Example #1
0
def api_send_verification_email():
    """
    @TODO: allow POST only
    @TODO: Send Verification Email to user_id

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.get_by_id(1)
    user.email = app.config['MAIL_SENDER_SUPPORT']

    try:
        emails.send_verification_email(user)
        return jsonify_success({"message": "Verification email was sent."})
    except Exception as exc:
        details = "Connection config: {}/{}:{}".format(
            app.config['MAIL_USERNAME'], app.config['MAIL_SERVER'],
            app.config['MAIL_PORT'])
        app.logger.debug(details)
        return jsonify_error({
            "message":
            "Unable to send email due: {} {}".format(exc, details)
        })
Example #2
0
def api_deactivate_account():
    """
    De-activate an user.
    @TODO: should change expiration date too?

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, active=False)
    return jsonify_success({"message": "User deactivated."})
Example #3
0
def api_deactivate_account():
    """
    De-activate an user.
    @TODO: should change expiration date too?

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, active=False)
    return jsonify_success({"message": "User deactivated."})
Example #4
0
def api_extend_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date + 180 days

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = request.form.get('user_id')
    today_plus_180 = get_expiration_date(180)
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, access_expires_at=today_plus_180)
    return jsonify_success(
        {"message": "Updated expiration date to {}".format(today_plus_180)})
Example #5
0
def api_extend_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date + 180 days

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = request.form.get('user_id')
    today_plus_180 = get_expiration_date(180)
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, access_expires_at=today_plus_180)
    return jsonify_success(
        {"message": "Updated expiration date to {}".format(today_plus_180)})
Example #6
0
def api_save_user():
    """ Save a new user to the database
    TODO: Add support for reading a password field
    """
    email = request.form['email']
    first = request.form['first']
    last = request.form['last']
    minitial = request.form['minitial']
    roles = request.form.getlist('roles[]')

    email_exists = False
    try:
        existing_user = UserEntity.query.filter_by(email=email).one()
        email_exists = existing_user is not None
    except:
        pass

    if email_exists:
        return utils.jsonify_error(
            {'message': 'Sorry. This email is already taken.'})

    # @TODO: use a non-gatorlink password here
    password = email
    salt, password_hash = utils.generate_auth(app.config['SECRET_KEY'],
                                              password)
    added_date = datetime.today()
    access_end_date = utils.get_expiration_date(180)

    # Note: we store the salt as a prefix
    user = UserEntity.create(email=email,
                             first=first,
                             last=last,
                             minitial=minitial,
                             added_at=added_date,
                             modified_at=added_date,
                             access_expires_at=access_end_date,
                             password_hash="{}:{}".format(salt, password_hash))

    user_roles = []
    try:
        for role_name in roles:
            role_entity = RoleEntity.query.filter_by(name=role_name).one()
            user_roles.append(role_entity)
    except Exception as exc:
        app.logger.debug("Problem saving user: {}".format(exc))

    [user.roles.append(rol) for rol in user_roles]
    user = UserEntity.save(user)
    app.logger.debug("saved user: {}".format(user))
    LogEntity.account_created(session['uuid'], user)
    return utils.jsonify_success({'user': user.serialize()})
Example #7
0
def api_save_user():
    """ Save a new user to the database
    TODO: Add support for reading a password field
    """
    email = request.form['email']
    first = request.form['first']
    last = request.form['last']
    minitial = request.form['minitial']
    roles = request.form.getlist('roles[]')

    email_exists = False
    try:
        existing_user = UserEntity.query.filter_by(email=email).one()
        email_exists = existing_user is not None
    except:
        pass

    if email_exists:
        return utils.jsonify_error(
            {'message': 'Sorry. This email is already taken.'})

    # @TODO: use a non-gatorlink password here
    password = email
    salt, password_hash = utils.generate_auth(app.config['SECRET_KEY'],
                                              password)
    added_date = datetime.today()
    access_end_date = utils.get_expiration_date(180)

