def create_superuser(app: Flask) -> None: print("create superuser...") with app.app_context(): admin = User("admin", "*****@*****.**", stuff=True, superuser=True) admin.set_password("admin") db.session.add(admin) db.session.commit()
def post(self): hidden = self.request.get("hidden") if hidden: return self.redirect_to("temp") else: ime = self.request.get("firstname") priimek = self.request.get("lastname") email = self.request.get("email").strip() naslov = self.request.get("address") starost = self.request.get("age") telefon = self.request.get("phone2") kraj_tecaja = self.request.get("country") kotizacija = self.request.get("sleepover") prenosnik = self.request.get("prenosnik") majica = self.request.get("majica") if ime and priimek and email and naslov and starost and telefon and kraj_tecaja and kotizacija and prenosnik and majica: user = User.get_by_email(email) if not user: # add to database user = User.create(first_name=ime, last_name=priimek, email=email, address=naslov, dob=starost, phone_number=telefon) add_user_to_course(user=user, kraj_tecaja=kraj_tecaja, kotizacija=float(kotizacija), prenosnik=prenosnik, majica=majica) # send email prijava_februar(ime, priimek, email, naslov, starost, telefon, kraj_tecaja, kotizacija, prenosnik, majica) params = {"error": "Prijava oddana! :)"} else: params = {"error": "Prosim izpolni vsa polja"} self.render_template("public/main2.html", params)
def setup(): # create admin user if not User.query.count(): app.logger.info('No users found. Creating new admin user.') admin = User(username='******', password='******', name='Administrative User', has_access=True) admin.hash_password() db.session.add(admin) db.session.add( RadCheck(username='******', attribute='Cleartext-Password', op=':=', value='freeradius@admin')) db.session.commit() # create default users groups if not Group.query.count(): app.logger.info('No groups found. Creating default user group.') db.session.add(Group(name='user', description='Default user group')) # create default parameters for groups db.session.add( RadUserGroup(username='******', groupname='user', priority=1)) db.session.commit()
def app(): db_dir = tempfile.mkdtemp() media_dir = tempfile.mkdtemp() app = create_app({ "TESTTING": True, "SERVER_NAME": "localhost.localdomain", "SQLALCHEMY_DATABASE_URI": "sqlite:////{}/db.sqlite".format(db_dir), "UPLOAD_FOLDER": media_dir, }) with app.app_context(): db.create_all() user = User("admin", "*****@*****.**", stuff=True, superuser=True) user.set_password("admin") db.session.add(user) db.session.commit() yield app shutil.rmtree(db_dir) shutil.rmtree(media_dir)
def dispatch(self): csrf = None csrf_cookie_value = self.request.cookies.get( webclient_settings.COOKIE_CSRF_KEY) if self.autoload_current_user: from app.models.auth import User User.set_current_user_from_auth_code( self.request.cookies.get(webclient_settings.COOKIE_USER_KEY)) current_user = User.current_user() current_user.set_taskqueue( self.request.headers.get('X-AppEngine-QueueName', None) != None ) # https://developers.google.com/appengine/docs/python/taskqueue/overview-push#Python_Task_request_headers current_user.set_cron( self.request.headers.get('X-Appengine-Cron', None) != None ) # https://developers.google.com/appengine/docs/python/config/cron#Python_app_yaml_Securing_URLs_for_cron csrf = current_user._csrf if not csrf_cookie_value: if csrf == None: csrf = util.random_chars(32) self.response.set_cookie(webclient_settings.COOKIE_CSRF_KEY, csrf) try: self.before() super(Base, self).dispatch() self.after() finally: # support our memcache wrapper lib temporary variables, and release them upon request complete mem._local.__release_local__()
def post(self, user_id): user = User.get_by_id(int(user_id)) first_name = self.request.get("first_name") last_name = self.request.get("last_name") address = self.request.get("address") phone_number = self.request.get("phone_number") User.update(user=user, first_name=first_name, last_name=last_name, address=address, phone_number=phone_number) self.redirect_to("user-details", user_id=int(user_id))
def save_info(): data = request.get_json(silent=True) name = data.get('name') roles = data.get('roles') password = data.get('password') with db.auto_commit(): User.save(name=name, roles=Role.list_items_by_uids(roles), password=password) return Success()
def create_users(app: Flask) -> None: print("create some fake users...") with app.app_context(): for _ in range(10): username = name() user = User(username, "{}@{}.org".format(username, word())) user.set_password("password") db.session.add(user) db.session.commit()
def create_superuser(username, email, password) -> None: if not username or not email or not password: click.echo("Failed.") return user = User(username, email, stuff=True, superuser=True) user.set_password(password) db.session.add(user) db.session.commit() click.echo("Created.")
