def reset_verify(username, token):
user = User.query.filter_by(username=username).first_or_404()
if user.token == None:
flash(
"%s's account has not requested a password reset." %
user.username.capitalize(), "error")
return redirect(url_for('index'))
if user.getResetToken() != token:
flash(
"This does not seem to be a valid reset link, if you reset your account multiple times make sure you are using the link in the last email you received!",
"error")
return redirect(url_for('index'))
form = NewPasswordForm()
error = None
if form.validate_on_submit():
# null the reset token
user.token = None
# set the new password
user.password = hash_password(form.password.data)
db.session.commit()
flash("Your password was updated and you can login with it now.",
"success")
return redirect(url_for('login'))
return render_template('account/reset_newpassword.html',
user=user,
form=form,
error=error)
def insert_user():
user = User.query.filter_by(username='******').first()
if user is None:
_id = str(uuid.uuid1())
user = User(id=_id,
username='******',
password_hash=hash_password('admin@1234'),
group_id=admin_group_id)
db.session.add(user)
db.session.commit()
def put():
claims = get_jwt_claims()
if not claims['is_admin']:
return send_error(
message="Bạn không đủ quyền để thực hiện thao tác này")
user_id = request.args.get('user_id')
user = client.db.user.find_one({'_id': user_id})
if user is None:
return send_error(message='Không tìm thấy người dùng.')
params = {
'user_name': FieldString(requirement=True),
'password': FieldString(requirement=True),
'email': FieldString(requirement=True),
'full_name': FieldString(requirement=True),
'group_role_id': fields.Number(),
'status': fields.Number()
}
try:
json_data = parse_req(params)
full_name = json_data.get('full_name', None)
email = json_data.get('email', None).lower()
user_name = json_data.get('user_name', None)
password = json_data.get('password', None)
group_role_id = json_data.get('group_role_id', 0)
status = json_data.get('status', 0)
except Exception:
return send_error(message='Lỗi dữ liệu đầu vào')
'''Check '''
if status == USER_ACTIVATED:
status = USER_ACTIVATED
elif status == USER_DEACTIVATED:
status = USER_DEACTIVATED
else:
return send_error(message="Bạn chưa nhập trạng thái")
'''End check'''
_id = str(ObjectId())
new_user = {
'$set': {
'full_name': full_name,
'user_name': user_name,
'password': hash_password(password),
'email': email,
'group_role_id': int(group_role_id),
'status': int(status),
}
}
try:
client.db.user.update_one({'_id': user_id}, new_user)
except Exception:
return send_error(message='có lỗi ngoại lệ sảy ra')
return send_result(message="Cập nhật thành công", data=user)
def index():
form = IndexForm()
if form.login.is_submitted(
) and form.login.submit.data and form.login.validate_on_submit():
try:
user = query_db('SELECT * FROM Users WHERE username=?',
form.login.username.data,
one=True)
if user == None:
flash('Sorry, wrong username or password!')
elif user['password'] == hash_password(form.login.password.data):
login_user(User(user['username'], user['password'],
user['id']),
remember=form.login.remember_me.data)
return redirect(
url_for('stream', username=form.login.username.data))
else:
flash('Sorry, wrong username or password!')
except Exception as e:
flash(
'An error has occured, please contact the admin\nError was: {}'
.format(e), 'error')
elif form.register.is_submitted(
) and form.register.submit.data and form.register.validate_on_submit():
username = sanitizeStr(form.register.username.data)
firstname = sanitizeStr(form.register.first_name.data)
lastname = sanitizeStr(form.register.last_name.data)
password = hash_password(sanitizeStr(form.register.password.data))
flash('Congratulations, {} registered!'.format(
sanitizeStr(form.register.username.data)))
query_db(
'INSERT INTO Users (username, first_name, last_name, password) VALUES(?, ?, ?, ?)',
username, firstname, lastname, password)
return redirect(url_for('index'))
return render_template('index.html', title='Welcome', form=form)
def _get_user_object(self, user_dict):
roles = user_dict['roles']
_roles = []
for role in roles:
roleObj = self.get_role(role)
if roleObj is not None:
_roles.append(roleObj)
else:
raise CustomException('Role with name : ' + str(role) +
' Not found')
if len(_roles) == 0:
raise CustomException('No roles found')
del user_dict['roles']
user = LoginUser(**user_dict)
user.roles = _roles
user.password = hash_password(user.password)
return user
def create_user():
""" This is api for the user management registers user.
