def test_category_get_all(forum, user): category = forum.category with current_app.test_request_context(): # Test with logged in user login_user(user) assert current_user.is_authenticated() categories = Category.get_all(current_user) # All categories are stored in a list assert isinstance(categories, list) # The forums for a category are also stored in a list assert isinstance(categories[0][1], list) assert categories == [(category, [(forum, None)])] # Test with logged out user logout_user() assert not current_user.is_authenticated() categories = Category.get_all(current_user) # All categories are stored in a list assert isinstance(categories, list) # The forums for a category are also stored in a list assert isinstance(categories[0][1], list) assert categories == [(category, [(forum, None)])]
def test_category_get_forums(forum, user): category = forum.category with current_app.test_request_context(): # Test with logged in user login_user(user) assert current_user.is_authenticated() cat, forums = Category.get_forums(category.id, current_user) # Check if it is a list because in a category there are normally more # than one forum in it (not in these tests) assert isinstance(forums, list) is True assert forums == [(forum, None)] assert cat == category # Test the same thing with a logged out user logout_user() assert not current_user.is_authenticated() cat, forums = Category.get_forums(category.id, current_user) # Check if it is a list because in a category there are normally more # than one forum in it (not in these tests) assert isinstance(forums, list) is True assert forums == [(forum, None)] assert cat == category
def contact(): form = ReportForm(request.form) if current_user.is_authenticated(): form = ReportForm(request.form, obj=current_user) if form.validate_on_submit(): user_id = None if current_user.is_authenticated(): user_id = current_user.id report = UserReports( user_id=user_id, email=form.email.data, subject=form.subject.data, message=form.message.data ) db.session.add(report) db.session.commit() flash(gettext(u'Message sent. Thank you for contact. \ We really appreciate it!'), 'success') return redirect(url_for('simple_page.index')) return render_template( 'contact.html', form=form )
def test_topic_update_read(database, user, topic): """Tests the update read method if the topic is unread/read.""" forumsread = ForumsRead.query.\ filter(ForumsRead.user_id == user.id, ForumsRead.forum_id == topic.forum_id).first() with current_app.test_request_context(): # Test with logged in user login_user(user) assert current_user.is_authenticated() # Update the tracker assert topic.update_read(current_user, topic.forum, forumsread) # Because the tracker is already up-to-date, it shouldn't update it # again. assert not topic.update_read(current_user, topic.forum, forumsread) # Adding a new post - now the tracker shouldn't be up-to-date anymore. post = Post(content="Test Content") post.save(topic=topic, user=user) forumsread = ForumsRead.query.\ filter(ForumsRead.user_id == user.id, ForumsRead.forum_id == topic.forum_id).first() # Test tracker length flaskbb_config["TRACKER_LENGTH"] = 0 assert not topic.update_read(current_user, topic.forum, forumsread) flaskbb_config["TRACKER_LENGTH"] = 1 assert topic.update_read(current_user, topic.forum, forumsread) # Test with logged out user logout_user() assert not current_user.is_authenticated() assert not topic.update_read(current_user, topic.forum, forumsread)
def question(category_id, eid, title): category = Category.query.get_or_404(category_id) selected_lang = request.args.get('lang', DEFAULT_LANG) selected_platform = request.args.get('platform', g.detected_platform) question = (Question.query .filter_by(category_id=category_id, eid=eid, lang=selected_lang) .filter(Question.platform.in_([DEFAULT_PLATFORM, selected_platform])) .first()) if not question: abort(404) if current_user.is_authenticated() and request.method == 'DELETE': db.session.delete(question) return jsonify(success=True) form = QuestionForm(prefix='paano-question', obj=question) form.category_id.choices = [(c.id, c.title) for c in Category.query.order_by(Category.title).all()] if current_user.is_authenticated(): if request.args.get('edit'): return render_template('paano/question_form.html', form=form) if form.validate_on_submit(): form.populate_obj(question) db.session.add(question) db.session.flush() flash("Question saved") return redirect(question.url(platform=question.platform)) return render_template('paano/question.html', category=category, question=question)
def entity(id, rev=None): review = Review.query.get_or_404(str(id)) # Not showing review if it isn't published yet and not viewed by author. if review.is_draft and not (current_user.is_authenticated() and current_user == review.user): raise NotFound(gettext("Can't find a review with the specified ID.")) if review.is_hidden: if not current_user.is_admin(): raise Forbidden(gettext("Review has been hidden. " "You need to be an administrator to view it.")) else: flash(gettext("Review has been hidden."), 'warning') spotify_mappings = None if review.entity_type == 'release_group': spotify_mappings = mbspotify.mappings(review.entity_id) revisions = Revision.query.filter_by(review=review).order_by(desc(Revision.timestamp)) count = revisions.count() if not rev: rev = count if rev < count: flash(gettext('You are viewing an old revision, the review has been updated since then.')) elif rev > count: raise NotFound(gettext("The revision you are looking for does not exist.")) revision = revisions.offset(count-rev).first() if not review.is_draft and current_user.is_authenticated(): # if user is logged in, get his vote for this review vote = Vote.query.filter_by(user=current_user, revision=revision).first() else: # otherwise set vote to None, its value will not be used vote = None review.text_html = markdown(revision.text, safe_mode="escape") return render_template('review/entity/%s.html' % review.entity_type, review=review, spotify_mappings=spotify_mappings, vote=vote)
