def test_delete_user_as_admin(testapp, db_handle):
user_to_delete = User(email='*****@*****.**',
display_name='Se Borra',
phone_number='11111111111',
image_location='http://www.youtube.com',
admin=False)
user_admin = User(email='*****@*****.**',
display_name='Admin',
phone_number='25642346456',
image_location='http://www.youtube.com',
admin=True)
db_handle.session.add(user_to_delete)
db_handle.session.add(user_admin)
db_handle.session.commit()
auth_service.setData({
'email': user_admin.email,
'uid': '4cNAU9ovw6eD0KH5Qq7S91CXIZx2'
})
response = testapp.delete(f"/users/{user_to_delete.id}",
headers={'x-access-token': token})
json_data = response.get_json()
db.session.delete(user_admin)
db_handle.session.commit()
assert json_data['message'] == 'User deleted.'
assert response.status_code == 200
def test_delete_another_user_with_no_admin_user(testapp, db_handle):
user_to_delete = User(email='*****@*****.**',
display_name='Se Borra',
phone_number='11111111111',
image_location='http://www.youtube.com',
admin=False)
user = User(email='*****@*****.**',
display_name='User',
phone_number='2454564652',
image_location='http://www.youtube.com',
admin=False)
db_handle.session.add(user_to_delete)
db_handle.session.add(user)
db_handle.session.commit()
auth_service.setData({
'email': user.email,
'uid': '4cNAU9ovw6eD0KH5Qq7S91CXIZx2'
})
response = testapp.delete(f"/users/{user_to_delete.id}",
headers={'x-access-token': token})
json_data = response.get_json()
assert json_data['message'] == 'Only admins can delete other users.'
assert response.status_code == 401
def test_get_users_data_filtered_by_display_name(testapp, db_handle):
"""Should return users data filtered by display name
(users which names contains indicated display name)"""
user_a = User(email='*****@*****.**',
display_name='Armando Estaban Quito',
phone_number='11533223536',
image_location='http://www.google.com.ar',
admin=False)
user_b = User(email='*****@*****.**',
display_name='Martin Armando Quito',
phone_number='12121555530',
image_location='http://www.facebook.com',
admin=False)
user_c = User(email='*****@*****.**',
display_name='Carlos Gutierrez',
phone_number='1125553512',
image_location='http://www.youtube.com',
admin=False)
db_handle.session.add(user_a)
db_handle.session.add(user_b)
db_handle.session.add(user_c)
db_handle.session.commit()
response = testapp.get('/users?name=Armando',
headers={'x-access-token': token})
json_data = response.get_json()
assert len(json_data['users']) == 2
for user in json_data['users']:
assert ('Armando' in user['display_name'])
assert response.status_code == 200
def test_mark_attendance(client):
""" Tests mark attendance """
# Add test users
with db:
u = User(login_id="A",
password=pbkdf2_sha256.hash("A"),
role="GN",
email="*****@*****.**",
first_name="A",
last_name="",
inst_id="CSB1000")
u.save()
u = User(login_id="B",
password=pbkdf2_sha256.hash("B"),
role="GN",
email="*****@*****.**",
first_name="B",
last_name="",
inst_id="CSB1000")
u.save()
u = User(login_id="C",
password=pbkdf2_sha256.hash("C"),
role="GN",
email="*****@*****.**",
first_name="C",
last_name="",
inst_id="CSB1000")
u.save()
# Test incorrect data format
response = client.post('/fras/app/login',
json={
'login_id': 'admin',
'password': '******'
})
response = client.post('/fras/app/mark_attendance',
data={'file': './../test_data/modi_grp1.jpeg'})
assert response.json["status"] == "ERROR"
# Test empty file name
data = {'group_photo': (io.BytesIO(b'image data'), '')}
response = client.post('/fras/app/login',
json={
'login_id': 'admin',
'password': '******'
})
response = client.post('/fras/app/mark_attendance', data=data)
assert response.json["status"] == "ERROR"
# Successful test
data = {'group_photo': (io.BytesIO(b'image data'), 'image.jpg')}
