def setUp(self):
"""
Will be called before every test
"""
# ensure there is no data in the test database when the test starts
db.session.commit()
db.drop_all()
db.create_all()
# create test admin user
hashed_pw = bcrypt.generate_password_hash('admin2016')
admin = Users(first_name="admin", last_name="admin", email="*****@*****.**",
password=hashed_pw)
# create test non-admin user
hashed_pw_2 = bcrypt.generate_password_hash('test2016')
employee = Users(first_name="test", last_name="user", email="*****@*****.**",
password=hashed_pw_2)
# save users to database
db.session.add(admin)
db.session.add(employee)
db.session.commit()
def test_same_password(self):
"""
Ensuring same password hashed twice does not give same hash.
"""
password = "******"
hashed_1 = bcrypt.generate_password_hash(password)
hashed_2 = bcrypt.generate_password_hash(password)
self.assertNotEqual(hashed_1, hashed_2)
def setUp(self):
"""
Creating mock data for mock db
"""
User(email='*****@*****.**',
password=bcrypt.generate_password_hash('qwerty123')).save()
User(email='*****@*****.**',
password=bcrypt.generate_password_hash('qwerty321')).save()
self.userAll = routes.UserAll()
self.userByEmail = routes.UserByEmail()
def edit_users():
if current_user.permission not in ["Couple", "2nd line", "Wedding party"]:
return redirect(url_for('home'))
users = User.query.all()
form = Modify_Account_Form()
if form.validate_on_submit():
user = User.query.filter_by(id=form.id.data).first()
if user:
if form.first_name.data != '':
user.first_name = form.first_name.data
db.session.commit()
if form.last_name.data != '':
user.last_name = form.last_name.data
db.session.commit()
if form.role.data in [
"Guest", "Couple", "2nd line", "Wedding party"
]:
user.permission = form.role.data
db.session.commit()
if form.email.data != '':
user.email = form.email.data
db.session.commit()
if form.password.data != '':
user.password = bcrypt.generate_password_hash(
form.password.data)
db.session.commit()
return redirect(url_for('edit_users'))
else:
if form.role not in [
"Guest", "Couple", "2nd line", "Wedding party"
]:
r = "Guest"
else:
r = form.role.data
user = User(first_name=form.first_name.data,
last_name=form.last_name.data,
permission=r,
email=form.email.data,
password=bcrypt.generate_password_hash(
form.password.data))
db.session.add(user)
db.session.commit()
return redirect(url_for('edit_users'))
return render_template('editAccounts.html',
title='Edit users',
form=form,
users=users)
def setUp(self):
"""Will be called before every test"""
db.drop_all()
db.create_all()
db.session.commit()
hashed_pw = bcrypt.generate_password_hash('Adm1nSy5temT35t1n8')
admin_user = Users(
user_name="Admin",
email="*****@*****.**",
password=hashed_pw,
record=1
)
admin_details = Users(
first_name="Admin",
middle_name="System",
last_name="Testing",
sex = "Male"
dob_day = 1
dob_month = 1
dob_year = 2000
sub_day = 1
sub_month = 1
sub_year = 2020
sub_time = 00:00
)
hashed_pw_2 = bcrypt.generate_password_hash('Sy5temT35t1n8')
employee = Users(
user_name="Employee",
email="*****@*****.**",
password=hashed_pw_2,
record=2
)
employee_details = Users(
first_name="Employee",
middle_name="System",
last_name="User",
sex = "Female"
dob_day = 5
dob_month = 1
dob_year = 2000
sub_day = 5
sub_month = 1
sub_year = 2020
sub_time = 00:00
)
db.session.add(admin_details)
db.session.add(admin)
def auth_new_friseur():
if request.method == "GET":
return render_template("auth/new_friseur.html", form=UserForm())
form = UserForm(request.form)
if not form.validate():
return render_template("auth/new_friseur.html", form=form)
user = User.query.filter_by(username=form.username.data).first()
if user:
flash("Username exists, pick another one", "alert-warning")
return render_template("auth/new_friseur.html", form=form)
# Encrypt password and assign friseur role
password_hash = bcrypt.generate_password_hash(form.password.data)
user = User(form.name.data, form.username.data, password_hash)