def usertraffic(): """For anonymous users with a valid IP """ try: ip = request.remote_addr trafficdata = query_trafficdata(ip) if current_user.is_authenticated(): if current_user.userid is user_id_from_ip(ip): flash(gettext(u"Ein anderer Nutzer als der für diesen Anschluss" u" Eingetragene ist angemeldet!"), "warning") flash(gettext("Hier werden die Trafficdaten " "dieses Anschlusses angezeigt"), "info") except ForeignIPAccessError: flash(gettext(u"Deine IP gehört nicht zum Wohnheim!"), "error") if current_user.is_authenticated(): flash(gettext(u"Da du angemeldet bist, kannst du deinen Traffic " u"hier in der Usersuite einsehen."), "info") return redirect(url_for('usersuite.usersuite')) else: flash(gettext(u"Um deinen Traffic von außerhalb einsehen zu können," u" musst du dich anmelden."), "info") return redirect(url_for('login')) # todo test if the template works if called from this position return render_template("usertraffic.html", usertraffic=trafficdata)
def activity(): ''' View for the activity feed of recent events. Note that we want anonymous users to be able to get a "sneak peek" at this page, so we allow them in; however, if the user has logged in but hasn't yet completed the registration process, we want them to finish it first. ''' if (current_user.is_authenticated() and not current_user.has_fully_registered): return redirect(get_best_registration_step_url(current_user)) if not session.get('activity_route_visited'): # reset tutorials if repeat_tutorials flag is set num_tutorials = 3 if ('DISCOURSE_ENABLED' in current_app.jinja_env.globals): if (current_app.jinja_env.globals['DISCOURSE_ENABLED']): num_tutorials = 4 if hasattr(current_user, 'repeat_tutorials'): if current_user.repeat_tutorials and current_user.tutorial_step > num_tutorials: current_user.tutorial_step = 1 db.session.add(current_user) db.session.commit() events = get_latest_events() shared_message_form = SharedMessageForm() if request.method == 'POST': if not current_user.is_authenticated(): flash(gettext(u'You must log in to post a message.'), 'error') elif not current_user.display_in_search: flash(gettext(u'We need your name before you can post a message.'), 'error') elif shared_message_form.validate(): data = shared_message_form.message.data msg = SharedMessageEvent.from_user( current_user, message=data ) db.session.add(msg) db.session.commit() flash(gettext(u'Message posted!')) return redirect(url_for('views.activity')) session['activity_route_visited'] = True; return render_template('activity.html', **{ 'user': current_user, 'events': events, 'blog_posts': get_blog_posts(), 'page_config_json': json_blob( LOADING_TEXT=gettext("Loading...") ), 'most_complete_profiles': User.get_most_complete_profiles(limit=5), 'most_connected_profiles': User.get_most_connected_profiles(limit=5) })
def filter_logic(f, limit, skip): query = [] # retrieving lists if current_user.is_authenticated(): if f['blacklistSelect'] == "on": regexes = db.getRules('blacklist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['whitelistSelect'] == "hide": regexes = db.getRules('whitelist') if len(regexes) != 0: exp = "^(?!" + "|".join(regexes) + ")" query.append({'$or': [{'vulnerable_configuration': re.compile(exp)}, {'vulnerable_configuration': {'$exists': False}}, {'vulnerable_configuration': []} ]}) if f['unlistedSelect'] == "hide": wlregexes = compile(db.getRules('whitelist')) blregexes = compile(db.getRules('blacklist')) query.append({'$or': [{'vulnerable_configuration': {'$in': wlregexes}}, {'vulnerable_configuration': {'$in': blregexes}}]}) if f['rejectedSelect'] == "hide": exp = "^(?!\*\* REJECT \*\*\s+DO NOT USE THIS CANDIDATE NUMBER.*)" query.append({'summary': re.compile(exp)}) # plugin filters query.extend(plugManager.doFilter(f, **pluginArgs())) # cvss logic if f['cvssSelect'] == "above": query.append({'cvss': {'$gt': float(f['cvss'])}}) elif f['cvssSelect'] == "equals": query.append({'cvss': float(f['cvss'])}) elif f['cvssSelect'] == "below": query.append({'cvss': {'$lt': float(f['cvss'])}}) # date logic if f['timeSelect'] != "all": if f['startDate']: startDate = parse_datetime(f['startDate'], ignoretz=True, dayfirst=True) if f['endDate']: endDate = parse_datetime(f['endDate'], ignoretz=True, dayfirst=True) if f['timeSelect'] == "from": query.append({f['timeTypeSelect']: {'$gt': startDate}}) if f['timeSelect'] == "until": query.append({f['timeTypeSelect']: {'$lt': endDate}}) if f['timeSelect'] == "between": query.append({f['timeTypeSelect']: {'$gt': startDate, '$lt': endDate}}) if f['timeSelect'] == "outside": query.append({'$or': [{f['timeTypeSelect']: {'$lt': startDate}}, {f['timeTypeSelect']: {'$gt': endDate}}]}) cve=db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if current_user.is_authenticated(): if f['whitelistSelect'] == "on": cve = whitelist_mark(cve) if f['blacklistSelect'] == "mark": cve = blacklist_mark(cve) plugManager.mark(cve, **pluginArgs()) cve = list(cve) return cve
def main(): if current_user.is_authenticated(): form = PasteForm(request.form) else: print 'test' form = PasteFormNoAuth(request.form) if form.validate_on_submit(): times = { '0':None, '1':{'minutes':+15}, '2':{'minutes':+30}, '3':{'hours':+1}, '4':{'hours':+6}, '5':{'hours':+12}, '6':{'days':+1}, '7':{'weeks':+1}, '8':{'months':+1} } paste = database.Paste() paste.paste = form.text.data paste.digest = sha1(paste.paste.encode('utf-8')).hexdigest() if (current_user.is_authenticated()): paste.user = current_user.to_dbref() #Create a name and make sure it doesn't exist paste.name = random_string() collision_check = database.Paste.objects(name__exact=paste.name).first() while collision_check is not None: paste.name = random_string() collision_check = database.Paste.objects(name__exact=paste.name).first() if form.language.data is not None: paste.language = form.language.data else: try: paste.language = guess_lexer(form.text.data).name except: paste.language = 'text' paste.time = datetime.utcnow() if times.get(form.expiration.data) is not None: paste.expire = arrow.utcnow().replace(**times.get(form.expiration.data)).datetime if times.get(form.expiration.data) is None and not current_user.is_authenticated(): paste.expire = arrow.utcnow.replace(**times.get(7)) paste.save() return redirect('/{id}'.format(id=paste.name)) return render_template('new_paste.html', form=form)