response = client.post('/fras/app/login',
json={
'login_id': 'admin',
'password': '******'
})
response = client.post('/fras/app/mark_attendance', data=data)
assert response.json["status"] == "OK"
assert response.json["body"]["names_found"] == ['A', 'B', 'C']
def seed_users():
user1 = User('joe', 'shmoe', '*****@*****.**', '123-123-4321', 'password')
user2 = User('jane', 'shmoe', '*****@*****.**', '123-123-4321', 'password')
user3 = User('foo', 'bar', '*****@*****.**', '123-123-4321', 'password')
user4 = User('chuck', 'norris', '*****@*****.**', '123-123-4321', 'password')
user5 = User('donald', 'duck', '*****@*****.**', '123-123-4321', 'password')
db_session.add(user1)
db_session.add(user2)
db_session.add(user3)
db_session.add(user4)
db_session.add(user5)
db_session.commit()
def testCRUD(self):
# Insert user
user1 = User(name='user1', fullname='USER1', password='******')
self.session.add(user1)
self.session.commit()
# Check if inserted
user = self.session.query(User).filter_by(name='user1').first()
self.assertEquals(user.name, user1.name)
# Check for non insertion
user = self.session.query(User).filter_by(name='userFake').first()
self.assertTrue(user is None)
# Check Update
user = self.session.query(User).filter_by(name='user1').first()
user.password = '******'
self.session.commit()
userTst = self.session.query(User).filter_by(name='user1').first()
self.assertEquals(userTst.password, 'pwdChg')
# Check printout (to see this you have to run nosetest --nocapture
user = self.session.query(User).filter_by(name='user1').first()
print('User = %s' % user)
# Insert a second record and check insertion
user2 = User(name='user2', fullname='USER2', password='******')
self.session.add(user2)
self.session.commit()
user = self.session.query(User).filter_by(name='user2').first()
self.assertEquals(user.name, user2.name)
# Rollback test
user3 = User(name='user3', fullname='USER3', password='******')
self.session.add(user3)
self.session.rollback()
user = self.session.query(User).filter_by(name='user3').first()
self.assertTrue(user is None)
# Delete record
user = self.session.query(User).filter_by(name='user2').first()
self.session.delete(user)
self.session.commit()
self.assertTrue(
self.session.query(User).filter_by(name='user2').count() == 0)
# Json format of Data (not working)
user = self.session.query(User).filter_by(name='user1').first()
def register():
if request.method == 'POST':
username = request.form['username']
password1 = request.form['pwd1']
password2 = request.form['pwd2']
user = User.query.filter(User.username == username).first()
if user:
msg = '用户名已经存在'
return render_template('register.html', msg=msg)
elif password1 != password2:
msg = '两次密码输入不一致'
return render_template('register.html', msg=msg)
elif username == '':
msg = '用户名不能为空'
return render_template('register.html', msg=msg)
elif password1 == '':
msg = '密码不能为空'
return render_template('register.html', msg=msg)
else:
msg = '注册成功'
user_obj = User(username=username, password=password1, role_id=2)
db.session.add(user_obj)
db.session.commit()
return render_template('register.html', msg=msg)
return render_template('register.html')
def test_delete_inexistent_user_as_admin(testapp, db_handle):
user_admin = User(email='*****@*****.**',
display_name='Admin',
phone_number='25642346456',
image_location='http://www.youtube.com',
admin=True)
db_handle.session.add(user_admin)
db_handle.session.commit()
auth_service.setData({
'email': user_admin.email,
'uid': '4cNAU9ovw6eD0KH5Qq7S91CXIZx2'
})
inexistent_user_id = 25646
response = testapp.delete(f"/users/{inexistent_user_id}",
headers={'x-access-token': token})
json_data = response.get_json()
db.session.delete(user_admin)
db_handle.session.commit()
assert json_data[
'message'] == f'No user found with ID: {inexistent_user_id}.'