    # Note: we store the salt as a prefix
    user = UserEntity.create(email=email,
                             first=first,
                             last=last,
                             minitial=minitial,
                             added_at=added_date,
                             modified_at=added_date,
                             access_expires_at=access_end_date,
                             password_hash="{}:{}".format(salt, password_hash))

    user_roles = []
    try:
        for role_name in roles:
            role_entity = RoleEntity.query.filter_by(name=role_name).one()
            user_roles.append(role_entity)
    except Exception as exc:
        app.logger.debug("Problem saving user: {}".format(exc))

    [user.roles.append(rol) for rol in user_roles]
    user = UserEntity.save(user)
    app.logger.debug("saved user: {}".format(user))
    LogEntity.account_created(session['uuid'], user)
    return utils.jsonify_success({'user': user.serialize()})
Example #8
0
def api_expire_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time
    effectively blocking the user access.

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    today = datetime.today()
    today_start = datetime(today.year, today.month, today.day)
    user = UserEntity.update(user, access_expires_at=today_start)
    return jsonify_success({"message": "User access was expired."})
Example #9
0
def api_expire_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time
    effectively blocking the user access.

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    today = datetime.today()
    today_start = datetime(today.year, today.month, today.day)
    user = UserEntity.update(user, access_expires_at=today_start)
    return jsonify_success({"message": "User access was expired."})
Example #10
0
def api_activate_account():
    """
    Activate an user.
    @TODO: should change expiration date too?

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = utils.get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, active=True)
    LogEntity.account_modified(session['uuid'],
                               "User activated: {}".format(user))
    return utils.jsonify_success({"message": "User activated."})
Example #11
0
def api_activate_account():
    """
    Activate an user.
    @TODO: should change expiration date too?

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = utils.get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, active=True)
    LogEntity.account_modified(session['uuid'],
                               "User activated: {}".format(user))
    return utils.jsonify_success({"message": "User activated."})
Example #12
0
def api_save_user():
    """ Add New User to the database """
    email = request.form['email']
    first = request.form['first']
    last = request.form['last']
    minitial = request.form['minitial']
    roles = request.form.getlist('roles[]')

    app.logger.debug("roles: {}".format(roles))

    email_exists = False
    try:
        existing_user = UserEntity.query.filter_by(email=email).one()
        email_exists = existing_user is not None
    except:
        pass

    if email_exists:
        return make_response(
            pack_error("Sorry. This email is already taken."))

    # @TODO: fix hardcoded values
    # password = '******'
    # salt, hashed_pass = generate_auth(app.config['SECRET_KEY'], password)
    added_date = datetime.today()
    access_end_date = get_expiration_date(180)

    user = UserEntity.create(email=email,
                             first=first,
                             last=last,
                             minitial=minitial,
                             added_at=added_date,
                             modified_at=added_date,
                             access_expires_at=access_end_date,
                             password_hash="")
    # roles=user_roles)
    user_roles = []
    try:
        for role_name in roles:
            role_entity = RoleEntity.query.filter_by(name=role_name).one()
            user_roles.append(role_entity)
    except Exception as exc:
        app.logger.debug("Problem saving user: {}".format(exc))

    [user.roles.append(rol) for rol in user_roles]
    user = UserEntity.save(user)
    app.logger.debug("saved user: {}".format(user))
    return make_response(pack_success_result(user.serialize()))
Example #13
0
def api_save_user():
    """ Add New User to the database """
    email = request.form['email']
    first = request.form['first']
    last = request.form['last']
    minitial = request.form['minitial']
    roles = request.form.getlist('roles[]')

    app.logger.debug("roles: {}".format(roles))

    email_exists = False
    try:
        existing_user = UserEntity.query.filter_by(email=email).one()
        email_exists = existing_user is not None
    except:
        pass

    if email_exists:
        return jsonify_error(
            {'message': 'Sorry. This email is already taken.'})

    # @TODO: fix hardcoded values
    # password = '******'
    # salt, hashed_pass = generate_auth(app.config['SECRET_KEY'], password)
    added_date = datetime.today()
    access_end_date = get_expiration_date(180)

    user = UserEntity.create(email=email,
                             first=first,
                             last=last,
                             minitial=minitial,
                             added_at=added_date,
                             modified_at=added_date,
                             access_expires_at=access_end_date,
                             password_hash="")
    # roles=user_roles)
    user_roles = []
    try:
        for role_name in roles:
            role_entity = RoleEntity.query.filter_by(name=role_name).one()
            user_roles.append(role_entity)
    except Exception as exc:
        app.logger.debug("Problem saving user: {}".format(exc))

