Ejemplo n.º 1
0
def login():
    form = LoginForm()
    if request.method == 'POST':
        if form.validate_on_submit():
            user, status = get_getaway().get_users(email=request.form['email'])
            if status == 200 and user is not None:
                password = request.form['password']
                user = user[0]
                password_hash = user['password']
                checked = check_password_hash(password_hash, password)
                if checked:
                    usr = User(user['id'], user['is_operator'],
                               user['is_admin'], user['is_health_authority'],
                               password_hash, user['rest_id'],
                               user['is_positive'])
                    login_user(usr)
                    return redirect('/')
                else:
                    flash('Wrong password', 'error')
                    return make_response(
                        render_template('login.html', form=form), 401)
            flash('Wrong email', 'error')
            return make_response(render_template('login.html', form=form), 401)
        flash('Bad form', 'error')
        return make_response(render_template('login.html', form=form), 400)
    return make_response(render_template('login.html', form=form), 200)
Ejemplo n.º 2
0
def login():

    if hasattr(
            current_user, 'is_authenticated'
    ) and current_user.is_authenticated is True:  ## The connected user cannot create other users
        return make_response(
            index(),
            403)  ## They are redirect instantaneously to the main page

    form = LoginForm()
    if form.validate_on_submit():
        email, password = form.data['email'], form.data['password']

        q = db.session.query(User).filter(User.email == email
                                          and User.password == password)
        user = q.first()
        # print(user is None)
        # print(user.authenticate(password))
        if user is not None and user.authenticate(password):
            login_user(user)
            return redirect('/')
        else:
            flash('Wrong email or password', category='error')
            return make_response(render_template('login.html', form=form), 401)
    return render_template('login.html', form=form)
Ejemplo n.º 3
0
def login():
    form = LoginForm()
    if form.validate_on_submit():
        email, password = form.data["email"], form.data["password"]
        q = db.session.query(User).filter(User.email == email)
        user = q.first()
        if user is not None and user.authenticate(password):
            login_user(user)
            q = db.session.query(Role).filter(Role.id == user.role_id)
            role = q.first()
            if role is not None:
                session["ROLE"] = role.value
                # if is operator, load restaurant information and load in session
                if role.value == "OPERATOR":
                    q = db.session.query(Restaurant).filter(
                        Restaurant.owner_id == user.id
                    )
                    restaurant = q.first()
                    if restaurant is not None:
                        session["RESTAURANT_ID"] = restaurant.id
                        session["RESTAURANT_NAME"] = restaurant.name
            return redirect("/")
        else:
            return render_template(
                "login.html", form=form, _test="error_login", message="User not exist"
            )
    return render_template("login.html", _test="first_visit_login", form=form)
Ejemplo n.º 4
0
    def test_login_logout(self):
        # Test login with an unexisting email
        payload = {'email': '*****@*****.**', 'password': '******'}
        form = LoginForm(data=payload)
        self.client.post('/users/login', data=form.data, follow_redirects=True)
        self.assert_template_used('login.html')
        self.assert_message_flashed('This email does not exist.', 'error')

        # Test login with wrong password
        payload = {'email': '*****@*****.**', 'password': '******'}
        form = LoginForm(data=payload)
        self.client.post('/users/login', data=form.data, follow_redirects=True)
        self.assert_template_used('login.html')
        self.assert_message_flashed('Password is incorrect.', 'error')

        # Test successful login
        payload = {'email': '*****@*****.**', 'password': '******'}
        form = LoginForm(data=payload)
        self.client.post('/users/login', data=form.data, follow_redirects=True)
        self.assert_template_used('index.html')
        all_stories = db.session.query(Story).all()
        self.assertEqual(
            self.get_context_variable('stories').all(), all_stories)

        # Test successful logout
        self.client.post('/users/logout', follow_redirects=True)
        self.assert_template_used('index.html')
        self.assertIsNone(self.get_context_variable('stories'))
Ejemplo n.º 5
0
def login():
    '''
    Performs the login of a user. 
    It checks whether the input is the username or the e-mail address, 
    the password and performs the authentication.