assert response.status_code == 404
def register_google():
token = request.json["id_token"]
try:
id_info = id_token.verify_oauth2_token(token, requests.Request(),
GOOGLE_CLIENT_ID)
if id_info['iss'] not in [
'accounts.google.com', 'https://accounts.google.com'
]:
raise ValueError('Wrong issuer.')
user_id = id_info['sub']
user = db.get_user(user_id)
if user:
logging.info("User ${user_name} with ID ${id} is logged in".format(
user_name=user['name'], id=user['user_id']))
return json.dumps(user), 200
else:
new_user = User(id_info['sub'], id_info['email'], id_info['name'])
db.save_user(new_user)
logging.info(
"User ${user_name} with ID ${id} is being registered".format(
user_name=new_user.name, id=new_user.user_id))
return json.dumps(new_user.serialize()), 201
except ValueError:
# Invalid token
pass
def login():
user_info = Sso.user_info_by_token()
if Sso.valid_user_info(user_info):
"""
通过sso鉴权该用户是否合法
"""
user_id = user_info.get("user_id")
user = user_info.get("fullname")
email = user_info.get("email")
name = email[:-10]
role_id = 1
current_user = User(user_id=user_id, name=name, email=email, role_id=role_id)
session["user_id"] = user_id
session["username"] = user
session["role"] = get_user_role()
if not user_id_exists(user_id):
"""
通过userid判断用户是否存在
"""
try:
db.session.add(current_user)
db.session.commit()
except Exception as e:
db.session.rollback()
print(e)
raise
finally:
db.session.close()
return redirect(url_for('noclist'))
return redirect(app.config['SSO_URL'] + app.config.get('LOGIN_RETURN_URL') + app.config.get('NOC_URL'))
def signup():
# Init form
form = SignupForm()
# IF POST
if request.method == 'POST':
# Init credentials from form request
username = request.form['username']
password = request.form['password']
# Init user from Db query
existing_user = User.query.filter_by(username=username).first()
# Control new credentials
if existing_user:
flash('The username already exists. Please pick another one.')
return redirect(url_for('signup'))
else:
user = User(username=username,
password=sha256_crypt.hash(password),
createdAt=datetime.now())
Db.session.add(user)
Db.session.commit()
flash('Congratulations, you are now a registered user!')
return redirect(url_for('login'))
# IF POST
else:
return render_template('signup.html', title='Signup', form=form)
def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
code = request.json.get('code', None)
mail = request.json.get('mail', None)
if username is None or password is None or code is None or mail is None or not re.match(
r'[a-zA-Z0-9]+@[a-zA-Z0-9]+\.[a-zA-Z0-9]+', mail):
return jsonify(code=ResponseCode.FORMAT_ERROR, msg="用户名密码格式错误")
cache_email = cache.get(code)
if cache_email != mail:
return ResponseClass.warn(ResponseCode.FORMAT_ERROR)
else:
cache.delete(code)
cache.delete(mail)
session = AppUtils.get_session()
try:
# 验证用户名
AppUtils.validate_username(username)
from models.models import User
user = User()
user.username = username
user.mail = mail
user.hash_password(password)
user.credits = 0
session.add(user)
session.commit()
# 数据库
from app_config import SQLSession
return jsonify(code=0, data=user.get_self_data())
except Exception as e:
return jsonify(code=-1, msg=e.args[0])
finally:
session.close()
def register():
error = None
db = repository.GetSession()
userid = str(uuid.uuid4())
name = request.form.get('username')
password = request.form.get('password')
email = request.form.get('email')
add = db.query(User).filter_by(username=name).first()
print(type(name), name, password, email)
if not add:
if name and password and email:
user = User(username=name,
password=password,
email=email,
userId=userid)
db.add(user)
db.commit()
flash('注册成功')
else:
return web_helper.return_msg(0, '输入注册用户名已存在')
if not name:
return web_helper.return_msg(0, '输入注册用户名为空')
if not password:
return web_helper.return_msg(0, '输入注册密码为空')
if not email:
return web_helper.return_msg(0, '输入注册邮箱为空')
return web_helper.return_msg(0, '用户注册成功')
def post(self):
data = json.loads(request.data)
print(data)
new_post = User(**data)
db.session.add(new_post)
db.session.commit()
return "Successfully added a new news"
def register_user():
first_name = session['profile']['given_name']
surname = session['profile']['family_name']
try:
email = session['profile']['email']
except Exception as e:
