def get(self, request): code = request.GET.get('code') url = """https://graph.facebook.com/v2.12/oauth/access_token?client_id={}&redirect_uri={}&client_secret={}&code={}""".format( FB_CLIENT_ID, FB_REDIRECT_URL, FB_CLIENT_SECRET, code) data = requests.get(url) data = data.json() access_token = data.get('access_token') user_url = 'https://graph.facebook.com/me?fields=first_name,last_name&access_token={}'.format( access_token) userdata = requests.get(user_url) userdata = userdata.json() user_id = userdata.get('id') first_name = userdata.get('first_name') last_name = userdata.get('last_name') username = str(user_id) try: user = User.objects.get(username=username) except User.DoesNotExist: user = User(username=username, first_name=first_name, last_name=last_name).save() user = User.objects.get(username=username) userializer = UserSerializer(user) token = generate_token(email=username, password=first_name, user_id=user.id) user = userializer.data user['courses'] = [] return Response(status=302, headers={ 'Set-Cookie': 'Authorization={}; Path=/'.format(token), 'Location': '/' }, data={'user': user})
def get(self, request): code = request.GET.get('code') url = 'https://oauth.vk.com/access_token?client_id={}&client_secret={}&redirect_uri={}&code={}'.format( VK_CLIENT_ID, VK_CLIENT_SECRET, REDIRECT_URL, code) data = requests.get(url) data = data.json() access_token = data.get('access_token') user_id = data.get('user_id') user_url = 'https://api.vk.com/method/users.get?access_token=4a9be6044a9be6044a9be604434afa87dc44a9b4a9be604101605ecda0a16e0ca46f3c2&user_ids={}&fields=bdate&v=5.73'.format( user_id) userdata = requests.get(user_url) userdata = userdata.json()['response'][0] first_name = userdata.get('first_name') last_name = userdata.get('last_name') username = str(user_id) try: user = User.objects.get(username=username) except User.DoesNotExist: user = User(username=username, first_name=first_name, last_name=last_name).save() user = User.objects.get(username=username) userializer = UserSerializer(user) token = generate_token(email=username, password=first_name, user_id=user.id) user = userializer.data user['courses'] = [] return Response(status=302, headers={ 'Set-Cookie': 'Authorization={}; Path=/'.format(token), 'Location': '/' }, data={'user': user})
def post(self, request): email = request.data.get('email') first_name = request.data.get('first_name') password = request.data.get('password') if email and password and first_name: try: user = User.objects.get(email=email) raise ValidationError(detail='Email not unique') except User.DoesNotExist: user = User(username=email, email=email, first_name=first_name, password=make_password(password)).save() user = User.objects.get(email=email) userializer = UserSerializer(user) token = generate_token(email=email, password=password, user_id=user.id) user = userializer.data user['courses'] = [] return Response(headers={ 'Set-Cookie': 'Authorization={}; Path=/'.format(token) }, data={'user': user}) else: raise ParseError
def post(self, request): email = request.data.get('email') password = request.data.get('password') if email and password: try: user = User.objects.get(email=email) if user and user.check_password(password): token = generate_token(email=email, password=password, user_id=user.id) userdata = UserSerializer(user).data userdata['courses'] = list( user.course_set.values_list('id', flat=True)) return Response(headers={ 'Set-Cookie': 'Authorization={}; Path=/'.format(token) }, data={'user': userdata}) else: raise AuthenticationFailed except User.DoesNotExist: raise NotFound else: raise ParseError
def getToken(): body = request.get_json() if 'priming_code' not in body: return json.dumps( { 'message': 'Provide a priming code' } ) if body['priming_code'] == app.config['PRIMING_CODE']: priming_token = utils.generate_token() # store in database. redis_store.set('priming:{}'.format(priming_token), 'priming') # respond return json.dumps( { 'message': 'Priming code is correct.', 'priming_token': priming_token } ) return json.dumps( { 'message': 'Priming code is incorrect.' } )
