def create_user(self, username, password):
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
u = User(username)
umng = UserManager()
umng.addUser(u, password)
return u
def create_user(self, name, pwd):
from ghostwriter.User import User, UserPerm
from ghostwriter.UserManager import UserManager
u = User(name, name, [UserPerm.ADMIN])
umng = UserManager()
umng.addUser(u, pwd)
return u
def create_user(self):
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
self.username = '******'
self.password = '******'
u = User(self.username)
umng = UserManager()
umng.addUser(u, self.password)
def initdb():
""" Initialise the database """
print('Creating database')
try:
mm.create()
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
um = UserManager()
um.addUser(User('admin', 'Administrator'), 'admin')
print('Database created')
except Exception as e:
print('Error')
app.logger.error('Error while creating database: {}'.format(e))
def user_list_manage():
"""
Manages users
GET: Gets all users
POST: Creates an user
username: login name
password: the password
name: the user true name. Optional
Return an 200 OK if all OK
"""
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
um = UserManager()
if request.method == 'GET':
userlist = um.getAllUsers()
if len(userlist) <= 0:
return jsonify({'error': 'No users'}), 404
juser = []
for user in userlist:
jdata = {
'id': user.uid,
'username': user.username,
'name': user.name
}
juser.append(jdata)
return jsonify(juser), 200
elif request.method == 'POST':
login = request.form['username']
password = request.form['password']
try:
name = request.form['name']
except KeyError:
name = login
user = User(login, name)
um.addUser(user, password)
jdata = {'id': user.uid, 'username': user.username, 'name': user.name}
return jsonify(jdata), 200
else:
return "", 405
def test_update_user(self):
from flask import json
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
self.authenticate()
u = self.create_user('malakoi', 'devasso')
res = self.app.put('/api/user/2/', data = {
'name': 'Ixpertinho',
'username': '******'
}, follow_redirects=True)
self.assertEqual('200 OK', res.status)
um = UserManager()
u = um.getUserbyID(2)
self.assertEqual('Ixpertinho', u.name)
self.assertEqual('garoto', u.username)
def test_load_user(self):
from flask import json
import hashlib
self.authenticate()
u = self.create_user('malakoi', 'devasso')
res = self.app.get('/api/user/2/',
follow_redirects=True)
self.assertEqual('200 OK', res.status)
user_load = json.loads(res.data)
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
um = UserManager()
u = um.getUserbyID(user_load['id'])
self.assertEqual(u.uid, user_load['id'])
self.assertEqual(u.username, user_load['username'])
self.assertEqual(u.name, user_load['name'])
password_hash = hashlib.sha1(b'devasso').hexdigest()
self.assertIsNotNone(um.registerLogIn(u, password_hash))
def user_manage(userid):
"""
Manages an individual user
GET: Gets information from user with id 'userid'
DELETE: Delete said user
PUT: Update user information, unless password
Returns 404 Not Found if user not found, or 403 Forbidden
if trying to delete a user you are logged in
"""
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
um = UserManager()
u = um.getUserbyID(userid)
if u is None:
return jsonify({'error': 'User not found'}), 404
if request.method == 'GET':
jdata = {'id': u.uid, 'username': u.username, 'name': u.name}
return jsonify(jdata), 200
elif request.method == "PUT":
u.username = request.form['username']
u.name = request.form['name']
if 'old_password' in request.form:
if u.checkPassword(request.form['old_password'], um):
if 'password' in request.form:
um.updatePassword(u, request.form['password'])
um.updateUser(u)
jdata = {'id': u.uid, 'username': u.username, 'name': u.name}
return jsonify(jdata), 200
elif request.method == 'DELETE':
if current_user.uid == u.uid:
return jsonify({'error':
'Cannot delete user you are logged in'}), 403
um.removeUser(u)
return "", 200
else:
return "", 405
def test_create_user_authenticated(self):
from flask import json
import hashlib
self.authenticate()
res = self.app.post('/api/users/', data = {
'username': '******',
'password': '******',
'name': 'Teste'
}, follow_redirects=True)
self.assertEqual('200 OK', res.status)
user_load = json.loads(res.data)
from ghostwriter.User import User
from ghostwriter.UserManager import UserManager
um = UserManager()
u = um.getUserbyID(user_load['id'])
self.assertEqual(u.uid, user_load['id'])
self.assertEqual(u.username, user_load['username'])
self.assertEqual(u.name, user_load['name'])
password_hash = hashlib.sha1(b'pasteldebacon').hexdigest()
self.assertIsNotNone(um.registerLogIn(u, password_hash))