# log exception arup waad has email in nickname for some reason...
email = session['profile']['nickname']
if len(parseaddr(email)[1]) == 0:
return 'unable to log you in, invalid email supplied'
user = db.session.query(User).filter_by(first_name=first_name,
surname=surname,
email=email).first()
# if user doesnt exist in db, add them
if (user is None):
user = User(first_name=first_name, surname=surname, email=email)
db.session.add(user)
db.session.commit()
# add user id from DB to the session
session['user_id'] = user.id
return True
def sign_up():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
existing_user = db_session.query(User).filter(
User.username == username).first()
if existing_user:
flash("someone has alreay used that username try again")
return redirect(url_for('routes.sign_up'))
else:
new_user = User(username, password)
db_session.add(new_user)
try:
db_session.commit()
session['logged_in'] = True
except Exception as e:
db_session.rollback()
db_session.flush()
print("error")
return redirect(url_for('routes.home'))
msg = Message("Hello Email World",
sender="*****@*****.**",
recipients=["*****@*****.**"])
mail.send(msg)
return render_template('signup.html')
def callback_handling():
code = request.args.get(CODE_KEY)
get_token = GetToken(AUTH0_DOMAIN)
auth0_users = Users(AUTH0_DOMAIN)
token = get_token.authorization_code(AUTH0_CLIENT_ID, AUTH0_CLIENT_SECRET,
code, AUTH0_CALLBACK_URL)
user_info = auth0_users.userinfo(token['access_token'])
session[PROFILE_KEY] = json.loads(user_info)
# return user_info
# extract data to register user on DB in order top track question set progress
first_name = session['profile']['given_name']
surname = session['profile']['family_name']
try:
email = session['profile']['email']
except Exception as e:
# log exception arup waad has email in nickname for some reason...
email = session['profile']['nickname']
if len(parseaddr(email)[1]) == 0:
return 'unable to log you in, invalid email supplied'
user = db.session.query(User).filter_by(first_name=first_name,
surname=surname,
email=email).first()
# if user doesnt exist in db, add them
if (user is None):
user = User(first_name=first_name, surname=surname, email=email)
db.session.add(user)
db.session.commit()
# add user id from DB to the session
session['user_id'] = user.id
return redirect('/index')
def run(self, dispatcher, tracker, domain):
user = User(0)
found_user = user.find()[0]
recent_friends = user.find_most_recent_friend()
friends_same_city = user.suggest_friends_by_location(found_user['location'])
dispatcher.utter_message("Family action!")
return []
def populate_db(self):
users = []
with open(
os.path.join(os.path.dirname(__file__), 'resources',
'users.csv')) as users_csv:
for user in users_csv:
split_parts = user.split(',')
users.append(
User(split_parts[0], split_parts[1], split_parts[2]))
question_set = grab_questions([1, 2], True)
db.session.add_all(question_set)
db.session.commit()
results = []
with open(
os.path.join(os.path.dirname(__file__), 'resources',
'results.csv')) as results_csv:
for result in results_csv:
split_parts = result.split(',')
results.append(
Result(int(split_parts[0]), int(split_parts[1]),
bool(split_parts[2])))
db.session.add_all(users)
db.session.commit()
db.session.add_all(results)
db.session.commit()
def signup():
# Init form
form = SignupForm()
# IF POST
if request.method == "POST":
# Init credentials from form request
username = request.form["username"]
password = request.form["password"]
# Init user from Db query
existing_user = User.query.filter_by(username=username).first()
# Control new credentials
if existing_user:
flash("The username already exists. Please pick another one.")