def verifyCode(): body = request.get_json() if 'tfa_code' not in body or 'request_id' not in body: return json.dumps( { 'message': 'Please provide the TFA code and request id' } ) # get a nexmo 2fa instance. nexmoTFA = utils.get_nexmo_tfa() if nexmoTFA.verifyCode(body['request_id'], body['tfa_code']): tfa_token = utils.generate_token() # store in database redis_store.set('tfa:{}'.format(tfa_token), 'tfa') # respond return json.dumps( { 'message': 'TFA code is correct', 'tfa_token': tfa_token } ) return json.dumps( { 'message': 'TFA Code is incorrect.' } )
def test_reset_password(self): response = self.client.post(url_for('auth.forget_password'), data=dict( email='*****@*****.**', ), follow_redirects=True) data = response.get_data(as_text=True) self.assertIn("Password reset email sent, check your inbox", data) user = User.query.filter_by(email='*****@*****.**').first() self.assertTrue(user.validate_password('123456')) token = generate_token(user, operation=Operations.RESET_PASSWORD) response = self.client.post(url_for('auth.reset_password', token=token), data=dict( email='*****@*****.**', password='******', password2='newpassword' ), follow_redirects=True) data = response.get_data(as_text=True) self.assertIn("Password updated", data) self.assertTrue(user.validate_password('newpassword')) self.assertFalse(user.validate_password('123456')) # bad token response = self.client.post(url_for('auth.reset_password', token='badtoken'), data=dict( email='*****@*****.**', password='******', password2='newpassword' ), follow_redirects=True) data = response.get_data(as_text=True) self.assertNotIn("Password updated", data) self.assertIn('Invalid or expired link', data)
def register(): if current_user.is_authenticated: return redirect(url_for('main.main_index')) form = RegisterForm() if form.validate_on_submit(): name = form.name.data email = form.email.data.lower() username = form.username.data password = form.password.data ip = request.remote_addr platform = request.user_agent.platform browser = request.user_agent.browser version = request.user_agent.version # 数据入库 user = User(name=name, email=email, username=username, ip=ip, platform=platform, browser=browser, version=version) user.set_password(password) db.session.add(user) db.session.commit() token = generate_token(user=user, operation=Operations.CONFIRM) send_confirm_email(user=user, token=token) flash('激活邮件已发送到您的邮箱,请查收', 'success') return redirect(url_for('.login')) return render_template('auth/reg.html', form=form)
def verify_user(): data = request.get_json() user = User.query.filter_by(email=data['email']).first() if not user: return jsonify({ 'error': { 'message': 'Invalid Credentials' }, 'data': None }), 400 if user.verified: return jsonify({ 'error': { 'message': 'Verified', }, 'data': None }), 400 code = Token.query.filter_by(user_id=user.id).first() if code.code != data['code'] and code.issuedAt < datetime.utcnow(): return jsonify({ 'error': { 'message': 'Verification Failed' }, 'data': None }), 400 db.session.delete(code) db.session.commit() token = generate_token({'id': user.id, 'username': user.username}) return jsonify({'error': None, 'data': {'token': token}}), 200
def create_event(request): if request.method == 'POST': logged_user = request.user.username form = EventCreation(request.POST, logged_user=logged_user) if form.is_valid(): data = form.cleaned_data company = Company.objects.get(name=logged_user) event = Event.objects.create(name=data['name'], company=company, start_date=data['start_date'], end_date=data['end_date'], event_id=generate_token(), description=data['description']) for room in data['allowed_rooms']: event.rooms.add(room) return success_happened( request, 'Succesfully created the event %s' % data['name']) else: form = EventCreation(logged_user=request.user.username) return render( request, 'event/create.html', { 'creating_event': True, 'form': form, 'year': datetime.now().year, 'title': 'Create an event' })
def login(): if current_user.is_authenticated: saved_threads = db.session.query(Thread)\ .filter_by(user_id=g.user.id)\ .filter_by(submitted=False)\ .first() if saved_threads: return redirect(url_for('user')) else: return redirect(url_for('create_thread')) r = praw.Reddit(user_agent=app.config['REDDIT_USER_AGENT']) r.set_oauth_app_info( app.config['REDDIT_APP_ID'], app.config['REDDIT_APP_SECRET'], app.config['OAUTH_REDIRECT_URI'] ) session['oauth_token'] = generate_token() oauth_link = r.get_authorize_url( session['oauth_token'], ['identity', 'submit'], True ) return render_template( 'login.html', page_title="Login with your reddit account", oauth_link=oauth_link )
