def register(): form = RegisterForm(request.form, csrf_enabled=False) if form.validate_on_submit(): new_user = User.create(username=form.username.data, email=form.email.data, institution=form.institution.data, country=form.country.data, interest=form.interest.data, updated_at=dt.utcnow(), password=form.password.data, active=True ) flash("Thank you for registering. You can now log in.", 'success') return redirect(url_for('public.home')) else: flash_errors(form) return render_template('users/new.html', form=form)
def admin(): if not current_user.is_admin: return redirect(url_for('public.home')) email = "" user = None searchForm = SearchForm(request.form) adminForm = None copy_request_form = request.form if request.method == "POST": email = request.form['email'] user = User.query.filter_by(email=email).first() if user: # adjust admin status if 'is_admin' in request.form: is_admin = request.form['is_admin'] checked = False if is_admin and is_admin=='y': checked = True User.update(user, updated_at = dt.utcnow(), is_admin = checked) user = User.query.filter_by(email=email).first() elif user.id != current_user.id: # does not allow current admin user to "un-admin" themselves User.update(user, updated_at = dt.utcnow(), is_admin = False) else: flash("An administrator cannot withdraw their own administrator " + "privilages", 'warning') # delete user if 'delete_user' in request.form: # does not allow current user to delete themselves if user.id != current_user.id: User.delete(user) flash(user.username + " has been deleted", 'warning') user = None copy_request_form = request.form.copy() copy_request_form['email'] = "" else: flash("An administrator cannot delete thier own account", 'warning') searchForm = SearchForm(copy_request_form, obj=user) adminForm = AdminForm(request.form) return render_template("users/admin.html", user=user, form=searchForm, adminForm=adminForm)
def __set_data_for_user(user, form): try: if form.username.data: User.update(user, username = form.username.data, updated_at = dt.utcnow() ) if form.email.data: User.update(user, email = form.email.data, updated_at = dt.utcnow() ) if form.institution.data: User.update(user, institution = form.institution.data, updated_at = dt.utcnow() ) if form.country.data: User.update(user, country = form.country.data, updated_at = dt.utcnow() ) if form.interest.data: User.update(user, interest = form.interest.data, updated_at = dt.utcnow() ) if form.password.data: User.update(user, password = bcrypt.generate_password_hash(form.password.data), updated_at = dt.utcnow() ) except (IntegrityError, InvalidRequestError): db.session.rollback() flash("The email %s is already taken." % form.email.data, 'warning') return None return User.query.filter_by(email=form.email.data).first()
def load_user(id): return User.get_by_id(int(id))
def test_check_password(self): user = User.create(username="******", email="*****@*****.**", password="******") assert user.check_password('foobarbaz123') is True assert user.check_password("barfoobaz") is False
def test_password_is_nullable(self): user = User(username='******', email='*****@*****.**') user.save() assert user.password is None
def test_created_at_defaults_to_datetime(self): user = User(username='******', email='*****@*****.**') user.save() assert bool(user.created_at) assert isinstance(user.created_at, dt.datetime)
def test_get_by_id(self): user = User('foo', '*****@*****.**') user.save() retrieved = User.get_by_id(user.id) assert retrieved == user