def get(self, request):
code = request.GET.get('code')
url = """https://graph.facebook.com/v2.12/oauth/access_token?client_id={}&redirect_uri={}&client_secret={}&code={}""".format(
FB_CLIENT_ID, FB_REDIRECT_URL, FB_CLIENT_SECRET, code)
data = requests.get(url)
data = data.json()
access_token = data.get('access_token')
user_url = 'https://graph.facebook.com/me?fields=first_name,last_name&access_token={}'.format(
access_token)
userdata = requests.get(user_url)
userdata = userdata.json()
user_id = userdata.get('id')
first_name = userdata.get('first_name')
last_name = userdata.get('last_name')
username = str(user_id)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username,
first_name=first_name,
last_name=last_name).save()
user = User.objects.get(username=username)
userializer = UserSerializer(user)
token = generate_token(email=username,
password=first_name,
user_id=user.id)
user = userializer.data
user['courses'] = []
return Response(status=302,
headers={
'Set-Cookie':
'Authorization={}; Path=/'.format(token),
'Location': '/'
},
data={'user': user})
def get(self, request):
code = request.GET.get('code')
url = 'https://oauth.vk.com/access_token?client_id={}&client_secret={}&redirect_uri={}&code={}'.format(
VK_CLIENT_ID, VK_CLIENT_SECRET, REDIRECT_URL, code)
data = requests.get(url)
data = data.json()
access_token = data.get('access_token')
user_id = data.get('user_id')
user_url = 'https://api.vk.com/method/users.get?access_token=4a9be6044a9be6044a9be604434afa87dc44a9b4a9be604101605ecda0a16e0ca46f3c2&user_ids={}&fields=bdate&v=5.73'.format(
user_id)
userdata = requests.get(user_url)
userdata = userdata.json()['response'][0]
first_name = userdata.get('first_name')
last_name = userdata.get('last_name')
username = str(user_id)
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
user = User(username=username,
first_name=first_name,
last_name=last_name).save()
user = User.objects.get(username=username)
userializer = UserSerializer(user)
token = generate_token(email=username,
password=first_name,
user_id=user.id)
user = userializer.data
user['courses'] = []
return Response(status=302,
headers={
'Set-Cookie':
'Authorization={}; Path=/'.format(token),
'Location': '/'
},
data={'user': user})
def post(self, request):
email = request.data.get('email')
first_name = request.data.get('first_name')
password = request.data.get('password')
if email and password and first_name:
try:
user = User.objects.get(email=email)
raise ValidationError(detail='Email not unique')
except User.DoesNotExist:
user = User(username=email,
email=email,
first_name=first_name,
password=make_password(password)).save()
user = User.objects.get(email=email)
userializer = UserSerializer(user)
token = generate_token(email=email,
password=password,
user_id=user.id)
user = userializer.data
user['courses'] = []
return Response(headers={
'Set-Cookie':
'Authorization={}; Path=/'.format(token)
},
data={'user': user})
else:
raise ParseError
def post(self, request):
email = request.data.get('email')
password = request.data.get('password')
if email and password:
try:
user = User.objects.get(email=email)
if user and user.check_password(password):
token = generate_token(email=email,
password=password,
user_id=user.id)
userdata = UserSerializer(user).data
userdata['courses'] = list(
user.course_set.values_list('id', flat=True))
return Response(headers={
'Set-Cookie':
'Authorization={}; Path=/'.format(token)
},
data={'user': userdata})
else:
raise AuthenticationFailed
except User.DoesNotExist:
raise NotFound
else:
raise ParseError
def getToken():
body = request.get_json()
if 'priming_code' not in body:
return json.dumps(
{
'message': 'Provide a priming code'
}
)
if body['priming_code'] == app.config['PRIMING_CODE']:
priming_token = utils.generate_token()
# store in database.
redis_store.set('priming:{}'.format(priming_token), 'priming')
# respond
return json.dumps(
{
'message': 'Priming code is correct.',
'priming_token': priming_token
}
)
return json.dumps(
{
'message': 'Priming code is incorrect.'