    [user.roles.append(rol) for rol in user_roles]
    user = UserEntity.save(user)
    app.logger.debug("saved user: {}".format(user))
    return jsonify_success({'user': user.serialize()})
Example #14
0
def api_save_user():
    """ Save a new user to the database
    TODO: Add support for reading a password field
    """
    request_data = __extract_user_information(request)
    credentials = __generate_credentials(request_data["email"])
    date_data = __get_date_information()

    if __check_is_existing_user(request_data["email"]):
        return utils.jsonify_error(
            {'message': 'Sorry. This email is already taken.'})

    user = UserEntity.create(email=request_data["email"],
                             first=request_data["first"],
                             last=request_data["last"],
                             minitial=request_data["minitial"],
                             added_at=date_data["added_at"],
                             modified_at=date_data["added_at"],
                             access_expires_at=date_data["access_expires_at"],
                             password_hash="{}:{}"
                             .format(credentials["salt"],
                                     credentials["password_hash"]))

    __assign_roles(request_data["roles"], user)

    app.logger.debug("saved user: {}".format(user))
    LogEntity.account_created(session['uuid'], user)
    return utils.jsonify_success({'user': user.serialize()})
    def create_sample_data(self):
        """ Add some data """
        # == Create users
        added_date = datetime.today()
        access_end_date = utils.get_expiration_date(180)
        user = UserEntity.create(email="*****@*****.**",
                                 first="First",
                                 last="Last",
                                 minitial="M",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 email_confirmed_at=added_date,
                                 access_expires_at=access_end_date)

        # == Create roles
        role_admin = RoleEntity.create(name=ROLE_ADMIN, description='role')
        role_tech = RoleEntity.create(name=ROLE_TECHNICIAN, description='role')
        role_res1 = RoleEntity.create(name=ROLE_RESEARCHER_ONE, description='')
        role_res2 = RoleEntity.create(name=ROLE_RESEARCHER_TWO, description='')
        user.roles.extend([role_admin, role_tech, role_res1, role_res2])

        # == Create subject
        subject = SubjectEntity.create(
            redcap_id="001",
            added_at=added_date,
            last_checked_at=added_date,
            was_deleted=0)

        # == Create events
        evt = EventEntity.create(redcap_arm='Arm 1',
                                 redcap_event='Event 1',
                                 day_offset=1,
                                 added_at=added_date)
        evt2 = EventEntity.create(redcap_arm='Arm 1',
                                  redcap_event='Event 2',
                                  day_offset=2.3,
                                  added_at=added_date)

        self.assertIsNotNone(evt.id)
        self.assertIsNotNone(evt2.id)

        files = [
            {'name': 'a.png', 'size': '123', 'event': evt.id},
            {'name': 'b.png', 'size': '1234', 'event': evt.id},
            {'name': 'c.png', 'size': '12345', 'event': evt2.id},
            {'name': 'd.png', 'size': '123456', 'event': evt2.id},
            {'name': 'e.png', 'size': '1234567', 'event': evt2.id},
        ]

        # Create subject files
        for fdata in files:
            subject_file = SubjectFileEntity.create(
                subject_id=subject.id,
                event_id=fdata['event'],
                file_name=fdata['name'],
                file_check_sum=utils.compute_text_md5(fdata['name']),
                file_size=fdata['size'],
                uploaded_at=added_date,
                user_id=user.id)
            self.assertIsNotNone(subject_file.id)
Example #16
0
def api_expire_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time
    effectively blocking the user access.