    Returns:
        302 -> redirection to the user's homepage if the authentication is succesful
        200 -> the login page with the corresponding error message
    '''
    form = LoginForm()
    form.password.errors = []

    if current_user.is_authenticated:
        return redirect('/')

    if form.validate_on_submit():
        cred, password = form.data['usrn_eml'], form.data['password']

        if '@' in cred:
            user = User.query.filter_by(email=cred).one_or_none()
        else:
            user = User.query.filter_by(username=cred).one_or_none()

        if user is not None and user.authenticate(password):
            login_user(user)
            return redirect(url_for('home.index'))

        form.password.errors.append('Wrong username or password.')

    return render_template('login.html', form=form)
Ejemplo n.º 6
0
def login():
    form = LoginForm()
    if form.validate_on_submit():
        email, password = form.data['email'], form.data['password']
        q = db.session.query(User).filter(User.email == email)
        user = q.first()
        if user is not None and user.authenticate(password):
            login_user(user)
            return redirect('/')
    return render_template('login.html', form=form)
Ejemplo n.º 7
0
def login(message=''):
    if not current_user.is_anonymous:
        return redirect("/", code=302)
    form = LoginForm()
    form.message = message
    if form.validate_on_submit():
        email, password = form.data['email'], form.data['password']
        q = db.session.query(User).filter(User.email == email)
        user = q.first()
        if user is not None and user.authenticate(password):
            login_user(user)
            return redirect('/')
        else:
            form.message = "User or Password not correct!"
    return render_template('login.html', form=form, notlogged=True)
Ejemplo n.º 8
0
    def setUp(self) -> None:
        print("SET UP")
        with app.app_context():
            example = User()
            example.firstname = 'Admin'
            example.lastname = 'Admin'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2020, 10, 5)
            example.is_admin = True
            example.set_password('admin')
            db.session.add(example)

            example2 = User()
            example2.firstname = 'Admin'
            example2.lastname = 'Admin'
            example2.email = '*****@*****.**'
            example2.dateofbirth = datetime.datetime(2020, 10, 5)
            example2.is_admin = True
            example2.set_password('admin')
            db.session.add(example2)

            db.session.commit()

        payload = {'email': '*****@*****.**', 'password': '******'}

        form = LoginForm(data=payload)

        self.client.post('/users/login', data=form.data, follow_redirects=True)
Ejemplo n.º 9
0
    def setUp(self) -> None:
        with app.app_context():
            # user for login
            example = User()
            example.firstname = 'Admin'
            example.lastname = 'Admin'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2020, 10, 5)
            example.is_admin = True
            example.set_password('admin')
            db.session.add(example)
            db.session.commit()

            # reacted story
            test_story = Story()
            test_story.text = "Test story from admin user"
            test_story.author_id = 1
            test_story.is_draft = 0
            test_story.figures = "#Test#admin#"
            db.session.add(test_story)
            db.session.commit()

            # login
            payload = {'email': '*****@*****.**', 'password': '******'}

            form = LoginForm(data=payload)

            self.client.post('/users/login',
                             data=form.data,
                             follow_redirects=True)
Ejemplo n.º 10
0
    def test_random_recent_story(self):

        # Random recent story as anonymous user
        self.client.get('/stories/random', follow_redirects=True)
        self.assert_template_used('story.html')
        self.assertEqual(self.get_context_variable('story').text, 'Just another story')

        # Login as Admin
        payload = {'email': '*****@*****.**', 'password': '******'}
        form = LoginForm(data=payload)
        self.client.post('/users/login', data=form.data, follow_redirects=True)

        # No recent stories
        self.client.get('/stories/random', follow_redirects=True)
        self.assert_template_used('stories.html')
        self.assert_message_flashed('Oops, there are no recent stories by other users!')

