def result():
num_user = int(request.form.get("num_user"))
token_session = request.cookies.get("token_session")
user = db.query(User).filter_by(token_session=token_session,
delete=False).first()
if user and num_user == user.secret_number:
mensaje = "Enhorabuena!! El numero correcto es: " + str(num_user)
new_secret = random.randint(1, 30)
user.secret_number = new_secret
db.add(user)
db.commit()
return render_template("result.html", mensaje=mensaje)
elif num_user > user.secret_number:
mensaje = "Tu numero no es correcto! Intentalo con uno mas pequeño!"
return render_template("result.html", mensaje=mensaje)
elif num_user < user.secret_number:
mensaje = "Tu numero no es correcto! Intentalo con uno mas grande!"
return render_template("result.html", mensaje=mensaje)
def password_check():
session_token = request.cookies.get("session_token")
user = db.query(User).filter_by(session_token=session_token).first()
new_password = request.form.get("new-password")
new_password2 = request.form.get("new-password2")
if new_password != new_password2:
return "The Passwords Do Not Match"
else:
user.password = hashlib.sha256(new_password.encode()).hexdigest()
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect(url_for('profile')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def profile_edit():
token_session = request.cookies.get("token_session")
user = db.query(User).filter_by(token_session=token_session,
delete=False).first()
if request.method == "GET":
if user:
return render_template("profile_edit.html", user=user)
else:
return redirect(url_for("index"))
elif request.method == "POST":
name = request.form.get("profile-name")
email = request.form.get("profile-email")
old_password = request.form.get("old-password")
new_password = request.form.get("new-password")
if old_password and new_password:
h_old_password = hashlib.sha256(old_password.encode()).hexdigest()
h_new_password = hashlib.sha256(new_password.encode()).hexdigest()
if h_old_password == user.password:
user.password = h_new_password
else:
return "Operacion incorrecta! Su antigua contraseña no es correcta"
user.name = name
user.email = email
db.add(user)
db.commit()
return redirect(url_for("profile"))
def login():
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
# query, check if there is a user with this username in the DB
# user = db.query(User).filter(User.username == username).one() # -> needs to find one, otherwise raises Error
# user = db.query(User).filter(User.username == username).first() # -> find first entry, if no entry, return None
# users = db.query(User).filter(User.username == username).all() # -> find all, always returns list. if not entry found, empty list
password_hash = hashlib.sha256(password.encode()).hexdigest()
# right way to find user with correct password
user = db.query(User) \
.filter(User.username == username, User.password_hash == password_hash) \
.first()
session_cookie = str(uuid.uuid4())
expiry_time = datetime.datetime.now() + datetime.timedelta(
seconds=COOKIE_DURATION)
if user is None:
flash("Username or password is wrong", "warning")
app.logger.info(
f"User {username} failed to login with wrong password.")
redirect_url = request.args.get('redirectTo', url_for('index'))
return redirect(url_for('login', redirectTo=redirect_url))
else:
user.session_cookie = session_cookie
user.session_expiry_datetime = expiry_time
db.add(user)
db.commit()
app.logger.info(f"User {username} is logged in")
redirect_url = request.args.get('redirectTo', url_for('index'))
response = make_response(redirect(redirect_url))
response.set_cookie(WEBSITE_LOGIN_COOKIE_NAME,
session_cookie,
httponly=True,
samesite='Strict')
return response
elif request.method == "GET":
cookie = request.cookies.get(WEBSITE_LOGIN_COOKIE_NAME)
user = None
if cookie is not None:
user = db.query(User) \
.filter_by(session_cookie=cookie) \
.filter(User.session_expiry_datetime >= datetime.datetime.now()) \
.first()
if user is None:
logged_in = False
else:
logged_in = True
return render_template("login.html",
logged_in=logged_in,
user=request.user)
def blog():
current_user = request.user
if request.method == "POST":
title = request.form.get("posttitle")
text = request.form.get("posttext")
post = Post(title=title, text=text, user=current_user)
db.add(post)
db.commit()
# send notification email
msg = Message(subject="WebDev Blog - Registration Successful",
sender=SENDER,
recipients=[current_user.email])
msg.body = f"Hi {current_user.username}!\nWelcome to our WebDev Flask site!\nEnjoy!"