def get_gi_vars(): """Gets gallery item variables.""" gallery_limit = app.config['GALLERY_LIMIT'] if app.config.get('USE_SESSIONSTORE_NOT_DB'): gallery_count = len(session.get('gallery_item', [])) else: gallery_count = ( GalleryItem.query .filter_by(active=True) .count()) if not gallery_count: default_gallery_items = get_default_gallery_items() gallery_count = len(default_gallery_items) is_gallery_showmore = request.args.get('gallery_showmore', None) == '1' is_gallery_showlimited = ( (not current_user.is_authenticated()) and (not is_gallery_showmore) and (gallery_count > gallery_limit)) gallery_items = get_gallery_items() if is_gallery_showlimited: if app.config.get('USE_SESSIONSTORE_NOT_DB'): gallery_items = gallery_items[:gallery_limit] else: gallery_items = gallery_items.limit(gallery_limit) if not app.config.get('USE_SESSIONSTORE_NOT_DB'): gallery_items = gallery_items.all() gallery_forms = {} if current_user.is_authenticated(): for gi in gallery_items: gallery_forms[gi.id] = { 'title': TextEditForm(content=gi.title), 'image': ImageEditForm(image=gi.image), 'content': LongTextEditForm(content=gi.content), 'date_taken': TextEditForm(content=gi.date_taken)} if current_user.is_authenticated(): gallery_forms[gi.id]['delete'] = Form() return ( gallery_items, is_gallery_showlimited, gallery_forms)
def tabs_list(id): likeform = LikeForm() artist = Artist.query.filter_by(id=id).first_or_404() dic_codes = dict([(code.id,code.code_name) for code in Dic_code.query.all()]) tabs_kind = Dic_code.query.filter_by(parent_id=4).all() big_cates = Dic_code.query.filter_by(parent_id=1).all() for big_cate in big_cates: big_cate.children = Dic_code.query.filter(Dic_code.parent_id == big_cate.type_id).order_by(Dic_code.id) if request.method == 'POST' and likeform.validate_on_submit() and current_user.is_authenticated(): if likeform.op.data == 'c': like = Like() like.save(likeform, current_user.id, 2) artist.fans = artist.fans + 1 elif likeform.op.data == 'd': like = Like.query.filter_by(like_id=likeform.like_id.data).filter_by(uid=current_user.id)\ .filter_by(like_type=2).first() like.delete() if artist.fans != 0: artist.fans = artist.fans - 1 db.session.commit() artist.hot = artist.hot + 1 db.session.commit() if current_user.is_authenticated(): like_tabs = [ like.like_id for like in Like.query.filter_by(uid=current_user.id)\ .filter_by(like_type=1).all() ] else: like_tabs = [] kind_id = request.args.get("kind") tabs = Tab.query.filter_by(artist=id).all() if kind_id: if kind_id == "all_tab" : tabs = tabs else: kind_id = int(kind_id) tabs = Tab.query.filter(Tab.artist == id).filter(Tab.tabs_type == kind_id).all() return render_template('artists/tabs_filter_ajax.html', tabs=tabs, dic_codes=dic_codes,\ form=likeform, like_tabs=like_tabs) is_like = None if current_user.is_authenticated(): is_like = Like.query.filter_by(uid=current_user.id).filter_by(like_type=2)\ .filter_by(like_id=id).first() return render_template('artists/tabs_list.html', artist=artist, tabs=tabs, is_like=is_like,\ dic_codes=dic_codes, tabs_kind=tabs_kind, form=likeform, like_tabs=like_tabs, big_cates=big_cates)
def login(): if current_user.is_authenticated(): return redirect(url_for('views.home'), code=302) if request.method == 'POST': login_form = request.form user.login(login_form.get('email'), login_form.get('password')) if current_user.is_authenticated(): next_url = request.args.get('next',url_for('views.home')) return redirect(next_url, code=302) else: return render_template('login.html', failure=True, email=login_form.get('email')) return render_template('login.html', failure=False, email='')
def dispatchApiCall(reqJson): forwarded_for = request.headers.get('X-Forwarded-For', None) # if forwarded_for == '108.28.56.67': # print("Bouncing possible abuse from %s" % (forwarded_for, )) # return getResponse("Hi there! Please contact me on github.com/fake-name/wlnupdates before doing bulk scraping, please!", error=True) if not "mode" in reqJson: print("API JSON Request without mode!") return getResponse("No mode in API Request!", error=True) mode = reqJson["mode"] if not mode in DISPATCH_TABLE: print("Invalid mode in request: '{mode}'".format(mode=mode)) return getResponse("Invalid mode in API Request ({mode})!".format(mode=mode), error=True) dispatch_method, auth_required, csrf_required, rate_limited = DISPATCH_TABLE[mode] try: if csrf_required: csrf.protect() if auth_required and not current_user.is_authenticated(): return getResponse(LOGIN_REQ, error=True) if rate_limited and not current_user.is_authenticated(): limiter_key = forwarded_for + " " + mode if limiter_key in RATE_LIMITER: print("Anon User hit rate limiting. Bouncing.") return getResponse("API calls when not logged in are rate limited. Please either log in, or slow down. " "Complain at github.com/fake-name/wlnupdates/issues if this is a problem", error=True) print("Inserting anon requester into rate-limit cache.") RATE_LIMITER[limiter_key] = True ret = dispatch_method(reqJson) else: ret = dispatch_method(reqJson) except AssertionError as e: traceback.print_exc() print(reqJson) return getResponse("Error processing API request: '%s'!" % e, error=True) return ret
def login(): print current_user if current_user.is_authenticated(): return redirect('/') if len(request.data): # 表示这是前端通过ajax发送的post请求 json_data = json.loads(request.data) user = UserEntity.query.filter_by(username=json_data['username']).first() if user is not None and user.password == hashlib.md5(json_data['password']).hexdigest(): # 登录成功 login_user(user) result = ResultModel(ResultModel.SUCCESS_CODE, ResultModel.SUCCESS_MSG, None) elif user is not None and user.password != json_data['password']: # 密码错误 result = ResultModel(ResultModel.FAILED_CODE, '密码错误', None) else: # 用户不存在 result = ResultModel(ResultModel.FAILED_CODE, '用户不存在', None) return jsonify(vars(result)) else: # 表明这是通过get方式发送的请求,因此跳转到登录页面让用户进行登录 return render_template('login.html')