user.role = Role.query.get(2)
db.session().add(user)
db.session().flush()
# Add all upcoming work days to friseur
upcoming_work_days = Work_day.upcoming_work_days()
for day in upcoming_work_days:
friseur_work_day = Friseur_work_day(user.id, day.get("id"), 10, 17)
db.session().add(friseur_work_day)
db.session().flush()
db.session().commit()
flash("New friseur with username %s created." % user.username,
"alert-warning")
return redirect(url_for("friseur_index"))
def register():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(name=form.name.data,
email=form.email.data,
password=hashed_password,
classITA=form.classITA.data,
isRepr=form.isRepr.data)
db.session.add(user)
for subject in Subject.query.filter_by(classITA=user.classITA).all():
user.subjects.append(subject)
abs = Absence(student=user, subject=subject, abs=0.0, just=0)
db.session.add(abs)
db.session.flush()
db.session.commit()
flash('Sua conta foi criada! Agora você pode ingressar no sistema.',
'success')
return redirect(url_for('login'))
return render_template('register.html', title='Cadastro', form=form)
def __init__(self, name, last_name, genre, username, email, pw):
self.name = name
self.last_name = last_name
self.genre = genre
self.username = username
self.email = email
self._password = bcrypt.generate_password_hash(pw)
def register():
form = RegistrationForm()
register_fields = [
form.email, form.first_name, form.last_name, form.username,
form.password, form.confirm_password
]
if current_user.is_authenticated:
return redirect(url_for('home'))
if form.validate_on_submit():
hashed_pw = bcrypt.generate_password_hash(form.password.data)
user = User(email=form.email.data,
first_name=form.first_name.data,
last_name=form.last_name.data,
username=form.username.data,
password=hashed_pw)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('create_team'))
else:
print(form.errors)
return render_template("register.html",
title="Register",
form=form,
fields=register_fields)
def __init__(self, name, last_name, genre, username, email, pw):
self.name = name
self.last_name = last_name
self.genre = genre
self.username = username
self.email = email
self._password = bcrypt.generate_password_hash(pw)
def teacher_forgot_password_token(token):
# If the user is logged in, abort with 404 code
if current_user.is_authenticated:
abort(404)
# Get the user's email based on the serializer's value
try:
user = User.query.filter_by(email=serializer.loads(
token, salt=os.environ.get('SECRET_KEY') +
'reset', max_age=7200)).first()
# If there was an issue, that means the token was incorrect, then abort with 404
except:
abort(404)
# Initialize the form
form = ChangePasswordForm()
# If the form validated, then generate a password hash,
# change the user's password, then let the user know
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash('Your password has been changed.', 'success')
return redirect(url_for('teacher_login'))
# Show the HTML page
return render_template('teacher/general/change-password.html',
form=form,
page_title='Change your password')
def __init__(self, campaign_name, game_system, password, admin_id):
self.campaign_name = campaign_name
self.game_system = game_system
if password:
self.password = bcrypt.generate_password_hash(password).decode(
"utf8")
self.admin_id = admin_id
def auth_add_user():
if request.method == "GET":
return render_template("auth/add_user.html", form=AddUserForm())
else:
form = AddUserForm(request.form)
errors = []
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if not user:
user = User(
form.name.data, form.username.data,
bcrypt.generate_password_hash(
form.password.data).decode("utf-8"))
user.role = Role.query.filter_by(name="user").first().id
db.session.add(user)
db.session.commit()
print("Käyttäjä %s luotu" % user.name)
login_user(user)
else:
errors.append("Käyttäjänimi on jo käytössä.")
else:
errors.append("Tarkista lomakkeen tiedot.")