msg.html = render_template("new_post.html",
username=current_user.username,
link=f"{HOST_ADDR}/posts/{post.id}",
post=post)
mail.send(msg)
return redirect(url_for('blog'))
if request.method == "GET":
posts = db.query(Post).all()
return render_template("blog.html", posts=posts, user=request.user)
def success():
active = "active"
name = request.form["name"]
email = request.form["email"]
password = request.form["pwd"]
password_hash = generate_password_hash(password)
name_exists = db.query(User).filter_by(name=name).first()
email_exists = db.query(User).filter_by(email=email).first()
if name_exists or email_exists:
successMessage = "The username or email address already exists!"
successClass = "alert alert-danger"
return render_template("form.html", active1=active, successMessage = successMessage, successClass = successClass)
else:
user_registration = User(name=name, email=email, password_hash=password_hash)
successMessage = "You have successfully registered!"
successClass = "alert alert-success"
db.add(user_registration)
db.commit()
response = make_response(render_template("index.html", successMessage=successMessage, successClass=successClass, emailAddress=email, active0=active, user=name))
response.set_cookie("email", email)
return response
def delete(id):
task_to_delete = db.query(Todo).get(id)
db.delete(task_to_delete)
db.commit()
return redirect("/")
def result():
guess = int(request.form.get("guess"))
session_token = request.cookies.get("session_token")
# get user from the database based on her/his email address
user = db.query(User).filter_by(session_token=session_token).first()
if guess == user.secret_number:
message = "Correct! The secret number is {0}".format(str(guess))
# create a new random secret number
new_secret = random.randint(1, 30)
# update the user's secret number
user.secret_number = new_secret
# update the user object in a database
db.add(user)
db.commit()
elif guess > user.secret_number:
message = "Your guess is not correct... try something smaller."
elif guess < user.secret_number:
message = "Your guess is not correct... try something bigger."
return render_template("result.html", message=message)
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
hashed_password = hashlib.sha256(password.encode()).hexdigest()
content = "Welcome"
date = datetime.datetime.now()
user = db.query(ToDo).filter_by(email=email).first()
if not user:
user = ToDo(name=name,
email=email,
password=hashed_password,
content=content,
date=date)
db.add(user)
db.commit()
if hashed_password != user.password:
return "Wrong Password"
else:
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
response = make_response(redirect("/task"))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite='Strict')
return response
def zipget():
"""get zipfile from another machine, save to current machine"""
import zipfile
user = root.authorized()
cid = request.query.cid
app = request.query.app
try:
worker = config.remote_worker_url
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.print_exception(exc_type, exc_value, exc_traceback)
worker = request.query.url
# if config.worker != "remote" or config.remote_worker_url is None:
if worker is None:
params = {
'app':
app,
'err':
"worker and remote_worker_url parameters must be set " +
" in config.py for this feature to work"
}
return template('error', params)
requests.get(worker + "/zipcase",
params={
'app': app,
'cid': cid,
'user': user
})
path = os.path.join(user_dir, user, app, cid)
file_path = path + ".zip"
url = os.path.join(worker, file_path)
print "url is:", url
if not os.path.exists(path):
os.makedirs(path)
print "downloading " + url
fh, _ = urllib.urlretrieve(url)
z = zipfile.ZipFile(fh, 'r', compression=zipfile.ZIP_DEFLATED)
z.extractall()
# add case to database
uid = users(user=user).id
db.jobs.insert(uid=uid,
app=app,
cid=cid,
state="REMOTE",
description="",
time_submit=time.asctime(),
walltime="",
np="",
priority="")
db.commit()
# status = "file_downloaded"
# redirect(request.headers.get('Referer')) #+ "&status=" + status)
redirect("/jobs")
def delete(self, appid, del_files=False):
# remove db entry
del apps[appid]
db.commit()
# if delete files checkbox ticked
if del_files:
# delete app directory
if not self.appname == '':
path = os.path.join(apps_dir, self.appname)
print "deleting app dir:", path
if os.path.isdir(path):
shutil.rmtree(path)
# remove static assets
path = os.path.join('static/apps', self.appname)
print "deleting static assets:", path
if os.path.isdir(path):
shutil.rmtree(path)
# remove template file
path = "views/apps/" + self.appname + ".tpl"
print "deleting template:", path
if os.path.isfile(path):
os.remove(path)
return True
else:
return False
def login():
name = request.form.get("user-name") # like in bind.param in PHP
email = request.form.get("user-email") # like in bind.param in PHP
password = request.form.get("user-password") # like in bind.param in PHP
hashed_pw = hashlib.sha256(password.encode()).hexdigest()
#new Object from tpe User (model)
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name, email=email, password=hashed_pw)
db.add(user)
db.commit()
if hashed_pw != user.password:
return "Wrong Password!!!"