def login(): """ Attempt to log into the LDAP server with the authentication provided by a form. """ try: if current_user.is_authenticated(): if opt['VERBOSE']: print(current_user) return redirect(url_for('edit_data', lang='en')), 302 form = request.form username = form['user'] password = form['pass'] if opt['VERBOSE']: print(username) User.try_login(username, password) user = User.get_by_uname(username) if not user: user = User(username) user.add_to_db() session['uid'] = user.id login_user(user) return redirect(url_for('edit_data', lang='en')), 302 except Exception, ex: if opt['VERBOSE']: print(ex) return render_template('login_fail.html'), 401
def __init__(self, slug, name): assert current_user.is_authenticated() self.slug = slug self.name = name self.members.append(GroupMember(user_id=current_user.id, is_admin=True))
def is_accessible(self): return ( not AUTHENTICATE or ( not current_user.is_anonymous() and current_user.is_authenticated() ) )
def login(self, request, session=None): if current_user.is_authenticated(): flash("You are already logged in") return redirect(url_for('admin.index')) username = None password = None form = LoginForm(request.form) if request.method == 'POST' and form.validate(): username = request.form.get("username") password = request.form.get("password") try: user = authenticate(session, username, password) flask_login.login_user(user) return redirect(request.args.get("next") or url_for("admin.index")) except AuthenticationError: flash("Incorrect login details") return self.render('airflow/login.html', title="Airflow - Login", form=form) finally: session.commit() session.close()
def _handle_view(self, name, **kwargs): """The method will be executed before calling any view method.""" if not current_user.is_authenticated(): return current_app.login_manager.unauthorized() if not self.is_accessible(): return abort(403)
def login(): if app.config["LOGADMIN"] == True: user_login(app.config["ADMIN_EMAIL"]) if current_user.is_authenticated(): flash("Already logged in") return redirect(url_for("showAllCourses")) return render_template("login.html")
def login(): if current_user.is_authenticated(): return redirect(request.args.get('next') or '/') if not settings.PASSWORD_LOGIN_ENABLED: if settings.SAML_LOGIN_ENABLED: return redirect(url_for("saml_auth.sp_initiated", next=request.args.get('next'))) else: return redirect(url_for("google_oauth.authorize", next=request.args.get('next'))) if request.method == 'POST': user = models.User.select().where(models.User.email == request.form['username']).first() if user and user.verify_password(request.form['password']): remember = ('remember' in request.form) login_user(user, remember=remember) return redirect(request.args.get('next') or '/') return render_template("login.html", name=settings.NAME, analytics=settings.ANALYTICS, next=request.args.get('next'), username=request.form.get('username', ''), show_google_openid=settings.GOOGLE_OAUTH_ENABLED, show_saml_login=settings.SAML_LOGIN_ENABLED)
def buscartipoItem2(): """ Funcion para buscar registros de la tabla de Tipo de Item""" if not current_user.is_authenticated(): flash('Debe loguearse primeramente!!!!', 'loggin') return render_template('index.html') permission =UserPermission('LIDER PROYECTO', int(session['pry'])) if permission.can()==False: flash('No posee los permisos suficientes para realizar la operacion', 'info') return render_template('index.html') valor = request.args['patron'] parametro = request.args['parametro'] #init_db(db_session) if valor == "" : administrartipoItem() if parametro == 'id_fase': ti = db_session.query(TipoItem).from_statement("SELECT * FROM tipo_item where "+parametro+" in (SELECT id FROM fase where nombre ilike '%"+valor+"%' )").all() else: ti = db_session.query(TipoItem).from_statement("SELECT * FROM tipo_item where "+parametro+" ilike '%"+valor+"%'").all() return render_template('tipoItem/listartipoItem.html', tipoItems2 = ti) valor = request.args['patron'] #init_db(db_session) r = db_session.query(TipoItem).filter_by(nombre=valor) if r == None: return 'no existe concordancia' return render_template('tipoItem/listartipoItem.html', tipoItems2 = r)
def check_session_id(): """ Generate a UUID and store it in the session as well as in the WebSession table. """ # TODO: Create UserAgentEntity and populate user_agent = get_user_agent() if 'uuid' not in session: session['uuid'] = str(uuid.uuid4()) WebSessionEntity.create(session_id=session['uuid'], user_id=current_user.get_id(), ip=request.remote_addr, date_time=datetime.datetime.now(), user_agent=user_agent) return if current_user.is_authenticated(): # update the user_id on the first request after login is completed session_id = session['uuid'] web_session = WebSessionEntity.get_by_session_id(session_id) if web_session is not None: web_session = WebSessionEntity.update( web_session, user_id=current_user.get_id()) else: app.logger.error("No row found for sess_id: {}".format(session_id))
def access(): """Access.""" try: mail = mail_cookie_check_mail_activation(request.values['mailcookie']) u = User.query.filter(User.email == mail).one() u.note = 1 try: db.session.commit() except SQLAlchemyError: db.session.rollback() flash(_('Authorization failled.'), 'error') redirect('/') if current_user.is_authenticated(): current_user.reload() flash(_('Your email address has been validated'), 'success') else: UserInfo(u.id).reload() flash( _('Your email address has been validated, and you can ' 'now proceed to sign-in.'), 'success' ) except Exception: current_app.logger.exception("Authorization failed.") flash(_('The authorization token is invalid.'), 'error') return redirect('/')
