def setUp(self):
""" Method called to prepare the test fixture """
self.newUser = Users()
self.register = self.newUser.user_register("*****@*****.**", "mwaz",
"password", "password")
app.config['TESTING'] = True
self.test_app = app.test_client()
async def login(request):
if request.method == 'POST':
username = request.form.get('username', '')
password = request.form.get('password', '')
#用户名和密码长度,类型等验证,
pwd = Users().passwd(password)
admin = Users.get(Users.phone == username, Users.password == pwd)
if admin:
keys = [
'show_id', 'username', 'phone', 'is_admin', 'level', 'id',
'agent_id'
]
cookies = admin.to_dict(keys)
cookies_json = set_cookies(COOKIE_TOKEN, cookies)
res = response.text(ujson.dumps({'login': '******', 'code': 1}))
res.cookies['user'] = cookies_json
res.cookies["user"]["max-age"] = 36000
return res
else:
res = response.text(
ujson.dumps({
'login': '******',
'code': 0,
'info': '登录失败:用户名或密码错误'
}))
return res
else:
return jinja.render("admin/login.html", request, message="")
async def user_list(request):
"""
用户列表
:param request:
:return:
"""
if request.method == 'GET':
user_query = Users.select().filter(Users.deleted == 0)
cookie = request.cookies.get("user")
user = get_cookies(AGENT_COOKIE_TOKEN, cookie)
username = user.get('username')
is_admin = user.get('is_admin')
kargs = {}
kargs['username'] = username
kargs['is_admin'] = is_admin
kargs['id'] = request.args.get("id", "")
kargs['phone'] = request.args.get("phone", "")
kargs["username"] = request.args.get("username", "")
kargs["level"] = request.args.get("level", "")
kargs["agent_id"] = request.args.get("agent_id", "")
kargs["is_admin"] = request.args.get("is_admin", "")
query = UserService().user_list(**kargs)
data = get_page_data(request, query)
return jinja.render("admin/user-list.html",
request,
kargs=kargs,
data=data,
user_query=user_query)
elif request.method == "POST":
id = request.form.get("id")
Users.update({Users.deleted: 1}).where(Users.id == id).execute()
return text("已删除")
def init_user():
user = Users()
user.username = "******"
user.phone = "17830466355"
user.is_admin = 1
user.level = 1
user.password = user.passwd("466355")
user.save()
def user_register(prop_id=None):
# If the user is already authenticated, redirect
if current_user.is_authenticated:
return redirect(url_for('index'))
# Get the register user form
form = RegisterForm()
# Validate the form if submitted view post request
if request.method == 'POST':
email = form.email.data
pswd = form.password.data
confirm = form.password_confirm.data
if form.validate_on_submit():
# Create user and update password
user_datastore.create_user(email=email, password=pswd)
db.session.commit()
user = Users.check_user(email)
# Complete the login and redirect to correct page
login_user(user)
if not prop_id:
return redirect(url_for('index')) # Should be account page
else:
return redirect(url_for('prop', prop_id=prop_id))
# Check if the user email exists
else:
if Users.check_user(email):
err_msg = 'An Account for this Email Already Exists!'
# If the password doesn't match
elif pswd != confirm:
err_msg = 'Passwords Do Not Match!'
# Catch for any other errors
else:
err_msg = 'Invalid Email!'