        # Create a new recent story by Admin2
        example = Story()
        example.text = 'This is a valid recent story'
        example.date = datetime.datetime.now()
        example.author_id = 2
        example.figures = 'story#recent'
        example.is_draft = False
        db.session.add(example)
        db.session.commit()

        # Get the only recent story not written by Admin
        response = self.client.get('/stories/random', follow_redirects=True)
        self.assert_template_used('story.html')
        self.assertEqual(self.get_context_variable('story').text, 'This is a valid recent story')
Ejemplo n.º 11
0
def login():
    form = LoginForm()

    if request.method == 'POST':
        if form.validate_on_submit():
            email, password = form.data['email'], form.data['password']
            q = db.session.query(User).filter(User.email == email)
            user = q.first()
            if user is None:
                flash('This email does not exist.', 'error')
            elif user is not None and not user.authenticate(password):
                flash('Password is incorrect.', 'error')
            else:
                login_user(user)
                return redirect('/')

    return render_template('login.html', form=form, home_url=HOME_URL)
Ejemplo n.º 12
0
def login():
    form = LoginForm()
    message = ""
    error = False
    if form.validate_on_submit():
        email, password = form.data['email'], form.data['password']
        q = db.session.query(User).filter(User.email == email)
        user = q.first()

        if user is not None and user.authenticate(password):
            login_user(user)
            return redirect('/')
        else:
            message = "User not found"
            error = True

    return render_template('login.html',
                           form=form,
                           error=error,
                           message=message)
Ejemplo n.º 13
0
    def setUp(self) -> None:
        with app.app_context():
            # user for login
            example = User()
            example.firstname = 'Admin'
            example.lastname = 'Admin'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2020, 10, 5)
            example.is_admin = True
            example.set_password('admin')
            db.session.add(example)

            # dummy user
            dummy_user = User()
            dummy_user.firstname = 'Dummy'
            dummy_user.lastname = 'Dummy'
            dummy_user.email = '*****@*****.**'
            dummy_user.dateofbirth = datetime.datetime(2020, 10, 5)
            dummy_user.is_admin = True
            dummy_user.set_password('admin')
            db.session.add(dummy_user)
            db.session.commit()

            dummy_id = User.query.filter(
                User.email == '*****@*****.**').first().id

            test_story = Story()
            test_story.text = "Test story from admin user"
            test_story.author_id = 1
            test_story.is_draft = 0
            test_story.figures = "#Test#admin#"

            dummy_story = Story()
            dummy_story.text = "Test story from dummy user"
            dummy_story.author_id = dummy_id
            dummy_story.is_draft = 0
            dummy_story.figures = "#Test#dummy#"

            db.session.add(test_story)
            db.session.add(dummy_story)
            db.session.commit()

            payload = {'email': '*****@*****.**', 'password': '******'}

            form = LoginForm(data=payload)

            self.client.post('/users/login',
                             data=form.data,
                             follow_redirects=True)
Ejemplo n.º 14
0
def login():
    if current_user is not None and hasattr(current_user, 'id'):
        return redirect('/')

    form = LoginForm()
    if request.method == 'POST':
        if form.validate_on_submit():
            email, password = form.data['email'], form.data['password']
            q = db.session.query(User).filter(User.email == email)
            user = q.first()

            if user is not None and user.authenticate(
                    password) and user.is_active:
                login_user(user)
                return redirect('/')
            else:
                form.password.errors.append("Invalid credentials.")
                return make_response(render_template('login.html', form=form),
                                     401)

        else:
            return make_response(render_template('login.html', form=form), 400)

    return render_template('login.html', form=form)
Ejemplo n.º 15
0
    def setUp(self) -> None:
        with app.app_context():
            # Create admin user
            example = User()
            example.firstname = 'Admin'
            example.lastname = 'Admin'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2020, 10, 5)
            example.is_admin = True
            example.set_password('admin')
            db.session.add(example)
            db.session.commit()

            # Create non admin user
            example = User()
            example.firstname = 'Abc'
            example.lastname = 'Abc'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2010, 10, 5)
            example.is_admin = False
            example.set_password('abc')
            db.session.add(example)
            db.session.commit()

            # Create another non admin user
            example = User()
            example.firstname = 'Nini'
            example.lastname = 'Nini'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2010, 10, 7)
            example.is_admin = False
            example.set_password('nini')
            db.session.add(example)
            db.session.commit()

            # Create an account that will have 0 stories
            example = User()
            example.firstname = 'No'
            example.lastname = 'Stories'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2010, 10, 5)
            example.is_admin = False
            example.set_password('no')
            db.session.add(example)
            db.session.commit()