def eliminartipoItem(): """ Funcion para eliminar registros de la tabla de Tipo de Item""" if not current_user.is_authenticated(): flash('Debe loguearse primeramente!!!!', 'loggin') return render_template('index.html') permission =UserPermission('LIDER PROYECTO', int(session['pry'])) if permission.can()==False: flash('No posee los permisos suficientes para realizar la operacion', 'info') return render_template('index.html') try: cod = request.args.get('cod') tipoItem = db_session.query(TipoItem).filter_by(codigo=cod).first() items= db_session.query(Item).filter_by(id_tipo_item=tipoItem.id).first() cant = db_session.query(TItemAtributo).filter_by(id_tipo_item=tipoItem.id).count() cnt = 0 #se verifica si el tipo de item esta siendo utilizado, en tal caso no podra ser eliminado if items != None : flash('El Tipo de Item no puede ser eliminado, ya que esta siendo utilizado por algun Item!','info') return render_template('tipoItem/administrartipoItem.html') while cnt < cant : cnt = cnt + 1 tt = db_session.query(TItemAtributo).filter_by(id_tipo_item=tipoItem.id).first() db_session.delete(tt) db_session.commit() db_session.delete(tipoItem) db_session.commit() flash('El tipo item ha sido eliminado con exito','info') return redirect('/tipoItem/administrartipoItem') except DatabaseError, e: flash('Error en la Base de Datos' + e.args[0],'info') return render_template('tipoItem/administrartipoItem.html')
def buscarsolicitudavotar(): if not current_user.is_authenticated(): flash('Debe loguearse primeramente!!!!', 'loggin') return render_template('index.html') idusuario = current_user.id idproyecto= session['pry'] valor = request.args['patron'] parametro = request.args['parametro'] if valor=='' or valor == None: return administrarsolicitudavotar() else: if parametro == 'fecha': try: fecha = datetime.strptime(valor, '%Y-%m-%d') solicitudes = db_session.query(SolicitudCambio).join(MiembrosComite, MiembrosComite.id_proyecto == SolicitudCambio.id_proyecto).filter(MiembrosComite.id_usuario == idusuario).filter(SolicitudCambio.id_proyecto == idproyecto).filter(SolicitudCambio.estado == 'E').filter(SolicitudCambio.fecha == fecha).all() except ValueError: solicitudes =[] elif parametro == 'nombre': solicitudes = db_session.query(SolicitudCambio).join(MiembrosComite, MiembrosComite.id_proyecto == SolicitudCambio.id_proyecto).filter(MiembrosComite.id_usuario == idusuario).join(Usuario, SolicitudCambio.id_usuario == Usuario.id).filter(SolicitudCambio.id_proyecto == idproyecto).filter(SolicitudCambio.estado == 'E').filter(or_(Usuario.nombre.ilike('%'+valor+'%'),Usuario.apellido.ilike('%'+valor+'%'))).all() elif parametro == 'cant_votos': if valor.isdigit() : solicitudes = db_session.query(SolicitudCambio).join(MiembrosComite, MiembrosComite.id_proyecto == SolicitudCambio.id_proyecto).filter(MiembrosComite.id_usuario == idusuario).filter(SolicitudCambio.id_proyecto == idproyecto).filter(SolicitudCambio.estado == 'E').filter(SolicitudCambio.cant_votos == valor).all() else : solicitudes = [] elif parametro == 'descripcion' : solicitudes = db_session.query(SolicitudCambio).join(MiembrosComite, MiembrosComite.id_proyecto == SolicitudCambio.id_proyecto).filter(MiembrosComite.id_usuario == idusuario).filter(SolicitudCambio.id_proyecto == idproyecto).filter(SolicitudCambio.estado == 'E').filter(SolicitudCambio.descripcion.ilike('%'+valor+'%')).all() #relaciones = db_session.query(Relacion).from_statement("SELECT * FROM relacion where to_char("+parametro+", '99999') ilike '%"+valor+"%'").all() #p = db_session.query(Relacion).from_statement("SELECT * FROM relacion where "+parametro+" = CAST("+valor+" AS Int)").all() else: return administrarsolicitudavotar()() #p = db_session.query(Relacion).filter(Relacion.codigo.like('%'+valor+ '%')) return render_template('solicitudavotar/administrarsolicitudavotar.html', solicitudes = solicitudes)
def login(): """Login page for users """ form = LoginForm() if form.validate_on_submit(): username = form.username.data password = form.password.data try: user = authenticate(username, password) except UserNotFound: flash(gettext(u"Nutzer nicht gefunden!"), "error") except PasswordInvalid: flash(gettext(u"Passwort war inkorrekt!"), "error") else: if isinstance(user, User): login_user(user) elif form.is_submitted(): flash_formerrors(form) if current_user.is_authenticated(): return redirect(url_for('usersuite.usersuite')) return render_template('login.html', form=form)
def dispatchApiCall(reqJson): print("Json request:", reqJson) if not "mode" in reqJson: print("API JSON Request without mode!") return getResponse("No mode in API Request!", error=True) mode = reqJson["mode"] if not mode in DISPATCH_TABLE: print("Invalid mode in request: '{mode}'".format(mode=mode)) return getResponse("Invalid mode in API Request ({mode})!".format(mode=mode), error=True) dispatch_method, auth_required, csrf_required = DISPATCH_TABLE[mode] try: if csrf_required: csrf.protect() if auth_required and not current_user.is_authenticated(): return getResponse(LOGIN_REQ, error=True) else: ret = dispatch_method(reqJson) except AssertionError as e: traceback.print_exc() print(reqJson) return getResponse("Error processing API request: '%s'!" % e, error=True) return ret
def entity(id): id = str(id) event = musicbrainz.get_event_by_id(id) if not event: raise NotFound(gettext("Sorry, we couldn't find a event with that MusicBrainz ID.")) if 'artist-relation-list' in event and event['artist-relation-list']: artists_sorted = sorted(event['artist-relation-list'], key=itemgetter('type')) event['artists_grouped'] = groupby(artists_sorted, itemgetter('type')) if current_user.is_authenticated(): my_reviews, my_count = Review.list(entity_id=id, entity_type='event', user_id=current_user.id) if my_count != 0: my_review = my_reviews[0] else: my_review = None else: my_review = None limit = int(request.args.get('limit', default=10)) offset = int(request.args.get('offset', default=0)) reviews, count = Review.list(entity_id=id, entity_type='event', sort='rating', limit=limit, offset=offset) return render_template('event/entity.html', id=id, event=event, reviews=reviews, my_review=my_review, limit=limit, offset=offset, count=count)
def logout(): try: instagram_username = current_user.insta_username if current_user.is_authenticated(): client.delete(instagram_username) session.clear() logout_user() client.delete(instagram_username) session.clear() except: pass return redirect(url_for('core.index'))