}
)
def verifyCode():
body = request.get_json()
if 'tfa_code' not in body or 'request_id' not in body:
return json.dumps(
{
'message': 'Please provide the TFA code and request id'
}
)
# get a nexmo 2fa instance.
nexmoTFA = utils.get_nexmo_tfa()
if nexmoTFA.verifyCode(body['request_id'], body['tfa_code']):
tfa_token = utils.generate_token()
# store in database
redis_store.set('tfa:{}'.format(tfa_token), 'tfa')
# respond
return json.dumps(
{
'message': 'TFA code is correct',
'tfa_token': tfa_token
}
)
return json.dumps(
{
'message': 'TFA Code is incorrect.'
}
)
def test_reset_password(self):
response = self.client.post(url_for('auth.forget_password'), data=dict(
email='*****@*****.**',
), follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn("Password reset email sent, check your inbox", data)
user = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(user.validate_password('123456'))
token = generate_token(user, operation=Operations.RESET_PASSWORD)
response = self.client.post(url_for('auth.reset_password', token=token), data=dict(
email='*****@*****.**',
password='******',
password2='newpassword'
), follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn("Password updated", data)
self.assertTrue(user.validate_password('newpassword'))
self.assertFalse(user.validate_password('123456'))
# bad token
response = self.client.post(url_for('auth.reset_password', token='badtoken'), data=dict(
email='*****@*****.**',
password='******',
password2='newpassword'
), follow_redirects=True)
data = response.get_data(as_text=True)
self.assertNotIn("Password updated", data)
self.assertIn('Invalid or expired link', data)
def register():
if current_user.is_authenticated:
return redirect(url_for('main.main_index'))
form = RegisterForm()
if form.validate_on_submit():
name = form.name.data
email = form.email.data.lower()
username = form.username.data
password = form.password.data
ip = request.remote_addr
platform = request.user_agent.platform
browser = request.user_agent.browser
version = request.user_agent.version
# 数据入库
user = User(name=name,
email=email,
username=username,
ip=ip,
platform=platform,
browser=browser,
version=version)
user.set_password(password)
db.session.add(user)
db.session.commit()
token = generate_token(user=user, operation=Operations.CONFIRM)
send_confirm_email(user=user, token=token)
flash('激活邮件已发送到您的邮箱,请查收', 'success')
return redirect(url_for('.login'))
return render_template('auth/reg.html', form=form)
def verify_user():
data = request.get_json()
user = User.query.filter_by(email=data['email']).first()
if not user:
return jsonify({
'error': {
'message': 'Invalid Credentials'
},
'data': None
}), 400
if user.verified:
return jsonify({
'error': {
'message': 'Verified',
},
'data': None
}), 400
code = Token.query.filter_by(user_id=user.id).first()
if code.code != data['code'] and code.issuedAt < datetime.utcnow():
return jsonify({
'error': {
'message': 'Verification Failed'
},
'data': None
}), 400
db.session.delete(code)
db.session.commit()
token = generate_token({'id': user.id, 'username': user.username})
return jsonify({'error': None, 'data': {'token': token}}), 200
def create_event(request):
if request.method == 'POST':
logged_user = request.user.username
form = EventCreation(request.POST, logged_user=logged_user)
if form.is_valid():
data = form.cleaned_data
company = Company.objects.get(name=logged_user)
event = Event.objects.create(name=data['name'],
company=company,
start_date=data['start_date'],
end_date=data['end_date'],
event_id=generate_token(),
description=data['description'])
for room in data['allowed_rooms']:
event.rooms.add(room)
return success_happened(
request, 'Succesfully created the event %s' % data['name'])
else:
form = EventCreation(logged_user=request.user.username)
return render(
request, 'event/create.html', {
'creating_event': True,
'form': form,
'year': datetime.now().year,
'title': 'Create an event'
})
def login():
if current_user.is_authenticated:
saved_threads = db.session.query(Thread)\
.filter_by(user_id=g.user.id)\
.filter_by(submitted=False)\
.first()
if saved_threads:
return redirect(url_for('user'))
else:
return redirect(url_for('create_thread'))
r = praw.Reddit(user_agent=app.config['REDDIT_USER_AGENT'])
r.set_oauth_app_info(
