def auth_user(): """ auth endpoint """ data = validate_user(request.get_json()) if data['ok']: data = data['data'] # user = mongo.db.users.find_one({'email': data['email']}, {"_id": 0}) LOG.debug(user) if user and flask_bcrypt.check_password_hash(user['password'], data['password']): del user['password'] access_token = create_access_token(identity=data) refresh_token = create_refresh_token(identity=data) user['token'] = access_token user['refresh'] = refresh_token return jsonify({'ok': True, 'data': user}), 200 else: return jsonify({ 'ok': False, 'message': 'invalid username or password' }), 401 else: return jsonify({ 'ok': False, 'message': 'Bad request parameters: {}'.format(data['message']) }), 400
def post(self,path): self.head() if not user.validate_user(self): self.response.write(json.dumps({"_error": "Invalid email or password"})); else: # get user's state associated with path q = db.GqlQuery("SELECT * from State WHERE stype = 'page' and email = :1 and path = :2", self.request._email,path) state_entity = q.get() # if new state is supplied, update/insert user's state entry for this path new_state = self.request.params.get('state',None) if not new_state is None: # check the answers, annotate state new_state = check_answers(path,new_state) if state_entity is None: state_entity = State(parent = self.request._user, # user is parent of State entity email = self.request._email, stype = 'page', path = path) state_entity.state = new_state state_entity.timestamp = datetime.datetime.utcnow() state_entity.put() #logging.debug('user:%s, path:%s, new_state:%s'% (self.request._email,path,new_state)) # response with saved state self.response.write('{}' if state_entity is None else state_entity.state);
def post(self, path): self.head() self.response.headers['Content-Type'] = 'text/html' if not user.validate_user(self): message = '' if len(self.request.get('_user')) > 0: message = 'Invalid username or password' # give a user a form to sign in path = os.path.join(os.path.dirname(__file__), 'templates/login.html') self.response.write( template.render(path, { 'url': self.request.url, 'message': message })) return u = self.request._user template_file = 'templates/records.html' template_info = { 'url': self.request.url, 'name': u.first_name + ' ' + u.last_name, 'email': u.email, 'scores': grades.scores(u.email), } if u.status == 'staff': template_file = 'templates/records_staff.html' template_info['user_list'] = user.user_list() path = os.path.join(os.path.dirname(__file__), template_file) self.response.write(template.render(path, template_info))
def post(self,path): self.head() self.response.headers['Content-Type'] = 'text/html' if not user.validate_user(self): message = '' if len(self.request.get('_user')) > 0: message = 'Invalid username or password' # give a user a form to sign in path = os.path.join(os.path.dirname(__file__), 'templates/login.html') self.response.write(template.render(path,{'url': self.request.url,'message':message})) return u = self.request._user template_file = 'templates/records.html' template_info = { 'url': self.request.url, 'name': u.first_name + ' ' + u.last_name, 'email': u.email, 'scores': grades.scores(u.email), } if u.status == 'staff': template_file = 'templates/records_staff.html' template_info['user_list'] = user.user_list() path = os.path.join(os.path.dirname(__file__), template_file) self.response.write(template.render(path,template_info))
def login(): params = request.args if request.method == 'GET' else request.form username = params.get('username', '') password = params.get('password', '') if user.validate_user(username, password): return redirect('/users/') else: return render_template('login.html', username=username, error=u'用户名或密码错误')
def commituser(): adduser = request.form.get('adduser') addage = request.form.get('addage') addpassword = request.form.get('password') if user.validate_user(adduser,addage,addpassword): #外部模块user.validate_user判断用户信息True执行 user.add_user(adduser,addage,addpassword) return redirect('/users/') else: # 检查不通过 提示信息 return render_template('adduser.html',user='******')
def delete(self, **kwargs): playlist = models.Playlist.getPlaylistFromURL(kwargs) if not playlist: return self.returnJSON(None, code=404) user = validate_user(self.request) if not user or user.key != playlist.key.parent(): return self.returnJSON({"msg": "User Validation Failed"}, code=401) self.deletePlaylist(playlist)
def login(): params = request.args if request.method == 'GET' else request.form username=params.get('username', '') password=params.get('password','') if user.validate_user(username, password): session.permanent = True app.permanent_session_lifetime = timedelta(minutes=5) session['username']=username return redirect('/users/') else: return render_template('login.html',username=username,error=u'用户名或密码错误')
def post(self): user = validate_user(self.request) if not user: return self.returnJSON({"msg": "User Validation Failed"}, code=401) # create playlist from post request if 'title' not in self.request.POST or not self.request.POST['title']: return self.returnJSON(None, code=400) key = models.Playlist.createAndStore(self.request.POST, user) return self.returnJSON(json.dumps({'url':models.Playlist.keyForLinkFromKey(key), 'json':models.Playlist.jsonLinkfromKey(key)}), code=201)