if len(errors) > 0:
return render_template("auth/add_user.html",
form=form,
errors=errors)
return redirect(url_for("index"))
def account_edit_password():
"""Change user's password."""
form = PasswordForm(request.form)
if not form.validate():
return render_template("error.html", errors=form.errors.values())
new_password = form.new_password.data.strip()
current_password = form.current_password.data.strip()
account = Account.query.filter_by(email=current_user.email).first()
pass_okay = bcrypt.check_password_hash(account.password, current_password)
if not pass_okay:
return render_template("error.html",
errors=["Nykyinen salasana on väärin."])
hashed_password = bcrypt.generate_password_hash(new_password,
12).decode("utf-8")
account.password = hashed_password
db.session().commit()
return redirect(url_for("account_edit", _anchor="password_tab"))
def kayttajan_luonti():
if request.method == "GET":
return render_template("auth/createaccount.html", form=CreateAccount())
form = CreateAccount(request.form)
# tarkistetaan, löytyykö käyttäjää jo tietokannasta
user = Kayttaja.query.filter_by(tunnus=form.tunnus.data).first()
if user:
return render_template("auth/createaccount.html", form=form, error="Käyttäjätunnus on jo olemassa.")
if not form.validate():
return render_template("auth/createaccount.html", form=form)
# hashataan salasana ja lisätään käyttäjä
password = form.salasana.data.encode('utf-8')
pw_hash = bcrypt.generate_password_hash(password).decode('utf-8')
k = Kayttaja(form.tunnus.data, pw_hash)
db.session.add(k)
db.session.commit()
# kirjaudutaan sisään uudella käyttäjällä
user = Kayttaja.query.filter_by(tunnus=form.tunnus.data).first()
login_user(user)
return redirect(url_for("index"))
def sign_up():
'''Sign up route'''
if current_user.is_authenticated:
return redirect(url_for('auth.profile'))
form = SignUpForm()
if form.validate_on_submit():
try:
hashed_password = bcrypt.generate_password_hash(form.password.data
).decode('utf-8')
user = User(username=form.username.data,
firstname=form.firstname.data,
lastname=form.lastname.data,
email=form.email.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
flash('Account created successfully!', 'success')
return redirect(url_for('auth.login'))
except Exception:
db.session.rollback()
flash('An error ocurred!', 'fail')
return redirect(url_for('auth.signup'))
return render_template('auth/signup.html', form=form)
def auth_update(user_id):
form = UpdateUserForm(request.form)
u = User.query.get(user_id)
if not form.validate():
return render_template("auth/view.html", user=u, form=form)
if u.id == current_user.id or current_user.is_admin():
if form.username.data:
u.username = form.username.data
if form.new_password.data:
if form.new_password.data != form.repeat_password.data:
form.repeat_password.errors.append('Passwords do not match')
return render_template("auth/view.html", user=u, form=form)
pw_hash = bcrypt.generate_password_hash(
form.new_password.data).decode('utf-8')
u.password = pw_hash
if form.name.data:
u.name = form.name.data
if form.email.data:
u.email = form.email.data
if current_user.is_admin():
u.roles = form.role.data
u.categories = form.category.data
try:
db.session.commit()
except IntegrityError:
db.session.rollback()
return render_template("auth/view.html", user=u, form=form, username_taken=True)
return redirect(url_for("auth_index"))
def auth_create():
form = NewUserForm(request.form)
if not form.validate():
return render_template("auth/new.html", form=form)
if form.new_password.data != form.repeat_password.data:
