def test_login_success(app, db):
"""
Given I provide valid email and password
When I make a call to the `login` API
Then I get HTTP 200 OK response
And the response body match the schema
And the response contains user's data
"""
data = {
"email": "*****@*****.**",
"password": "******"
}
User(
email=data["email"],
password=User.create_hash(plain_password=data["password"])
).save()
client = app.test_client()
response = client.post("/api/users/login/", data=json.dumps(data))
assert response.status_code == 200
response_data = json.loads(response.data.decode("utf-8"))
validate_dict_with_schema(
response_data,
"user/register/response"
)
assert response_data["data"]["user"]["email"] == data["email"]
def login():
form = RegisterForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
password = form.password.data
repassword = form.repassword.data
if repassword:
if password != repassword:
form.errors['re-password'] = ['Password does not match']
return render_template('login.html', form=form)
try:
User.create(username, password)
flash('Account created', 'success')
login_user(username, password)
return redirect(url_for('.index'))
except ExistsError:
form.errors['username'] = ['Username already exists']
if login_user(username, password):
return redirect(url_for('.index'))
form.errors['authentication'] = ['wrong username or password']
return render_template('login.html', form=form)
def create_user():
form = RegistrationForm(request.form)
if form.validate():
new_user = User(username=form.username.data)
new_user.generate_password_digest(form.password.data)
if new_user.save():
session = Session(session_token=Session.generate_session_token(),
username=new_user.username)
if session.save():
response = jsonify(
user=user_response_obj(new_user),
message="New user created! Welcome {0}!".format(
new_user.username))
response.set_cookie('pomodoro-to-do', session.session_token)
return response
else:
return jsonify(
error="New user created, but failed to login"), 401
else:
return jsonify(error="Could not create user."), 401
else:
return jsonify(errors=form.errors.items()), 400
def current_user(cookie):
if not session:
return None
else:
for token in session:
if cookie == token and User.find_by_session_token(token):
return User.find_by_session_token(token)[0]
return None
def current_user(cookie):
if not session:
return None
else:
for token in session:
if cookie == token and User.find_by_session_token(token):
return User.find_by_session_token(token)[0]
return None
def validate_user_credentials(form, field):
if User.find_by_username(form.username.data).count() > 0:
user = User.find_by_username(form.username.data)[0]
else:
return
if not User.validate_user_credentials(user, form.password.data):
message = "Invalid credentials"
raise ValidationError(message)
def validate_user_credentials(form, field):
if User.find_by_username(form.username.data).count() > 0:
user = User.find_by_username(form.username.data)[0]
else:
return
if not User.validate_user_credentials(user, form.password.data):
message = "Invalid credentials"
raise ValidationError(message)
def __destroy_user(username):
password = request.form['password']
user = User.find_by_username(username)[0]
if user and User.validate_user_credentials(user, password):
if User.destroy(user):
return jsonify(message="User {0} successfully deleted!".format(user.username))
else:
return jsonify(error="Credentials are valid but could not delete user.")
else:
return jsonify(error="Could not validate user credentials.")
def save(user_data):
"""
Save User Collection record
:param user_data: dict, Ie {'user_id': 10, 'pin': 20, ....}
:returns Object, Ie {'user_id': 10, 'pin': 20 ....}
"""
user = User(user_id=user_data['user_id'],
pin=user_data['pin'],
user_name=user_data['user_name'],
password=user_data['password'])
user.save()
return user
def logout_user():
headers_token = User.get_token_from_authorization_header(
request.headers.get('Authorization'))
response = User.decode_auth_token(headers_token)
if isinstance(response, str):
response_object = {'status': 'error', 'message': response}
return jsonify(response_object), 401
else:
response_object = {
'status': 'success',
'message': 'Successfully logged out.'
}
return jsonify(response_object), 200
def user_status():
headers_token = User.get_token_from_authorization_header(
request.headers.get('Authorization'))
response = User.decode_auth_token(headers_token)
if isinstance(response, str):
response_object = {'status': 'error', 'message': response}
return jsonify(response_object), 401
else:
response_object = {
'status': 'success',
'data': User.get_by_id(response)
}
return jsonify(response_object), 200
def register_user():
"""This Endpoint handles registration of new users."""
