def password_reset(username, code):
"""password_reset(str, str) -> returns template
The view function allows the user to reset their forgotten password
:params
`username`: The user's username
`code`: The forgotten code sent to the user email account
:returns
returns a template
"""
form, error = NewPasswordForm(), None
user = User(username=username)
if not user.Account.Password.is_forgotten_password_code_valid(code):
abort(404)
if form.validate_on_submit() and user.Account.Password.reset_password(
form):
user.Account.Password.email_user_about_password_change()
return redirect(url_for('password_app.password_successful_changed'))
return render_template('password/password_reset.html',
form=form,
error=error,
username=username,
code=code)
def post(self):
try:
new_user = UserSchema(exclude=['role']).load(request.json).data
except ValidationError as err:
return err.messages, status.HTTP_400_BAD_REQUEST
try:
new_user = User(email=new_user['email'],
password=new_user['password'],
first_name=new_user['first_name'],
last_name=new_user['last_name'],
role_id=1)
except KeyError:
return {'error': "Missing required field"}
db.session.add(new_user)
try:
db.session.commit()
except IntegrityError as err:
db.session.emarollback()
response = {'error': 'Already exists.'}
return response, status.HTTP_400_BAD_REQUEST
session.permanent = True
access_token = create_access_token(identity=new_user.user_id,
expires_delta=False)
session[AUTH_TOKEN_KEY] = access_token
response_obj = jsonify({'message': 'Successfully registered.'})
response_obj.set_cookie("admin", str(False))
return make_response(response_obj, status.HTTP_200_OK)
def register(params, login=True, commit=True):
"""
Create / register a user.
"""
if UserQueries.get_by_login(params.get("username", "")):
raise UserServicesException(
'User with given username exists already.')
user = User()
model_fields = get_fields(User)
# apply all fields to object.
set_fields_from_dict(user, params, model_fields)
user.login = params.get("username")
user.password = generate_password_hash(params.get("password"))
if commit:
db.session.add(user)
db.session.commit()
if login:
login_user(user)
return user
def forgot():
"""This view function allows the user to request for a password reset link"""
form, msg = ForgottenPasswordForm(), ''
if form.validate_on_submit():
user = User(email=form.email.data)
if user.Account.Password.generate_forgotten_password_code():
user.Account.Password.email_user_forgotten_password_code_link()
return redirect(url_for('password_app.reset_link_sent'))
return render_template('password/forgot_password.html', form=form)
def run(self):
prod = input("Is this a production seed? [yes/no]" + "\n")
if str(prod).lower() == "yes" and not self.check_safe():
return
bcrypt = Bcrypt(flask.current_app)
db = SQLAlchemy(flask.current_app)
# seed roles
from users.models.role import Role
admin_role = Role(
name="administrator",
display_name="Administrator",
description="Can administrate site",
)
db.session.add(admin_role)
writer_role = Role(name="writer",
display_name="Writer",
description="Can write posts for site")
db.session.add(writer_role)
user_role = Role(name="user",
display_name="User",
description="Basic user")
db.session.add(user_role)
# seed user
admin_username = flask.current_app.config["ADMIN_INIT_USERNAME"]
admin_password = flask.current_app.config["ADMIN_INIT_PASSWORD"]
admin_password_hashed = bcrypt.generate_password_hash(
admin_password).decode("utf-8")
admin_email = flask.current_app.config["ADMIN_INIT_EMAIL"]
from users.models.user import User
admin_user = User(
username=admin_username,
password=admin_password_hashed,
email=admin_email,
active=True,
email_confirmed_at=datetime.datetime.now(),
)
admin_user.roles.append(admin_role)
admin_user.roles.append(writer_role)
db.session.add(admin_user)
db.session.commit()
def create_tables():
print('Creating tables...')
