def article_update(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) form = ArticleUpdateForm() if request.method == 'POST': if form.validate_on_submit(): section = str(form.section.data) section = section[section.find("'") + 1: section.find(">") - 1] my_article = Article.find_by_id(form.id_article.data) my_article.section_name = section my_article.title = form.title.data my_article.body = form.body.data db.session.commit() return 'update realizado' else: id_article = request.args.get('id') my_article = Article.find_by_id(id_article) if user.username != my_article.user_name: return 'No tiene permisos' form.id_article.data = id_article form.user_name.data = my_article.user_name form.title.data = my_article.title form.body.data = my_article.body form.section.data = my_article.section return render_template('article/update.html', form=form)
def article_views(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) article = Article.find_by_author(user.username) return render_template("article/views.html", article=article)
def profile(): if 'token' not in session: return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: flash(u'Token Time Out', 'error') return redirect(url_for('auth.signin')) else: return render_template('authentication/profile.html')
def test_generate_token(self): user = User( username='******', email='*****@*****.**', password='******', role=1, status=1 ) db.session.add(user) db.session.commit() with app.test_request_context(): token = user.generate_token() self.assertTrue(user.verify_token(token) == user)
def change_pass(): token = request.args.get("token", None) verified_result = User.verify_token(token) if token and verified_result: print verified_result password_submit_form = ResetPasswordSubmit(request.form) if password_submit_form.validate_on_submit(): verified_result.password = generate_password_hash(password_submit_form.password.data) db.session.commit() flash("password updated successfully") return redirect("users") return render_template("change_pass.html", form=password_submit_form)
def test_verify_token(self): user = User( username='******', email='*****@*****.**', password='******', role=1, status=1 ) db.session.add(user) db.session.commit() usertest = User.query.filter(User.username == 'Testuser').first() with app.test_request_context(): token = user.generate_token(expiration=10) self.assertIs(user.verify_token(token), user) self.assertIsNot(user, usertest.verify_token(token))
def signin(): form = LoginForm(request.form) if 'token' in session: user = User.verify_token(session['token']) if user: return redirect(url_for('auth.profile')) if request.method == 'POST': if form.validate(): user = User.query.filter_by(email=form.email.data).first() session['user_id'] = user.id session['token'] = user.generate_token() session['email'] = user.email session['user_name'] = user.username return redirect(url_for('auth.profile')) return render_template("authentication/signin.html", form=form)
def article_delete(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) id = request.args.get('id', None) if(id): article = Article.query.filter_by(id=id).first() if(not (article is None)): db.session.delete(article) db.session.commit() flash(u'Article Deleted', 'messages') return redirect(url_for('art.article_views'))
def article_create(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) username = user.username form = ArticleCreateForm() form.user_name.data = user.username if request.method == 'POST': if form.validate_on_submit(): article = Article() form.populate_obj(article) db.session.add(article) db.session.commit() return 'CREADO' return render_template('article/create.html', form=form, user=user, username=username)
def signup(): form = SignupForm() if ('token' in session) and (User.verify_token(session['token'])): return redirect(url_for('auth.profile')) if request.method == 'POST': if form.validate() is False: return render_template("authentication/signup.html", form=form) else: new_user = User(form.username.data, form.email.data, form.password.data, READ_ROLE + COMMENT_ROLE + WRITE_ROLE, 1) db.session.add(new_user) db.session.commit() session['user_id'] = new_user.id session['token'] = new_user.generate_token() session['email'] = new_user.email session['user_name'] = new_user.username return redirect(url_for('auth.profile')) elif request.method == 'GET': return render_template("authentication/signup.html", form=form)
def testarticlecreateget(self): test = app.test_client(self) response = test.get('/art/create/', content_type='html/text') self.assertEqual(response.status_code, 302) assert 'token' in session self.assertTrue(User.verify_token(session['token'])!=None)