Ejemplo n.º 1
1
def init_app(app):
    db.init_app(app)
    cache.init_app(app)
    debug_toolbar.init_app(app)
    app.template_folder = os.path.join(os.path.dirname(__file__), 'templates/')

    migrate = Migrate(app, db)

    # Import and register the different asset bundles
    assets_env = Environment(app)
    assets_env.load_path = [os.path.join(os.path.dirname(__file__), 'static')]
    assets_env.directory = os.path.join(os.path.dirname(__file__), 'static')
    assets_env.url = '/admin/static/'
    # assets_env.register('js_all', js)
    print("directory ", assets_env.directory, os.path.join(os.path.dirname(__file__), 'static/'))
    assets_loader = PythonAssetsLoader(assets)
    for name, bundle in list(assets_loader.load_bundles().items()):
        assets_env.register(name, bundle)

    # Setup user handling
    from silverflask.models import User

    user_adapter = SQLAlchemyAdapter(db, User)
    user_manager = UserManager(user_adapter)
    user_manager.init_app(app)

    ###
    #  SILVERFLASK
    ###

    upload_path = os.path.join(app.instance_path, app.config["SILVERFLASK_UPLOAD_PATH"])
    app.config["SILVERFLASK_ABSOLUTE_UPLOAD_PATH"] = upload_path
    app.storage_backend = LocalFileStorageBackend(upload_path)


    from silverflask.controllers.page_controller import SiteTreeController
    app.register_blueprint(SiteTreeController.create_blueprint(app))

    from silverflask.core.dev_controller import DevController
    app.register_blueprint(DevController.create_blueprint(app))

    from silverflask.controllers.cms_controller import CMSController, PagesCMSController, FilesCMSController, \
        DataObjectCMSController

    app.register_blueprint(CMSController.create_blueprint(app))
    app.register_blueprint(DataObjectCMSController.create_blueprint(app))
    app.register_blueprint(PagesCMSController.create_blueprint(app))
    app.register_blueprint(FilesCMSController.create_blueprint(app))
    from silverflask.controllers.security_controller import SecurityController
    app.register_blueprint(SecurityController.create_blueprint(app))


    from silverflask.core.theme import init_themes
    init_themes(app)

    from silverflask.controllers.main import setup_processors, init_blueprint
    from silverflask.controllers.cms import bp as cms_bp

    setup_processors(app)
    main = init_blueprint(app)
    app.register_blueprint(main)
    app.register_blueprint(cms_bp, url_prefix='/admin')


    # for rule in app.url_map.iter_rules():
    #     print(rule)

    return app
Ejemplo n.º 2
0
def init_user_manager(app):
    from flask_user import SQLAlchemyAdapter, UserManager

    from ..core import db
    from ..model import User
    from ..service import userService
    from .. import signals

    db_adapter = SQLAlchemyAdapter(db, User)
    user_manager = UserManager(db_adapter)
    user_manager.init_app(app)

    import hashlib

    def hash_password(self, password):
        _md5 = hashlib.md5()
        _md5.update(password)
        return _md5.hexdigest()

    def generate_password_hash(self, password):
        _md5 = hashlib.md5()
        _md5.update(password)
        return _md5.hexdigest()

    def verify_password(self, password, user):
        return self.hash_password(password) == user.password

    def login_manager_usercallback(user_id):
        user_id = int(user_id) if isinstance(user_id,
                                             basestring) else int(user_id)
        user_dict = userService.user_by_id(user_id)
        return User(**user_dict)

    user_manager.hash_password = hash_password.__get__(user_manager,
                                                       UserManager)
    user_manager.generate_password_hash = generate_password_hash.__get__(
        user_manager, UserManager)
    user_manager.verify_password = verify_password.__get__(
        user_manager, UserManager)
    user_manager.login_manager.user_callback = login_manager_usercallback
Ejemplo n.º 3
0
def create_app(config=None):
    """
    Application factory - this is used so that we can create a dev|test|prod application instance
    based on parameter
    :param config:
    :return:
    """
    app = Flask(__name__)
    if not config:
        config = 'development'
    config = config_factory.get(config)
    app.config.from_object(config)