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = utils.get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    today = datetime.today()
    today_start = datetime(today.year, today.month, today.day)
    user = UserEntity.update(user, access_expires_at=today_start)
    # @TODO: add dedicated log type
    LogEntity.account_modified(session['uuid'],
                               "User access was expired. {}".format(user.email))
    return utils.jsonify_success({"message": "User access was expired."})
Example #17
0
def api_extend_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date + 180 days

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = request.form.get('user_id')
    today_plus_180 = utils.get_expiration_date(180)
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, access_expires_at=today_plus_180)
    # @TODO: add dedicated log type
    LogEntity.account_modified(
        session['uuid'],
        "Updated expiration date to {}. {}".format(today_plus_180, user.email))
    return utils.jsonify_success(
        {"message": "Updated expiration date to {}".format(today_plus_180)})
Example #18
0
def api_expire_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time
    effectively blocking the user access.

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = utils.get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    today = datetime.today()
    today_start = datetime(today.year, today.month, today.day)
    user = UserEntity.update(user, access_expires_at=today_start)
    # @TODO: add dedicated log type
    LogEntity.account_modified(
        session['uuid'], "User access was expired. {}".format(user.email))
    return utils.jsonify_success({"message": "User access was expired."})
Example #19
0
def api_extend_account():
    """
    Change the `User.usrAccessExpiresAt` to today's date + 180 days

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = request.form.get('user_id')
    today_plus_180 = utils.get_expiration_date(180)
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.update(user, access_expires_at=today_plus_180)
    # @TODO: add dedicated log type
    LogEntity.account_modified(session['uuid'],
                               "Updated expiration date to {}. {}".format(
                                   today_plus_180, user.email))
    return utils.jsonify_success(
        {"message": "Updated expiration date to {}".format(today_plus_180)})
Example #20
0
def __assign_roles(roles_required, user):
    """
    Delete all roles for the user if not in the
    provided `roles_required` list and assing new roles.
    """
    all_roles = RoleEntity.query.all()
    user_roles = [role for role in all_roles if role.name in roles_required]
    user = UserEntity.update(user, roles=user_roles)
    return user
    def test_subject(self):
        """ verify save and find operations """

        added_date = datetime.today()
        subject = SubjectEntity.create(
            redcap_id="001",
            added_at=added_date,
            last_checked_at=added_date,
            was_deleted=False)

        self.assertEquals(1, subject.id)
        self.assertEquals("001", subject.redcap_id)
        self.assertIsNotNone(subject.added_at)
        self.assertIsNotNone(subject.last_checked_at)
        self.assertFalse(subject.was_deleted)
        self.assertEqual(subject.added_at, subject.last_checked_at)

        subjects = SubjectEntity.query.all()
        self.assertEquals(1, len(subjects))

        # test usage of CRUDMixin.get_by_id() and create()
        subject = SubjectEntity.update(subject, redcap_id="002")
        self.assertEquals("002", subject.redcap_id)

        evt = EventEntity.create(redcap_arm='Arm 1', redcap_event='Event 1',
                                 added_at=added_date)

        fdata = {'name': 'a.png', 'size': '1MB', 'event': evt.id}
        user = UserEntity.create(email="*****@*****.**",
                                 first="",
                                 last="",
                                 minitial="",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 access_expires_at=added_date)

        subject_file = SubjectFileEntity.create(
            subject_id=subject.id,
            event_id=fdata['event'],
            file_name=fdata['name'],
            file_check_sum=utils.compute_text_md5(fdata['name']),
            file_size=fdata['size'],
            uploaded_at=added_date,
            user_id=user.get_id())
        self.assertIsNotNone(subject_file.id)

        actual_count = SubjectFileEntity.query.count()
        self.assertEqual(1, actual_count)

        actual_count = SubjectFileEntity.query.filter_by(
            event_id=1).count()
        self.assertEqual(1, actual_count)

        sfile = SubjectFileEntity.query.first()
        self.assertEqual(user.id, sfile.user_id)
    def test_subject(self):
        """ verify save and find operations """

        added_date = datetime.today()
        subject = SubjectEntity.create(redcap_id="001",
                                       added_at=added_date,
                                       last_checked_at=added_date,
                                       was_deleted=False)

        self.assertEquals(1, subject.id)
        self.assertEquals("001", subject.redcap_id)
        self.assertIsNotNone(subject.added_at)
        self.assertIsNotNone(subject.last_checked_at)
        self.assertFalse(subject.was_deleted)
        self.assertEqual(subject.added_at, subject.last_checked_at)

        subjects = SubjectEntity.query.all()
        self.assertEquals(1, len(subjects))

