Ejemplo n.º 1
0
 def get(self, username):
     auth_model = Users('users', username=username)
     result = auth_model.getUser()
     if result:
         return {'exists': True, 'msg': 'already exists'}
     else:
         return {'exists': False, 'msg': 'register available'}
Ejemplo n.º 2
0
    def post(self):
        parser = reqparse.RequestParser()
        parser.add_argument('username', required=True, location='json')
        parser.add_argument('password', required=True, location='json')
        args = parser.parse_args()
        username, password = args.values()

        auth_model = Users('users', username=username)
        result = auth_model.getUser()
        if result:
            user_data = result[0]
            if check_password_hash(user_data['password'], password):
                if user_data['deactivated']:
                    return {'success': False, 'msg': 'You tried logging in with deactivated account'}, 400
                else:
                    access_token = create_access_token(identity=user_data)

                    realname =  user_data['realname']
                    description =  user_data['description']
                    level =  user_data['level']

                    return jsonify({
                        'success': True, 
                        'username': username,
                        'access_token': access_token,
                        'user_data': {
                                'realname': realname,
                                'description': description,
                                'level': level
                            }
                    })
            else:
                return {'success': False, 'msg': 'Wrong username or password.'}, 400
        else:
            return {'success': False, 'msg': 'Wrong username or password.'}, 400
Ejemplo n.º 3
0
    def post(self):
        org_model = Org('organization')
        is_available = org_model.read_all()['result'][0]['register_on']

        if is_available:
            parser = reqparse.RequestParser()
            parser.add_argument('username', type=str, required=True, location='json')
            parser.add_argument('password', type=str, required=True, location='json')
            parser.add_argument('realname', type=str, required=True, location='json')
            parser.add_argument('description', type=str, required=True, location='json')
            args = parser.parse_args()
            username, password, realname, description = args.values()

            # 공백 확인
            if username == '' or realname == '' or password == '':
                return {'success': False, 'msg': 'Required field(s) missing'}, 400

            hashed_pw = generate_password_hash(password)

            users_model = Users('users', username=username, password=hashed_pw, realname=realname,
                description=description, level=0, deactivated=False)

            # 중복 체크
            result = users_model.getUser()
            if result:
                return {'success': False, 'msg': 'The username already exists'}, 400

            return users_model.create()
        else:
            return {'success': False, 'msg': 'It is not a period when you can register.'}, 400
Ejemplo n.º 4
0
def login():
    if request.method == 'POST':
        username = request.form['username']
        password = request.form['password']

        auth_model = Users('users', username=username)
        result = auth_model.getUser()
        if result:
            user_data = result[0]
            if check_password_hash(user_data['password'], password):
                if user_data['deactivated']:
                    return '<script>alert("비활성화된 계정입니다. 로그인할 수 없습니다.");\n history.go(-1);</script>'
                else:
                    session['username'] = username
                    session['realname'] = user_data['realname']
                    session['description'] = user_data['description']
                    session['level'] = user_data['level']

                    return redirect(url_for('admin.index'))
            else:
                return render_template('admin/login_failed.html')
        else:
            return render_template('admin/login_failed.html')
    elif request.method == 'GET':
        return render_template('admin/login.html')
Ejemplo n.º 5
0
def account_delete():
    isLogin = login_check()
    if isLogin:
        if request.method == 'GET':
            return render_template('admin/sthwrong.html')
        elif request.method == 'POST':
            if session['level'] > 0:  # 레벨 1부터 가능
                user_id = request.form['id']
                if request.form.get('confirm') == 'True':
                    users_model = Users('users', id=user_id)

                    try:
                        db_data = users_model.delete()
                        if db_data['success']:
                            return '<script>alert("성공적으로 삭제했습니다.");\n location.href="./edit";</script>'
                        else:
                            return render_template('admin/sthwrong.html')
                    except Exception as e:
                        return '<script>alert("오류가 발생했습니다.\n ' + str(
                            e) + '");\n location.href="./edit";</script>'
                else:
                    return '<script>alert("확인란에 체크하셔야 삭제할 수 있습니다.");\n history.go(-1);</script>'
            else:
                return '<script>alert("권한이 없습니다.");\n history.go(-1);</script>'
    else:
        return redirect(url_for('admin.login'))
Ejemplo n.º 6
0
    def delete(self, user_id):
        level = get_jwt_claims()['level']
        if level < 1:
            return {
                'success': False,
                'msg': 'Unavailable request to level 0 user.'
            }, 403

        users_model = Users('users', id=user_id)
        return users_model.delete()
Ejemplo n.º 7
0
    def post(self):
        level = get_jwt_claims()['level']
        if level < 1:
            return {
                'success': False,
                'msg': 'Unavailable request to level 0 user.'
            }, 403

        parser = reqparse.RequestParser()
        parser.add_argument('username',
                            type=str,
                            required=True,
                            location='json')
        parser.add_argument('password',
                            type=str,
                            required=True,
                            location='json')
        parser.add_argument('realname',
                            type=str,
                            required=True,
                            location='json')
        parser.add_argument('description',
                            type=str,
                            required=True,
                            location='json')
        parser.add_argument('level', type=int, required=True, location='json')
        parser.add_argument('deactivated',
                            type=bool,
                            required=True,
                            location='json')
        args = parser.parse_args()
        username, password, realname, description, level, deactivated = args.values(
        )

        hashed_pw = generate_password_hash(password)

        users_model = Users('users',
                            username=username,
                            password=hashed_pw,
                            realname=realname,
                            description=description,
                            level=level,
                            deactivated=deactivated)

