async def create_user(self, name, email, password) -> User:
sql = "INSERT INTO users (id, name, email, password, created) VALUES ($1, $2, $3, $4, $5);"
user_id = uuid4()
hashed = hashpw(password.encode("utf8"), gensalt()).decode("utf8")
created = datetime.utcnow()
try:
async with self.pool.acquire() as con: # type: Connection
await con.execute(sql, user_id, name, email, hashed, created)
except UniqueViolationError as exc:
logger.debug(exc.__str__())
logger.warning("Tried to create user: "******" but e-mail: " +
email + " was already in use")
return None
sql = 'INSERT INTO placements ("user", points, level) VALUES ($1, $2, $3);'
async with self.pool.acquire() as con: # type: Connection
await con.execute(sql, user_id, 0, 1)
email_dao = EmailDao(self.pool)
link = await email_dao.create_email_verify_link(email)
await send_email(email, "Welcome to Crew DB",
"Please confirm that this is your e-mail.", True,
link)
user = User()
user.id = user_id
user.name = name
user.email = email
user.created = created
return user
def login():
logger.debug('login url: {} {} {}'.format(flask.request.url,
flask.request.method,
flask.request.data))
# Here we use a class of some kind to represent and validate our
# client-side form data. For example, WTForms is a library that will
# handle this for us, and we use a custom LoginForm to validate.
form = LoginForm()
if form.validate_on_submit():
# Login and validate the user.
# user should be an instance of your `User` class
login = flask.request.form['login']
password = flask.request.form['password']
user = get_user(login, password)
if not user:
logger.warning(
'Не удачная попытка авторизоваться (login: {})'.format(login))
return flask.render_template(
flask.url_for('auth.login'),
form=form,
error='Не корректен логин или пароль. Попробуйте ещё раз.')
flask_login.login_user(user)
flask.flash('Logged in successfully.')
logger.debug('Logged in successfully.')
next = flask.request.args.get('next')
logger.debug('Redirect: next({}) or {}'.format(
next, flask.url_for('utmbill.utmpays_statistic')))
# is_safe_url should check if the url is safe for redirects.
# See http://flask.pocoo.org/snippets/62/ for an example.
if not is_safe_url(next):
return flask.abort(400)
return flask.redirect(next or flask.url_for('index'))
return flask.render_template('login.html', form=form)
def _valid(self, schema, value, depth=0):
if depth > MAX_DEPTH:
logger.warning(
f"Dict is too deep. Exceeded the given value {MAX_DEPTH}")
raise False
if not schema["rules"](value):
logger.error(f"Wrong value {value}")
raise False
if schema["field_type"] in [list, dict]:
for sub_value in value:
if schema["sub"]["field_type"] != dict:
if not schema["sub"]["rules"](sub_value):
logger.error("Not validation")
raise False
else:
for sub_key in schema["sub"].keys():
if sub_key == "field_type":
continue
if sub_key in sub_value:
self._valid(schema["sub"][sub_key],
sub_value[sub_key], depth)
depth += 1
async def get_subjects_json(subjects, term, cookies, page):
"""Gets the JSON representation from each subject that is crawled.
:param subjects: List of subjects
:param term: Term dictionary containing code and description
:param cookies: Page cookies
:param page: Pyppeteer page
:return: JSON list of the subjects crawled
"""
subjects_json = []
for idx, subject in enumerate(subjects):
logger.debug(
"Crawling subject",
extra={
"subject": subject["description"],
"subjectIndex": idx + 1,
"totalSubjects": len(subjects),
"term": term["description"],
},
)
unique_session_id = await pyppeteer.get_unique_session_id(page)
authenticate_current_session(term, unique_session_id, cookies)
sched_json = get_schedule_json(subject, term, unique_session_id, cookies)
if "data" in sched_json.keys():
subjects_json.append(sched_json["data"])
else:
logger.warning(
"No course data found.", extra={"subject": subject["description"]}
)
return subjects_json
async def get_subjects_json(subjects, term, cookies, page):
subjects_json = []
for idx, subject in enumerate(subjects):
logger.debug(
"Crawling subject",
extra={
"subject": subject["description"],
"subjectIndex": idx + 1,
"totalSubjects": len(subjects),
"term": term["description"],
},
)
unique_session_id = await pyppeteer.get_unique_session_id(page)
authenticate_current_session(term, unique_session_id, cookies)
sched_json = get_schedule_json(subject, term, unique_session_id,
cookies)
if "data" in sched_json.keys():
subjects_json.append(sched_json["data"])
else:
logger.warning("No course data found.",
extra={"subject": subject["description"]})
return subjects_json
def verify_product_all_mandatory_attributes(self, section_title: str):
no_errors = True
logger.info(f"Verify product attribute for category '{section_title}'")
for attribute in cl.ProductAttributes:
for product in self.get_products_on_sale():
logger.info(f"Verify product attribute: {attribute.name}")
try:
product.find_element_by_css_selector(attribute.value)
except NoSuchElementException:
logger.warning(product.get_attribute("class"))
no_errors = False
assert no_errors, "Error. Product doesn't have requested attribute. See log for details"
async def get_password_reset_link(self, email: str) -> str:
sql = 'SELECT link FROM password_reset_links WHERE "email" = $1;'
async with self.pool.acquire() as con: # type: Connection
row = await con.fetchrow(sql, email)
if row is None or row["link"] is None or row["link"] == "":
logger.warning("No password reset link found for e-mail: " + email)
logger.warning("Returning empty string...")