data = request.get_json()
username = data['username'].strip()
email = data['email'].strip()
password = data['password'].strip()
if not username or not email or not password:
return jsonify({
'message': 'Please fill in all the credentials',
'status': 'Failed'
}), 400
if not username.isalpha():
return make_response(
jsonify({
'message': 'Username should contain letters only',
'status': 'Failed'
})), 400
if not re.match(r"([\w\.-]+)@([\w\.-]+)(\.[\w\.]+$)", email):
return make_response(
jsonify({
'message': 'Invalid Email input',
'status': 'Failed'
})), 400
if len(password) < 4:
return make_response(
jsonify({
'message': 'Password is too short',
'status': 'Failed'
})), 400
# Query to see if the user already exists
user = User.query.filter_by(email=data['email']).first()
if user is not None:
response = {
'message': 'User already exists. Please login',
'status': 'Failed'
}
return make_response(jsonify(response)), 409
# If there is no user with such email address, register the new user
user = User(username=username, email=email, password=password)
user.save()
response = {
'message': 'Registration successful. Please login',
'status': 'Success'
}
return make_response(jsonify(response)), 201
def treatment():
res = requests.get("https://www.emedexpert.com/lists/conditions.shtml") #scrapping given url to extract the table of diasease and symptom
soup = BeautifulSoup(res.content,'lxml')
table = soup.find_all('table')[0]
df = pd.read_html(str(table))
#for i in df:
# print(i[0],i[1])
df[0].to_csv("web_scrapped.csv", index=False, quoting=csv.QUOTE_NONE,escapechar=' ') #storing the extracted data in csv file
#------storing data in sqlite3 database-------#
with open('web_scrapped.csv','r') as person_table:
dr = csv.DictReader(person_table, delimiter=',')
to_db = [[i["1"],i["0"]] for i in dr]
for i in to_db:
record=User(**{
'disease': i[1],
'medicine': i[0]
})
db.session.add(record)
db.session.commit()
dis=request.args.get('text')
#print(dis)
treat=User.query.filter_by(disease=dis).first()
#print(treat.medicine)
return render_template("treatment.html",treat=(treat.medicine))
def test_add_duplicate_email(self):
add_user('test', '*****@*****.**', 'test')
duplicate_user = User(username='******',
email='*****@*****.**',
password='******')
db.session.add(duplicate_user)
self.assertRaises(IntegrityError, db.session.commit)
def login():
"""
Log in the user
"""
errors = None
try:
request_data = json.loads(request.data)
validate_dict_with_schema(request_data, "user/register/request")
user = User.check_user(
email=request_data["email"],
password=request_data["password"]
)
if user:
session["user_id"] = user.id
return json_response(
status=200,
response_data={
"success": True, "data": {"user": user.serialize()}
}
)
except (TypeError, ValueError):
errors = ["Invalid JSON"]
except ValidationError as e:
errors = e.message
if errors:
return json_response(
status=400, response_data={"success": False, "errors": errors}
)
return json_response(
status=401,
response_data={"success": False, "errors": ["Invalid email/password"]}
)
def add_user():
data = request.get_json()
if not data:
response_data = {'status': 'fail', 'message': 'Invalid payload.'}
return jsonify(response_data), 400
username = data.get('username')
email = data.get('email')
try:
user = User.query.filter_by(username=username).first()
if not user:
user = User(username=username, email=email)
db.session.add(user)
db.session.commit()
response_data = {
'status': 'success',
'message': '{} was added'.format(username)
}
return response_data, 201
response_data = {
'status': 'fail',
'message': 'Sorry. user {} already exists.'.format(username)
}
return response_data, 400
except exc.IntegrityError:
db.session.rollback()
response_data = {'status': 'fail', 'message': 'Invalid payload.'}
return jsonify(response_data), 400
def post(self):
auth_header = request.headers.get('Authorization')
if not auth_header:
return {'message': 'Provide valid auth token'}, 401
auth_token = auth_header.split(" ")[1]
supplier_id = User.decode_auth_token(auth_token)
tracking_code = randomword(8)
status = 1
response_object = {}
post_data = request.get_json()
if not post_data:
response_object['message'] = 'Input payload validation failed'
return response_object, 400
name = post_data.get('name')
description = post_data.get('description')
weight = post_data.get('weight')
recipient_id = post_data.get('recipient_id')
package = Package(name, description, supplier_id, weight, recipient_id,
status, tracking_code)
db.session.add(package)
db.session.commit()
response_object = {
'message': f'{name} has been added',
'package': package.json()
}
return response_object, 201
def post(self):
post_data = request.get_json()
refresh_token = post_data.get("refresh_token")
response_object = {}
try:
resp = User.decode_token(refresh_token)
user = get_user_by_id(resp)
if not user:
auth_namespace.abort(401, "Invalid token")
access_token = user.encode_token(user.id, "access")
refresh_token = user.encode_token(user.id, "refresh")
response_object = {
"access_token": access_token,
"refresh_token": refresh_token,
}
return (response_object, )
except jwt.ExpiredSignatureError:
auth_namespace.abort(401,
"Signature expired. Please log in again.")
return "Signature expired. Please log in again."
except jwt.InvalidTokenError:
auth_namespace.abort(401, "Invalid token. Please log in again.")