def resend_confirm_email(): if current_user.confirmed: return redirect(url_for('main.index')) token = generate_token(user=current_user, operation=Operations.CONFIRM) send_confirmation_email(user=current_user, token=token) flash("New email sent, check your inbox", 'info') return redirect(url_for('main.index'))
def resend_confirm_email(): if current_user.comfirmed: return redirect(url_for('main.index')) token = generate_token(user=current_user, operation=Operations.CONFIRM) send_confirm_email(user=current_user, token=token) flash('新邮件已经发送,请前往确认', 'info') return redirect(url_for('main.index'))
def resend_confirm_email(): if current_user.confirmed: return redirect(url_for('main.main_index')) token = generate_token(user=current_user, operation=Operations.CONFIRM) send_confirm_email(user=current_user, token=token) flash('新的激活邮件已发送,请检查你的邮箱', 'info') return redirect(url_for('main.main_index'))
def add_attendee(request, event_id): if request.POST: logged_user = request.user.username form = AttendeeRegistration(request.POST) if form.is_valid(): data = form.cleaned_data user_id = data['user_id'] name = data['name'] last_name = data['last_name'] email = data['email'] event_id = data['event_id'] company = Company.objects.get(name=logged_user) # TODO check if ID exists event = Event.objects.get(event_id=event_id) if event.company != company: return error_happened(request, 'Invalid event') if event.end_date < date.today(): return error_happened(request, 'Event has already finished') # TODO what if id is already registered but with a different email or name? if not EndUser.objects.filter(id=user_id).exists(): user = EndUser.objects.create(id=user_id, name=name, last_name=last_name, email=email) user.save() else: user = EndUser.objects.get(id=user_id) if not Permission.objects.filter(user_id=user, event=event).exists(): token_id = generate_token() permission = Permission.objects.create(user_id=user, event=event, id=token_id) else: return error_happened( request, '%s %s is already registered in event' % (name, last_name)) send_qr_email(email, event, token_id, request) return success_happened( request, 'Succesfully added %s %s to %s' % (name, last_name, event.name)) else: form = AttendeeRegistration(initial={'event_id': event_id}) event = Event.objects.get(event_id=event_id) return render( request, 'event/add_attendee.html', { 'form': form, 'year': datetime.now().year, 'title': 'Adding Attendee to %s' % event.name })
def login(): data = request.get_json() user = User.query.filter_by(email=data['email']).first() if not user: return jsonify({'error': {'message': 'Invalid Credentials', 'code': 400}, 'data': None}) if not check_password_hash(user.password_hash, data['password']): return jsonify({'error': {'message': 'Invalid Credentials', 'code': 400}, 'data': None}) token = generate_token({'id': user.id, 'username': user.username}) return jsonify({'error': None, 'data': {'token': token.decode("utf-8")}})
def test_confirm_account(self): user = User.query.filter_by(email='*****@*****.**').first() self.assertFalse(user.confirmed) token = generate_token(user=user, operation='confirm') self.login(email='*****@*****.**', password='******') response = self.client.get(url_for('auth.confirm', token=token), follow_redirects=True) data = response.get_data(as_text=True) self.assertIn("Account confirmed", data) self.assertTrue(user.confirmed)
def change_email_request(): form = ChangePasswordForm() if form.validate_on_submit(): token = generate_token(user=current_user, operation=Operations.CHANGE_EMAIL, new_email=form.email.data.lower()) send_change_email(to=form.email.data, user=current_user, token=token) flash('确认邮件已发送,前往邮箱核对.', 'info') return redirect(url_for('.index', username=current_user.username)) return render_template('user/settings/change_email.html', form=form)