        # test usage of CRUDMixin.get_by_id() and create()
        subject = SubjectEntity.update(subject, redcap_id="002")
        self.assertEquals("002", subject.redcap_id)

        evt = EventEntity.create(redcap_arm='Arm 1',
                                 redcap_event='Event 1',
                                 added_at=added_date)

        fdata = {'name': 'a.png', 'size': '1MB', 'event': evt.id}
        user = UserEntity.create(email="*****@*****.**",
                                 first="",
                                 last="",
                                 minitial="",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 access_expires_at=added_date)

        subject_file = SubjectFileEntity.create(
            subject_id=subject.id,
            event_id=fdata['event'],
            file_name=fdata['name'],
            file_check_sum=utils.compute_text_md5(fdata['name']),
            file_size=fdata['size'],
            uploaded_at=added_date,
            user_id=user.get_id())
        self.assertIsNotNone(subject_file.id)

        actual_count = SubjectFileEntity.query.count()
        self.assertEqual(1, actual_count)

        actual_count = SubjectFileEntity.query.filter_by(event_id=1).count()
        self.assertEqual(1, actual_count)

        sfile = SubjectFileEntity.query.first()
        self.assertEqual(user.id, sfile.user_id)
    def create_sample_data(self):
        """ Add some data """

        # == Create users
        added_date = datetime.today()
        access_end_date = utils.get_expiration_date(180)
        user = UserEntity.create(email="*****@*****.**",
                                 first="First",
                                 last="Last",
                                 minitial="M",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 access_expires_at=access_end_date)

        # == Create roles
        role_admin = RoleEntity.create(name=ROLE_ADMIN, description='role')
        role_tech = RoleEntity.create(name=ROLE_TECHNICIAN, description='role')
        user.roles.extend([role_admin, role_tech])

        # == Create subject
        subject = SubjectEntity.create(
            redcap_id="001",
            added_at=added_date,
            last_checked_at=added_date,
            was_deleted=0)

        # == Create events
        evt = EventEntity.create(redcap_arm='Arm 1', redcap_event='Event 1',
                          added_at=added_date)
        evt2 = EventEntity.create(redcap_arm='Arm 1', redcap_event='Event 2',
                           added_at=added_date)

        assert evt.id is not None

        files = [
            {'name': 'a.png', 'size': '1MB', 'event': evt.id},
            {'name': 'b.png', 'size': '2MB', 'event': evt.id},
            {'name': 'c.png', 'size': '3MB', 'event': evt2.id},
            {'name': 'd.png', 'size': '4MB', 'event': evt2.id},
            {'name': 'e.png', 'size': '5MB', 'event': evt2.id},
        ]

        # Create subject files
        for fdata in files:
            subject_file = SubjectFileEntity.create(
                subject_id=subject.id,
                event_id=fdata['event'],
                file_name=fdata['name'],
                file_check_sum=utils.compute_text_md5(fdata['name']),
                file_size=fdata['size'],
                uploaded_at=added_date,
                user_id=user.id)
            app.logger.debug("Init test case with: {}".format(subject_file))
Example #24
0
def api_send_verification_email():
    """
    @TODO: allow POST only
    @TODO: Send Verification Email to user_id

    :rtype: Response
    :return the success or failed in json format
    """
    user_id = get_safe_int(request.form.get('user_id'))
    user = UserEntity.get_by_id(user_id)
    user = UserEntity.get_by_id(1)
    user.email = app.config['MAIL_SENDER_SUPPORT']

    try:
        emails.send_verification_email(user)
        return jsonify_success({"message": "Verification email was sent."})
    except Exception as exc:
        details = "Connection config: {}/{}:{}".format(
            app.config['MAIL_USERNAME'],
            app.config['MAIL_SERVER'],
            app.config['MAIL_PORT'])
        app.logger.debug(details)
        return jsonify_error({"message": "Unable to send email due: {} {}"
                              .format(exc, details)})
    def test_user(self):
        """ verify save and find operations """
        added_date = datetime.today()
        access_end_date = utils.get_expiration_date(180)
        user = UserEntity.create(email="*****@*****.**",
                                 first="",
                                 last="",
                                 minitial="",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 access_expires_at=access_end_date)
        self.assertEqual(1, user.id)
        self.assertEqual("*****@*****.**", user.email)

        with self.assertRaises(NoResultFound):
            UserEntity.query.filter_by(email="[email protected]").one()

        found = UserEntity.query.filter_by(email="*****@*****.**").one()
        self.assertIsNotNone(found)

