def post(self): email = context.form.get('email') password = context.form.get('password') otp = context.form.get('otp', None) principal = context.application.__authenticator__.login((email, password)) token = principal.dump().decode() try: # TODO: Add this feature for admins if principal.is_in_roles('client'): client = Client.query.filter(Client.email == email).one() if client.has_second_factor is True: if otp is None: raise HttpBadRequest('Otp needed', 'bad-otp') oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email) is_valid, _ = oath.verify_google_auth(otp) if is_valid is False: raise HttpBadRequest('Invalid otp', 'invalid-otp') login_log = SecurityLog.generate_log(type='login') DBSession.add(login_log) DBSession.flush() except Exception as e: # FIXME: Fix the warning context.application.__authenticator__.unregister_session(principal.session_id) raise e return dict(token=token)
def register(self): email = context.form.get('email') password = context.form.get('password') name = context.form.get('name') family = context.form.get('family') description = context.form.get('description') role = 'member' member = DBSession.query(Member) \ .filter(Member.email == email) \ .one_or_none() if DBSession.query(Member.email).filter(Member.email == email).count(): raise HTTPStatus('601 Email Address Is Already Registered') member = Member( email=email, name=name, password=password, family=family, description=description, role=role, ) DBSession.add(member) return member
def test_modified_mixin(self): # noinspection PyArgumentList instance = ModificationCheckingModel( title='test title', ) DBSession.add(instance) DBSession.commit() self.assertIsNone(instance.modified_at) self.assertIsNotNone(instance.created_at) self.assertEqual(instance.last_modification_time, instance.created_at) instance = DBSession.query(ModificationCheckingModel).one() self.assertIsNone(instance.modified_at) self.assertIsNotNone(instance.created_at) self.assertEqual(instance.last_modification_time, instance.created_at) instance.title = 'Edited title' DBSession.commit() self.assertIsNotNone(instance.modified_at) self.assertIsNotNone(instance.created_at) self.assertEqual(instance.last_modification_time, instance.modified_at) instance = DBSession.query(ModificationCheckingModel).one() self.assertIsNotNone(instance.modified_at) self.assertIsNotNone(instance.created_at) self.assertEqual(instance.last_modification_time, instance.modified_at)
def test_approve_required_mixin(self): # noinspection PyArgumentList object1 = ApproveRequiredObject( title='object 1', ) DBSession.add(object1) DBSession.commit() self.assertFalse(object1.is_approved) self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 0) object1.is_approved = True self.assertTrue(object1.is_approved) DBSession.commit() object1 = DBSession.query(ApproveRequiredObject).one() self.assertTrue(object1.is_approved) json = object1.to_dict() self.assertIn('isApproved', json) self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 1) self.assertEqual(ApproveRequiredObject.filter_approved().count(), 1) self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'false')) self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'FALSE')) self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'False')) self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'true')) self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'TRUE')) self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'True')) self.assertEqual(ApproveRequiredObject.import_value(ApproveRequiredObject.title, 'title'), 'title')
def register(self): email = context.form.get('email') password = context.form.get('password') invitation_code = context.form.get('invitationCode', None) client = Client() if invitation_code is None and settings.membership.invitation_code_required is True: raise HttpBadRequest('Bad invitation code', 'bad-invitation-code') if invitation_code is not None: invitation = Invitation.query.filter(Invitation.code == invitation_code).with_for_update().one_or_none() if invitation is None or invitation.is_active is False: raise HttpBadRequest('Bad invitation code', 'bad-invitation-code') if invitation.unfilled_sits <= 0: raise HttpBadRequest('Fully filled invitation code', 'fully-filled-invitation-code') invitation.filled_sits += 1 client.invitation_code = invitation_code client.email = email client.password = password client.is_active = True DBSession.add(client) return client
def claim(self): email = context.form.get('email') email_pattern = r'(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)' if not email: raise HTTPBadRequest() if not re.match(email_pattern, email): raise HTTPStatus('701 Invalid email format.') if DBSession.query(Member.email).filter(Member.email == email).count(): raise HTTPStatus( '601 The requested email address is already registered.') # FIXME: Token should be put in payload serializer = \ itsdangerous.URLSafeTimedSerializer(settings.activation.secret) token = serializer.dumps(email) DBSession.add( ActivationEmail(to=email, subject='Activate your NueMD Coder account', body={ 'activation_token': token, 'activation_url': settings.activation.url })) return dict(email=email)