# Return the template with the correct error message
return render_template('user_register.html',
prop_id=prop_id,
register_user_form=form,
err_msg=err_msg)
# Render the template
return render_template('user_register.html',
prop_id=prop_id,
register_user_form=form,
err_msg=False)
def query_invite(self, user, **kargs):
if user.get("is_admin", "") == True:
query = Users.select().filter(
Users.deleted == 0, Users.agent_id == kargs.get(
"agent_id", "")).order_by(Users.create_time.desc())
else:
query = Users.select().filter(
Users.deleted == 0, Users.agent_id == user.get("id")).order_by(
Users.create_time.desc())
if "username" in kargs and kargs.get('username').strip():
query = query.filter(username=kargs["username"])
if "user_id" in kargs and kargs.get('user_id').strip():
query = query.filter(id=kargs["user_id"])
return query
def login():
# auth = request.authorization
# if not auth or not auth.username or not auth.password:
# return jsonify(error="Invalid username or password was provided"), 200
# user = Users.query.filter_by(username=auth.username).first()
# if user is None:
# return jsonify(error='User does not exist'), 400
# if user.suspended is True:
# return jsonify(message='Unable to login due to your account being suspended'), 401
# if user:
# if bcrypt.checkpw(auth.password.encode('utf-8'), bytes(user.password)):
# token = jwt.encode({'id': user.id, 'email': user.email}, os.getenv('JWT_KEY'))
# return jsonify(message='Login successful', token=token.decode('UTF-8')), 200
# return jsonify(message='Unable to login, passwords did not match'), 400
data = request.get_json(force=True)
if not data['username'] or not data['password']:
return jsonify(message="The username or password you entered did not match our records. Are you sure you typed the correct credentials?"), 401
user = Users.select().where(Users.username==data['username']).get()
if user is None:
return jsonify(message='The username or password you entered did not match our records. Are you sure you typed the correct credentials?'), 401
if user.suspended is True:
return jsonify(message='Unable to login due to your account being suspended. Learn more information at https://help.pebblo.org/accounts'), 401
if user:
if bcrypt.checkpw(data['password'].encode('utf-8'), bytes(user.password)):
token = jwt.encode({'id': user.id, 'email': user.email, 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=7)}, os.getenv('JWT_KEY'))
return jsonify(message='Login successful', token=token.decode('UTF-8')), 200
return jsonify(message='Unable to login, passwords did not match'), 401
def user_login(prop_id=None):
# If the user is already authenticated, redirect
if current_user.is_authenticated:
return redirect(url_for('index'))
# Get the login user form
form = LoginForm()
# Validate the form if submitted via post request
if request.method == 'POST':
if form.validate_on_submit():
email = form.email.data
user = Users.check_user(email)
# Complete the login and redirect to correct page
login_user(user)
if not prop_id:
return redirect(url_for('index')) # Should be account page
else:
return redirect(url_for('prop', prop_id=prop_id))
# Return the failure message if form not validated
else:
err_msg = 'Invalid Email or Password!'
return render_template('user_login.html',
prop_id=prop_id,
login_user_form=form,
err_msg=err_msg)
# Render the template
return render_template('user_login.html',
prop_id=prop_id,
login_user_form=form,
err_msg=False)
def signin():
""" Sign in an existing user
"""
form = SignInForm(request.form)
next = request.args.get('next', '/')
if request.method == 'POST' and form.validate():
email = form.email.data
password = form.password.data
if email:
user = Users.get_one(email=email)
if not user:
form.email.errors = ['No such user or password']
else:
if not user.check_password(password.encode()):
form.email.errors = ['No such user or password']
else:
login_user(user, remember=True)
return redirect(form.next.data)
# Not a POST or errors
form.next.data = next
context = {'form': form}
content = render_template('signin.html', **context)
return content
def on_get(self, req, resp, **args):
''' City Controller Get Request Method '''
# Returns users with specified city id
if 'id' in args and ObjectId.is_valid(args['id']):
resp.json = [i.to_json() for i in User.objects(city=args['id'])]
# If ?id= is in url and value for id is valid ObjectId
if 'id' in req.params and ObjectId.is_valid(req.params['id']):
try:
# Get document from db with specified id and respond in json
resp.json = City.objects(id=req.params['id'])[0].to_json()
# Id not in database? - display error
except Exception:
resp.status = falcon.HTTP_400
resp.json = {
"message":
"City id: %s not found in database!" % req.params['id']
}
# Everything else just display all cities
else:
cities = [i.to_json() for i in City.objects]
resp.json = cities
def on_post(self, req, resp):