def process_sso_auth(cls, sso_profile) -> Tuple[dict, int]: user_name = sso_profile["username"] period_name = get_app_config("ACTIVE_PERIOD") user = User.objects(username=user_name).first() if user is None: full_name = sso_profile['attributes']['ldap_cn'] user = User(name=full_name, username=user_name) try: user_npm = sso_profile["attributes"]["npm"] major_name = sso_profile["attributes"]["study_program"] major_kd_org = sso_profile["attributes"]["kd_org"] except KeyError: completion_id = uuid.uuid4() user.completion_id = completion_id user.save() return { 'user_name': user_name, 'full_name': full_name, 'completion_id': str(completion_id) }, 201 user.npm = user_npm user.batch = f"20{user_npm[:2]}" major = Major.objects(kd_org=major_kd_org).first() if major is None: major = Major(name=major_name, kd_org=major_kd_org) major.save() user.major = major user.save() if user.completion_id is not None: return { 'user_name': user.username, 'full_name': user.name, 'completion_id': str(user.completion_id) }, 201 major = user.major period = Period.objects(major_id=major.id, name=period_name, is_detail=True).first() token = generate_token(user.id, user.major.id) result = { "user_id": str(user.id), "major_id": str(user.major.id), "token": token } if period is None: result = {**result, "err": True, "major_name": major.name} return result, 200
def login(): data = request.get_json() user = User.query.filter_by(email=data["email"], password=data["password"]).first() if not user: return jsonify({"success": False, "reason": "invalid_credentials"}) token = generate_token() auth_token = AuthToken(email=data["email"], token=token) db.session.add(auth_token) db.session.commit() return jsonify({"success": True, "token": token})
def __init__(self, port: int = None): self.port = ports.data_bridge if port is None else port self.address = ('localhost', self.port) self.token = generate_token() self.listener = Listener(self.address, authkey=bytes(self.token, encoding='utf-8')) self.stop_event = Event() self.thread = Thread(target=self._run) self.thread.setDaemon(True) self.connection = None self.on_token_received = None
def change_email_request(): form = ChangeEmailForm() if form.validate_on_submit(): token = generate_token(user=current_user, operation=Operations.CHANGE_EMAIL, new_email=form.email.data) send_confirmation_email(to=form.email.data, user=current_user, token=token) flash("Confirm email sent, check inbox", 'success') return redirect(url_for('.index', username=current_user.username)) return render_template('user/settings/change_email.html', form=form)
def register(): data = request.get_json() try: user = User( username=data['username'], email=data['email'], password_hash=generate_password_hash(data['password'])) db.session.add(user) db.session.commit() except exc.IntegrityError: return jsonify({'error': {'message': 'user already exists', 'code': 400}, 'data': None}) token = generate_token({'id': user.id, 'username': user.username}) return jsonify({'error': None, 'data': {'token': token.decode("utf-8")}})
def create_test_user(): major = Major.objects().create(name='Ilmu Komputer (Computer Science)', kd_org='01.00.12.01') user = User.objects().create( name='NAMA USER', username='******', npm='1701234567', batch='2017', major=major, ) token = generate_token(user.id, user.major.id) return user, token
def setup_db(seed=True): """ create a new DB and add seed data if seed is True """ db = sqlite3.connect(app.config["DATABASE"]) c = db.cursor() c.execute(''' DROP TABLE IF EXISTS texts ''') c.execute(''' CREATE TABLE texts (body TEXT, words TEXT, token INTEGER PRIMARY KEY) ''') if seed: t = ("the quick brown fox jumped over the lazy dog", \ "for brown lazy", utils.generate_token()) c.execute("INSERT INTO texts VALUES (?, ?, ?)", t) db.commit() db.close()
def test_change_email(self): user = User.query.get(2) self.assertEqual(user.email, '*****@*****.**') token = generate_token(user, Operations.CHANGE_EMAIL, new_email='*****@*****.**') self.login() res = self.client.get(url_for('user.change_email', token=token), follow_redirects=True) data = res.get_data(as_text=True) self.assertIn("Email updated", data) self.assertEqual(user.email, '*****@*****.**') res = self.client.get(url_for('user.change_email', token='bad'), follow_redirects=True) data = res.get_data(as_text=True) self.assertIn("Invalid or expired token", data)
