def create_app():
app = Flask(__name__)
app.secret_key = 'bdb92dbe238008edfac05e92412b0c23' # Another bad practice in security is
# when you embed security keys in your code like this
# app.config['PERMANENT_SESSION_LIFETIME'] = 120 # session lifetime disabled for showing bad security practice
app.config['FLASK_ADMIN_SWATCH'] = 'united'
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///info.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
admin = Admin(app, name='Admin-Panel', template_mode='bootstrap3')
db.init_app(app)
# csrf.init_app(app)
with app.app_context():
from application.views import main_bp
from application.model import db_init, User, Comments
app.register_blueprint(main_bp)
# admin.add_views(MyModelView(User, db.session), MyModelView(Comments, db.session)) # For the custom model above
admin.add_views(ModelView(User, db.session), ModelView(Comments, db.session))
db.drop_all()
db_init() # initialize sql injection db for part 1
db.create_all() # initialize db for logins, comments
db.session.add(Comments(comment=' 🤘🏾🤘🏾 Spaces in code is the way to go. Who uses Tabs 😂😂?'))
db.session.add(User(username='******', password='******'))
db.session.add(User(username='******', password='******'))
db.session.commit()
return app
def post(self):
args = self.reqparse.parse_args()
user = User(username = args['username'])
user.set_password(args['password'])
try:
db.session.add(user)
db.session.commit()
print "saved"
status = True
except:
raise
status = False
db.session.close()
return jsonify({'result': status})
def get_identity(self, oauth_session, decoder=None):
if decoder is None:
decoder = OAuth2Service.__default_identity_decoder__
method = getattr(oauth_session, OAuth2Service.__default_identity_query_method__)
me = decoder(method(self._config['IDENTITY_RESOURCE']))
user_obj = User.get_or_create(me[self._config['IDENTITY_USER_NAME_FIELD']],
me[self._config['IDENTITY_USER_ID_FIELD']])
return user_obj, me
def register_user(username, password):
if not query_user_exist(username=username):
user = User(username=username, password=password)
try:
db.session.add(user)
db.session.commit()
except exc.SQLAlchemyError:
return False
return True
def login():
if session.get('username'):
return redirect(url_for('index'))
form = LoginForm()
if form.validate_on_submit():
email = form.email.data
password = form.password.data
user = User.objects(email=email).first()
if user and user.get_password(password):
flash(f"{user.first_name},you are successfully logged in!","success")
session['user_id'] = user.user_id
session['username'] = user.first_name
return redirect("/index")
else:
flash("Sorry, something went wrong","danger")
return render_template("login.html", title ="Login", form = form,login =True)
def register():
if request.method == 'POST':
name = request.form['name']
email = request.form['email'].lower()
password = sha256_hash(request.form['password'])
token = str(uuid.uuid4())
if User.query.filter(User.email == email).first() is not None:
return "E-mail already in use"
user = User()
user.name = name
user.email = email
user.password = password
user.token = token
user.creation = time.time()
user.update = time.time()
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('frontend_app'))
else:
return render_template('register.html')
def submitResearch():
"""
Submits the research form
"""
form_data = request.form
user = User(feedback=form_data['feedback'])
db.session.add(user)
for i in range(1, 30):
s_i = str(i)
if "title_" + s_i in form_data:
track = Track.query.filter_by(title=request.form["title_" +
s_i]).first()
db.session.add(
Rating(user_id=user.id,
track_id=track.id,
rating=form_data["rating_" + s_i]))
try:
db.session.commit()
return jsonify({'success': True})
except:
return jsonify({'success': False})
def register():
if session.get('username'):
return redirect(url_for('index'))
form = RegisterForm()
if form.validate_on_submit():
user_id = User.objects.count()
user_id += 1
email = form.email.data
password = form.password.data
first_name = form.first_name.data
last_name = form.last_name.data
user = User(user_id = user_id, email = email, first_name = first_name, last_name= last_name)
user.set_password(password)
user.save()
flash('You are successfully registered!')
return redirect(url_for('index'))
return render_template("register.html",title = "Register",form = form,register =True)
def validate_email(self,email):
user = User.objects(email = email.data).first()
if user:
raise ValidationError("Email is already in use. Pick another one.")
def delete(self,idx):
User.objects(user_id = idx).delete()
return jsonify('User is deleted!')
def put(self,idx):
data = api.payload
User.objects(user_id = idx).update(**data)
return jsonify(User.objects(user_id))
def get(self,idx):
return jsonify(User.objects(user_id = idx))
def post(self):
data = api.payload
user = User(user_id = data['user_id'], email = data['email'], first_name = data['first_name'], last_name= data['last_name'])
user.set_password(data['password'])
user.save()
return jsonify(User.objects(user_id =data['user_id']))