''' Users Controller Post Request Method '''
try:
user = User(avatar=req.json.get('avatar', ''),
first_name=req.get_json('first_name'),
last_name=req.get_json('last_name'),
email=req.get_json('email'),
password=req.get_json('password'),
city=ObjectId(req.get_json('city')))
user.save()
resp.json = user.to_json()
except Exception as e:
resp.status = falcon.HTTP_400
if hasattr(e, 'title') and hasattr(e, 'description'):
resp.json = {"message": "%s - %s" % (e.title, e.description)}
def register():
if request.method == "POST":
userName = request.form.get("username")
userEmail = request.form.get("email").lower()
userPassword = request.form.get("password")
userConfirmPassword = request.form.get("confirmation")
# Check lenght of password
if len(userPassword) <= 5:
return apology("Password is too short", 400)
if checkUserInfo(userName, userEmail, userPassword,
userConfirmPassword) == True:
hashPassword = generate_password_hash(userPassword)
newUser = Users(name=userName,
email=userEmail,
password=hashPassword)
try:
db.session.add(newUser)
db.session.commit()
session["user_id"] = newUser.id
session["email"] = newUser.email
return redirect("/")
except IntegrityError as e:
# Check if User already exist in DB by email
# return errorhandler(e) alternative variant from server eror
return apology("Email already exist", 400)
else:
return apology(
checkUserInfo(userName, userEmail, userPassword,
userConfirmPassword))
else:
# GET
return render_template("register.html")
def user_score_based_recommend(self, users, target_user):
"""
@data: data is a list of recommend contents's ids
"""
engine = UserScoreBasedRecommendEngine(self)
data = engine.run(Users(users), User(target_user))
return data
def update_user(self, user_id, data):
'''
修改
:param show_id:
:param data:
:return:
'''
user = Users.get(Users.id == user_id)
if "username" in data and data.get("username").strip():
user.username = data.get("username")
if "phone" in data and data.get("phone").strip():
user.phone = data.get("phone")
if "password" in data and data.get("password").strip():
user.password = Users().passwd(data.get('password'))
if "level" in data and data.get("level").strip():
user.level = data.get("level")
user.save()
def user(user_id):
user = Users.select().where(Users.id==user_id.id)
return jsonify(
id=user.id,
username=user.username,
avatar=user.avatar,
bio=user.bio,
vanity=user.vanity
), 200
def forgot(user_id):
user = Users.select().where(Users.id==user_id.id)
letters = string.ascii_lowercase+string.ascii_uppercase
ran = ''.join(random.choice(letters) for i in range(7))
update = (Users
.update(Users.email_code==ran)
.where(Users.id==user_id.id)
.execute())
return json.dumps({'message': 'Email Code generated https://pebblo.org/account/verify/{user.email_code}'})
def load_user(userid):
""" Used by login to get a user "
@param userid: User referenced in the database pass in by flask
"""
try:
user = Users.get(userid)
except:
return None
return user
def init_balance():
balance = Balance()
balance.username = "******"
balance.phone = "17830466355"
balance.amount = 0
balance.commission = 0
user = Users().get(Users.phone == "17830466355")
balance.user_id = user.id
balance.save()
async def agent_info(request):
'''
个人信息展示
:param request:
:return:
'''
if request.method == 'GET':
cookie = request.cookies.get("user")
user = get_cookies(AGENT_COOKIE_TOKEN, cookie)
user_id = user.get("id")
query = Users().select().filter(Users.deleted == 0,
Users.id == user_id)
code = Users().get(id=user_id)
invite_url = "http://{}/change_pwd/?user_code={}".format(
request.host, code.user_code)
return jinja.render("admin/user_info.html",
request,
data=query,
invite_url=invite_url)
def render_template(self, view_filename, params=None):
if not params:
params = {}
cookie_law = self.request.cookies.get("cookie_law")
if cookie_law:
params["cookies"] = True
user = users.get_current_user()
if user:
params["user"] = user
new_user = Users(email=user.email(), name="Test")
new_user.put()
params["logout_url"] = users.create_logout_url('/')
else:
params["login_url"] = users.create_login_url('/')
template = jinja_env.get_template(view_filename)
return self.response.out.write(template.render(params))
def user2(user_id):
user = Users.select().where(Users.id==user_id.id)
return jsonify(
id=user.id,
username=user.username,
avatar=user.avatar,
bio=user.bio,
vanity=user.vanity,
created_at=user.created_at,
updated_at=user.updated_at
),
def get(self):
topics = Topic.query(
Topic.deleted == False, Topic.updated <
datetime.datetime.now() - datetime.timedelta(hours=24)).fetch()
users123 = Users.query().fetch()
for user in users123:
mail.send_mail(sender="*****@*****.**",
to=user,
subject="New topics",
body="""New topic {0}""".format(topics))
def get_or_create_user(user_id):
user = db_session.query(Users).filter_by(id=user_id).first()
if not user:
profile = line_bot_api.get_profile(user_id)