return redirect(url_for("signup"))
else:
user = User(username=username,
password=sha256_crypt.hash(password))
Db.session.add(user)
Db.session.commit()
flash("Congratulations, you are now a registered user!")
return redirect(url_for("login"))
# IF GET
else:
return render_template("signup.html", title="Signup", form=form)
def signup():
if request.method == 'GET':
# Display the Signup form
return render_template('signup.html')
else:
# Signup the User
name = request.form["name"]
username = request.form["username"]
email = request.form["email"]
password = request.form["password"]
# TODO: Verify user data
available = User.is_username_available(username)
if not available:
return render_template('signup.html', error="User already exists!")
else:
# Add the user
hashed_pw = make_pw_hash(str(username), str(password))
user = User(name=name,
username=username,
email=email,
password_hash=hashed_pw)
user.put()
response = make_response(redirect(url_for('home')))
response.set_cookie("username", username)
return response
def user(username):
u = User()
user = u.get_user(username=username)
title = request.form.get('new-title')
body = request.form.get('new-body')
if title and body:
p = Post(title=title, body=body, user_id=user.id)
p.add_post()
posts = u.get_posts_by_user(user.id)
if not posts:
posts = [
Post(id=2,
title="There's nothing here yet!",
body="There's nothing here yet!",
user_id=-1)
]
if user:
return render_template('user_page.html',
username=user.username,
posts=posts)
return "user not found" # TODO change the custom 404
def post(self):
self.parser.add_argument('username',
type=str,
help='This username cannot be blank',
required=True)
self.parser.add_argument('password',
type=str,
help='This password cannot be blank',
required=True)
data = self.parser.parse_args(
strict=True) # 获取传输的值/strict=True代表设置如果传以上未指定的参数主动报错
if User.query.filter_by(username=data['username']).filter_by(
flag=1).first():
return {
'msg': 'user {} already exists'.format(data['username'])
}, 400
new_user = User(username=data['username'],
password=User.hash_password(data['password']))
session_add(new_user)
msg = session_commit()
if msg:
return {
"errors":
f"{msg}",
'msg':
"user add failed at {0}".format(
time.strftime("%Y-%m-%d %H:%M:%S"))
}, 500
else:
return {
"msg":
"user add successfully at {0}".format(
time.strftime("%Y-%m-%d %H:%M:%S"))
}
def register_function():
post_data = json.loads(request.data)
username = post_data["username"]
email = post_data["email"]
password = post_data["password"]
if not userutils.check_mail(email):
return json.dumps(
{
"status": "error",
"result": "please check your email"
}
)
if len(str(password)) < 4:
return json.dumps(
{
"status": "error",
"result": "please get some serious password"
}
)
user = User.objects(username=username).first()
if user:
return json.dumps(
{
"status": "error",
"result": "this username already taken, sorry"
}
)
if not username:
return json.dumps(
{
"status": "error",
"result": "please provide a username, it's required'"
}
)
user = User.objects(email=email).first()
if user:
return json.dumps(
{
"status": "error",
"result": "this email address already registered, sorry"
}
)
user = User(username=username, email=email)
user.password = userutils.encrypt(password)
user.slug = userutils.make_slug(username)
user.register_date = datetime.now()
user.save()
login_user(user)
return json.dumps(
{
"status": "success",
"result": "registeration successful"
}
)
def run(self, **kwargs):
from models.models import Role, User, Course
with open('secrets.json', 'r') as secret_file:
secrets = json.load(secret_file).get("ADMIN", {})
print("Adding Admin")
admin = User(first_name=secrets.get("first_name", "Admin"),
last_name=secrets.get("last_name", "User"),
password=encrypt_password(
secrets.get("password", "password")),
confirmed_at=datetime.datetime.now(),
active=True,
email=secrets.get("email", "*****@*****.**"))
db.session.add(admin)
db.session.flush()
db.session.add(Role(name='instructor', user_id=admin.id))