def __show_user(username):
user = User.find_by_username(username)
if user:
return jsonify(user=user_response_obj(user))
else:
return jsonify(error="Could not find user."), 404
def handle_complete_pomodoro(username, id):
user = User.find_by_username(username)
if user:
to_do = ToDo.objects.get(author=user, id=id)
pomodoros = to_do.pomodoros
num_complete = int(request.form['num_complete'])
pomodoros[num_complete].complete = True
message = "Pomodoro completed!"
if ((num_complete + 1) % 4) == 0:
message += " Long break time!"
else:
message += " Break time!"
if num_complete + 1 == len(pomodoros):
to_do.complete = True
message = "To do is COMPLETE! Woo hoo!"
if to_do.save():
return jsonify(to_do=to_do, message=message)
else:
return jsonify(error="Could not update to do item."), 401
else:
return jsonify(error="Could not find user."), 404
def __show_user(username):
user = User.find_by_username(username)
if user:
return jsonify(user = user_response_obj(user))
else:
return jsonify(error="Could not find user."), 404
def test_user_registration_duplicate_email(self):
User(**USER_BASIC).save()
response = self.register(json.dumps(USER_DUPLICATE_EMAIL))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'error')
self.assertTrue(data['message'] == 'User already exists.')
self.assertEqual(response.status_code, 409)
def post(self):
post_data = request.get_json()
name = post_data.get('name')
email = post_data.get('email')
password = post_data.get('password')
invite_code = post_data.get('invite_code')
response_object = {}
user = User.query.filter_by(email=email).first()
if user:
response_object['message'] = 'Sorry, That email already exists.'
return response_object, 400
invited_user = Invited_user.query.filter_by(
email=email, invite_code=invite_code).first()
if invited_user:
user = User(name, email, password, invited_user.role_id)
db.session.add(user)
db.session.commit()
response_object['message'] = f'{email} was added!'
return response_object, 201
else:
print(invited_user.role_id)
response_object['message'] = 'Not authorised'
return response_object, 401
def logout():
session_key = session.get('s_key', None)
if session_key:
uid = Session.get(session_key)['user']
user = User.get(uid)
logout_user(user)
return redirect(url_for('.index'))
def handle_complete_pomodoro(username, id):
user = User.find_by_username(username)
if user:
to_do = ToDo.objects.get(author=user, id=id)
pomodoros = to_do.pomodoros
num_complete = int(request.form['num_complete'])
pomodoros[num_complete].complete = True
message = "Pomodoro completed!"
if ((num_complete + 1) % 4) == 0:
message += " Long break time!"
else:
message += " Break time!"
if num_complete + 1 == len(pomodoros):
to_do.complete = True
message = "To do is COMPLETE! Woo hoo!"
if to_do.save():
return jsonify(to_do = to_do, message = message)
else:
return jsonify(error="Could not update to do item."), 401
else:
return jsonify(error="Could not find user."), 404
def get(user_id):
"""
Select User DB records
:param user_id:
:returns Object, Ie {'user_id': 10, 'pin': 20 ....}
"""
return User.objects(user_id=user_id).first()
def test_user_login_no_password_user(self):
User(**USER_BASIC).save()
response = self.login(json.dumps(LOGIN_USER_BASIC_NO_PASSWORD))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'error')
self.assertTrue(data['message'] == 'Invalid payload.')
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 400)
def index():
if request.method == 'POST':
username = request.form['username']
email = request.form['email']
db.session.add(User(username=username, email=email))
db.session.commit()
users = User.query.order_by(User.create_at.desc()).all()
return render_template('index.html', users=users)
def get_auth_user(user_data):
"""
Get authenticated User DB record
:param user_data:
:returns Object, Ie {'user_id': 10, 'pin': 20 ....}
"""
return User.objects(user_name=user_data['user_name'],
password=user_data['password']).first()
def validate_user_account(user_data):
"""
Validate User account by user_id and pin
:param user_data: dict, Ie {'user_id': 10, 'pin': 20}
:returns Object, Ie {'user_id': 10, 'pin': 20 ....}
"""
return User.objects(user_id=get(user_data, ['user_id']),
pin=get(user_data, ['pin'])).first()
def add_user():
"""Add a user to the database."""
if 'application/json' not in request.content_type:
User(
username=request.form['username'],
email=request.form['email'],
password=request.form['password'],
).save()
return render_template('users.html', users=User.get_all_users())
try:
user = User(**request.get_json())
user.save()
response_object = {
'status': 'success',
'data': user.get_data()
}
return jsonify(response_object), 201
except exc.IntegrityError:
response_object = {
'status': 'fail',
'message': 'User already exists.'
}
return jsonify(response_object), 409
except (ValueError, TypeError) as e:
response_object = {
'status': 'fail',
'message': 'Invalid payload.'