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] id = validate_user(username, password) if id: user = User(id) login_user(user) return render_template('index.html') else: return "WRONG CREDENTIALS MAI FREND" else: return render_template('login.html')
def login(): params = request.args if request.method == 'GET' else request.form username = params.get('username', '') password = params.get('password', '') if user.validate_user(username, password): session.permanent = True app.permanent_session_lifetime = timedelta(minutes=5) session['username'] = username return redirect('/users/') else: return render_template('login.html', username=username, error=u'用户名或密码错误')
def get(self, **kwargs): if models.Playlist.__name__ in kwargs: plist = models.Playlist.getPlaylistFromURL(kwargs) if not plist: return self.returnJSON(None, code=404) if plist.isPublic: return self.returnJSON(plist.json()) else: user = validate_user(self.request) if not user or user.key != plist.key.parent(): return self.returnJSON({"msg": "User Validation Failed"}, code=401) else: return self.returnJSON(plist.json())
def put(self, **kwargs): snpt = models.Snippet.getSnippetFromURL(kwargs) if not snpt: return self.returnJSON(None, code=404) #print "SNPT PARENT >>> ", snpt.key.parent().parent() user = validate_user(self.request) if not user or user.key != snpt.key.parent().parent(): return self.returnJSON({"msg": "User Validation Failed"}, code=401) #update record snpt.populate(**models.getPopulateDictionary(models.Snippet, self.request.POST.items())) snpt.put() return self.returnJSON(json.dumps({"url":self.request.path, "snippet":json.loads(snpt.json())}), code=200, message="snippet updated")
def post(self, token): self.head() self.response.headers['Content-Type'] = 'text/html' if not user.validate_user( self) or self.request._user.status != 'staff': self.response.write('Only staff members can submit scores.') return email = self.request.get('email').strip() assignment = self.request.get('assignment').strip() action = self.request.get('action').strip() value = self.request.get('value').strip() notes = self.request.get('notes').strip() logging.info('email: ' + email) message = '' u = user.find_user(None, email=email) if len(action) != 0: if u is None: message = "User %s doesn't exist." % email else: score = Score(subject=course.subject, email=email, submitter=self.request._email, assignment=assignment, action=action, value=value, notes=notes) score.put() # display a form for editing user info template_file = 'templates/submit_score.html' template_info = { 'url': self.request.url.split('?')[0], # strip argument(s), if any 'status_url': self.request.url[:self.request.url.find('/grades/submit_score')], 'message': message, 'user': u, 'assignments': course.assignments, 'actions': get_scores(email), } path = os.path.join(os.path.dirname(__file__), template_file) self.response.write(template.render(path, template_info))
def get(self, **kwargs): playlist = models.Playlist.getPlaylistFromURL(kwargs) if not playlist: return self.returnJSON(None, code=404) if playlist.isPublic: return self.getPlaylist(playlist) user = validate_user(self.request) if not user or user.key != playlist.key.parent(): self.response.set_status(401) self.response.write("<h1>Unauthorized Access</h1>") return self.getPlaylist(playlist)
def delete(self, **kwargs): snpt = models.Snippet.getSnippetFromURL(kwargs) if not snpt: return self.returnJSON(None, code=404) plist = snpt.key.parent().get() user = validate_user(self.request) if not user or user.key != plist.key.parent(): return self.returnJSON({"msg": "User Validation Failed"}, code=401) if snpt.key in plist.snippetKeys: plist.snippetKeys.remove(snpt.key) plist.put() snpt.key.delete() return self.returnJSON(None, code=202, message="Snippet deleted")
def register(): """ register user endpoint """ data = validate_user(request.get_json()) if data['ok']: data = data['data'] data['password'] = flask_bcrypt.generate_password_hash( data['password']) # mongo.db.users.insert_one(data) return jsonify({ 'ok': True, 'message': 'User created successfully!' }), 200 else: return jsonify({ 'ok': False, 'message': 'Bad request parameters: {}'.format(data['message']) }), 400
def post(self,token): self.head() self.response.headers['Content-Type'] = 'text/html' if not user.validate_user(self) or self.request._user.status != 'staff': self.response.write('Only staff members can submit scores.') return email = self.request.get('email').strip() assignment = self.request.get('assignment').strip() action = self.request.get('action').strip() value = self.request.get('value').strip() notes = self.request.get('notes').strip() logging.info('email: '+email) message = '' u = user.find_user(None,email=email) if len(action) != 0: if u is None: message = "User %s doesn't exist." % email else: score = Score(subject = course.subject, email = email, submitter = self.request._email, assignment = assignment, action = action, value = value, notes = notes) score.put() # display a form for editing user info template_file = 'templates/submit_score.html' template_info = { 'url': self.request.url.split('?')[0], # strip argument(s), if any 'status_url': self.request.url[:self.request.url.find('/grades/submit_score')], 'message': message, 'user': u, 'assignments': course.assignments, 'actions': get_scores(email), } path = os.path.join(os.path.dirname(__file__), template_file) self.response.write(template.render(path,template_info))