        # two unbound objects ...
        role_admin = self.get_role(ROLE_ADMIN)
        role_tech = self.get_role(ROLE_TECHNICIAN)

        # save them to the database...
        db.session.add(role_admin)
        db.session.add(role_tech)
        db.session.commit()

        saved_role = RoleEntity.query.filter_by(name=ROLE_ADMIN).one()
        self.assertEqual(1, saved_role.id)

        # ...then use them
        user.roles.append(role_admin)
        user.roles.append(role_tech)

        user_roles = UserRoleEntity.query.all()
        self.assertEqual(2, len(user_roles))

        user_role = UserRoleEntity.get_by_id(1)
        self.assertEqual(1, user_role.id)
        self.assertEqual(ROLE_ADMIN, user_role.role.name)
Example #26
0
    def test_user(self):
        """ verify save and find operations """
        added_date = datetime.today()
        access_end_date = utils.get_expiration_date(180)
        user = UserEntity.create(email="*****@*****.**",
                                 first="",
                                 last="",
                                 minitial="",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 access_expires_at=access_end_date)
        self.assertEqual(1, user.id)
        self.assertEqual("*****@*****.**", user.email)

        with self.assertRaises(NoResultFound):
            UserEntity.query.filter_by(email="[email protected]").one()

        found = UserEntity.query.filter_by(email="*****@*****.**").one()
        self.assertIsNotNone(found)

        # two unbound objects ...
        role_admin = self.get_role(ROLE_ADMIN)
        role_tech = self.get_role(ROLE_TECHNICIAN)

        # save them to the database...
        db.session.add(role_admin)
        db.session.add(role_tech)
        db.session.commit()

        saved_role = RoleEntity.query.filter_by(name=ROLE_ADMIN).one()
        self.assertEqual(1, saved_role.id)

        # ...then use them
        user.roles.append(role_admin)
        user.roles.append(role_tech)

        user_roles = UserRoleEntity.query.all()
        self.assertEqual(2, len(user_roles))

        user_role = UserRoleEntity.get_by_id(1)
        self.assertEqual(1, user_role.id)
        self.assertEqual(ROLE_ADMIN, user_role.role.name)
Example #27
0
def api_verify_email():
    """
    @TODO: add counter/log to track failed attempts

    :rtype: Response
    :return the success or failed in json format
    """
    if 'POST' == request.method:
        token = utils.clean_str(request.form.get('tok'))
    else:
        token = utils.clean_str(request.args.get('tok'))

    if not token:
        return utils.jsonify_error({'message': 'No token specified.'})

    try:
        email = utils.get_email_from_token(token,
                                           app.config["SECRET_KEY"],
                                           app.config["SECRET_KEY"])
    except Exception as exc:
        # @TODO: add dedicated log type
        app.logger.error("api_verify_email: {}".format(exc.message))
        return utils.jsonify_error({'message': exc.message})

    app.logger.debug("Decoded email from token: {}".format(email))
    user = UserEntity.query.filter_by(email=email).first()

    if user is None:
        app.logger.error("Attempt to verify email with incorrect token: {}"
                         .format(token))
        return utils.jsonify_error({'message': 'Sorry.'})

    user = UserEntity.update(user, email_confirmed_at=datetime.today())
    app.logger.debug("Verified token {} for user {}".format(token, user.email))

    # @TODO: add dedicated log type
    LogEntity.account_modified(session['uuid'],
                               "Verified token {} for user {}".format(
                                   token, user.email))
    return utils.jsonify_success(
        {"message": "Email was verified for {}.".format(email)})
Example #28
0
def api_verify_email():
    """
    @TODO: add counter/log to track failed attempts