            # Create the first story, default from teacher's code
            example = Story()
            example.text = 'Trial story of example admin user :)'
            example.author_id = 1
            example.figures = '#example#admin#'
            example.is_draft = False
            example.date = datetime.datetime.strptime('2019-10-20', '%Y-%m-%d')
            db.session.add(example)
            db.session.commit()

            # Create a story that shouldn't be seen in /latest
            example = Story()
            example.text = 'Old story (dont see this in /latest)'
            example.date = datetime.datetime.strptime('2019-10-10', '%Y-%m-%d')
            example.likes = 420
            example.author_id = 2
            example.is_draft = False
            example.figures = '#example#abc#'
            db.session.add(example)
            db.session.commit()

            # Create a story that should be seen in /latest
            example = Story()
            example.text = 'You should see this one in /latest'
            example.date = datetime.datetime.strptime('2019-10-13', '%Y-%m-%d')
            example.likes = 3
            example.author_id = 2
            example.is_draft = False
            example.figures = '#example#abc#'
            db.session.add(example)
            db.session.commit()

            # Random draft from a non-admin user
            example = Story()
            example.text = 'DRAFT from not admin'
            example.date = datetime.datetime.strptime('2018-12-30', '%Y-%m-%d')
            example.likes = 100
            example.author_id = 3
            example.is_draft = True
            example.figures = '#example#nini#'
            db.session.add(example)
            db.session.commit()

            # Create a very old story for range searches purpose
            example = Story()
            example.text = 'very old story (11 11 2011)'
            example.date = datetime.datetime.strptime('2011-11-11', '%Y-%m-%d')
            example.likes = 2
            example.author_id = 3
            example.is_draft = False
            example.figures = '#example#nini#'
            example.date = datetime.datetime(2011, 11, 11)
            db.session.add(example)
            db.session.commit()

            # Add third reaction (love)
            love = ReactionCatalogue()
            love.reaction_id = 3
            love.reaction_caption = "love"
            db.session.add(love)
            db.session.commit()

            # login
            payload = {'email': '*****@*****.**',
                       'password': '******'}

            form = LoginForm(data=payload)

            self.client.post('/users/login', data=form.data, follow_redirects=True)
Ejemplo n.º 16
0
def delete_user():
    """ Delete the current user profile and log out
    
    The user must confirm the request by entering email and password.

    The request is approved only if the user is not positive.

    If the user is an operator, the restaurant is also deleted. 
    In that case, a notification is sent to all users who had active bookings,
    and bookings are canceled.

    The functionality is not active for the health authority or for the admin.

    Error status codes:
        400 -- The request is not valid, the form is filled out incorrectly or a generic error has occurred
        401 -- The current user is not a customer or operator

    Success codes:
        200 -- The form is sent
        302 -- The elimination was carried out
    """
    if current_user.is_admin or current_user.is_health_authority:
        return make_response(render_template('error.html', error='401'), 401)

    form = LoginForm()
    if request.method == 'POST':
        if form.validate_on_submit():
            users, status_code = get_getaway().get_users(
                email=form.data['email'])
            if status_code != 200:
                flash('Wrong password or mail', 'success')
                return make_response(
                    render_template('error.html', title="Unregister"), 400)
            if users is not None:
                email, password = form.data['email'], form.data['password']
                user = users[0].toDict()
            else:
                flash('Wrong email', 'error')
                return make_response(
                    render_template('delete_profile.html',
                                    form=form,
                                    title="Unregister"), 400)
            checked = check_password_hash(user['password'], password)
            if checked:
                usr, status = get_getaway().delete_user(user['id'])
                if status == 204:
                    flash('Account deleted', 'success')
                    logout_user()
                    return redirect("/")
                if status == 400:
                    flash(usr.detail, 'warning')
                    return make_response(
                        render_template('error.html', title="Unregister"), 400)
                if status == 500:
                    flash('Please try again', 'error')
                    return make_response(
                        render_template('error.html', title="Unregister"), 500)
            else:
                flash('Wrong password', 'error')
                return make_response(
                    render_template('delete_profile.html',
                                    form=form,
                                    title="Unregister"), 400)
        else:
            flash('Bad form', 'error')
            return make_response(
                render_template('delete_profile.html',
                                form=form,
                                title="Unregister"), 400)
    return render_template('delete_profile.html',
                           form=form,
                           title="Unregister")
Ejemplo n.º 17
0
    def setUp(self) -> None:
        print("SET UP")
        with app.app_context():
            # Add Admin user
            example = User()
            example.firstname = 'Admin'
            example.lastname = 'Admin'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2020, 10, 5)
            example.is_admin = True
            example.set_password('admin')
            db.session.add(example)