def register(): form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): user = User() user.set_attrs(form.data) db.session.add(user) db.session.commit() # redirect 需要endpoint return redirect(url_for('web.login')) return render_template('signup.html', form=form)
def get(self): current_user = users.get_current_user() profile = User.query(User.email == str(current_user.email())).get() if not profile: profile = User() profile.email = current_user.email() profile.put() params = {"profile": profile} self.render_template("admin/profile.html", params)
def register(): form = RegisterForm(request.form) if request.method == 'POST' and form.validate(): user = User() user.email = form.email.data user.password = form.password.data db.session.add(user) db.session.commit() flash("注册成功") return render_template('auth/register.html', form=form)
def new_user(): groups = Group.query.all() form = UserForm() form.group.choices = [(group.name, group.name) for group in groups] if form.validate_on_submit(): user = User(username=form.username.data, email=form.email.data, password=form.password.data, active=form.active.data, name=form.name.data, phone=form.phone.data, address=form.address.data, has_access=form.has_access.data) user.hash_password() db.session.add(user) app.logger.debug('Creating new user %s', user.username) db.session.add( RadUserGroup(username=form.username.data, groupname=form.group.data, priority=0)) app.logger.debug( 'Creating relation user-group for user %s and group %s', user.username, form.group.data) db.session.add( RadCheck(username=form.username.data, attribute='Cleartext-Password', op=':=', value=form.password.data)) app.logger.debug('Creating Cleartext-Password user check') if not form.active.data: db.session.add( RadCheck(username=form.username.data, attribute='Auth-Type', op=':=', value='Reject')) app.logger.debug( 'Creating Auth-Type Reject check for disabled user') db.session.commit() flash(_('New user added'), 'success') return redirect(url_for('list_users')) elif form.errors: app.logger.debug('Create User form errors: %s', form.errors) flash(_('Form has errors'), 'error') return render_template('radius/user_form.html', form=form, form_errors=form.errors, action='add')
def register(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = RegistrationForm() if form.validate_on_submit(): user = User(username=form.username.data, email=form.email.data) user.set_password(form.password.data) db.session.add(user) db.session.commit() flash('Congratulations, you are now a registered user!') return redirect(url_for('main.login')) return render_template('register.html', title='Register', form=form)
def get(self, **kwargs): parser = reqparse.RequestParser() parser.add_argument('username', required=True) parser.add_argument('password', required=True) args = parser.parse_args() args = hash_pass(args) user = User.from_sql('select * from User where username=?', (args['username'], )) if len(user) != 0: return Response('Username already exist.', status=400) user = User(**args) user.save() return {'status': 'OK'}
def deploy(): db.drop_all() db.create_all() users = [ { 'name': '*****@*****.**', 'password': '******' }, ] roles = [ { 'name': 'admin' }, ] with db.auto_commit(): for user in users: User.save(**user) for role in roles: Role.save(**role) for item in app.url_map.iter_rules(): if item.endpoint != 'static': Permission.save(endpoint=item.endpoint) with db.auto_commit(): admin_user = User.get_item_by_name(name='*****@*****.