return ""
return '/api/password/' + row["link"].__str__()
async def get_verify_link_for_email(self, email: str) -> str:
sql = 'SELECT link FROM email_verify_links WHERE "email" = $1;'
async with self.pool.acquire() as con: # type: Connection
row = await con.fetchrow(sql, email)
if row is None or row["link"] is None or row["link"] == "":
logger.warning("No verify link found for e-mail: " + email)
logger.warning("Returning empty string...")
return ""
return '/api/user/email/' + row["link"].__str__()
async def get_email_by_password_reset_link(self, link: UUID) -> str:
sql = 'SELECT "email" FROM password_reset_links WHERE link = $1;'
async with self.pool.acquire() as con: # type: Connection
row = await con.fetchrow(sql, link)
if row is None or row["email"] is None or row["email"] == "":
logger.warning("No e-mail found for password reset link: " +
link.__str__())
logger.warning("Returning empty string...")
return ""
return row["email"]
async def is_email_verified(self, email: str) -> bool:
sql = 'SELECT "email" AS verified FROM verified_emails WHERE "email" = $1;'
async with self.pool.acquire() as con: # type: Connection
row = await con.fetchrow(sql, email)
if row is None:
return False
elif row["verified"] is not None:
return True
logger.warning("is_email_verified: row was found with " + email +
" but the content was null")
return False
def create_fast_wordlists():
# note that dumping all combinations in a file is not equivalent to
# directly adding top1k wordlist and best64 rule because hashcat ignores
# patterns that are <8 chars _before_ expanding a candidate with the rule.
if not WordListDefault.TOP1K_RULE_BEST64.path.exists():
# it should be already created in a docker
logger.warning(
f"{WordListDefault.TOP1K_RULE_BEST64.name} does not exist. Creating"
)
hashcat_stdout = HashcatCmdStdout(
outfile=WordListDefault.TOP1K_RULE_BEST64.path)
hashcat_stdout.add_wordlists(WordListDefault.TOP1K)
hashcat_stdout.add_rule(Rule.BEST_64)
subprocess_call(hashcat_stdout.build())
def _automatic_login(self):
self.driver.get('https://mail.yahoo.com/d/folders/1')
self.driver.implicitly_wait(3)
time.sleep(5)
# check the login.
if self.driver.current_url.startswith('https://login.yahoo.com'):
self.loggedin = False
logger.info('{} (automatic login...).'.format(self.profile.email))
email = self.driver.find_element_by_id("login-username")
email.clear()
email.send_keys(self.profile.email)
email.send_keys(Keys.RETURN)
self.driver.implicitly_wait(3)
time.sleep(3)
password = self.driver.find_element_by_id('login-passwd')
password.clear()
password.send_keys(self.profile.password)
time.sleep(1)
# Click login
try:
password.send_keys(Keys.RETURN)
except StaleElementReferenceException:
self.driver.find_element_by_id('login-signin').click()
self.driver.implicitly_wait(2)
time.sleep(2)
self.driver.get('https://mail.yahoo.com/d/folders/1')
time.sleep(2)
# check the login status.
try:
wait = WebDriverWait(self.driver, 30, poll_frequency=0.05)
wait.until(EC.url_contains('https://mail.yahoo.com/d/folders'))
except TimeoutException:
logger.warning('{} (May need a manual login).'.format(
self.profile.email))
raise exceptions.CantLogin()
# report that we are logged in :D
self.loggedin = True
else:
# report that we are logged in :D
self.loggedin = True
def is_accessible(self):
if current_user.is_anonymous:
logger.warning('anonymous пытается зайти в админку')
return False
if not current_user.is_active or not current_user.is_authenticated:
logger.warning('кто-то ломится в админку')
return False
logger.debug('UsersReportAdmin current_user: {}'.format(
current_user.id))
# if current_user.has_role('superuser'):
# return True
return True
def add(self, product, lot_number, expiration_date, amount):
if amount < 1 or isinstance(amount, int) is False:
raise ValueError('Amount must be a positive integer')
stock_product = self.get_in_stock(product, lot_number)
if stock_product is None:
stock_product = StockProduct(stock=self,
product=product,
lot_number=lot_number,
expiration_date=expiration_date,
amount=0)
else:
if expiration_date != stock_product.expiration_date:
logger.warning('Different expiration date, updating...')