    # override config with env file cfg
    app.config.update(os.environ)

    # initialize extensions
    from store.database import User
    db_adapter = SQLAlchemyAdapter(db, User)
    user_manager = UserManager(db_adapter)
    db.init_app(app)
    migrate.init_app(app, db)
    celery.init_app(app)
    user_manager.init_app(app)
    csrf.init_app(app)
    # configure_uploads(app, (review_images, ))
    # patch_request_class(app, Constants.MAX_FILE_SIZE)

    # register blueprints
    from webapp.client import client
    app.register_blueprint(client)

    from webapp.media import media
    app.register_blueprint(media, url_prefix='/media')

    return app
Ejemplo n.º 4
0
def init_user_manager(app):
    from flask_user import SQLAlchemyAdapter, UserManager

    from ..core import db, FromCache
    from ..models import Account
    from .user_login import login
    from .user_register import register
    from .user_forgot_password import forgot_password
    from ..tasks import send_email
    import hashlib
    from flask.ext.wtf import Form
    from wtforms import BooleanField, HiddenField, PasswordField, SubmitField, StringField
    from wtforms import validators, ValidationError

    def hash_password(self, password):
        _md5 = hashlib.md5()
        _md5.update(password)
        return _md5.hexdigest()

    def generate_password_hash(self, password):
        _md5 = hashlib.md5()
        _md5.update(password)
        return _md5.hexdigest()

    def verify_password(self, password, user):
        return self.hash_password(password) == user.password

    def login_manager_usercallback(account_id):
        account_id = int(account_id) if isinstance(account_id, basestring) else account_id
        account = db.session.query(Account). \
            options(FromCache('model', 'account:%d' % account_id)). \
            filter(Account.id == account_id).first()
        return account

    def password_validator(form, field):
        """ Password must have one lowercase letter, one uppercase letter and one digit."""
        # Convert string to list of characters
        password = list(field.data)
        password_length = len(password)

        # Count lowercase, uppercase and numbers
        lowers = uppers = digits = 0
        for ch in password:
            if ch.islower(): lowers += 1
            if ch.isupper(): uppers += 1
            if ch.isdigit(): digits += 1

        # Password must have one lowercase letter, one uppercase letter and one digit
        is_valid = password_length >= 6 and lowers and uppers and digits
        if not is_valid:
            raise ValidationError(u'密码至少超过6位,其中要求包含一个大写字母,一个小写字母和一个数字')

    class ResetPasswordForm(Form):
        new_password = PasswordField(u'新密码', validators=[validators.Required(u'新密码不能为空')])
        retype_password = PasswordField(u'再次输入新密码', validators=[
            validators.EqualTo('new_password', message=u'两次输入的新密码匹配')])
        next = HiddenField()
        submit = SubmitField(u'修改密码')

        def validate(self):
            # Use feature config to remove unused form fields
            user_manager = current_app.user_manager
            if not user_manager.enable_retype_password:
                delattr(self, 'retype_password')
            # Add custom password validator if needed
            has_been_added = False
            for v in self.new_password.validators:
                if v == user_manager.password_validator:
                    has_been_added = True
            if not has_been_added:
                self.new_password.validators.append(user_manager.password_validator)
            # Validate field-validators
            if not super(ResetPasswordForm, self).validate():
                return False
            # All is well
            return True

    def async_send_email(recipient, subject, html_message, text_message):
        send_email.delay(recipient, subject, html_message, text_message)

    db_adapter = SQLAlchemyAdapter(db, Account)
    user_manager = UserManager(db_adapter, login_view_function=login, register_view_function=register,
                               forgot_password_view_function=forgot_password,
                               reset_password_form=ResetPasswordForm, password_validator=password_validator,
                               send_email_function=async_send_email)
    user_manager.init_app(app)
    user_manager.hash_password = hash_password.__get__(user_manager, UserManager)
    user_manager.generate_password_hash = generate_password_hash.__get__(user_manager, UserManager)
    user_manager.verify_password = verify_password.__get__(user_manager, UserManager)
    user_manager.login_manager.user_callback = login_manager_usercallback
    orig_unauthenticated_view_function = user_manager.unauthenticated_view_function