**') admin_role = Role.get_item_by_name(name='admin') admin_role.update( permissions=[permission for permission in Permission.list_items()]) admin_user.update(roles=[admin_role]) with db.auto_commit(): # Zone.save(name='test') zone = Zone.save(name='公网') Zone.save(name='私有云', parent_uid=zone.uid) Zone.save(name='公有云', parent_uid=zone.uid) Zone.save(name='内网') zone = Zone.query.filter(Zone.name == '公有云').first() import json with open('domain.txt') as f: domain_list = json.loads(f.read()) with db.auto_commit(): for domain in domain_list: Domain.save(zone_uid=zone.uid, **domain) with open('host.txt') as f: host_list = json.loads(f.read()) with db.auto_commit(): for host in host_list: Host.save(zone_uid=zone.uid, **host) with open('service.txt') as f: service_list = json.loads(f.read()) with db.auto_commit(): for service in service_list: Service.save(zone_uid=zone.uid, **service)
def post(self): data = request.get_json() or {} username = data.get("username") password = data.get("password") email = data.get("email") if not username or not password or not email: return invalid_api_usage("No username, password, email provided", 400) if not check_password(password): return invalid_api_usage("Invalid password", 400) user = User(username, email) user.set_password(password) db.session.add(user) db.session.commit() return {"message": "success"}, 201
def activate(): data = request.get_json(silent=True) uid = data.get('uid') u = User.get_item_by_uid(uid, status=0) with db.auto_commit(): u.activate() return Success()
def get(self, user_id): user = User.get_by_id(int(user_id)) admin = False if user.email in ADMINS: admin = True params = {"this_user": user, "admin": admin} self.render_template("admin/user_details.html", params)
def get_list(): uid = request.args.get('uid', '', type=str) name = request.args.get('name', '', type=str) status = request.args.get('status', 1, type=int) users = User.list_items_by_search(uid=uid, name=name, status=status) data = { 'pageSize': len(users), 'pageNo': 1, 'totalCount': len(users), 'data': [{ 'uid': u.uid, 'name': u.name, 'status': u.status, 'roles': [r.uid for r in u.roles] } for u in users], 'roles': [{ 'uid': r.uid, 'name': r.name, 'permissions': [p.uid for p in r.permissions], } for r in Role.list_items()], 'permissions': [{ 'uid': p.uid, 'endpoint': p.endpoint } for p in Permission.list_items()], } for u in data['data']: u['permissions'] = set() for r in data['roles']: if r['uid'] in u['roles']: for permission in r['permissions']: u['permissions'].add(permission) u['permissions'] = list(u['permissions']) return Success(msg=data)
def remove(): data = request.get_json(silent=True) uid = data.get('uid') u = User.get_item_by_uid(uid) with db.auto_commit(): u.remove() return Success()
def stuff_client(app: Flask): client = app.test_client() user = User("stuff", "*****@*****.**", stuff=True) user.set_password("stuffpsw") with app.app_context(): db.session.add(user) db.session.commit() res = client.post("/auth/token/login", json={ "username": "******", "password": "******", }) assert res.is_json token = res.get_json().get("token") client.environ_base["HTTP_AUTHORIZATION"] = "Bearer {}".format(token) return client
def signup_post(): email = request.form.get('email') name = request.form.get('name') password = request.form.get('password') confirmation_password = request.form.get('confirmation_password') if password != confirmation_password: flash('Confirmation password mismatch. Please re-enter signup data.') return redirect(url_for('auth.signup')) user = User.query.filter_by(email=email).first() if user: # if a user is found, we want to redirect back to signup page so user can try again flash('Email address already exists') return redirect(url_for('auth.signup')) # create new user with the form data. Hash the password so plaintext version isn't saved. new_user = User(email=email, name=name, password=generate_password_hash(password, method='sha256')) # add the new user to the database db.session.add(new_user) db.session.commit() app.logger.info('user %s created successfully', user.name) return redirect(url_for('auth.login'))