        # 중복 체크
        result = users_model.getUser()
        if result:
            return {'success': True, 'msg': 'The username already exists'}, 400

        return users_model.create()
Ejemplo n.º 8
0
def register():
    org_model = Org('organization')
    is_available = org_model.read_all()['result'][0]['register_on']

    if is_available:
        if request.method == 'POST':
            username = request.form['username']
            realname = request.form['realname']
            description = request.form['description']
            password = request.form['password']
            password_again = request.form['password_again']

            # 공백 확인
            if username == '' or realname == '' or password == '':
                return '<script>alert("아이디, 비밀번호, 이름은 반드시 입력해야합니다.");\n location.href="./register";</script>'

            # 비밀번호 확인
            if password != password_again:
                return '<script>alert("비밀번호 확인이 일치하지 않습니다.");\n location.href="./register";</script>'

            hashed_pw = generate_password_hash(password)
            users_model = Users('users',
                                username=username,
                                realname=realname,
                                description=description,
                                password=hashed_pw,
                                level=0,
                                deactivated=False)

            # 중복 체크
            exist_check = users_model.getUser()
            if exist_check:
                return '<script>alert("해당하는 아이디가 이미 존재합니다. 다른 아이디로 시도하십시오.");\n location.href="./register";</script>'

            try:
                db_data = users_model.create()
                if db_data['success']:
                    return '<script>alert("회원 등록이 완료되었습니다.");\n location.href="/";</script>'
                else:
                    return render_template('admin/sthwrong.html')
            except Exception as e:
                return '<script>alert("오류가 발생했습니다.\n ' + str(
                    e) + '");\n location.href="./register";</script>'
        elif request.method == 'GET':
            return render_template('admin/register.html')
    else:
        return '<script>alert("회원 등록이 불가능한 상태입니다. 관리자에게 문의하세요.");\n history.go(-1);</script>'
Ejemplo n.º 9
0
def account_new():
    isLogin = login_check()
    if isLogin:
        if request.method == 'GET':
            return render_template('admin/account/new.html',
                                   isLogin=True,
                                   username=session['username'],
                                   realname=session['realname'],
                                   description=session['description'],
                                   level=session['level'])
        elif request.method == 'POST':
            username = request.form['username']
            realname = request.form['realname']
            description = request.form['description']
            level = int(request.form['level'])
            password = request.form['password']
            deactivated = False
            if request.form.get('deactivated'):
                deactivated = bool(request.form['deactivated'])

            hashed_pw = generate_password_hash(password)
            users_model = Users('users',
                                username=username,
                                realname=realname,
                                description=description,
                                password=hashed_pw,
                                level=level,
                                deactivated=deactivated)

            # 중복 체크
            exist_check = users_model.getUser()
            if exist_check:
                return '<script>alert("해당하는 아이디가 이미 존재합니다. 다른 아이디로 시도하십시오.");\n location.href="./new";</script>'

            try:
                db_data = users_model.create()
                if db_data['success']:
                    return '<script>alert("성공적으로 추가했습니다.");\n location.href="./new";</script>'
                else:
                    return render_template('admin/sthwrong.html')
            except Exception as e:
                return '<script>alert("오류가 발생했습니다.\n ' + str(
                    e) + '");\n location.href="./new";</script>'
    else:
        return redirect(url_for('admin.login'))
Ejemplo n.º 10
0
 def get(self, user_id):
     users_model = Users('users', id=user_id)
     return users_model.read_one()
Ejemplo n.º 11
0
 def get(self):
     users_model = Users('users')
     return users_model.read_all()
Ejemplo n.º 12
0
def account_edit():
    isLogin = login_check()
    if isLogin:
        if request.method == 'GET':
            selected_id = request.args.get('selected', '')
            page = int(request.args.get('page', '1'))

            users_model = Cnts('users')

            try:
                db_data = users_model.read_page((int(page) - 1) * 10, 10)
                if db_data['success']:
                    result = db_data['result']
                    msg = ''
                else:
                    result = ''
                    msg = db_data[0]['msg']
            except Exception as e:
                result = ''
                msg = str(e)

            selected_doc = None
            if (selected_id != '') and (result != ''):
                for data in result:
                    if data['id'] == selected_id:
                        selected_doc = data
                        break

            return render_template('admin/account/edit.html',
                                   isLogin=True,
                                   username=session['username'],
                                   realname=session['realname'],
                                   description=session['description'],
                                   level=session['level'],
                                   result=result,
                                   msg=msg,
                                   page=page,
                                   selected_id=selected_id,
                                   selected_doc=selected_doc)
        elif request.method == 'POST':
            user_id = request.form['id']
            username = request.form['username']
            realname = request.form['realname']
            description = request.form['description']
            level = int(request.form['level'])
            password = request.form['password']
            deactivated = False
            if request.form.get('deactivated'):
                deactivated = bool(request.form['deactivated'])

            user_model = None
            if password == '':
                users_model = Users('users',
                                    id=user_id,
                                    username=username,
                                    realname=realname,
                                    description=description,
                                    level=level,
                                    deactivated=deactivated)
            else:
                hashed_pw = generate_password_hash(password)
                users_model = Users('users',
                                    id=user_id,
                                    username=username,
                                    realname=realname,
                                    description=description,
                                    password=hashed_pw,
                                    level=level,
                                    deactivated=deactivated)

            try:
                db_data = users_model.update()
                if db_data['success']:
                    return '<script>alert("성공적으로 수정했습니다.");\n location.href="./edit";</script>'
                else:
                    return render_template('admin/sthwrong.html')
            except Exception as e:
                return '<script>alert("오류가 발생했습니다.\n ' + str(
                    e) + '");\n location.href="./edit";</script>'
    else:
        return redirect(url_for('admin.login'))