db.session.add(Role(name='admin', user_id=admin.id))
print("Adding default course")
default_course = Course(name="Default Course",
owner_id=admin.id,
service="native")
db.session.add(default_course)
db.session.flush()
db.session.add(
Role(name='instructor',
course_id=default_course.id,
user_id=admin.id))
db.session.commit()
print("Complete")
def post(self):
username = self.get_argument('username')
# sha256加密
password = hashlib.sha256(self.get_argument('password')).hexdigest()
email = self.get_argument('email')
tell_phone = self.get_argument('tell_phone')
company_id = self.get_argument('company_id')
user = self.session.query(User).filter(
User.username == username).first()
if user:
err = '用户已经存在'
self.render("fra_user_add.html",
auth_user=self.current_user,
err=err)
else:
data = time.strftime("%Y-%m-%d")
user = User(
username=username,
password=password,
email=email,
data=data,
tell_phone=tell_phone,
company_id=company_id,
)
self.session.add(user)
self.session.commit()
self.redirect('/fra/user')
def post(self):
login_data = Login.parser.parse_args()
username = login_data['username']
password = login_data['password']
validations = validators.Validation()
if not validations.validate_username(username):
return {
"Message":
"username can only contain alphanumeric characters only and a minimum of 4 characters"
}, 400
if not validations.validate_password(password):
return {
"Message":
"password field should start with a capital letter"
" and include a number"
}, 400
user = User().get_user_by_username(username)
if user and check_password_hash(user.pwhash, password):
expires = datetime.timedelta(minutes=20)
access_token = create_access_token(user.username,
expires_delta=expires)
return {
'token': access_token,
'message': 'successfully logged in'
}, 200
return {'message': 'user does not exist on this server'}, 404
def new_user():
return_data = {'errors': [], 'message': [], 'data': {}}
try:
data = request.get_json(force=True)
except Exception as e:
return_data['errors'].append(
'There was a problem with the request. Please try again')
return_data['errors'].append(e.args)
return jsonify(return_data)
validate_user_form(data, return_data)
#check to see if validation returned any errors
if return_data['errors']:
print('there were errors')
return jsonify(return_data)
# if no errors go ahead and create the user
user = User(first_name=return_data['data']['first_name'],
last_name=return_data['data']['last_name'],
phone=return_data['data']['phone'],
email=return_data['data']['email'])
db_session.add(user)
db_session.commit()
return jsonify({'message': 'this worked'})
def post(self):
"""Handle POST request at /auth/register."""
post_data = request.json
email = post_data.get('email')
password = post_data.get('password')
# Query to see if the user already exists
user = User.query.filter_by(email=email).first()
if not user:
# There is no user so we'll try to register them
try:
user = User(email=email, password=password)
user.save()
response = {
'message': 'You registered successfully. Please log in.'
}
return response, 201
except Exception as e:
response = {'message': str(e)}
return response, 401
else:
# There is an existing user.
response = {'message': 'User already exists. Please login.'}
return response, 409
def signup():
# Init form
form = SignupForm()
# IF POST
if request.method == 'POST':
# Init credentials from form request
username = request.form['username']
password = request.form['password']
# Init user from Db query
existing_user = User.query.filter_by(username=username).first()
# Control new credentials
if existing_user:
flash('Original Name Do Not Steal')
return redirect(url_for('signup'))
else:
user = User(username=username,
password=sha256_crypt.hash(password))
Db.session.add(user)
Db.session.commit()
flash('You have done it. Welcome fellow traveler. Have.')
return redirect(url_for('login'))
# IF POST
else:
return render_template('signup.html', title='Signup', form=form)