form.repeat_password.errors.append('Passwords do not match')
return render_template("auth/new.html", form=form)
pw_hash = bcrypt.generate_password_hash(
form.new_password.data).decode('utf-8')
u = User(name=form.name.data, username=form.username.data,
password=pw_hash, email=form.email.data)
db.session.add(u)
try:
default_category = db.session.query(Category).get(1)
u.categories.append(default_category)
db.session.commit()
except IntegrityError:
db.session.rollback()
return render_template("auth/new.html", form=form, username_taken=True)
return redirect(url_for("auth_index"))
def show(user_id):
empty_form = EmptyForm()
found_user = User.query.get(user_id)
delete_form = DeleteForm()
if request.method == b'PATCH':
form = UserForm(request.form)
if form.validate():
found_user.username = form.username.data
found_user.password = bcrypt.generate_password_hash(
form.password.data).decode('UTF-8')
db.session.add(found_user)
db.session.commit()
flash('User Updated!', 'positive')
return redirect(url_for('users.index'))
return render_template('users/edit.html', user=found_user, form=form)
if request.method == b'DELETE':
delete_form = DeleteForm(request.form)
if delete_form.validate():
db.session.delete(found_user)
db.session.commit()
session.pop('user_id')
flash('User Deleted!', 'positive')
return redirect(url_for('auth.login'))
return render_template('users/show.html',
user=found_user,
empty_form=empty_form,
delete_form=delete_form)
def register():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = RegisterForm()
if form.validate_on_submit():
hashed_pw = bcrypt.generate_password_hash(form.password.data)
user = Users(email=form.email.data,
first_name=form.first_name.data,
last_name=form.last_name.data,
photo=form.photo.data.filename,
password=hashed_pw)
db.session.add(user)
db.session.commit()
f = form.photo.data
app.config["IMAGE_UPLOADS"] = "/tmp"
f.save(os.path.join(app.config["IMAGE_UPLOADS"], f.filename))
#return f
s3 = boto3.resource('s3')
#bucket = s3.Bucket('qpwoei-qpwoei')
#bucket.upload_file('tmp/f')
#bucket=s3.Bucket('qpwoei-qpwoei')
#bucket.put_object(Body=request.files['f'], Key="/tmp/"+str(f.filename))
s3.meta.client.upload_file("/tmp/"+str(f.filename), 'qpwoei-qpwoei', "/tmp/"+str(f.filename))
os.remove("/tmp/"+str(f.filename))
return redirect(url_for('login'))
return render_template('register.html', title='Register', form=form)
def registerationPage():
form = RegisterationForm(request.form)
if current_user.is_authenticated:
flash("Your already logged in", 'info')
return redirect(url_for('main.home'))
if request.form and form.validate() == False:
for field_name, field_errors in form.errors.items():
for error in field_errors:
flash(f'{field_name}: {error}')
return redirect(url_for('auth.registerationPage'))
elif form.validate_on_submit():
info = {
'username': form.username.data,
'email': form.email.data,
'password': bcrypt.generate_password_hash(form.password.data).decode('utf-8')
}
user = User(username=info['username'], email=info['email'], password=info['password'], profileImg='/static/icons/user-profile-img.svg')
try:
db.session.add(user)
db.session.commit()
flash('Successfuly registered', 'success')
return redirect(url_for('main.home'))
except IntegrityError as e:
dbErrorMsg = 'Username or Email already used'
flash(dbErrorMsg, 'formError')
return redirect(url_for('auth.registerationPage'))
return render_template('register.html', form=form)
def register():
"""This function is to process the users details upon registering."""
