horizon")) recent_users = utils.mdb.users.find({ "latest_activity": { "$gte": recent_user_cutoff } }).sort("latest_activity", -1) # now enhance the user data to include a bit more info (to avoid having to # do date calc in javascripts, etc. final_user_info = [] for u in recent_users: try: U = users.User(_id=u["_id"]) final_user_info.append(U.serialize('admin_panel')) except Exception as e: logger.error( "panel.py threw an exception while attempting to enhance recent user data!" ) logger.error( "User '%s' (%s) could not be initialized and enhanced! Returning it as-is..." % (u["login"], u["_id"])) logger.error("Exception was: %s" % e) active_user_count = 0 recent_user_count = 0 for u in final_user_info: if u['user']["is_active"] == True: active_user_count += 1 else: recent_user_count += 1 # create the final output dictionary d = { "meta": { "active_user_horizon": settings.get("application", "active_user_horizon"), "active_user_count": active_user_count, "recent_user_horizon": settings.get("application", "recent_user_horizon"), "recent_user_count": recent_user_count, }, "user_agent_stats": ua_data, "user_info": final_user_info, } # and return it as json return json.dumps(d, default=json_util.default)