}
return jsonify(response_object), 400
def test_user_login_registered_user(self):
User(**USER_BASIC).save()
response = self.login(json.dumps(LOGIN_USER_BASIC))
data = json.loads(response.data.decode())
self.assertTrue(data['status'] == 'success')
self.assertTrue(data['message'] == 'Successfully logged in.')
self.assertTrue(data['token'])
self.assertTrue(response.content_type == 'application/json')
self.assertEqual(response.status_code, 200)
def logged_in_users():
users = []
for token in session:
user = User.find_by_session_token(token)
if user:
users.append(user[0].username)
return users
def handle_to_do_search(username):
user = User.find_by_username(username)
title = request.args.get('title')
if user:
to_dos = ToDo.objects.filter(title__icontains=title, author=user)
return jsonify(to_dos=to_dos)
else:
return jsonify(error="Could not find user."), 404
def logged_in_users():
users = []
for token in session:
user = User.find_by_session_token(token)
if user:
users.append(user[0].username)
return users
def handle_to_do_search(username):
user = User.find_by_username(username)
title = request.args.get('title')
if user:
to_dos = ToDo.objects.filter(title__icontains=title, author=user)
return jsonify(to_dos=to_dos)
else:
return jsonify(error="Could not find user."), 404
def get(self):
auth_header = request.headers.get('Authorization')
if not auth_header:
return {'message': 'Provide valid auth token'}, 401
auth_token = auth_header.split(" ")[1]
supplier_id = User.decode_auth_token(auth_token)
packages = Package.query.filter_by(supplier_id=supplier_id).all()
print(packages)
return {'packages': [package.json() for package in packages]}, 200
def handle_to_do_request(username):
user = User.find_by_username(username)
if user:
if request.method == "GET":
return __fetch_to_do_items(user)
elif request.method == "POST":
return __create_to_do_item(user)
else:
return jsonify(error="Could not find user."), 404
def __update_user(username):
password = request.form['password']
option = request.form['option']
user = User.find_by_username(username)[0]
if user and User.validate_user_credentials(user, password):
updated_user = __updated_user(user, option)
user.username = new_username
user.generate_password_digest(new_password)
if updated_user.save():
message = __generate_update_msg(option)
return jsonify(username=username, message=message)
else:
return jsonify(error="Credentials are valid but could not update user.")
else:
return jsonify(error="Could not validate user credentials.")
def handle_single_to_do_request(username, id):
user = User.find_by_username(username)
if user:
if request.method == "GET":
return __fetch_single_to_do_item(user, id)
elif request.method == "PUT":
return __update_to_do_item(user, id)
elif request.method == "DELETE":
return __delete_to_do_item(user, id)
else:
return jsonify(error="Could not find user."), 404
def create_user():
form = RegistrationForm(request.form)
if form.validate():
new_user = User(username = form.username.data)
new_user.generate_password_digest(form.password.data)
if new_user.save():
session = Session(session_token=Session.generate_session_token(),
username=new_user.username)
if session.save():
response = jsonify(user = user_response_obj(new_user),
message = "New user created! Welcome {0}!".format(new_user.username))
response.set_cookie('pomodoro-to-do', session.session_token)
return response
else:
return jsonify(error="New user created, but failed to login"), 401
else:
return jsonify(error="Could not create user."), 401
else:
return jsonify(errors=form.errors.items()), 400
def __create_session():
form = LoginForm(request.form)
if form.validate():
user = User.find_by_username(form.username.data)
session = Session(session_token=Session.generate_session_token(),
username=user.username)
session.save()
__maintain_max_session_limit(user)
response = jsonify(user=user_response_obj(user),
message = "Login successful! Welcome {0}!".format(user.username))
response.set_cookie('pomodoro-to-do', session.session_token)
return response
else:
return jsonify(errors=form.errors.items()), 400
def create_user():
form = RegistrationForm(request.form)
if form.validate():
new_user = User(username = form.username.data)
new_user.generate_password_digest(form.password.data)
new_user.reset_session_token()
if new_user.save():
application_controller.login(new_user)
user_response = build_user_response_object(new_user)
return jsonify(user = user_response,
message = "User creation successful! Welcome {0}!".format(new_user.username))
else:
return jsonify(error="Could not create user."), 401
else:
return jsonify(errors=form.errors.items()), 400
def check_if_username_exists(form, field):
message = "Username not found"
if User.find_by_username(form.username.data).count() == 0:
raise ValidationError(message)
def check_if_username_taken(form, field):
message = "Username already taken"
if User.find_by_username(form.username.data).count() > 0:
raise ValidationError(message)
def validate_user_credentials(form, field):
user = User.find_by_username(form.username.data)
if user and not User.validate_user_credentials(user, form.password.data):
raise ValidationError("Invalid credentials")
def check_if_username_taken(form, field):
if User.find_by_username(form.username.data):
raise ValidationError("Username already taken")
def check_if_username_exists(form, field):
if not User.find_by_username(form.username.data):
raise ValidationError("Username not found")