if current_user.is_authenticated:
return redirect(url_for('<user_name>'))
form = RegistrationForm()
if form.validate_on_submit():
hash_pw=bcrypt.generate_password_hash(form.password.data)
record=Records(
first_name=form.first_name.data,
irst_name=form.middle_name.data,
last_name=form.last_name.data,
sex=form.sex.data,
dob_day=form.dob_day,
dob_month=form.dob_month,
dob_year=form.dob_year,
sub_day=form.sub_day,
sub_month=form.sub_month,
sub_year=form.sub_year,
sub_time=form.sub_time
)
db.session.add(record)
db.session.commit()
link_account = Records.query.last()
user=Users(
display_name=form.display_name,
email=form.email.data,
password=hash_pw,
record=link_account.id
)
db.session.add(user)
db.session.commit()
return redirect(url_for('<user_name>'))
return render_template('register.html', title='Register', form=form)
def change_password():
user = User.query.get(current_user.id)
if request.method == "GET":
return render_template("auth/changepassform.html",
form=ChangePassForm())
form = ChangePassForm(request.form)
if bcrypt.check_password_hash(
user.password,
form.oldpass.data) and form.newpass.data == form.confirmpass.data:
user.password = bcrypt.generate_password_hash(
form.newpass.data).decode('utf-8')
db.session().commit()
flash('Password changed successfully')
return redirect(url_for("user_edit"))
else:
return render_template(
"auth/changepassform.html",
form=form,
error="Passwords did not match or the old password was wrong")
def auth_create():
if request.method == 'GET':
return render_template("auth/registerform.html", form=LoginForm())
# If method is POST, validate form data
form = LoginForm(request.form)
if form.validate():
user = User.query.filter_by(email=form.email.data).first()
if user:
# Enforce unique emails
return render_template("auth/loginform.html",
form=form,
error="This email is already in use.")
# If valid email, create user and hash password, then login and redirect
pw_hash = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
u = User(email=form.email.data, password=pw_hash)
if form.admin.data is True:
u.admin = True
db.session.add(u)
db.session.commit()
login_user(u)
print(u)
return redirect(url_for('events_index'))
# If anything in POST goes wrong, serve login form with errors
return render_template("auth/registerform.html",
form=form,
error="Invalid information")
def worker_create():
form = WorkerForm(request.form)
if not form.validate():
return render_template("worker/list.html",
workers=Worker.query.all(),
services=Service.query.all(),
wform=form,
sform=ServiceForm(),
swform=Service_Worker_Form())
pwhash = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
username = form.username.data
isAdmin = form.role.data
role = ''
if isAdmin == "True":
role = 'ADMIN'
else:
role = 'WORKER'
account = Account(username, pwhash, role)
db.session().add(account)
db.session().commit()
account_id = Account.query.filter_by(
username=form.username.data).first().id
name = form.name.data
worker = Worker(name, account_id)
db.session().add(worker)
db.session().commit()
return redirect(url_for("worker_index"))
def create_user():
if request.method == "GET":
return render_template("/auth/newuser.html", form=CreateUserForm())
form = CreateUserForm(request.form)
user = User.query.filter_by(username=form.username.data).first()
if not user:
username = form.username.data
passwordHash = bcrypt.generate_password_hash(
form.password.data).decode("utf-8") ## CHANGE TO BE BCRYPTED
name = form.displayname.data
# New user
u = User(name, username, passwordHash)
# THIS IS A HACK
if u.name == "admin":
u.role = "ADMIN"
else:
u.role = "USER"
db.session().add(u)
db.session().commit()
Category.create_default_categories(u.id)
return redirect(url_for("auth_login"))
return render_template(
"/auth/newuser.html",
form=form,
error="Username already in use! Choose another one.")
def tryCreateUser(userName, userPassword, remeberMe, authenticateCode):
'''
create User
'''
returnBool = False
returnString = u''
returnType = 'error'
u = userFromUserName(userName)
secret = bcrypt.check_password_hash(authenticateCode, app.config['SECRET_KEY'])
if u == False and secret == True and passwordCheck(userPassword) == True:
hashedpassword = bcrypt.generate_password_hash(userPassword, 7)
theUser = User(userName,hashedpassword)
db.session.add(theUser)
db.session.commit()
loginUser(theUser, remeberMe)
returnBool = True
returnString = '{} created!'.format(userName)
returnType = ''
else:
returnBool = False
returnString = 'Could not create user'
returnType = 'error'
return [returnBool, returnString, returnType]
def create_new_user():
form = NewUserForm(request.form)
if not form.validate():
return render_template("user/new.html", form=form)
username = form.username.data
password = form.password.data
role = __resolve_admin(form.admin.data)
user = User.query.filter_by(username=username).first()
if user != None:
error = "Käyttäjänimi on jo käytössä."