    def unauthenticated_view_function():
        if request.is_xhr:
            return jsonify({'success': False, 'error_code': errors.user_unauthenticated})
        else:
            return orig_unauthenticated_view_function()

    setattr(user_manager, 'unauthenticated_view_function', unauthenticated_view_function)

    orig_unauthorized_view_function = user_manager.unauthorized_view_function

    def unauthorized_view_function():
        if request.is_xhr:
            return jsonify({'success': False, 'error_code': errors.operation_unauthorized})
        else:
            return orig_unauthorized_view_function()

    setattr(user_manager, 'unauthorized_view_function', unauthorized_view_function)
Ejemplo n.º 5
0
def init_user_manager(app, login_view, forgot_password_view=None):

    if forgot_password_view is None:
        forgot_password_view = forgot_password

    def hash_password(self, password):
        _md5 = hashlib.md5()
        _md5.update(password)
        return _md5.hexdigest()

    def generate_password_hash(self, password):
        _md5 = hashlib.md5()
        _md5.update(password)
        return _md5.hexdigest()

    def verify_password(self, password, user):
        auth_method = getattr(request, 'auth_method', None)
        if auth_method == 'basic':
            return self.hash_password(password) == user.password
        else:
            return False

    def login_manager_usercallback(account_id):
        account_id = int(account_id) if isinstance(account_id,
                                                   basestring) else account_id
        return Account.from_cache_by_id(account_id)

    def password_validator(form, field):
        """ Password must have one lowercase letter, one uppercase letter and one digit."""
        # Convert string to list of characters
        password = list(field.data)
        password_length = len(password)

        # Count lowercase, uppercase and numbers
        lowers = uppers = digits = 0
        for ch in password:
            if ch.islower(): lowers += 1
            if ch.isupper(): uppers += 1
            if ch.isdigit(): digits += 1

        # Password must have one lowercase letter, one uppercase letter and one digit
        is_valid = password_length >= 6 and lowers and uppers and digits
        if not is_valid:
            raise ValidationError(u'密码至少超过6位,其中要求包含一个大写字母,一个小写字母和一个数字')

    class ResetPasswordForm(Form):
        new_password = PasswordField(
            u'新密码', validators=[validators.DataRequired(u'新密码不能为空')])
        retype_password = PasswordField(u'再次输入新密码',
                                        validators=[
                                            validators.EqualTo(
                                                'new_password',
                                                message=u'两次输入的新密码匹配')
                                        ])
        next = HiddenField()
        submit = SubmitField(u'修改密码')

        def validate(self):
            # Use feature config to remove unused form fields
            user_manager = current_app.user_manager
            if not user_manager.enable_retype_password:
                delattr(self, 'retype_password')
            # Add custom password validator if needed
            has_been_added = False
            for v in self.new_password.validators:
                if v == user_manager.password_validator:
                    has_been_added = True
            if not has_been_added:
                self.new_password.validators.append(
                    user_manager.password_validator)
            # Validate field-validators
            if not super(ResetPasswordForm, self).validate():
                return False
            # All is well
            return True

    from .tasks import send_email

    def async_send_email(recipient, subject, html_message, text_message):
        send_email.delay(recipient, subject, html_message, text_message)

    db_adapter = SQLAlchemyAdapter(db, Account, UserAuthClass=AccountBasicAuth)
    user_manager = UserManager(
        db_adapter,
        login_view_function=login_view,
        forgot_password_view_function=forgot_password_view,
        reset_password_form=ResetPasswordForm,
        password_validator=password_validator,
        send_email_function=async_send_email)
    user_manager.init_app(app)
    user_manager.hash_password = hash_password.__get__(user_manager,
                                                       UserManager)
    user_manager.generate_password_hash = generate_password_hash.__get__(
        user_manager, UserManager)
    user_manager.verify_password = verify_password.__get__(
        user_manager, UserManager)
    user_manager.login_manager.user_callback = login_manager_usercallback
    orig_unauthenticated_view_function = user_manager.unauthenticated_view_function