    :rtype: Response
    :return the success or failed in json format
    """
    if 'POST' == request.method:
        token = utils.clean_str(request.form.get('tok'))
    else:
        token = utils.clean_str(request.args.get('tok'))

    if not token:
        return utils.jsonify_error({'message': 'No token specified.'})

    try:
        email = utils.get_email_from_token(token,
                                           app.config["SECRET_KEY"],
                                           app.config["SECRET_KEY"])
    except Exception as exc:
        # @TODO: add dedicated log type
        app.logger.error("api_verify_email: {}".format(exc.message))
        return utils.jsonify_error({'message': exc.message})

    app.logger.debug("Decoded email from token: {}".format(email))
    user = UserEntity.query.filter_by(email=email).first()

    if user is None:
        app.logger.error("Attempt to verify email with incorrect token: {}"
                         .format(token))
        return utils.jsonify_error({'message': 'Sorry.'})

    user = UserEntity.update(user, email_confirmed_at=datetime.today())
    app.logger.debug("Verified token {} for user {}".format(token, user.email))

    # @TODO: add dedicated log type
    LogEntity.account_modified(session['uuid'],
                               "Verified token {} for user {}".format(
                                   token, user.email))
    return utils.jsonify_success(
        {"message": "Email was verified for {}.".format(email)})
Example #29
0
def api_verify_email():
    """
    @TODO: add column for verification hash
    @TODO: add counter/log to track failed attempts

    :rtype: Response
    :return the success or failed in json format
    """
    token = request.form.get('tok')

    # user = UserEntity.query.filter_by(email_token=token).first()
    user = UserEntity.get_by_id(1)

    if user is None:
        app.logger.error(
            "Attempt to verify email with incorrect token: {}".format(token))
        return jsonify_error({'message': 'Sorry.'})

    app.logger.debug("Verified token {} for user {}".format(token, user.email))
    # implement update User set usrEmailConfirmedAt = NOW()
    return jsonify_success({"message": "Verification email was sent."})
Example #30
0
def api_verify_email():
    """
    @TODO: add column for verification hash
    @TODO: add counter/log to track failed attempts

    :rtype: Response
    :return the success or failed in json format
    """
    token = request.form.get('tok')

    # user = UserEntity.query.filter_by(email_token=token).first()
    user = UserEntity.get_by_id(1)

    if user is None:
        app.logger.error("Attempt to verify email with incorrect token: {}"
                         .format(token))
        return jsonify_error({'message': 'Sorry.'})

    app.logger.debug("Verified token {} for user {}".format(token, user.email))
    # implement update User set usrEmailConfirmedAt = NOW()
    return jsonify_success({"message": "Verification email was sent."})
Example #31
0
def api_edit_user():
    """ Edit an existing user in the database
    TODO: Add support for reading a password field
    """
    request_data = __extract_user_information(request)
    credentials = __generate_credentials(request_data["email"])
    date_data = __get_date_information()

    user = UserEntity.get_by_id(id=request_data["usr_id"])
    user.update(email=request_data["email"],
                first=request_data["first"],
                last=request_data["last"],
                minitial=request_data["minitial"],
                added_at=date_data["added_at"],
                modified_at=date_data["added_at"],
                access_expires_at=date_data["access_expires_at"],
                password_hash="{}:{}".format(credentials["salt"],
                                             credentials["password_hash"]))

    __assign_roles(request_data["roles"], user)

    app.logger.debug("updated user: {}".format(user))
    LogEntity.account_updated(session['uuid'], user)
    return utils.jsonify_success({'user': user.serialize()})
Example #32
0
def load_user(user_id):
    """Return the user from the database"""
    return UserEntity.get_by_id(user_id)
Example #33
0
def load_user(user_id):
    """Return the user from the database"""
    return UserEntity.get_by_id(user_id)
    def create_sample_data(self):
        """ Add some data """

        # == Create users
        added_date = datetime.today()
        access_end_date = utils.get_expiration_date(180)
        user = UserEntity.create(email="*****@*****.**",
                                 first="First",
                                 last="Last",
                                 minitial="M",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 access_expires_at=access_end_date)