app.config['REDDIT_APP_ID'],
app.config['REDDIT_APP_SECRET'],
app.config['OAUTH_REDIRECT_URI']
)
session['oauth_token'] = generate_token()
oauth_link = r.get_authorize_url(
session['oauth_token'],
['identity', 'submit'],
True
)
return render_template(
'login.html',
page_title="Login with your reddit account",
oauth_link=oauth_link
)
def resend_confirm_email():
if current_user.confirmed:
return redirect(url_for('main.index'))
token = generate_token(user=current_user, operation=Operations.CONFIRM)
send_confirmation_email(user=current_user, token=token)
flash("New email sent, check your inbox", 'info')
return redirect(url_for('main.index'))
def resend_confirm_email():
if current_user.comfirmed:
return redirect(url_for('main.index'))
token = generate_token(user=current_user, operation=Operations.CONFIRM)
send_confirm_email(user=current_user, token=token)
flash('新邮件已经发送,请前往确认', 'info')
return redirect(url_for('main.index'))
def resend_confirm_email():
if current_user.confirmed:
return redirect(url_for('main.main_index'))
token = generate_token(user=current_user, operation=Operations.CONFIRM)
send_confirm_email(user=current_user, token=token)
flash('新的激活邮件已发送,请检查你的邮箱', 'info')
return redirect(url_for('main.main_index'))
def add_attendee(request, event_id):
if request.POST:
logged_user = request.user.username
form = AttendeeRegistration(request.POST)
if form.is_valid():
data = form.cleaned_data
user_id = data['user_id']
name = data['name']
last_name = data['last_name']
email = data['email']
event_id = data['event_id']
company = Company.objects.get(name=logged_user)
# TODO check if ID exists
event = Event.objects.get(event_id=event_id)
if event.company != company:
return error_happened(request, 'Invalid event')
if event.end_date < date.today():
return error_happened(request, 'Event has already finished')
# TODO what if id is already registered but with a different email or name?
if not EndUser.objects.filter(id=user_id).exists():
user = EndUser.objects.create(id=user_id,
name=name,
last_name=last_name,
email=email)
user.save()
else:
user = EndUser.objects.get(id=user_id)
if not Permission.objects.filter(user_id=user,
event=event).exists():
token_id = generate_token()
permission = Permission.objects.create(user_id=user,
event=event,
id=token_id)
else:
return error_happened(
request,
'%s %s is already registered in event' % (name, last_name))
send_qr_email(email, event, token_id, request)
return success_happened(
request, 'Succesfully added %s %s to %s' %
(name, last_name, event.name))
else:
form = AttendeeRegistration(initial={'event_id': event_id})
event = Event.objects.get(event_id=event_id)
return render(
request, 'event/add_attendee.html', {
'form': form,
'year': datetime.now().year,
'title': 'Adding Attendee to %s' % event.name
})
def login():
data = request.get_json()
user = User.query.filter_by(email=data['email']).first()
if not user:
return jsonify({'error': {'message': 'Invalid Credentials', 'code': 400}, 'data': None})
if not check_password_hash(user.password_hash, data['password']):
return jsonify({'error': {'message': 'Invalid Credentials', 'code': 400}, 'data': None})
token = generate_token({'id': user.id, 'username': user.username})
return jsonify({'error': None, 'data': {'token': token.decode("utf-8")}})
def test_confirm_account(self):
user = User.query.filter_by(email='*****@*****.**').first()
self.assertFalse(user.confirmed)
token = generate_token(user=user, operation='confirm')
self.login(email='*****@*****.**', password='******')
response = self.client.get(url_for('auth.confirm', token=token), follow_redirects=True)
data = response.get_data(as_text=True)
self.assertIn("Account confirmed", data)
self.assertTrue(user.confirmed)
def change_email_request():
form = ChangePasswordForm()
if form.validate_on_submit():
token = generate_token(user=current_user,
operation=Operations.CHANGE_EMAIL,
new_email=form.email.data.lower())
send_change_email(to=form.email.data, user=current_user, token=token)
flash('确认邮件已发送,前往邮箱核对.', 'info')
return redirect(url_for('.index', username=current_user.username))
return render_template('user/settings/change_email.html', form=form)
def process_sso_auth(cls, sso_profile) -> Tuple[dict, int]:
user_name = sso_profile["username"]