db.create_all()
if db.session.query(User).count() == 0:
# create super user.
test_user = User()
test_user.login="******"
test_user.first_name = "Joe"
test_user.last_name = "Lucas"
test_user.password=generate_password_hash("test")
test_user.is_super = True
db.session.add(test_user)
db.session.commit()
test_user = User()
test_user.login="******"
test_user.first_name = "Bob"
test_user.last_name = "Average"
test_user.password=generate_password_hash("test")
test_user.is_super = False
db.session.add(test_user)
db.session.commit()
def change_password():
"""The view function allows the user to change their current password"""
form, error = ChangePasswordForm(), None
user = User(email=Session.lookup('email'))
if form.validate_on_submit():
if user.Account.Password.change_old_password(form):
user.Account.Password.email_user_about_password_change()
Session.delete_login_credentials()
return redirect(
url_for('password_app.password_successful_changed'))
return render_template('password/new_password.html', form=form)
def __add_user(data, is_superuser=False):
# Required values
email = data["email"]
password = data["password"]
date_joined = data["date_joined"]
if type(date_joined) is str:
date_joined = dateutil.parser.parse(date_joined)
date_joined = date_joined.astimezone(timezone('UTC'))
# Optional
data_first_name = data.get("first_name")
data_last_name = data.get("last_name")
data_is_active = data.get("is_active")
data_is_staff = data.get("is_staff")
# Check if the email is taken
if User.objects(email=email).first() is not None:
return validation_error(
False, {"email": ["این ایمیل قبلا ثبت شده است."]}), 422
try:
new_user = User(
first_name=data_first_name,
last_name=data_last_name,
date_joined=date_joined,
email=email,
is_active=data_is_active,
is_staff=data_is_staff,
is_superuser=is_superuser,
)
new_user.set_password_hash(password)
new_user.save()
# Load the new user's info
user_info = user_schema.dump(new_user)
resp = message(True, "کاربر با موفقیت ایجاد شد.")
resp["user"] = user_info
return resp, 201
except Exception as error:
current_app.logger.error(error)
return internal_err_resp()
def save_new_user(self, form):
user_role = Role.query.filter_by(name="user").first()
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode("utf-8")
user = User(
username=form.username.data,
email=form.email.data,
password=hashed_password,
first_name=form.first_name.data,
last_name=form.last_name.data,
)
user.roles.append(user_role)
db.session.add(user)
db.session.commit()
return user
def register_view(self):
form = RegistrationForm(request.form)
if helpers.validate_form_on_submit(form):
user = User()
form.populate_obj(user)
# we hash the users password to avoid saving it as plaintext in the db,
# remove to use plain text:
user.password = generate_password_hash(form.password.data)
db.session.add(user)
db.session.commit()
login.login_user(user)
return redirect(url_for('.index'))
link = '<p>Already have an account? <a href="' + url_for(
'.login_view') + '">Click here to log in.</a></p>'
self._template_args['form'] = form
self._template_args['link'] = link
return super(FAdminIndexView, self).index()
def create(self, validated_data):
# create and store the new user
user = User(username=validated_data['username'],
first_name=validated_data['first_name'],
last_name=validated_data['last_name'],
email=validated_data['email'],
phone=validated_data['phone'],
address=validated_data['address'],
type_account=2)
# set password hash
user.set_password(validated_data['password'])
user.save()
# if the user admin add the of promo model then will be create
if self.promo_data[0] in validated_data:
Promo(user=user, **{k: validated_data[k]
for k in self.promo_data}).save()
return user
def login():
"""Allows the user to login into the application"""
form = _render_login_template()
if request.method == 'POST' and form.validate_on_submit():
user = User()
account_status = user.Account.Retrieve.get_account_status(
form.email.data)
if account_status != 'ACCOUNT_CONFIRMED':
return redirect(url_for(_get_status(account_status)))
elif not user.Account.Login.is_login_valid(form.email.data,
form.password.data):
return redirect(url_for('login_app.no_user'))
user.Account.Login.set_login_sessions(form.email.data)
user.Account.Login.login()
return redirect(url_for('home_page_app.home_page'))
return render_template('login/login.html', form=form)
from users.models.user import User user = User()