        # == Create roles
        role_admin = RoleEntity.create(name=ROLE_ADMIN, description='role')
        role_tech = RoleEntity.create(name=ROLE_TECHNICIAN, description='role')
        user.roles.extend([role_admin, role_tech])

        # == Create subject
        subject = SubjectEntity.create(redcap_id="001",
                                       added_at=added_date,
                                       last_checked_at=added_date,
                                       was_deleted=0)

        # == Create events
        evt = EventEntity.create(redcap_arm='Arm 1',
                                 redcap_event='Event 1',
                                 added_at=added_date)
        evt2 = EventEntity.create(redcap_arm='Arm 1',
                                  redcap_event='Event 2',
                                  added_at=added_date)

        assert evt.id is not None

        files = [
            {
                'name': 'a.png',
                'size': '1MB',
                'event': evt.id
            },
            {
                'name': 'b.png',
                'size': '2MB',
                'event': evt.id
            },
            {
                'name': 'c.png',
                'size': '3MB',
                'event': evt2.id
            },
            {
                'name': 'd.png',
                'size': '4MB',
                'event': evt2.id
            },
            {
                'name': 'e.png',
                'size': '5MB',
                'event': evt2.id
            },
        ]

        # Create subject files
        for fdata in files:
            subject_file = SubjectFileEntity.create(
                subject_id=subject.id,
                event_id=fdata['event'],
                file_name=fdata['name'],
                file_check_sum=utils.compute_text_md5(fdata['name']),
                file_size=fdata['size'],
                uploaded_at=added_date,
                user_id=user.id)
            app.logger.debug("Init test case with: {}".format(subject_file))
Example #35
0
    def create_sample_data(self):
        """ Add some data """
        # == Create users
        added_date = datetime.today()
        access_end_date = utils.get_expiration_date(180)
        user = UserEntity.create(email="*****@*****.**",
                                 first="First",
                                 last="Last",
                                 minitial="M",
                                 added_at=added_date,
                                 modified_at=added_date,
                                 email_confirmed_at=added_date,
                                 access_expires_at=access_end_date)

        # == Create roles
        role_admin = RoleEntity.create(name=ROLE_ADMIN, description='role')
        role_tech = RoleEntity.create(name=ROLE_TECHNICIAN, description='role')
        role_res1 = RoleEntity.create(name=ROLE_RESEARCHER_ONE, description='')
        role_res2 = RoleEntity.create(name=ROLE_RESEARCHER_TWO, description='')
        user.roles.extend([role_admin, role_tech, role_res1, role_res2])

        # == Create subject
        subject = SubjectEntity.create(redcap_id="001",
                                       added_at=added_date,
                                       last_checked_at=added_date,
                                       was_deleted=0)

        # == Create events
        evt = EventEntity.create(redcap_arm='Arm 1',
                                 redcap_event='Event 1',
                                 day_offset=1,
                                 added_at=added_date)
        evt2 = EventEntity.create(redcap_arm='Arm 1',
                                  redcap_event='Event 2',
                                  day_offset=2.3,
                                  added_at=added_date)

        self.assertIsNotNone(evt.id)
        self.assertIsNotNone(evt2.id)

        files = [
            {
                'name': 'a.png',
                'size': '123',
                'event': evt.id
            },
            {
                'name': 'b.png',
                'size': '1234',
                'event': evt.id
            },
            {
                'name': 'c.png',
                'size': '12345',
                'event': evt2.id
            },
            {
                'name': 'd.png',
                'size': '123456',
                'event': evt2.id
            },
            {
                'name': 'e.png',
                'size': '1234567',
                'event': evt2.id
            },
        ]

        # Create subject files
        for fdata in files:
            subject_file = SubjectFileEntity.create(
                subject_id=subject.id,
                event_id=fdata['event'],
                file_name=fdata['name'],
                file_check_sum=utils.compute_text_md5(fdata['name']),
                file_size=fdata['size'],
                uploaded_at=added_date,
                user_id=user.id)
            self.assertIsNotNone(subject_file.id)