elif hashed_pw == user.password:
session_token = str(uuid.uuid4()) # SESSION
user.session_token = session_token
db.add(user)
db.commit()
#Cookie
response = make_response(redirect(url_for('index')))
response.set_cookie('session_token',
session_token,
httponly=True,
samesite='Strict')
return response
def get_all_jobs():
user = root.authorized()
if not user == "admin":
return template("error", err="must be admin to use this feature")
cid = request.query.cid
app = request.query.app or root.active_app()
n = request.query.n
if not n:
n = config.jobs_num_rows
else:
n = int(n)
# sort by descending order of jobs.id
result = db((db.jobs.uid==users.id)).select(orderby=~jobs.id)[:n]
# clear notifications
users(user=user).update_record(new_shared_jobs=0)
db.commit()
params = {}
params['cid'] = cid
params['app'] = app
params['user'] = user
params['n'] = n
params['num_rows'] = config.jobs_num_rows
return template('shared', params, rows=result)
def get_shared():
"""Return the records from the shared table."""
user = root.authorized()
cid = request.query.cid
app = request.query.app or root.active_app()
n = request.query.n
if not n:
n = config.jobs_num_rows
else:
n = int(n)
# sort by descending order of jobs.id
result = db((db.jobs.shared=="True") & (db.jobs.uid==users.id)).select(orderby=~jobs.id)[:n]
# result = db((db.jobs.shared=="True") &
# (jobs.gid == users.gid)).select(orderby=~jobs.id)[:n]
# clear notifications
users(user=user).update_record(new_shared_jobs=0)
db.commit()
params = {}
params['cid'] = cid
params['app'] = app
params['user'] = user
params['n'] = n
params['num_rows'] = config.jobs_num_rows
return template('shared', params, rows=result)
def login():
name = request.form.get("user-name")
email = request.form.get("user-email")
password = request.form.get("user-password")
hashed_pw = hashlib.sha256(password.encode()).hexdigest()
#neues Objekt User(Model
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name, email=email, password=hashed_pw)
db.add(user)
db.commit()
if hashed_pw != user.password:
return "Wrong Password! Tra again!"
elif hashed_pw == user.password:
session_token = str(uuid.uuid4())
user.session_token = session_token
db.add(user)
db.commit()
#cookie
response = make_response(redirect(url_for('index')))
response.set_cookie("session_token",
session_token,
httponly=True,
samesite="Strict")
return response
def delete_plot(pltid):
user = root.authorized()
if user != 'admin':
return template('error', err="must be admin to edit plots")
app = request.query.app
del db.plots[pltid]
db.commit()
redirect('/plots/edit?app=' + app)
def save_theme():
user = root.authorized()
uid = users(user=user).id
print "saving theme:", request.forms.theme
user_meta.update_or_insert(user_meta.uid == uid,
uid=uid,
theme=request.forms.theme)
db.commit()
def register(request):
form = SQLFORM(db.user)
if form.accepts(request.vars):
db.commit()
request.session['flash'] = 'You\'ve been registered. '
return redirect('/')
return render('form.html', form=form)
def useapp():
user = root.authorized()
uid = users(user=user).id
app = request.forms.app
appid = apps(name=app).id
print "allowing user", user, uid, "to access app", app, appid
app_user.insert(uid=uid, appid=appid)
db.commit()
redirect('/apps')
def update(id):
task = db.query(Todo).get(id)
if request.method == "POST":
task.content = request.form["content"]
db.commit()
return redirect("/")
else:
return render_template("/update.html", task=task)
def post_aws_creds():
user = root.authorized()
a = request.forms.account_id
s = request.forms.secret
k = request.forms.key
uid = users(user=user).id
db.aws_creds.insert(account_id=a, secret=s, key=k, uid=uid)
db.commit()
redirect('/aws')
def annotate_job():
root.authorized()
cid = request.forms.cid
# jid = request.forms.jid
desc = request.forms.description
desc = desc.replace(',', ', ')
jobs(cid=cid).update_record(description=desc)
db.commit()
redirect('/jobs')