def update_user_profile(): try: payload = get_payload() except jwt.exceptions.PyJWTError: # TODO: explain the error more obviously return format_response(data=None, success=False, message=_('You are not authorized'), status_code=401) user_id = payload['id'] connect_db() user = g.db.execute(sa.select([User ]).where(User.c.id == user_id)).fetchone() form = ProfileForm(context={'user': user}, partial=True) data = form.load(request.json or {}) values_to_update = {'modified': sa.func.NOW()} for key in data: if key in ['username', 'name', 'email']: values_to_update.update({key: data[key]}) elif key == 'password': values_to_update.update( {'password': generate_password_hash(data[key])}) transaction = g.db.begin() g.db.execute( User.update().values(**values_to_update).where(User.c.id == user_id)) transaction.commit() return format_response(data=None)
def test_transfer_money_zero_balance(self, db_session: Session, client: TestClient): """Перевод денежных средств, недостаточно стредст у пользователя""" self._setup(db_session) db_balance = db_session.query(Balance).first() data_detail = self.add_money(db_session, client, db_balance.id) db_balance = db_session.query(Balance).first() assert db_balance.amount == 22 db_recipient_user = User(username='******', is_active=True) db_session.add(db_recipient_user) db_recipient_balance = Balance(user=db_recipient_user) db_session.add(db_recipient_balance) db_session.commit() db_session.refresh(db_recipient_user) db_session.refresh(db_recipient_balance) url = f"/v1/balances/transfer/{db_balance.id}" post_date = {'amount': 100, 'to_balance': db_recipient_balance.id} response = client.put(url, json=post_date) assert response.status_code == 400 assert response.json( )['detail'] == f"Insufficient funds on the balance: {db_balance.id}" self._teardown(db_session)
def test_user_roles(): user = User("test", "*****@*****.**") assert user.get_roles() == "ordinary" user.stuff = True assert user.get_roles() == "stuff" user.superuser = True assert user.get_roles() == "admin"
def update_info(): data = request.get_json(silent=True) uid = data.get('uid') name = data.get('name') roles = data.get('roles') u = User.get_item_by_uid(uid=uid) with db.auto_commit(): u.update(name=name, roles=Role.list_items_by_uids(roles)) return Success()
def get_token(): data = request.get_json(silent=True) username = data.get('username') password = data.get('password') user = User.get_item_by_name(name=username) if not user or not user.verify_password(password): return AuthFailedException(msg='user or secret error') return Success(msg={ 'token': user.generate_api_auth_token(current_app.config['TOKEN_EXPIRATION']) })
def _setup(self, db_session): user = db_session.query(User).filter(User.id == 1).first() if not user: db_user = User(username='******', is_active=True) db_session.add(db_user) db_balance = Balance(user=db_user) db_session.add(db_balance) db_session.commit() db_session.refresh(db_user) db_session.refresh(db_balance)
def login(): parser = reqparse.RequestParser() parser.add_argument('username', required=True) parser.add_argument('password', required=True) args = parser.parse_args() args = hash_pass(args) user = User.get_login_user(username=args['username'], password=args['password']) if user is None: return Response('wrong username or password', status=401) else: login_user(user) return Response('', status=200)
def verify_password(username_or_auth_token, password): if username_or_auth_token == "": return False if password == "": g.current_user = User.verify_api_auth_token(username_or_auth_token) g.token_used = True return g.current_user is not None user = User.query.filter(User.name == username_or_auth_token).first() if not user: return False g.current_user = user g.token_used = False return user.verify_password(password)