period_name = get_app_config("ACTIVE_PERIOD")
user = User.objects(username=user_name).first()
if user is None:
full_name = sso_profile['attributes']['ldap_cn']
user = User(name=full_name, username=user_name)
try:
user_npm = sso_profile["attributes"]["npm"]
major_name = sso_profile["attributes"]["study_program"]
major_kd_org = sso_profile["attributes"]["kd_org"]
except KeyError:
completion_id = uuid.uuid4()
user.completion_id = completion_id
user.save()
return {
'user_name': user_name,
'full_name': full_name,
'completion_id': str(completion_id)
}, 201
user.npm = user_npm
user.batch = f"20{user_npm[:2]}"
major = Major.objects(kd_org=major_kd_org).first()
if major is None:
major = Major(name=major_name, kd_org=major_kd_org)
major.save()
user.major = major
user.save()
if user.completion_id is not None:
return {
'user_name': user.username,
'full_name': user.name,
'completion_id': str(user.completion_id)
}, 201
major = user.major
period = Period.objects(major_id=major.id,
name=period_name,
is_detail=True).first()
token = generate_token(user.id, user.major.id)
result = {
"user_id": str(user.id),
"major_id": str(user.major.id),
"token": token
}
if period is None:
result = {**result, "err": True, "major_name": major.name}
return result, 200
def login():
data = request.get_json()
user = User.query.filter_by(email=data["email"],
password=data["password"]).first()
if not user:
return jsonify({"success": False, "reason": "invalid_credentials"})
token = generate_token()
auth_token = AuthToken(email=data["email"], token=token)
db.session.add(auth_token)
db.session.commit()
return jsonify({"success": True, "token": token})
def __init__(self, port: int = None):
self.port = ports.data_bridge if port is None else port
self.address = ('localhost', self.port)
self.token = generate_token()
self.listener = Listener(self.address,
authkey=bytes(self.token, encoding='utf-8'))
self.stop_event = Event()
self.thread = Thread(target=self._run)
self.thread.setDaemon(True)
self.connection = None
self.on_token_received = None
def change_email_request():
form = ChangeEmailForm()
if form.validate_on_submit():
token = generate_token(user=current_user,
operation=Operations.CHANGE_EMAIL,
new_email=form.email.data)
send_confirmation_email(to=form.email.data,
user=current_user,
token=token)
flash("Confirm email sent, check inbox", 'success')
return redirect(url_for('.index', username=current_user.username))
return render_template('user/settings/change_email.html', form=form)
def register():
data = request.get_json()
try:
user = User(
username=data['username'], email=data['email'], password_hash=generate_password_hash(data['password']))
db.session.add(user)
db.session.commit()
except exc.IntegrityError:
return jsonify({'error': {'message': 'user already exists', 'code': 400}, 'data': None})
token = generate_token({'id': user.id, 'username': user.username})
return jsonify({'error': None, 'data': {'token': token.decode("utf-8")}})
def create_test_user():
major = Major.objects().create(name='Ilmu Komputer (Computer Science)',
kd_org='01.00.12.01')
user = User.objects().create(
name='NAMA USER',
username='******',
npm='1701234567',
batch='2017',
major=major,
)
token = generate_token(user.id, user.major.id)
return user, token
def setup_db(seed=True):
""" create a new DB and add seed data if seed is True """
db = sqlite3.connect(app.config["DATABASE"])
c = db.cursor()
c.execute(''' DROP TABLE IF EXISTS texts ''')
c.execute(''' CREATE TABLE texts (body TEXT, words TEXT, token INTEGER PRIMARY KEY) ''')
if seed:
t = ("the quick brown fox jumped over the lazy dog", \
"for brown lazy", utils.generate_token())
c.execute("INSERT INTO texts VALUES (?, ?, ?)", t)
db.commit()
db.close()
def test_change_email(self):
user = User.query.get(2)
self.assertEqual(user.email, '*****@*****.**')
token = generate_token(user, Operations.CHANGE_EMAIL, new_email='*****@*****.**')
self.login()
res = self.client.get(url_for('user.change_email', token=token), follow_redirects=True)
data = res.get_data(as_text=True)
self.assertIn("Email updated", data)
self.assertEqual(user.email, '*****@*****.**')
res = self.client.get(url_for('user.change_email', token='bad'), follow_redirects=True)
data = res.get_data(as_text=True)