return render_template("user/new.html",
error=error,
form=NewUserForm())
else:
hashed_password = bcrypt.generate_password_hash(password, 10)
utf8_hashed_password = hashed_password.decode("utf-8", "ignore")
user = User(username, utf8_hashed_password, role)
db.session().add(user)
db.session().commit()
message = "käyttäjä luotiin onnistuneesti!"
return render_template("login.html", message=message, form=LoginForm())
def auth_new_user():
if request.method == "GET":
return render_template("auth/registerform.html", form=SignupForm())
form = SignupForm(request.form)
if not form.validate():
return render_template("auth/registerform.html", form=form)
# get form data and hash password
uname = form.username.data
pw = bcrypt.generate_password_hash(form.password.data, 13).decode("utf-8")
# check if username is available
user = User.query.filter_by(username=uname).first()
if not user:
# create user account entry and save to database
a = User(uname, pw)
db.session().add(a)
db.session().commit()
return redirect(url_for("auth_login"))
else:
return render_template("auth/registerform.html", form = form,
error = "Please select another username")
def auth_register():
if request.method == "GET":
return render_template("/auth/registrationform.html",
form=RegistrationForm())
form = RegistrationForm(request.form)
if not form.validate():
return render_template("/auth/registrationform.html", form=form)
role = "USER"
if form.username.data == "admin":
role = "ADMIN"
pw_hash = bcrypt.generate_password_hash(form.password.data).decode("utf-8")
u = User(form.name.data, form.username.data, pw_hash, role)
db.session().add(u)
try:
db.session().commit()
except:
return render_template("/auth/registrationform.html",
form=form,
error="Username is already taken!")
return render_template("auth/loginform.html",
form=LoginForm(),
message="account '" + u.username + "' created!")
def register():
user_form = UserRegistrationForm()
if request.method == 'GET':
return render_template('register.html', user_form=user_form)
if request.method == 'POST':
if user_form.validate():
# create the new user
new_user = User(
name = user_form.name.data
, email = user_form.email.data
, self_reported_org = user_form.organization.data
, hashed_password = bcrypt.generate_password_hash(
user_form.password.data, 10)
, email_confirmation_code = random_alphanumeric(20)
)
new_user.save()
new_user.send_verification_email()
flash('We have sent you a message to confirm your email address.'
, 'info')
return redirect(url_for('public.root'))
# validation failed
flash('Validation failed.', 'error')
return redirect(url_for('users.register'))
def user_confirmupdate(user_id):
user = User.query.get(user_id)
form = UserForm(request.form)
if not form.validate():
return render_template("auth/updateuser.html",
form=form,
user_id=user_id)
alreadyExistsUser = User.query.filter_by(
username=form.username.data).first()
# Tarkistetaan muokkauksessa ettei samannimistä käyttäjää ole, oma olemassaoleva käyttäjätunnus käy
if alreadyExistsUser and current_user != alreadyExistsUser:
form.username.errors.append(
"käyttäjätunnus on jo olemassa, valitse toinen käyttäjätunnus")
return render_template("auth/updateuser.html",
form=form,
user_id=user_id)
# Salasanan salaus
pw_hash = bcrypt.generate_password_hash(form.password.data).decode('utf-8')
user.name = form.name.data
user.username = form.username.data
user.password = pw_hash
db.session().commit()
children = Child.query.filter(Child.account_id == user_id)
return render_template("auth/showuser.html", children=children, user=user)
def __init__(self, firstname, lastname, email, password): self.firstname = firstname self.lastname = lastname self.email = email self.password = bcrypt.generate_password_hash(password, 7) #hasher kodeordet med bcrypt med 7 kørsler, det optimale ville være 12 men pga. min nuværedene servers hastighed sat til 7 self.created = datetime.datetime.now() self.last_login = self.created
def _set_password(self, pw):
self._password = bcrypt.generate_password_hash(pw)