def create():
form = CreateUserForm()
if form.validate_on_submit():
User.create(first_name=form.data.get("first_name", ""),
last_name=form.data.get("last_name", ""),
username=form.data.get("username", ""),
password=form.data.get("password", ""))
flash("New user created")
return redirect("users/create")
return render_template("users/create.html", form=form)
def test_modify_user_to_duplicated_name(self):
with self.ctx:
User.create(id='testid', password='******', name='testname')
user = User.create(id='testid_',
password='******',
name='testname_')
self.login_as_su()
payload_json = dict(name='testname')
resp = self.client.patch(self.api_url_base + '/user/' + user.id,
content_type='application/json',
data=json_dumps(payload_json))
self.assertResponseRestful(resp)
self.assertResponseErrorInField(resp, 'name')
def index():
if request.method == 'POST':
result = []
info = {
'email': request.form['email'],
'password': request.form['password'],
'remember_me': request.form['remember_me']
}
if info['password'] == "123456":
result = [info, info, info, info, info, info]
if not User.query.filter_by(email=info['email']).all():
User.create(email=info['email'], password=info['password'])
return render_template('/admin/dashboard.html',
users=result,
count=len(result))
return render_template("/admin/login.html")
def reset_database(self):
from core.models import User, tables
from core.models.permission import (preset_for_author,
preset_for_superuser)
with self.ctx:
db.database.drop_tables(tables, safe=True)
db.database.create_tables(tables)
User.create(id='su',
permission=preset_for_superuser,
password='******',
name='超级管理员')
User.create(id='author',
permission=preset_for_author,
password='******',
name='作者')
def test_login_using_wrong_password(self):
with self.ctx:
password = '******'
user = User.create(id='su_', password=password, name='testuser')
with self.client:
resp = self.login(user.id, password + 'fake')
self.assertResponseErrorInField(resp, 'password')
def test_login_timeout(self):
with self.ctx:
password = '******'
user = User.create(id='su_', password=password, name='testuser')
with self.client:
fake_timestamp = self.get_timestamp() - self.login_timeout - 100000
resp = self.login(user.id, password, fake_timestamp)
self.assertResponseErrorInField(resp, 'timestamp')
def test_login(self):
with self.ctx:
password = '******'
user = User.create(id='su_', password=password, name='testuser')
with self.client:
resp = self.login(user.id, password)
self.assertResponseRestfulAndSuccess(resp)
self.assertEqual(current_user.name, user.name)
def test_delete_user(self):
with self.ctx:
user = User.create(id='testid',
password='******',
name='testname')
resp = self.client.delete(self.api_url_base + '/user/' + user.id)
self.assertResponseRestfulAndSuccess(resp)
resp = self.get_user(user.id)
self.assertResponseErrorInField(resp, 'id')
def test_modify_user_with_nothing_changed(self):
with self.ctx:
user = User.create(id='testid',
password='******',
name='testname')
self.login_as_su()
resp = self.client.patch(self.api_url_base + '/user/' + user.id,
content_type='application/json',
data=json_dumps({}))
self.assertResponseRestfulAndSuccess(resp)
def test_modify_user_using_illegal_password(self):
with self.ctx:
user = User.create(id='testid',
password='******',
name='testname')
self.login_as_su()
payload_json = dict(password='******')
resp = self.client.patch(self.api_url_base + '/user/' + user.id,
content_type='application/json',
data=json_dumps(payload_json))
self.assertResponseErrorInField(resp, 'password')
def test_logout(self):
with self.ctx:
password = '******'
user = User.create(id='su_', password=password, name='testuser')
with self.client:
resp = self.login(user.id, password)
self.assertResponseRestfulAndSuccess(resp)
self.client.get(self.api_url_base + '/logout/')
self.assertFalse(current_user.is_authenticated)
# logout without authentication
self.client.get(self.api_url_base + '/logout/')
self.assertFalse(current_user.is_authenticated)
async def register(request):
if request.method == 'POST':
username = request.json.get('username')
password = request.json.get('password')
user = User.select().where(User.username == username)
if user.exists():
return json({'error': 'Username exists in database'})
instance = User.create(username=username,
password=md5(
password.encode('utf-8')).hexdigest())
data = {'token': instance.auth_token.get().token}
return json(data)
return redirect(request.app.url_for('auth_app.login'))
def test_login_remember(self):
with self.ctx:
password = '******'
user = User.create(id='su_', password=password, name='testuser')
with self.client:
resp = self.login(user.id, password, remember=True)
self.assertResponseRestfulAndSuccess(resp)
self.assertEqual(current_user.name, user.name)
cookies = {
cookie.name: cookie.value
for cookie in self.client.cookie_jar
}
remember_token = cookies.get('remember_token', '')
self.assertNotEqual(remember_token, '')
def test_modify_user(self):
with self.ctx:
user = User.create(id='testid',
password='******',
name='testname')
payload_json = {
'name': 'testname_',
'password': '******',
'expired': True
}
self.login_as_su()
resp = self.client.patch(self.api_url_base + '/user/' + user.id,
content_type='application/json',
data=json_dumps(payload_json))
self.assertResponseRestfulAndSuccess(resp)
user = User.get(User.id == user.id)
password_cipher = self.encode_password(payload_json['password'])
self.assertEqual(user.password, password_cipher)
self.assertEqual(user.name, payload_json['name'])
self.assertEqual(user.expired, payload_json['expired'])
def create_new(username: str, password: str) -> User:
password_hash = hash_password(password)
return User.create(name=username, password_hash=password_hash)
def add_user():
"""``POST`` |API_URL_BASE|/user/
Add a new user.
:param id: **JSON Param** user id
:param name: **JSON Param** user name
:param array permission: **JSON Param**
:param password: **JSON Param** plain password, without encoding
:param expired: **JSON Param** true or false, default: false
Response JSON:
.. code-block:: javascript
// success
{
$errors: null,
user: {
id: string,
name: string,
expired: boolean,
last_login: integer
}
}
// failed
{
$errors: {
id: 'this id is invalid'.
name: 'this name is invalid.',
password: '******',
permission 'this permission identity is not defined.',
id: 'this id is duplicated.',
name: 'this name is duplicated.'
}
}
Permission require: ``CREATE_USER``
"""
config = app_config
json = request.get_json()
user_id = json.get('id', '').strip()
if not re_match(config['USER_USERID_PATTERN'], user_id):
return {'id': config['USER_USERID_DESCRIPTION']}
name = json.get('name', '').strip()
if not re_match(config['USER_NAME_PATTERN'], name):
return {'name': config['USER_NAME_DESCRIPTION']}
permission_list = json.get('permission', [])
permission_value = Permission.parse_permission(permission_list)
password = json.get('password', '')
if not re_match(config['USER_PASSWORD_PATTERN'], password):
return {'password': config['USER_PASSWORD_DESCRIPTION']}
expired = bool(json.get('expired', False))
if User.select().where(User.id == user_id).count() != 0:
return {'id': '该用户ID %s 已经存在' % user_id}
if User.select().where(User.name == name).count() != 0:
return {'name': '该昵称 %s 已经存在' % name}
new_user = User.create(id=user_id,
name=name,
permission=permission_value,
expired=expired,
password=password)
signals.event_emitted.send(current_app._get_current_object(),
type='User: Create',
description='create user(%s).' % (user_id))
return None, {'user': new_user.to_dict()}