    def unauthenticated_view_function():
        if request.is_xhr:
            return jsonify({
                'success': False,
                'error_code': errors.user_unauthenticated
            })
        else:
            return orig_unauthenticated_view_function()

    setattr(user_manager, 'unauthenticated_view_function',
            unauthenticated_view_function)

    orig_unauthorized_view_function = user_manager.unauthorized_view_function

    def unauthorized_view_function():
        if request.is_xhr:
            return jsonify({
                'success': False,
                'error_code': errors.operation_unauthorized
            })
        else:
            return orig_unauthorized_view_function()

    setattr(user_manager, 'unauthorized_view_function',
            unauthorized_view_function)
Ejemplo n.º 6
0
def init_app(app):
    db.init_app(app)
    cache.init_app(app)
    debug_toolbar.init_app(app)
    app.template_folder = os.path.join(os.path.dirname(__file__), 'templates/')

    migrate = Migrate(app, db)

    # Import and register the different asset bundles
    assets_env = Environment(app)
    assets_env.load_path = [os.path.join(os.path.dirname(__file__), 'static')]
    assets_env.directory = os.path.join(os.path.dirname(__file__), 'static')
    assets_env.url = '/admin/static/'
    # assets_env.register('js_all', js)
    print("directory ", assets_env.directory,
          os.path.join(os.path.dirname(__file__), 'static/'))
    assets_loader = PythonAssetsLoader(assets)
    for name, bundle in list(assets_loader.load_bundles().items()):
        assets_env.register(name, bundle)

    # Setup user handling
    from silverflask.models import User

    user_adapter = SQLAlchemyAdapter(db, User)
    user_manager = UserManager(user_adapter)
    user_manager.init_app(app)

    ###
    #  SILVERFLASK
    ###

    upload_path = os.path.join(app.instance_path,
                               app.config["SILVERFLASK_UPLOAD_PATH"])
    app.config["SILVERFLASK_ABSOLUTE_UPLOAD_PATH"] = upload_path
    app.storage_backend = LocalFileStorageBackend(upload_path)

    from silverflask.controllers.page_controller import SiteTreeController
    app.register_blueprint(SiteTreeController.create_blueprint(app))

    from silverflask.core.dev_controller import DevController
    app.register_blueprint(DevController.create_blueprint(app))

    from silverflask.controllers.cms_controller import CMSController, PagesCMSController, FilesCMSController, \
        DataObjectCMSController

    app.register_blueprint(CMSController.create_blueprint(app))
    app.register_blueprint(DataObjectCMSController.create_blueprint(app))
    app.register_blueprint(PagesCMSController.create_blueprint(app))
    app.register_blueprint(FilesCMSController.create_blueprint(app))
    from silverflask.controllers.security_controller import SecurityController
    app.register_blueprint(SecurityController.create_blueprint(app))

    from silverflask.core.theme import init_themes
    init_themes(app)

    from silverflask.controllers.main import setup_processors, init_blueprint
    from silverflask.controllers.cms import bp as cms_bp

    setup_processors(app)
    main = init_blueprint(app)
    app.register_blueprint(main)
    app.register_blueprint(cms_bp, url_prefix='/admin')

    # for rule in app.url_map.iter_rules():
    #     print(rule)

    return app
Ejemplo n.º 7
0
def create_app():
	""" Flask application factory """

	# Setup Flask app and app.config
	app = Flask(__name__)
	app.config.from_object(__name__+'.ConfigClass')
	app.config['SQLALCHEMY_DATABASE_URI'] = "sqlite:///" + app.instance_path + os.sep + "users.sqlite"
	print(app.config['SQLALCHEMY_DATABASE_URI'])
	install_secret_key(app)