Request Body:
Returns:
Examples::
"""
try:
json_data = request.get_json()
# Check valid params
validate(instance=json_data, schema=user_validator)
username = json_data.get('username', None).strip()
password = json_data.get('password', None)
except Exception as ex:
logger.error('{} Parameters error: '.format(get_datetime_now().strftime('%Y-%b-%d %H:%M:%S')) + str(ex))
return send_error(message="Parameters error: " + str(ex))
user_duplicated = client.db.users.find_one({"username": username})
if user_duplicated:
return send_error(message="The username has existed!")
if is_password_contain_space(password):
return send_error(message='Password cannot contain spaces')
keys = ["username", "name", "gender", "phone", "email", "is_admin"]
user_id = str(ObjectId())
new_user = {
"_id": user_id,
'password_hash': hash_password(password)
}
for key in keys:
if key in json_data:
new_user[key] = json_data.get(key)
try:
client.db.users.insert_one(new_user)
except Exception as ex:
return send_error(message="Insert to database error: " + str(ex))
return send_result(data=new_user, message="Create user successfully!")
def change_password():
""" This api for all user change their password.
Request Body:
Returns:
Examples::
"""
user_id = get_jwt_identity()
current_user = client.db.users.find_one({"_id": user_id})
try:
json_data = request.get_json()
# Check valid params
validate(instance=json_data, schema=password_validator)
current_password = json_data.get('current_password', None)
new_password = json_data.get('new_password', None)
except Exception as ex:
logger.error('{} Parameters error: '.format(get_datetime_now().strftime('%Y-%b-%d %H:%M:%S')) + str(ex))
return send_error(message='Parse error ' + str(ex))
if not check_password_hash(current_user["password_hash"], current_password):
return send_error(message="Current password incorrect!")
if is_password_contain_space(new_password):
return send_error(message='Password cannot contain spaces')
new_value = {
'$set': {
'password_hash': hash_password(new_password)
}
}
try:
client.db.users.update_many({'_id': user_id}, new_value)
except Exception as ex:
return send_error(message='Database error: ' + str(ex))
# revoke all token of current user from database except current token
revoke_all_token2(user_id)
return send_result(message="Change password successfully!")
def reset_verify(username, token):
user = User.query.filter_by(username=username).first_or_404()
if user.token == None:
flash("%s's account has not requested a password reset." % user.username.capitalize(), "error")
return redirect(url_for('index'))
if user.getResetToken() != token:
flash("This does not seem to be a valid reset link, if you reset your account multiple times make sure you are using the link in the last email you received!", "error")
return redirect(url_for('index'))
form = NewPasswordForm()
error = None
if form.validate_on_submit():
# null the reset token
user.token = None
# set the new password
user.password = hash_password(form.password.data)
db.session.commit()
flash("Your password was updated and you can login with it now.", "success")
return redirect(url_for('login'))
return render_template('account/reset_newpassword.html', user = user, form = form, error = error)
def reset_password(user_id):
""" This api for the user management resets the users password.
Request Body:
Returns:
Examples::
"""
user = client.db.users.find_one({"_id": user_id})
if user is None:
return send_error(message="Not found user!")
try:
json_data = request.get_json()
# Check valid params
validate(instance=json_data, schema=password_validator)
new_password = json_data.get('new_password', None)
except Exception as ex:
logger.error('{} Parameters error: '.format(get_datetime_now().strftime('%Y-%b-%d %H:%M:%S')) + str(ex))
return send_error(message='Parse error ' + str(ex))
if is_password_contain_space(new_password):
return send_error(message='Password cannot contain spaces')
new_value = {
'$set': {
'password_hash': hash_password(new_password)
}
}
try:
client.db.users.update_many({'_id': user_id}, new_value)
except Exception as ex:
return send_error(message='Database error: ' + str(ex))
# revoke all token of reset user from database
revoke_all_token(user_id)
return send_result(data=None, message="Reset password successfully!")