def get(self): users = User.query(User.deleted == False).fetch() admins = [] students = [] for user in users: if user.email in ADMINS: admins.append(user) else: students.append(user) params = {"admins": admins, "students": students} self.render_template("admin/users_list.html", params)
def get(self, *args, **kwargs): users = User.findall() for user in users: user['nickname'] = user['nickname'].decode('unicode-escape') self.render('admin-users.html', users=users)
def deploy(): db.drop_all() db.create_all() # add user user_info_list = [ {"name": "aaa", "department": "信息安全", "password": "******"}, ] User.insert_items(user_info_list) # add role role_info_list = [ {"name": "admin", "department": "特权"}, {"name": "role1", "department": "信息安全"}, {"name": "role2", "department": "信息安全"}, ] Role.insert_items(role_info_list) # add permission permission_info_list = [ {"name": "用户列表查看", "endpoint": "auth.user_list"}, {"name": "用户角色信息修改", "endpoint": "auth.user_update"}, {"name": "角色列表查看", "endpoint": "auth.role_list"}, {"name": "角色权限信息修改", "endpoint": "auth.role_update"}, {"name": "角色新增", "endpoint": "auth.role_new"}, {"name": "权限列表查看", "endpoint": "auth.permission_list"}, {"name": "主机资产查看", "endpoint": "assets.host_list"}, {"name": "主机资产信息修改", "endpoint": "assets.host_update"}, {"name": "服务资产查看", "endpoint": "assets.service_list"}, {"name": "服务资产信息修改", "endpoint": "assets.service_update"}, {"name": "域名资产查看", "endpoint": "assets.domain_list"}, {"name": "域名资产信息修改", "endpoint": "assets.domain_update"}, {"name": "任务列表查看", "endpoint": "tasks.task_list"}, {"name": "任务详情查看", "endpoint": "tasks.info"}, {"name": "Web应用列表查看", "endpoint": "web.application_list"}, {"name": "Web应用信息修改", "endpoint": "web.application_update"}, {"name": "Web应用报文列表查看", "endpoint": "web.package_list"}, {"name": "Web应用报文备注修改", "endpoint": "web.package_update"}, {"name": "Web应用报文详情", "endpoint": "web.package_info"}, {"name": "Web扫描插件信息查看", "endpoint": "web.plugin_list"}, {"name": "Web扫描插件信息修改", "endpoint": "web.plugin_update"}, {"name": "新增Web应用", "endpoint": "web.application_new"}, {"name": "新增Web扫描插件", "endpoint": "web.plugin_new"}, {"name": "api_token", "endpoint": "api_v_1_0.get_token"}, {"name": "api_host_list", "endpoint": "api_v_1_0.host_list"}, {"name": "api_host_add", "endpoint": "api_v_1_0.host_add"}, {"name": "api_host_delete", "endpoint": "api_v_1_0.host_delete"}, {"name": "api_service_list", "endpoint": "api_v_1_0.service_list"}, {"name": "api_domain_list", "endpoint": "api_v_1_0.domain_list"}, {"name": "api_domain_add", "endpoint": "api_v_1_0.domain_add"}, {"name": "api_domain_delete", "endpoint": "api_v_1_0.domain_delete"}, {"name": "api_task_list", "endpoint": "api_v_1_0.task_list"}, {"name": "api_application_list", "endpoint": "api_v_1_0.application_list"}, {"name": "api_package_list", "endpoint": "api_v_1_0.package_list"}, {"name": "api_plugin_list", "endpoint": "api_v_1_0.plugin_list"}, ] Permission.insert_items(permission_info_list) # add auth relationship admin_user = User.query.first() admin_role = Role.query.first() admin_user.update_role_by_id(delete_role_list=[], add_role_list=[admin_role.id]) admin_role.update_permission_by_id(delete_permission_list=[], add_permission_list=[permission.id for permission in Permission.query.all()])
def post(self, user_id): user = User.get_by_id(int(user_id)) if user.email not in ADMINS: user.deleted = True user.put() self.redirect_to("users-list")
def get(self, user_id): user = User.get_by_id(int(user_id)) params = {"this_user": user} self.render_template("admin/user_edit.html", params)