def get(self): user = validate_user(self.request) if not user or "public" in self.request.GET: return self.returnJSON(json.dumps(models.Playlist.get_public_playlists())) else: return self.returnJSON(json.dumps(models.Playlist.get_users_playlists(user)))
def post(self,path): self.head() if not user.validate_user(self): self.response.write(json.dumps({"_error": "Invalid email or password"})); else: # dispatch on action action = self.request.params.get('action',None) # autosave -- save contents in 'autosave' record if action == 'autosave': contents = self.request.params.get('contents',None) if contents is None: self.response.write(json.dumps({"_error": "No contents specified in autosave request"})) else: self.put_record(self.get_record(path,'autosave'),contents) self.response.write('{}'); # load -- return contents of 'file', 'autosave' and 'backup' records elif action == 'load': #logging.debug("%s, %s" % (self.request._user,path)) file = self.find_record(path,'file') if file is None: self.response.write(json.dumps({"_error": "File not found on load: "+path})); else: # return dict holding 'file', 'autosave' and 'backup' contents result = {'file': file.state} file = self.find_record(path,'autosave') if file: result['autosave'] = file.state file = self.find_record(path,'backup') if file: result['backup'] = file.state self.response.write(json.dumps(result)) # save -- save contents in 'save' record, putting old contents in 'backup' # delete 'autosave' record, if any elif action == 'save': contents = self.request.params.get('contents',None) if contents is None: self.response.write(json.dumps({"_error": "No contents specified in save request"})) else: self.save_file(path,contents) self.response.write('{}') # folder -- create new folder elif action == 'folder': self.save_file(path,'') self.response.write('{}') # list -- list of user's files elif action == 'list': q = db.GqlQuery("SELECT path from State WHERE email = :1 and stype = 'file'", self.request._email) flist = [s.path for s in q.run(batch_size=1000)] self.response.write(json.dumps({"list": flist})) # delete -- remove all records with specified path prefix elif action == 'delete': # look up all the user's files q = db.GqlQuery("SELECT * from State WHERE email = :1 and stype = 'file'", self.request._email) # run through user's files looking for path prefix found = False for file in q.run(batch_size=1000): if file.path.startswith(path): victim = file.path db.delete(file) found = True # delete 'backup' and 'autosave' records, if any file = self.find_record(victim,'backup') if file: db.delete(file) file = self.find_record(victim,'autosave') if file: db.delete(file) if not found: self.response.write(json.dumps({"_error": "File not found on delete: "+path})) else: self.response.write('{}') # rename -- change path on 'file', 'autosave' and 'backup' records elif action == 'rename': file = self.find_record(path,'file') if file: newpath = self.request.params.get('path',None) if newpath is None: self.response.write(json.dumps({"_error": "No path specified on rename"})) else: newfile = self.find_record(newpath,'file') if newfile: self.response.write(json.dumps({"_error": "File already exists: "+newpath})) else: # rename file by changing the path field, don't update timestamp file.path = newpath file.put() # rename backup and autosave records too file = self.find_record(path,'backup') if file: file.path = newpath file.put() file = self.find_record(path,'autosave') if file: file.path = newpath file.put() self.response.write('{}') else: self.response.write(json.dumps({"_error": "File not found on rename: "+path})) # zip -- return a zip file containing all the user's files elif action == 'zip': result = io.BytesIO() zip = zipfile.ZipFile(result,'a') # append new archive to empty file # each each user file to the archive q = db.GqlQuery("SELECT * from State WHERE email = :1 and stype = 'file'", self.request._email) for file in q.run(batch_size=1000): # set up correct info for archive member info = zipfile.ZipInfo(filename=file.path) info.date_time = (file.timestamp.year, file.timestamp.month, file.timestamp.day, file.timestamp.hour, file.timestamp.minute, file.timestamp.second) info.create_system = 0 # fix for Linux zip files read in windows zip.writestr(info,bytes(file.state)) zip.close() self.response.headers['Content-Type'] = 'application/x-zip-compressed' self.response.headers['Content-Disposition'] = 'attachment; filename=computation_structures.zip' self.response.write(result.getvalue()) # upload -- upload a file elif action == 'upload': if len(self.request.get('upload')) > 0: userfile = self.request.POST.multi['userfile'] if os.path.splitext(userfile.filename)[1] == '.zip': # user uploaded a .zip file zip = zipfile.ZipFile(StringIO(userfile.file.read())) for info in zip.infolist(): timestamp = datetime.datetime(*info.date_time) self.save_file(info.filename,zip.read(info),timestamp=timestamp) else: # user uploaded a single file path = os.path.basename(userfile.filename) self.save_file(path,userfile.file.read()) # give a user a form to submit their file path = os.path.join(os.path.dirname(__file__), 'templates/upload.html') self.response.headers['Content-Type'] = 'text/html' self.response.write(template.render(path,{'url': self.request.url})) else: self.response.write(json.dumps({"_error": "Unrecognized file action: "+str(action)}))