user = Users(id=user_id,
nick_name=profile.display_name,
image_url=profile.picture_url)
db_session.add(user)
db_session.commit()
return user
def query_pay_report(self, kargs, user_id):
user = Users.get(Users.id == user_id)
query = PayOrders.select().filter(PayOrders.deleted == 0)
if not user.is_admin:
query = query.filter(PayOrders.user_id == user_id)
if kargs.get("out_trade_no", ""):
query = query.filter(
PayOrders.out_trade_no.contains(kargs["out_trade_no"]))
if kargs.get("pay_trade_no", ""):
query = query.filter(
PayOrders.pay_trade_no.contains(kargs["pay_trade_no"]))
query = query.order_by(PayOrders.create_time.desc())
return query
async def alipay_notify(request):
if request.method=='POST':
_data = request.form
data={}
for key in _data.keys():
data.update({key:_data.get(key)})
signature = data.pop("sign")
# verify
success = _alipay.verify(data, signature)
if success and data["trade_status"] in ("TRADE_SUCCESS","TRADE_FINISHED"):
invoice_amount = float(data['invoice_amount'])
trade_no = data.get('out_trade_no')
order = PayOrders.get(PayOrders.out_trade_no==trade_no)
user_id = order.user_id
if order.status==0:
order.status = 1
order.save()
old = Balance().get(Balance.user_id==user_id)
Balance().update({"amount":old.amount+float(invoice_amount)}).where(Balance.user_id == user_id).execute()
# 首次充值邀请加10元
if PayOrders().filter(PayOrders.user_id==user_id,PayOrders.status==1).count()==1:
user = Users().get(Users.id == user_id)
if user.agent_id !=0:
detail = "你邀请ID为{}的首冲奖励".format(user_id)
Commission().create(user_id=user.agent_id, from_user_id=user_id,
once_amount=10, detail=detail)
agent_old_balance = Balance.get(Balance.user_id == user.agent_id)
Balance().update({Balance.commission: agent_old_balance.commission + 10}).where(
Balance.user_id == user.agent_id).execute()
return response.html("<html><center><h1>支付成功</h2></center></html>")
else:
return response.html("<html><center><h1>支付失败</h2></center></html>")
else:
data = dict(request.query_args)
signature = data.pop("sign")
success = _alipay.verify(data, signature)
if success and data["trade_status"] in ("TRADE_SUCCESS","TRADE_FINISHED"):
trade_no = data.get('out_trade_no')
order = PayOrders.get(PayOrders.out_trade_no==trade_no)
if order.status==0:
order.status = 1
order.save()
return response.html("<html><center><h1>支付成功</h2></center></html>")
else:
return response.html("<html><center><h1>支付失败</h2></center></html>")
async def user_update(request, show_id):
'''
信息修改
:param request:
:return:
'''
if request.method == 'GET':
data = Users.select().filter(Users.show_id == show_id).get()
data = model_to_dict(data)
return jinja.render("admin/user-update.html", request, data=data)
elif request.method == 'POST':
data = request.form
user_id = request.app.get_id_by_show_id(show_id)
UserService().update_user(user_id, data)
return text('修改完成')
def on_get(self, req, resp):
''' Users Controller Get Request Method '''
if 'id' in req.params and ObjectId.is_valid(req.params['id']):
try:
resp.json = User.objects(id=req.params['id'])[0].to_json()
except Exception:
resp.status = falcon.HTTP_400
resp.json = {
"message":
"User id: %s not found in database!" % req.params['id']
}
else:
users = [i.to_json() for i in User.objects]
resp.json = users
def on_delete(self, req, resp):
''' Users Controller Delete Request Method '''
if 'id' in req.params and ObjectId.is_valid(req.params['id']):
res = User.objects(id=req.params['id']).delete()
if res == 1:
resp.json = {
"message":
"User id: %s deleted successfully!" % req.params['id']
}
else:
resp.status = falcon.HTTP_400
resp.json = {
"message":
"User id: %s not in database!" % req.params['id']
}
def verify(user_id):
user = Users.select().where(Users.id==user_id.id)
letters = string.ascii_lowercase+string.ascii_uppercase
ran = ''.join(random.choice(letters) for i in range(7))
if ran != user.email_code or not user.email_code:
return json.dumps({'error': 'Email doesn\'t exist.'})
if not user:
return json.dumps({'error': 'User doesn\'t exist.'})
if user.verified_email is not False:
return json.dumps({'error': 'Email already verified.'})
update = (Users
.update(verified_at=datetime.datetime.now())
.where(Users.email_code==user.email_code)
.execute())
return json.dumps({'message': 'Email has been verified'})
def reset_token(token):
"""Router for reset password page."""
if current_user.is_authenticated:
return redirect(url_for('home'))
user = Users.verify_reset_token(token)
if user is None:
flash(f'Это недействительный или просроченный код!', 'warning')
return redirect(url_for('reset_request'))
form = ResetPasswordForm()
# change password
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user.password = hashed_password
db.session.commit()
flash(f'Ваш пароль успешно изменен! Войдите в систему.', 'success')
return redirect(url_for('login'))
return render_template('reset_token.html',
title='Изменение пароля',
form=form)