def test_soft_delete_mixin(self): # noinspection PyArgumentList instance = SoftDeleteCheckingModel(title='test title') DBSession.add(instance) DBSession.commit() instance.assert_is_not_deleted() self.assertRaises(ValueError, instance.assert_is_deleted) instance = SoftDeleteCheckingModel.query.one() instance.soft_delete() DBSession.commit() instance.assert_is_deleted() self.assertRaises(ValueError, instance.assert_is_not_deleted) self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 1) self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 0) instance.soft_undelete() DBSession.commit() instance.assert_is_not_deleted() self.assertRaises(ValueError, instance.assert_is_deleted) self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 0) self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 1) DBSession.delete(instance) self.assertRaises(HttpConflict, DBSession.commit)
def mockup(cls): god = God() god.email = '*****@*****.**' god.password = '******' god.is_active = True DBSession.add(god) DBSession.commit()
def send(self, target_id): mimetype = context.form.get('mimetype') sender = Member.current() message = Message(body=context.form.get('body')) message.target_id = int(target_id) message.sender_id = sender.id if 'attachment' in context.form: message.attachment = context.form.get('attachment') message.mimetype = message.attachment.content_type if message.attachment.content_type in BLACKLIST_MIME_TYPES: raise HTTPUnsupportedMediaType() elif mimetype: if mimetype not in SUPPORTED_TEXT_MIME_TYPES: raise HTTPUnsupportedMediaType() message.mimetype = context.form.get('mimetype') else: message.mimetype = 'text/plain' DBSession.add(message) DBSession.flush() queues.push(settings.messaging.workers_queue, message.to_dict()) webhook = Webhook() webhook.sent_message(target_id, sender.reference_id) return message
def subscribe(self): member = Member.current() query = DBSession.query(Room) requested_rooms = Target.filter_by_request(query).all() if len(requested_rooms) >= settings.room.subscription.max_length: raise HTTPStatus( f'716 Maximum {settings.room.subscription.max_length} Rooms ' f'To Subscribe At A Time') requested_rooms_id = {i.id for i in requested_rooms} subscribed_rooms = DBSession.query(TargetMember) \ .filter(TargetMember.member_id == member.id) \ .join(Target, Target.id == TargetMember.target_id) \ .filter(Target.type == 'room') \ .all() subscribed_rooms_id = {i.target_id for i in subscribed_rooms} not_subscribed_rooms_id = requested_rooms_id - subscribed_rooms_id flush_counter = 0 for each_room_id in not_subscribed_rooms_id: flush_counter += 1 target_member = TargetMember(target_id=each_room_id, member_id=member.id) DBSession.add(target_member) if flush_counter % 10 == 0: DBSession.flush() not_subscribed_rooms = DBSession.query(Target) \ .filter(Target.id.in_(not_subscribed_rooms_id)) return not_subscribed_rooms
def mockup(): with StoreManager(DBSession): images = PlaceImageList([ PlaceImage.create_from(f'{IMAGE_PATH}/1.jpeg'), PlaceImage.create_from(f'{IMAGE_PATH}/2.jpeg'), ]) categories = [ Category(name='جنگل', ), Category(name='رودخونه', ), Category(name='کوه', ), Category(name='مذهبی', ), ] for i in range(1000): place = Place( name=f'foo {i}', description=description, address=address, latitude=random() * 20 + 30, longitude=random() * 20 + 30, images=images, category=choice(categories), ) DBSession.add(place) DBSession.commit()
def test_activation_mixin(self): activated_student = Student() activated_student.name = 'activated-student' activated_student.activated_at = datetime.now() DBSession.add(activated_student) deactivated_student = Student() deactivated_student.name = 'deactivated-student' deactivated_student.activated_at = None DBSession.add(deactivated_student) DBSession.commit() # Test ordering: student_list = Student.query.order_by(desc(Student.is_active)).all() self.assertIsNotNone(student_list[0].activated_at) self.assertIsNone(student_list[-1].activated_at) student_list = Student.query.order_by(asc(Student.is_active)).all() self.assertIsNotNone(student_list[-1].activated_at) self.assertIsNone(student_list[0].activated_at) # Test filtering: student_list = Student.query.filter(Student.is_active).all() for student in student_list: self.assertIsNotNone(student.activated_at) student_list = Student.query.filter(not_(Student.is_active)).all() for student in student_list: self.assertIsNone(student.activated_at)
def insert_mockup(self, args=None): # pragma: no cover from restfulpy.orm import DBSession from .models import User oscar = User(id='pylover', email='*****@*****.**', password='******') DBSession.add(oscar) DBSession.commit()
def insert_mockup(self): for i in range(1, 11): # noinspection PyArgumentList DBSession.add( Resource(id=i, title='resource%s' % i, password='******' % i)) DBSession.commit()
def add(self): bank_card = BankCard() bank_card.client_id = context.identity.id bank_card.fiat_symbol = context.form.get('fiatSymbol') bank_card.holder = context.form.get('holder') bank_card.pan = context.form.get('pan') DBSession.add(bank_card) return bank_card
def __call__(self, args): user = User( id=args.name, email=args.email, password=getpass() ) DBSession.add(user) DBSession.commit()
def create(self): title = context.form.get('title') if DBSession.query(Person).filter(Person.title == title).count(): raise HTTPStatus('600 Already person has existed') person = Person(title=context.form.get('title')) DBSession.add(person) return person
def add(self): sheba_address = BankAccount() sheba_address.client_id = context.identity.id sheba_address.fiat_symbol = context.form.get('fiatSymbol') sheba_address.iban = context.form.get('iban') sheba_address.bic = context.form.get('bic', None) sheba_address.owner = context.form.get('owner') DBSession.add(sheba_address) return sheba_address
