def delete_user(id): """``DELETE`` |API_URL_BASE|/user/:user_id Delete a user. Superuser can't be deleted. :param id: user id Response JSON: .. code-block:: javascript // success {$errors: null} // failed {$errors: {id: 'this is user does not exist.'}} Permission require: ``DELETE_USER`` """ try: User.get(User.id == id).delete_instance() except User.DoesNotExist: return {'id': '该用户ID不存在'} signals.event_emitted.send(current_app._get_current_object(), type='User: Delete', description='delete user(%s).' % id)
def get_user(id): """``GET`` |API_URL_BASE|/user/:user_id Get information of a user. Response JSON: .. code-block:: javascript // success { $errors: null, users: { id: string, name: string, role: {id: integer, name: string}, expired: boolean, last_login: integer ] } // failed {$errors: {id: 'this user does not exist.'}} Permission required: ``READ_USER`` """ try: user = User.get(User.id == id) except User.DoesNotExist as ex: return {'id': '该用户不存在!'} return None, {'user': user.to_dict()}
def login_verify(email, password): try: user = User.get(User.email == email, User.password == encrypt_password(password)) except User.DoesNotExist: raise User.DoesNotExist else: user.last_login = datetime.datetime.now() user.save() return user
def update(id): form = UpdateUserForm(request.form) user = User.get(User.id == id) if form.validate_on_submit(): User.update(first_name=form.first_name.data, middle_name=form.middle_name.data, last_name=form.last_name.data, email_address=form.email_address.data, phone_number=form.phone_number.data, address=form.address.data, birth_date=form.birth_date.data, type=form.type.data, updated_at=datetime.now()).where(User.id == id).execute() flash('User successfully updated') return redirect(url_for('user.index')) return render_template('user/update.html', form=form, user=user)
def is_logged_in_core(request): ''' Determines if a logged-in user exists. ''' user_name = request.get_cookie("login", secret=SECRET_KEY) or None if user_name is None: raise UserNotFound("User at {} attempted to access '{}'. Not logged in.".format( request.remote_addr, request.path)) try: user_found = User.get(User.email == user_name) except User.DoesNotExist: raise UserNotFound("User at {} attempted to log in as '{}'. User not found.".format( request.remote_addr, user_name)) return user_found
def is_logged_in_core(request): ''' Determines if a logged-in user exists. ''' user_name = request.get_cookie("login", secret=SECRET_KEY) or None if user_name is None: raise UserNotFound( "User at {} attempted to access '{}'. Not logged in.".format( request.remote_addr, request.path)) try: user_found = User.get(User.email == user_name) except User.DoesNotExist: raise UserNotFound( "User at {} attempted to log in as '{}'. User not found.".format( request.remote_addr, user_name)) return user_found
def test_modify_user(self): with self.ctx: user = User.create(id='testid', password='******', name='testname') payload_json = { 'name': 'testname_', 'password': '******', 'expired': True } self.login_as_su() resp = self.client.patch(self.api_url_base + '/user/' + user.id, content_type='application/json', data=json_dumps(payload_json)) self.assertResponseRestfulAndSuccess(resp) user = User.get(User.id == user.id) password_cipher = self.encode_password(payload_json['password']) self.assertEqual(user.password, password_cipher) self.assertEqual(user.name, payload_json['name']) self.assertEqual(user.expired, payload_json['expired'])
def view(id): user = User.get(User.id == id) return render_template('user/view.html', user=user)
def login(): """``GET`` |API_URL_BASE|/login/ Login, parameters are passed through query string. :param id: **Query** :param password: **Query** :param timestamp: **Query** client's timestamp(ms) :param remember: **Query** optional, boolean value Response JSON: .. code-block:: javascript // success { $errors: null, user: { id: string, name: string, role: {id: integer, name: string}, expired: boolean, last_login: integer } } // failed { $errors: { id: 'this user id does not exist.', password: '******', timestamp: 'login session is invalid any more. please refresh.' } } """ id = request.args.get('id', '') password = request.args.get('password', '') client_timestamp = request.args.get('timestamp', 0, type=int) remember = request.args.get('remember', 'false') == 'true' try: user = User.get(User.id == id) except User.DoesNotExist: return {'id': '用户ID不存在'} if not user.check_password(password, client_timestamp): signals.event_emitted.send( current_app._get_current_object(), type='Auth: Login', description='user(%s) attempts to log in using wrong password.' % user.id ) return {'password': '******'} server_time = int(time() * 1000) time_pass = server_time - client_timestamp if abs(time_pass) > app_config['USER_LOGIN_TIMEOUT']: signals.event_emitted.send( current_app._get_current_object(), type='Auth: Login', description='user(%s) attempts to log in using expired timestamp.' % user.id ) return {'timestamp': '登陆会话超时,请刷新重试'} login_user(user, remember=remember) signals.event_emitted.send( current_app._get_current_object(), type='Auth: Login', description='user(%s) login.' % user.id ) return None, {'user': user.to_dict()}
def modify_user(id=None): """``PATCH`` |API_URL_BASE|/user/ ``PATCH`` |API_URL_BASE|/user/:user_id Modify user information. User's role can't be modified. If no ``id`` was given then id will be automatically set to current user's id in this session. :param id: if not set, use ``current_user.get_id()`` :param password: **JSON Param** plain password, without encoding :param boolean expired: **JSON Param** Response JSON: .. code-block:: javascript // success { $errors: null, user: { id: string, name: string, role: {id: integer, name: string}, expired: boolean, last_login: integer } } // failed { $errors: { permission: 'your are not allowed to change other user.', name: 'this name is invalid.', password: '******', name: 'this name is duplicated.', id: 'this id is duplicated.' } } Permission require: * ``MODIFY_USER`` * ``MODIFY_OTHER_USER`` (if attempt to modify other user.) """ json = request.get_json() id = id or current_user.get_id() if id != current_user.get_id() \ and not current_user.can(Permission.MODIFY_OTHER_USER): return {'permission': 'Your are not allowed to change other user.'} name = json.get('name') if name and not re_match(app_config['USER_NAME_PATTERN'], name): return {'name': app_config['USER_NAME_DESCRIPTION']} password = json.get('password') if password \ and not re_match(app_config['USER_PASSWORD_PATTERN'], password): return {'password': app_config['USER_PASSWORD_DESCRIPTION']} expired = json.get('expired') if User.select().where(User.name == name).count() == 1: return {'name': '该昵称 %s 已存在' % name} try: this_user = User.get(User.id == id) except User.DoesNotExist: return {'id': '该用户ID %s 不存在' % id} if name: this_user.name = name if password: this_user.set_password(password) if expired: this_user.expired = bool(expired) # if nothing change, keep database unchanged if this_user.dirty_fields: this_user.save() signals.event_emitted.send( current_app._get_current_object(), type='User: Modify', description='modify properties %s of user(%s).' % (','.join([f.name for f in this_user.dirty_fields]), id)) return None, {'user': this_user.to_dict()}