	# Initialize Flask extensions
	mail = Mail(app)								# Initialize Flask-Mail

	db, user_db_adapter, User, Role = init_db(app)

	# Setup Flask-User
	def password_validator(form, field):
		password = field.data
		if len(password) < 6:
			raise ValidationError(('Password must have at least 6 characters'))
	
	def username_validator(form, field):
		""" Username must cont at least 3 alphanumeric characters long"""
		username = field.data
		if len(username) < 1:
			raise ValidationError(('Username must be at least 1 characters long'))

	user_manager = UserManager(user_db_adapter, password_validator=password_validator, username_validator=username_validator)
	user_manager.init_app(app) # Initialize Flask-User

	# A flask/sqlalchemy/python bug? anyway sqlalchemy complains in a weird error without this line
	User.query


	# The Home page is accessible to anyone
	@app.route('/')
	@login_required
	def home_page():
		return render_template("index.html", current_user=current_user)

	# The Home page is accessible to anyone
	@app.route('/keyring/<name>')
	@login_required
	def keyring(name):
		found = False
		for r in current_user.roles:
			found = found or r.name == name
		if not found:
			return "Not authorized"
		return render_template("keyring.html", keyring=name)

	@app.route('/grid', methods=["POST", "GET"])
	@login_required
	@roles_required('hacker')
	def grid():
		if request.method == "POST":
			user = db.session.query(User).filter(User.id==request.form["user"]).first()
			role = db.session.query(Role).filter(Role.id==request.form["role"]).first()
			if "val" in request.form and request.form["val"] == "on":
				user.roles.append(role)
			else:
				if role in user.roles:
					user.roles.remove(role)
			db.session.commit()
		return render_template("grid.html", users=db.session.query(User), roles=db.session.query(Role), user_reset_id = "-1", newpass = "")
	
	@app.route('/grid/reset/<user_id>')
	@login_required
	@roles_required('hacker')
	def reset_grid(user_id):
		user = db.session.query(User).filter(User.id==int(user_id)).first()
		newpass = id_generator()
		user.password = user_manager.hash_password(newpass)
		db.session.commit()
		return render_template("grid.html", users=db.session.query(User), roles=db.session.query(Role), newpass=newpass, user_reset_id=user_id)


	@app.route('/new', methods=["POST", "GET"])
	@login_required
	@roles_required('hacker')
	def new():
		if request.method == "POST":
			rolename = request.form["role"]
			if not db.session.query(Role).filter(Role.name==rolename).first():
				new_role = Role(name=rolename)
				db.session.add(new_role)
				current_user.roles.append(new_role)
				db.session.commit()

				save(rolename, True)

				return redirect("/grid")
		return render_template("create.html", users=db.session.query(User), roles=db.session.query(Role))



	@app.route('/save/<name>', methods=["POST"])
	@login_required
	def save(name, initial = False):
		found = False
		for r in current_user.roles:
			found = found or r.name == name
		if not found:
			return "Not authorized"
		if initial:
			if subprocess.call(["touch", name + ".txt"], cwd="db/") != 0:
				print("Keyring already exists??")
				return "error"

		if subprocess.call(["git", "add", name + ".txt"], cwd="db/") != 0:
			print("git error")
			return "error"
		subprocess.call(["git", "commit", "-m", "commit pre-web-update"], cwd="db/")

		with open("db/" + name + ".txt", "w") as f:
			f.write(request.form["data"])
			f.close()
		if subprocess.call(["git", "add", name + ".txt"], cwd="db/") != 0:
			print("git error")
			return "error"
		if subprocess.call(["git", "commit", "-m", "Web update"], cwd="db/") != 0:
			print("git error")
			return "error"
		return "done"

	@app.route('/get/<name>')
	@login_required
	def get(name):
		found = False
		for r in current_user.roles:
			found = found or r.name == name
		if not found:
			return "Not authorized"
		try:
			with open("db/" + name + ".txt", "r") as f:
				return f.read()
		except FileNotFoundError:
			return "{}"

	return app,db, user_db_adapter, User, Role, user_manager