def create(self): title = context.form.get('title') if DBSession.query(Foo).filter(Foo.title == title).count(): raise HTTPStatus('604 Title Is Already Registered') foo = Foo() foo.update_from_request() DBSession.add(foo) return foo
def test_auto_activation(self): # noinspection PyArgumentList object1 = AutoActiveObject(title='object 1', ) DBSession.add(object1) DBSession.commit() self.assertTrue(object1.is_active) self.assertEqual( 1, DBSession.query(AutoActiveObject).filter( AutoActiveObject.is_active).count())
def insert_mockup(self): url = Url(url='http://www.varzesh3.com') member = Member( given_name='mohammad', family_name='sheikhian', email='*****@*****.**', google_access_token='fgbsdibfosdnfosd', google_refresh_token='fgbdyugbdsiubgdufig' ) DBSession.add(url) DBSession.add(member) DBSession.commit()
def test_orderable_mixin(self): for i in range(3): # noinspection PyArgumentList instance = OrderableCheckingModel(title='test title %s' % i, order=i) DBSession.add(instance) DBSession.commit() instances = OrderableCheckingModel.apply_default_sort().all() self.assertEqual(instances[0].order, 0) self.assertEqual(instances[2].order, 2)
def add(self, id: int, issue_id: int): instance = self._ensure(id) issue = WorkGroup.query.filter(Issue.id == issue_id).one_or_none() if issue is None: raise HttpNotFound('Cannot find any issue with id %s' % issue_id) # p1 = Parent() # c1 = Child() # p1.children.append(c1) instance.issue.append(issue) # instance.update_from_request() DBSession.add(instance) return instance
def schedule(self): email = context.form.get('email') client = Client.query.filter(Client.email == email).one_or_none() if client is not None: principal = ResetPasswordPrincipal({'email': client.email}) # noinspection PyArgumentList task = ResetPasswordEmail( to=client.email, subject='Reset password', body={'token': principal.dump().decode()}, ) DBSession.add(task) return dict(success=True)
def post(self): url = context.form.get('url') if not url.startswith('http'): url = f'http://{url}' url_exist = DBSession.query(Url).filter_by(url=url).one_or_none() if url_exist is None: url_exist = Url(url=url) DBSession.add(url_exist) DBSession.commit() hash_id = hashids.encode(url_exist.id) return dict(hash_id=hash_id)
def __schedule_email_verification(self): client = Client.current() if client.is_email_verified is True or client.is_evidence_verified is True: raise HttpConflict('Already verified.', 'already-verified') principal = VerificationEmailPrincipal({'id': client.id}) # noinspection PyArgumentList task = VerificationEmail( to=client.email, subject='Email verification', body={'token': principal.dump().decode()}, ) DBSession.add(task) return
def create(self): member_username_check = DBSession.query(Member) \ .filter(Member.user_name == context.form.get('userName')) \ .one_or_none() if member_username_check is not None: raise StatusRepetitiveUsername() member_email_check = DBSession.query(Member) \ .filter(Member.email == context.form.get('email')) \ .one_or_none() if member_email_check is not None: raise StatusRepetitiveEmail() member = Member() member.update_from_request() DBSession.add(member) return member
def insert(): # pragma: no cover admin = Member( title='GOD', first_name='First name', last_name='Last name', email='*****@*****.**', password='******', ) DBSession.add(admin) DBSession.commit() print('Admin has been created.') print(f' Title: {admin.title}\n' f' First Name: {admin.first_name}\n' f' Last Name: {admin.last_name}\n' f' Email: {admin.email}\n' f' Password: 123456\n')
def claim(self): email = context.form.get('email') if DBSession.query(Member.email).filter(Member.email == email).count(): raise HTTPStatus('601 Email Address Is Already Registered') token = RegisterationToken(dict(email=email)) DBSession.add( RegisterEmail(to=email, subject='Register your CAS account', body={ 'registeration_token': token.dump(), 'registeration_callback_url': settings.registeration.callback_url })) return dict(email=email)
def get(self): if(context.query_string.get('code') is None) or \ (client_secret_data['client_id'] is None) or \ (client_secret_data['client_secret'] is None): raise HttpBadRequest body_token = dict() body_token['grant_type'] = 'authorization_code' body_token['code'] = context.query_string.get('code') body_token['client_id'] = client_secret_data['client_id'] body_token['redirect_uri'] = settings.redirect_uri_auth body_token['client_secret'] = client_secret_data['client_secret'] response_token = requests.post(settings.auth_google_uri_token, body_token) if response_token.status_code != 200: raise HttpForbidden() response_get_profile = requests.get( settings.oauth_url_google_api, headers={ 'Authorization': 'OAuth ' + json_library.loads(response_token.text)['access_token'] }) if response_get_profile.status_code != 200: raise HttpNotFound() profile = json_library.loads(response_get_profile.text) if 'refresh_token' in response_token.text: member = Member(given_name=profile['given_name'], family_name=profile['family_name'], email=profile['email'], google_access_token=json_library.loads( response_token.text)['access_token'], google_refresh_token=json_library.loads( response_token.text)['refresh_token']) DBSession.add(member) DBSession.commit() return dict(authorization=JwtPrincipal(profile).dump().decode("utf-8"))