stock_product.expiration_date = expiration_date
stock_product.amount += amount
db.session.add(stock_product)
def _check_item(self, schema_key, schema, value):
try:
s_value = value.get(schema_key, None)
if schema["required"] and s_value is None:
logger.error(f"Missing arguments: {schema_key}")
raise False
elif not schema["required"] and s_value is None or s_value == "":
logger.warning(
f"This item not requried, if you not use dont send {schema_key}"
)
return True
self._valid(schema, value.get(schema_key))
except:
raise False
def run_scripts(info, message):
os.environ['PLX_MESSAGE'] = message
for x in info:
try:
os.environ['PLX_%s' % x.upper()] = '%s' % info[x]
except:
os.environ['PLX_%s' % x.upper()] = 'n/a'
logger.warning("unable to set env variable for PLX_%s, setting to 'n/a'" % (x.upper()))
continue
#logger.warning("unable to set env variable for PLX_%s = %s" % (x.upper(), info[x]))
for script in config.PP_SCRIPTS:
if not os.path.exists(script):
logger.warning("%s does not exist", script)
continue
logger.info("executing script: [%s]" % script)
p = Popen([script], stdout=PIPE, stderr=None)
if config.PP_SCRIPTS_LOGGING:
for line in p.stdout:
log_lines(script, line)
p.communicate()
if p.returncode == 0:
logger.info("script executed successfull: [%s]" % script)
else:
logger.warning("script: [%s] failed with code: %s" % (script, p.returncode))
async def verify_email(self, email: str) -> bool:
sql = 'INSERT INTO verified_emails ("email") VALUES ($1);'
try:
async with self.pool.acquire() as con: # type: Connection
await con.execute(sql, email)
except UniqueViolationError as exc:
logger.debug(exc)
logger.warning('E-mail: ' + email + ' was already verified')
except Exception as e:
logger.error('Failed to insert email "' + email +
'" into database table "verified_emails"')
logger.error(str(e))
return False
logger.info('E-mail: "' + email + '" was verified')
sql = 'DELETE FROM email_verify_links WHERE "email" = $1;'
async with self.pool.acquire() as con: # type: Connection
await con.execute(sql, email)
return True
def verify_sale_products_attributes(self):
# find all the products from sale slider
self.wait_for_presence_off_all_elements(
self.PRODUCTS_UNDER_LATEST_ON_SALE)
products = self.find_elements(*self.PRODUCTS_UNDER_LATEST_ON_SALE)
for item in products:
# verify every product on sale has a Sale icon
assert "Sale!" in item.find_element(*self.ON_SALE_BADGE).text, \
f"Expected 'Sale!' in product price, but get {item.text}"
# verify every product on the page has a product name
name = item.find_element(*self.LATEST_ON_SALE_PRODUCT_NAME).text
assert name != '', f"Expected every product on the sale slider has a product name, but could not find it"
# verify every product on the page has a product category
assert item.find_element(*self.LATEST_ON_SALE_PRODUCT_CATEGORY).text != '', \
f"Expected every product on the sale slider has a product category, but {name} does not have it"
# verify every product on the page has a price
assert item.find_element(*self.LATEST_ON_SALE_PRODUCT_PRICE).text != '', \
f"Expected every product on the sale slider has a price, but {name} does not have it"
try:
# verify every product on the page has star-rating
assert item.find_element(
*self.LATEST_ON_SALE_STAR_RATING).text != ''
except NoSuchElementException: # Some products don't have star-ratings
print(f'Product "{name}" does not have star-rating')
logger.warning(f'Product "{name}" does not have star-rating')
# verify every product on the page has image
self.verify_image_present(*self.LATEST_ON_SALE_PRODUCT_IMAGE), \
f"Expected every product on the sale slider has a image, but could not find it"
async def send_email(to: str,
subject: str,
message: str,
send_verification: bool = False,
verify_link: str = ""):
config = Config.get_config()
username = config.get("Email", "username")
password = config.get("Email", "password")
smtp_server = config.get("Email", "smtp_server", fallback="")
try:
smtp_port = config.getint("Email", "smtp_port", fallback=0)
except ValueError as exc:
logger.debug(exc.__str__())
logger.warning(
"Could not get a value for the SMTP Port, setting it to 0")
smtp_port = 0
if smtp_server == "" or smtp_port == 0:
return
msg = EmailMessage()
msg.set_content(message)
msg['Subject'] = subject
msg['From'] = config.get("Email", "from")
msg['To'] = to
if send_verification is True and verify_link != "" and verify_link is not None:
msg.set_content(
message +
"\nClick on the following link to confirm your e-mail address: " +
config.get("WebServer", "url") + verify_link)
elif send_verification is True:
logger.warning(
'"send_verification" was set to true but no link was provided')
logger.debug("SMTP Server: " + smtp_server)
logger.debug("SMTP Port: " + smtp_port.__str__())
logger.debug("SMTP Username: "******"SMTP error: could not send mail, " + e.__str__())
def check_uuid(uuid: Union[UUID, str]) -> Union[UUID, None]:
if uuid is None:
logger.warning("UUID is None")
return None
if type(uuid) is str:
try:
uuid = UUID(uuid)
except ValueError as exc:
logger.debug(exc)
logger.warning("Badly formatted UUID string: " + uuid)
return None
elif type(uuid) is not UUID:
logger.warning("UUID is wrong type: " + type(uuid).__str__())
return None
return uuid