def decorated_view(*args, **kwargs): if not current_user.is_authenticated(): return current_app.login_manager.unauthorized() try: if current_user.is_admin(): return fn(*args, **kwargs) except AttributeError: pass user_unauthorized.send(current_app._get_current_object()) flash("Admin login required for this page", "error") #return redirect(login_url(current_app.login_manager.login_view,request.url)) return "Admin login required"
def likePost(post_id): post = db.session.query(Posts).filter_by(id=post_id).first() if current_user.is_authenticated(): id = current_user.id like = Likes(id, post_id) db.session.add(like) db.session.commit() return jsonify(message="Post Liked!", likes=len(post.likes)), 201 #Flash message to indicate that an error occurred failure = "Failed to like post" return jsonify(error=failure)
def login(): if current_user.is_authenticated(): return redirect(url_for('authentication.dashboard')) form = LoginForm() if form.validate_on_submit(): # login and validate user user = User.load_user(form.username.data, form.password.data) if user: login_user(user) return redirect(url_for('authentication.dashboard')) flash("Incorrect username or password") return render_template("login.html", form=form)
def get_access_levels(): open_for = 1 visibility = 1 if current_user.is_authenticated() and current_user.is_active(): open_for = 2 visibility = 2 if current_user.has_role('ROLE_ADMIN'): open_for = 3 visibility = 3 return {'visibility':visibility, 'open_for':open_for}
def filter_logic(self, filters, skip, limit=None): query = self.generate_full_query(filters) limit = limit if limit else self.args['pageLength'] cve = db.getCVEs(limit=limit, skip=skip, query=query) # marking relevant records if current_user.is_authenticated(): if filters['whitelistSelect'] == "on": cve['results'] = self.list_mark('white', cve['results']) if filters['blacklistSelect'] == "mark": cve['results'] = self.list_mark('black', cve['results']) self.plugManager.mark(cve, **self.pluginArgs) return cve
def render_login_local(): """ Render the login page with username/pass @see #index() @see #render_login_shib() """ if current_user.is_authenticated(): return redirect(get_role_landing_page()) uuid = session['uuid'] form = LoginForm(request.form) if request.method == 'POST' and form.validate(): email = form.email.data.strip( ) if form.email.data else "*****@*****.**" password = form.password.data.strip() if form.password.data else "" app.logger.debug("{} password: {}".format(email, password)) app.logger.debug("Checking email: {}".format(email)) user = UserEntity.query.filter_by(email=email).first() if user: app.logger.debug("Found user object: {}".format(user)) else: utils.flash_error("No such email: {}".format(email)) LogEntity.login(uuid, "No such email: {}".format(email)) return redirect(url_for('index')) password_hash = user.password_hash # @TODO: enforce the `local password` policy if '' == password_hash or \ utils.is_valid_auth(app.config['SECRET_KEY'], password_hash[0:16], password, password_hash[17:]): app.logger.info('Log login event for: {}'.format(user)) LogEntity.login(uuid, 'Successful login via email/password') login_user(user, remember=False, force=False) # Tell Flask-Principal that the identity has changed identity_changed.send(current_app._get_current_object(), identity=Identity(user.get_id())) return redirect(get_role_landing_page()) else: app.logger.info('Incorrect pass for: {}'.format(user)) LogEntity.login_error(uuid, 'Incorrect pass for: {}'.format(user)) utils.flash_error("Incorrect username/password.") # When sending a GET request render the login form return render_template('index.html', form=form, next_page=request.args.get('next'))
def restless_api_auth(*args, **kwargs): """Restrict access to logged in user or valid admin api key Flask-Restless preprocessor""" if current_user.is_authenticated(): return # allow # check for system api key admin_key = current_app.config.get('ADMIN_API_KEY') if admin_key and request.args.get('api_key') == admin_key: return # allow abort(401, 'Not Authenticated')
def hallo(): try: azerty = current_user print(current_user) if current_user.is_authenticated(): #return render_template("main_for_user.html") return "Server is running" else: return '<a class="button" href="/login">Google Login</a>' except Exception as ex: logging.error(ex) return "ok"
def servicesandroid(): if current_user.is_authenticated(): items=[] users=User_Organization_mapping.query.filter_by(id_user=g.user.id).all() for x in users: items = items + Service.query.filter_by(organization_id=x.id_organization).all() #org_id = User_Organization_mapping.query.filter_by(id_user=g.user.id).first() #items=db.session.query(Service).filter_by(organization_id=org_id.id_organization).all() return Response((json.dumps([o.dump() for o in items], default=json_util.default)), mimetype='application/json') else: return "Blad", 400
def profile(musicbrainz_id): if current_user.is_authenticated() and \ current_user.musicbrainz_id == musicbrainz_id: user = current_user else: user = user_data.get_by_mb_id(musicbrainz_id) if user is None: raise NotFound("Can't find this user.") return render_template('user/profile.html', user=user, datasets=dataset.get_by_user_id(user.id))
def login(): if request.method == 'POST': user = User.get_and_check_user(request.form['username'], request.form['password']) if user: login_user(user) flash("Login as, %s" % user.get("user_name"), "success") return redirect(request.args.get("next") or url_for("home.index")) flash(u'Nombre de usuario y/o contraseña incorrecta.', "error") if current_user.is_authenticated(): return redirect(url_for("home.index")) return render_template('login.html')