            # Add another user for testing
            example = User()
            example.firstname = 'Test'
            example.lastname = 'Man'
            example.email = '*****@*****.**'
            example.dateofbirth = datetime.datetime(2020, 10, 6)
            example.is_admin = False
            example.set_password('test')
            db.session.add(example)

            # Add some stories for user 1
            example = Story()
            example.text = 'Trial story of example admin user :)'
            example.author_id = 1
            example.figures = '#example#admin#'
            example.is_draft = False
            db.session.add(example)
            db.session.commit()

            example = Story()
            example.text = 'Another story!'
            example.author_id = 1
            example.is_draft = True
            example.figures = '#another#story#'
            db.session.add(example)
            db.session.commit()

            # Add reactions for user 1
            like = Counter()
            like.reaction_type_id = 1
            like.story_id = 1
            like.counter = 23
            dislike = Counter()
            dislike.reaction_type_id = 2
            dislike.story_id = 1
            dislike.counter = 5
            db.session.add(like)
            db.session.add(dislike)
            db.session.commit()

            # login
            payload = {'email': '*****@*****.**', 'password': '******'}

            form = LoginForm(data=payload)

            self.client.post('/users/login',
                             data=form.data,
                             follow_redirects=True)
Ejemplo n.º 18
0
    def setUp(self) -> None:
        with app.app_context():
            # Create admin user (if not present)
            q = db.session.query(User).filter(User.email == '*****@*****.**')
            user = q.first()
            if user is None:
                example = User()
                example.firstname = 'Admin'
                example.lastname = 'Admin'
                example.email = '*****@*****.**'
                example.dateofbirth = datetime.datetime(2020, 10, 5)
                example.is_admin = True
                example.set_password('admin')
                db.session.add(example)
                db.session.commit()

            # Create non admin user (if not present)
            q = db.session.query(User).filter(User.email == '*****@*****.**')
            user = q.first()
            if user is None:
                example = User()
                example.firstname = 'Abc'
                example.lastname = 'Abc'
                example.email = '*****@*****.**'
                example.dateofbirth = datetime.datetime(2010, 10, 5)
                example.is_admin = False
                example.set_password('abc')
                db.session.add(example)
                db.session.commit()

            # Create the first story, default from teacher's code
            q = db.session.query(Story).filter(Story.id == 1)
            story = q.first()
            if story is None:
                example = Story()
                example.text = 'Trial story of example admin user :)'
                example.author_id = 1
                example.figures = '#example#admin#'
                example.is_draft = False
                db.session.add(example)
                db.session.commit()

            # Create a story of a different user
            q = db.session.query(Story).filter(Story.id == 2)
            story = q.first()
            if story is None:
                example = Story()
                example.text = 'You won\'t modify this story'
                example.author_id = 2
                example.figures = '#modify#story#'
                example.is_draft = False
                db.session.add(example)
                db.session.commit()

            # Create a draft for the logged user
            q = db.session.query(Story).filter(Story.id == 3)
            story = q.first()
            if story is None:
                example = Story()
                example.text = 'This is an example of draft'
                example.author_id = 1
                example.figures = '#example#draft#'
                example.is_draft = True
                db.session.add(example)
                db.session.commit()

            # Create a draft of a different user
            q = db.session.query(Story).filter(Story.id == 4)
            story = q.first()
            if story is None:
                example = Story()
                example.text = 'This is an example of draft that you can\'t modify'
                example.date = datetime.datetime.strptime('2018-12-30', '%Y-%m-%d')
                example.author_id = 2
                example.figures = '#example#draft#'
                example.is_draft = True
                db.session.add(example)
                db.session.commit()

            payload = {'email': '*****@*****.**', 'password': '******'}

            form = LoginForm(data=payload)

            self.client.post('/users/login', data=form.data, follow_redirects=True)