def post():
params = {
'user_name': FieldString(requirement=True),
'password': FieldString(requirement=True),
'email': FieldString(requirement=True),
'full_name': FieldString(requirement=True),
'group_role_id': fields.Number()
}
try:
json_data = parse_req(params)
full_name = json_data.get('full_name', None)
email = json_data.get('email', None).lower()
user_name = json_data.get('user_name', None)
password = json_data.get('password', None)
group_role_id = json_data.get('group_role_id', 0)
except Exception:
return send_error(message='Lỗi dữ liệu đầu vào')
'''check conditions'''
'''end check'''
'''create MNV auto'''
'''end create MNv'''
_id = str(ObjectId())
user = {
'_id': _id,
'full_name': full_name,
'user_name': user_name,
'password': hash_password(password),
'email': email,
'group_role_id': int(group_role_id),
'status': USER_ACTIVATED,
'MaNV': set_auto_MaNV()
}
try:
client.db.user.insert_one(user)
except Exception:
return send_error(message='có lỗi ngoại lệ sảy ra')
return send_result(message="Tạo user thành công ", data=user)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
otp = request.form['twofactor']
hashed_password = utils.hash_password(password)
db_user = models.Users.query.filter(
models.Users.username == username).first()
try:
otp_result = utils.check_otp(otp, db_user.twofactor)
otp_result = True
except:
return render_template('login.html')
if db_user and otp_result and hashed_password == str(db_user.password):
login_user(db_user)
return redirect(url_for('index'))
else:
return render_template('login.html')
else:
return render_template('login.html')
def create_user():
""" This is api for the user management registers user.
Request Body:
username: string, require
The username of the user. Max length accepted is 50 and minimum length is 1.
password: string, require
The password of the user wanted to log in. Max length accepted is 50 and minimum length is 1.
Returns:
username: string
username of newly registered user.
group_id: string
group id of this new user.
Examples::
curl --location --request POST 'http://<sv_address>:5013/api/v1/users' --header 'Authorization: Bearer <access_token>'
"""
params = {
'username': FieldString(requirement=True),
'password': FieldString(requirement=True),
'first_name': FieldString(requirement=True),
'last_name': FieldString(requirement=True),
'company': FieldString(),
'address': FieldString(),
'mobile': FieldString()
}
try:
json_data = parse_req(params)
# Check valid params
validate(instance=json_data, schema=schema_user_create)
username = json_data.get('username', None).lower().strip()
password = json_data.get('password', None)
first_name = json_data.get('first_name', None)
last_name = json_data.get('last_name', None)
company = json_data.get('company', None)
address = json_data.get('address', None)
mobile = json_data.get('mobile', None)
except Exception as ex:
logger.error('{} Parameters error: '.format(
datetime.datetime.utcnow().strftime('%Y-%b-%d %H:%M:%S')) +
str(ex))
return send_error(message="Registers user fail!")
# log input fields
# logger.debug(f"INPUT api create user: {json_data}")
user = Users.find_by_user_name(user_name=username)
if user:
return send_error(message="User exist")
if is_password_contain_space(password):
return send_error(message='Password cannot contain spaces')
create_date = datetime.datetime.utcnow().timestamp()
_id = str(uuid.uuid1())
user = Users(id=_id,
username=username,
password_hash=hash_password(password),
force_change_password=False,
create_date=create_date,
modified_date=create_date,
is_active=True,
firstname=first_name,
lastname=last_name,
company=company,
address=address,
mobile=mobile,
modified_date_password=create_date)
user.save_to_db()
data = {
'id': _id,
'username': username,
'first_name': first_name,
'last_name': last_name,
'create_date': create_date
}
return send_result(data=data, message="Registers user successfully!")
def __init__(self, username, password, realname, email):
self.username = username
self.password = hash_password(password)
self.realname = realname
self.email = email
def is_valid_password(self, password):
return hash_password(password, self.salt) == self.password_hash
def __init__(self, name, password):
self.name = name
self.salt = urandom(512)
self.password_hash = hash_password(password, self.salt)