def access_request(recid=None): """Create an access request.""" record = get_record(recid) # Record must be in restricted access mode. if record.get('access_right') != 'restricted' or \ not record.get('access_conditions'): abort(404) # Record must have an owner and owner must still exists. try: record_owner = User.query.get_or_404(record['owner']['id']) except KeyError: abort(404) sender = None initialdata = dict() # Prepare initial form data if current_user.is_authenticated(): sender = current_user initialdata = dict( # FIXME: add full_name attribute to user accounts. full_name=" ".join([sender["family_name"], sender["given_names"]]), email=sender["email"], ) # Normal form validation form = AccessRequestForm(formdata=request.form, **initialdata) if form.validate_on_submit(): accreq = AccessRequest.create(recid=recid, receiver=record_owner, sender_full_name=form.data['full_name'], sender_email=form.data['email'], justification=form.data['justification'], sender=sender) if accreq.status == RequestStatus.EMAIL_VALIDATION: flash(_( "Email confirmation needed: We have sent you an email to " "verify your address. Please check the email and follow the " "instructions to complete the access request."), category='info') else: flash(_("Access request submitted."), category='info') return redirect(url_for("record.metadata", recid=recid)) return render_template( 'accessrequests/access_request.html', record=record, form=form, )
def login(): if request.method == 'POST': instagram_username = request.form['userEmailID'] instagram_password = request.form['userLoginPassword'] session['insta_username'] = instagram_username session['insta_password'] = instagram_password insta_bot = InstagramBot(instagram_username, instagram_password) insta_login_response = insta_bot.login() insta_bot.closeBrowser() if instagram_username: user_obj = Users.query.filter_by( insta_username=instagram_username).first() if not user_obj: new_user = Users(insta_username=instagram_username) db.session.add(new_user) db.session.commit() user = Users.query.filter_by(insta_username=instagram_username).first() if insta_login_response and user is not None: if user.is_subscribed: if datetime.datetime.utcnow() < user.till_date: ok = login_user(user) print(ok) print("subscribed") print(current_user.is_authenticated()) next = request.args.get('next') if next == None or not next[0] == '/': next = url_for('users.accept_pending_requests') return redirect(next) if user.is_subscribed == False: try: if datetime.datetime.utcnow() > user.till_date: user.till_date = None user.from_date = None user.is_subscribed = False db.session.commit() except: ok = login_user(user) print(ok) print("Not subscribed") next = request.args.get('next') if next == None or not next[0] == '/': next = url_for('core.pricing') return redirect(next) return render_template('index.html')
def login_dashboard(): #print('Entrei aqui') if request.path == '/dashboards/relogin': msg = 'Login Inválido!' else: msg = None if current_user.is_authenticated(): return redirect('/dashboards/') if request.method == 'POST': username = request.form['username'] password = request.form['password'] ambient = request.form['ambient'] cod_empresa = request.form['cod_empresa'] cod_filial = request.form['cod_filial'] #Autenticacao de Usuario username = username.lower() password = password.lower() cod_empresa = cod_empresa.lower() cod_filial = cod_filial.lower() ambient = ambient.lower() m = Manager(cod_empresa, cod_filial) r = m.load_user(username, password, ambient) if r is None: return redirect('/dashboards/relogin') #Valida Empresa e Filial if cod_empresa != '': if m.load_empresa(cod_empresa, ambient) is None: return redirect('/dashboards/relogin') if cod_filial != '': if m.load_filial(cod_empresa, cod_filial, ambient) is None: return redirect('/dashboards/relogin') #Cria sessão do login bem sucedido user = User(username + ':' + ambient + ':' + cod_empresa + ':' + cod_filial) login_user(user) #Faz redirecionamento m.user = user m.id_db = 'softlog_' + user.id.split(':')[1] m.load_menu_dashboard() id_dash = m.dashboards[0] return redirect('/dashboards/%i' % (id_dash)) else: return render_template('dashboards_v1/login.html', msg=msg)
def deleteCandidateLinks(): try: database = psycopg2.connect( user="******", password= "******", host=os.getenv('DATABASE_IP', "172.17.0.1"), port="5432", database="dauhmnvct04jp4") if database: cursor = database.cursor() response = dict() data = request.get_json() if current_user.is_authenticated(): isDeleted1 = data['is_deleted_1'] isDeleted2 = data['is_deleted_2'] isDeleted3 = data['is_deleted_3'] currentUserId = current_user.get_id() if currentUserId: cursor.execute( f"""SELECT link_id FROM public."Candidate Links" WHERE user_id = '{currentUserId}'""" ) queryResult = cursor.fetchall() cursor.execute( f"""UPDATE public."Candidate Links" SET is_deleted='{isDeleted1}' WHERE link_id={queryResult[0][0]}""" ) database.commit() cursor.execute( f"""UPDATE public."Candidate Links" SET is_deleted='{isDeleted2}' WHERE link_id={queryResult[1][0]}""" ) database.commit() cursor.execute( f"""UPDATE public."Candidate Links" SET is_deleted='{isDeleted3}' WHERE link_id={queryResult[2][0]}""" ) database.commit() response['status'] = True response[ 'status_info'] = 'The Appropriate Candidate Links Were Deleted Successfully' else: error = "Connection To Database Failed!" response['error'] = error raise Exception(response) except Exception: return response, 400 return response
def item_detail(item_id): item = Models.Item.objects(item_id=item_id).first_or_404() item_dict = Json.item_json(item) if current_user.is_authenticated(): user = current_user._get_current_object() else: user = Models.GuestRecord.by_key(get_session_key()) item_dict.update({'is_favored': item_id in user.favor_items}) log_item_visit(user_id=user.id, item_id=item_id) return jsonify(message='OK', item=item_dict)
def time_since(time): # pragma: no cover """Returns a string representing time since e.g. 3 days ago, 5 hours ago. :param time: A datetime object """ delta = time - datetime.utcnow() locale = "en" if current_user.is_authenticated() and current_user.language is not None: locale = current_user.language return format_timedelta(delta, add_direction=True, locale=locale)