async def login(request: Request) -> Dict: request_body = request.json phone = request_body["phone"] password = request_body["password"] user: User = user_repo.authenticate(phone, password) token: str = generate_token({"user_id": user.id}, secret=settings.JWT_SECRET_KEY, ttl=settings.JWT_TTL) user.token = token user.save() key: str = f"user|{user.id}" value: bytes = pickle.dumps(user) await request.app.redis.set(key, value) return {"token": token}
def forget_password(): if current_user.is_authenticated: return redirect(url_for('main.index')) form = ForgetPasswordForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data.lower()).first() if user: token = generate_token(user=user, operation=Operations.RESET_PASSWORD) send_reset_password_email(user=user, token=token) flash("Password reset email sent, check your inbox", 'info') return redirect(url_for('.login')) flash("Invalid email", 'warning') return redirect(url_for('.forget_password')) return render_template('auth/reset_password.html', form=form)
def add(): text = request.form["text"] words = request.form["words"] if not words: # autogenerate words words = " ".join(utils.get_exclusion_words(text)) print words else: for word in words.split(): if word not in text.split(): return jsonify({"status": "Invalid data - few words not found in data."}) token = utils.generate_token() db_add_text(text, words, token) return jsonify({"status": "Data added successfully"})
def test_api_can_reset_user_password(self): """Test API can return reset_ Users""" rv1 = self.client().post('/user/forgot_password', data=json.dumps( {'email': self.test_users[0]['email']}), content_type='application/json') self.assertEqual(rv1.status_code, 200) with self.app.app_context(): user = User.query.filter_by( email=self.test_users[0]['email']).first() token = generate_token({'id': user.id}) rv = self.client().post(f'/user/reset_password/{token}', data=json.dumps({'password': '******'}), content_type='application/json') self.assertEqual(rv.status_code, 200)
def signup(): data = request.get_json() print(data) if User.query.filter_by(email=data["email"]).first(): return jsonify({"success": False, "reason": "email_already_exists"}) user = User(email=data["email"], password=data["password"], name=data["name"], city=data["city"], dob=datetime.strptime(data["dob"], "%Y-%m-%d").date()) token = generate_token() auth_token = AuthToken(email=data["email"], token=token) db.session.add(user) db.session.add(auth_token) db.session.commit() return jsonify({"success": True, "token": token})
def login(): if current_user.is_anonymous: session['oauth_token'] = generate_token() oauth_link = r.get_authorize_url( session['oauth_token'], ['identity', 'submit', 'edit'], True ) return render_template( 'login.html', title="Reddit Login", page_title="Reddit Login", oauth_link=oauth_link ) else: flash('You are already logged in!') return redirect(url_for('dashboard'))
def index(): if current_user.is_authenticated(): saved_threads = db.session.query(Thread)\ .filter_by(user_id=g.user.id)\ .filter_by(submitted=False)\ .first() if saved_threads: return redirect(url_for('user')) else: return redirect(url_for('create_thread')) session['oauth_token'] = generate_token() oauth_link = r.get_authorize_url( session['oauth_token'], ['identity', 'submit'], True ) return render_template( 'index.html', page_title="Step 1: Login to your reddit account", oauth_link=oauth_link )
def main(): if request.method == "GET": if request.args.get("random"): token = utils.generate_token() text, words = utils.generate_random_text() db_add_text(text, words, token) else: text_model = db_get_random_text() if not text_model: # if nothing in DB, generate random text redirect("/?random=true") text, words, token = text_model resp = { "text": text, "words": words.split(), "token" : token } return jsonify(resp) else: if not request.json or not request.json.get("token") or \ not request.json.get('text') or not request.json.get('words'): abort(400) data = request.json text_model = db_fetch_text(data.get('token')) if not text_model or text_model[0] != data.get('text') or \ not utils.validate_word_count(text_model[0], text_model[1], data.get('words')): abort(400) return jsonify({"status": "success"})