def del_instance(aid):
root.authorized()
try:
del aws_instances[aid]
db.commit()
return "true"
except:
exc_type, exc_value, exc_traceback = sys.exc_info()
print traceback.print_exception(exc_type, exc_value, exc_traceback)
return "false"
def client(request):
test_client = app.app.test_client()
db.execute("TRUNCATE TABLE lbs2.location CASCADE")
db.execute("TRUNCATE TABLE lbs2.object2user CASCADE")
db.execute("TRUNCATE TABLE lbs2.objects CASCADE")
db.execute("TRUNCATE TABLE lbs2.settings CASCADE")
db.execute("TRUNCATE TABLE lbs2.providers CASCADE")
db.execute("TRUNCATE TABLE lbs2.users CASCADE")
db.commit()
return test_client
async def delete_step2(message: types.Message, state: FSMContext):
birthday = db.query(Birthday).filter(Birthday.name == message.text).first()
if birthday is None:
await message.reply('No such name in the list')
else:
db.delete(birthday)
db.commit()
await state.finish()
def post(self):
try:
data = request.json
entity = self.get_entity()
user = entity.insert(**(data))
db.commit()
return row2dict(user)
except Exception as e:
db.rollback()
abort(500, message=str(e))
def delete_datasource():
user = root.authorized()
if user != 'admin':
return template('error', err="must be admin to edit plots")
app = request.forms.get('app')
pltid = request.forms.get('pltid')
dsid = request.forms.get('dsid')
del db.datasource[dsid]
db.commit()
redirect('/plots/' + str(pltid) + '/datasources?app=' + app)
def removeapp():
user = root.authorized()
uid = users(user=user).id
app = request.forms.app
appid = apps(name=app).id
auid = app_user(uid=uid, appid=appid).id
del app_user[auid]
print "removing user", user, uid, "access to app", app, appid
db.commit()
redirect('/myapps')
def create(self, name, desc, cat, lang, info, cmd, pre, post):
apps.insert(name=name,
description=desc,
category=cat,
language=lang,
input_format=info,
command=cmd,
preprocess=pre,
postprocess=post)
db.commit()
def share_case():
root.authorized()
jid = request.forms.jid
jobs(id=jid).update_record(shared="True")
db.commit()
# increase count in database for every user
for u in db().select(users.ALL):
nmsg = users(user=u.user).new_shared_jobs or 0
users(user=u.user).update_record(new_shared_jobs=nmsg+1)
db.commit()
redirect('/jobs')
def edit(id):
task_to_edit = db.query(ToDo).get(id)
if request.method == "POST":
task_to_edit.content = request.form.get("new-content")
db.commit()
return redirect("/task")
else:
return render_template("edit.html", task_to_edit=task_to_edit)
def create_plot():
user = root.authorized()
if user != 'admin':
return template('error', err="must be admin to edit plots")
app = request.forms.get('app')
r = request
plots.insert(appid=root.myapps[app].appid,
ptype=r.forms['ptype'],
title=r.forms['title'],
options=r.forms['options'])
db.commit()
redirect('/plots/edit?app=' + app)
def index():
if request.method == "POST":
task_content = request.form['content']
new_task = Todo(content=task_content)
db.add(new_task)
db.commit()
return redirect("/")
else:
tasks = db.query(Todo).all()
return render_template("index.html", tasks=tasks)
def post(self):
try:
data = request.json
vehicles = ''
# only one relation can be set on creation
if ('vehicles' in data):
vehicles = int(data['vehicles'])
del data['vehicles']
user = db.users.insert(**(data))
if (vehicles != ''):
v = db.objects.filter(db.objects.nid == vehicles).first()
user.objects.append(v)
db.commit()
return row2dict(user)
except Exception as e:
db.rollback()
abort(500, message=str(e))
def post(self):
try:
data = request.json
entity = self.get_entity()
users = ''
# only one relation can be set on creation
if ('users' in data):
users = int(data['users'])
del data['users']
vehicle = entity.insert(**(data))
if (users != ''):
u = db.users.filter(db.users.nid == users).first()
vehicle.users.append(u)
db.commit()
return row2dict(vehicle)
except Exception as e:
db.rollback()
abort(500, message=str(e))