def comments(slug): article_obj = Article() article = article_obj.get_article_by_slug(slug) form = CommentForm(request.form) if request.method == 'POST' and current_user.is_authenticated( ) and form.content.data: user = current_user.get_mongo_doc() comment = Comment(article=article, content=form.content.data, user=user, vote=1) comment.save() return redirect(url_for('articles.get_article', slug=slug))
def reset_password_request(): if current_user.is_authenticated(): return redirect(url_for('index')) form = ResetPasswordRequestForm() if form.validate_on_submit(): user = User.query.filter_by(email=form.email.data).first() if user: send_email(user) flash('check your email for the instructions to reset your password') return redirect(url_for('login')) return render_template('reset_password_request', title='Reset Password', form=form)
def reset_password(): if current_user.is_authenticated(): return redirect(url_for('index')) user = User.verify_reset_password_token(token) if not user: return redirect(url_for('index')) form = ResetPasswordForm() if form.validate_on_submit(): user.set_password(form.password.data) db.session.commit() flash('Your Password has been reset.') return redirect(url_for('login')) return render_template('reset_password.html', form=form)
def test_correct_login(self): # Ensure login behaves correctly with correct credentials. with self.client: response = self.client.post( '/login', data=dict(email="*****@*****.**", password="******"), follow_redirects=True ) self.assertTrue(response.status_code == 200) self.assertTrue(current_user.email == "*****@*****.**") self.assertTrue(current_user.is_active()) self.assertTrue(current_user.is_authenticated()) self.assertTemplateUsed('main/index.html')
def decorated_view(*args, **kwargs): if current_user.is_active() is False: flash('SVP confirmez votre compte!', 'warning') return redirect(url_for('user_param.unconfirmed')) if not current_user.is_authenticated() or not session.get( 'user_id'): flash('Connectez-vous SVP.', 'danger') return redirect(url_for('user.logout')) if not current_user.is_authenticated() and session.get('user_id'): flash('Connectez-vous SVP.', 'danger') return redirect(url_for('user.logout')) # User must have the required roles if not current_user.has_roles(required_roles, required_droits): # Redirect to the unauthorized page return redirect(url_for('server_Unauthorized')) # Call the actual view return func(*args, **kwargs)
def before_request_gdpr_check(): # skip certain pages, static content and the API if request.path == url_for('index.gdpr_notice') \ or request.path == url_for('profile.delete') \ or request.path == url_for('profile.export_data') \ or request.path == url_for('login.logout') \ or request.path.startswith('/static') \ or request.path.startswith('/1'): return # otherwise if user is logged in and hasn't agreed to gdpr, # redirect them to agree to terms page. elif current_user.is_authenticated() and current_user.gdpr_agreed is None: return redirect(url_for('index.gdpr_notice', next=request.full_path))
def on_identity_loaded(sender, identity): identity.user = current_user if not current_user.is_authenticated(): return if hasattr(current_user, 'login'): identity.provides.add(UserNeed(current_user.login)) for role in session.get('provides', []): permissions = list(role) if len(permissions) == 3 and permissions[0] == ZONE_CONTEXT: current_user.add_zone(permissions) identity.provides.add(tuple(role))
def login(): success = False if current_user.is_authenticated(): success = True elif query_is_photo_user(request.form) or query_is_photo_user( request.args): success = login_user(photo_user, remember=True) elif query_is_admin_user(request.form) or query_is_admin_user( request.args): success = login_user(admin_user, remember=True) if not success: abort(403) return ""
def set_status(event_id, status): if current_user.is_authenticated(): cu = User.query.get_or_404(current_user.id) if cu.is_admin or cu.is_promoter: event = Event.query.get_or_404(event_id) try: event.status = Status[status.upper()].value except KeyError: abort(400) db.session.add(event) db.session.commit() return redirect(url_for('events'))\
def test_reset_forgotten_password_valid_token_invalid_login(self): # Ensure user can confirm account with valid token. with self.client: self.client.post('/forgot', data=dict( email='*****@*****.**', ), follow_redirects=True) token = generate_confirmation_token('*****@*****.**') response = self.client.get('/forgot/new/'+token, follow_redirects=True) self.assertTemplateUsed('user/forgot_new.html') self.assertIn( b'You can now change your password.', response.data ) response = self.client.post( '/forgot/new/'+token, data=dict(password="******", confirm="new-password"), follow_redirects=True ) self.assertIn( b'Password successfully changed.', response.data ) self.assertTemplateUsed('user/profile.html') self.assertTrue(current_user.is_authenticated()) self.client.get('/logout') self.assertFalse(current_user.is_authenticated()) response = self.client.post( '/login', data=dict(email="*****@*****.**", password="******"), follow_redirects=True ) self.assertTrue(response.status_code == 200) self.assertFalse(current_user.is_authenticated()) self.assertIn( b'Invalid email and/or password.', response.data ) self.assertTemplateUsed('user/login.html')
def forbidden(err): code = 403 if not current_user.is_authenticated(): target = get_redirect_target() if not target: target = request.url flash('You do not have access to this resource, please login.', 'error') return redirect(url_for('user.login', next=target), code=code) else: title = 'Access denied' message = "Sorry, but you don't have access to this resource." return render_template('errors/show.html', code=code, title=title, message=message), code
def test_incorrect_login(self): # Ensure login behaves correctly with incorrect credentials. with self.client: response = self.client.post( '/login', data=dict(email="*****@*****.**", password="******"), follow_redirects=True ) self.assertTrue(response.status_code == 200) self.assertIn(b'Invalid email and/or password.', response.data) self.assertFalse(current_user.is_active()) self.assertFalse(current_user.is_authenticated()) self.assertTemplateUsed('user/login.html')