self.assertIn("Invalid or expired token", data)
async def login(request: Request) -> Dict:
request_body = request.json
phone = request_body["phone"]
password = request_body["password"]
user: User = user_repo.authenticate(phone, password)
token: str = generate_token({"user_id": user.id}, secret=settings.JWT_SECRET_KEY, ttl=settings.JWT_TTL)
user.token = token
user.save()
key: str = f"user|{user.id}"
value: bytes = pickle.dumps(user)
await request.app.redis.set(key, value)
return {"token": token}
def forget_password():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = ForgetPasswordForm()
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data.lower()).first()
if user:
token = generate_token(user=user, operation=Operations.RESET_PASSWORD)
send_reset_password_email(user=user, token=token)
flash("Password reset email sent, check your inbox", 'info')
return redirect(url_for('.login'))
flash("Invalid email", 'warning')
return redirect(url_for('.forget_password'))
return render_template('auth/reset_password.html', form=form)
def add():
text = request.form["text"]
words = request.form["words"]
if not words:
# autogenerate words
words = " ".join(utils.get_exclusion_words(text))
print words
else:
for word in words.split():
if word not in text.split():
return jsonify({"status":
"Invalid data - few words not found in data."})
token = utils.generate_token()
db_add_text(text, words, token)
return jsonify({"status": "Data added successfully"})
def test_api_can_reset_user_password(self):
"""Test API can return reset_ Users"""
rv1 = self.client().post('/user/forgot_password',
data=json.dumps(
{'email': self.test_users[0]['email']}),
content_type='application/json')
self.assertEqual(rv1.status_code, 200)
with self.app.app_context():
user = User.query.filter_by(
email=self.test_users[0]['email']).first()
token = generate_token({'id': user.id})
rv = self.client().post(f'/user/reset_password/{token}',
data=json.dumps({'password': '******'}),
content_type='application/json')
self.assertEqual(rv.status_code, 200)
def signup():
data = request.get_json()
print(data)
if User.query.filter_by(email=data["email"]).first():
return jsonify({"success": False, "reason": "email_already_exists"})
user = User(email=data["email"],
password=data["password"],
name=data["name"],
city=data["city"],
dob=datetime.strptime(data["dob"], "%Y-%m-%d").date())
token = generate_token()
auth_token = AuthToken(email=data["email"], token=token)
db.session.add(user)
db.session.add(auth_token)
db.session.commit()
return jsonify({"success": True, "token": token})
def login():
if current_user.is_anonymous:
session['oauth_token'] = generate_token()
oauth_link = r.get_authorize_url(
session['oauth_token'],
['identity', 'submit', 'edit'],
True
)
return render_template(
'login.html',
title="Reddit Login",
page_title="Reddit Login",
oauth_link=oauth_link
)
else:
flash('You are already logged in!')
return redirect(url_for('dashboard'))
def index():
if current_user.is_authenticated():
saved_threads = db.session.query(Thread)\
.filter_by(user_id=g.user.id)\
.filter_by(submitted=False)\
.first()
if saved_threads:
return redirect(url_for('user'))
else:
return redirect(url_for('create_thread'))
session['oauth_token'] = generate_token()
oauth_link = r.get_authorize_url(
session['oauth_token'],
['identity', 'submit'],
True
)
return render_template(
'index.html',
page_title="Step 1: Login to your reddit account",
oauth_link=oauth_link
)
def main():
if request.method == "GET":
if request.args.get("random"):
token = utils.generate_token()
text, words = utils.generate_random_text()
db_add_text(text, words, token)
else:
text_model = db_get_random_text()
if not text_model: # if nothing in DB, generate random text
redirect("/?random=true")
text, words, token = text_model
resp = { "text": text, "words": words.split(), "token" : token }
return jsonify(resp)
else:
if not request.json or not request.json.get("token") or \
not request.json.get('text') or not request.json.get('words'):
abort(400)
data = request.json
text_model = db_fetch_text(data.get('token'))
if not text_model or text_model[0] != data.get('text') or \
not utils.validate_word_count(text_model[0], text_model[1], data.get('words')):
abort(400)
return jsonify({"status": "success"})
