def reset_key_verify():
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
#Update password
db = get_db()
db.execute(
"UPDATE user SET password = ? WHERE username = ?",
(generate_password_hash(password), username),
)
db.commit()
#Get user id
user = db.execute("SELECT * FROM user WHERE username = ?",
(username, )).fetchone()
user_id = int(user['id'])
#Delete query in verify
db.execute(
"DELETE FROM verify WHERE user_id = ? AND subject = 'reset'",
(user_id, ))
db.commit()
flash("Your password has been reset.")
return redirect(url_for("auth.login"))
user_id = request.args.get('id')
verify_key = request.args.get('key')
db = get_db()
verify_data = db.execute(
"SELECT * FROM verify WHERE user_id = ? AND subject = 'reset' ORDER BY id DESC",
(user_id, )).fetchone()
if verify_data is None:
flash("You don't request for reset.")
return redirect(url_for("auth.login"))
elif verify_key == verify_data['verify_key']:
flash("Your email has been verified, Enter new password.")
user = db.execute("SELECT * FROM user WHERE id = ?",
(user_id, )).fetchone()
return render_template("auth/reset.html", email=user["username"])
else:
flash("Wrong url for rest verification.")
return redirect(url_for("auth.login"))
def get_mail_message(subject):
db = get_db()
m = db.execute(
"SELECT message FROM mail_template WHERE subject = ?",
(subject, ),
).fetchone()
return m['message']
def reset_request():
if request.method == "POST":
username = request.form["username"]
db = get_db()
user = db.execute(
"SELECT * FROM user WHERE username = ? AND is_verified = 1",
(username, )).fetchone()
if user is None:
flash("Wrong username.")
return render_template("auth/reset_request.html")
user_id = user["id"]
verify_key = randomString()
db.execute(
"INSERT INTO verify (user_id, subject, verify_key) VALUES (?, ?, ?)",
(user_id, 'reset', verify_key),
)
db.commit()
url = "http://" + str(request.host) + "/auth/reset/?id=" + str(
user_id) + "&key=" + verify_key
send_mail("reset", url, username, "Reset Password G-Home")
message = "Please, check your email."
flash(message)
return redirect(url_for('auth.login'))
return render_template("auth/reset_request.html")
def verify():
user_id = request.args.get('id')
verify_key = request.args.get('key')
db = get_db()
verify_data = db.execute(
"SELECT * FROM verify WHERE user_id = ? AND subject = 'verify'",
(user_id, )).fetchone()
e = ["Not Found", []]
if verify_data is None:
e[1].append("Not registered user.")
elif verify_key == verify_data['verify_key']:
db.execute(
"UPDATE user SET is_verified = ? WHERE id = ?",
(1, user_id),
)
db.commit()
db.execute(
"DELETE FROM verify WHERE user_id = ? AND subject = 'verify'",
(user_id),
)
db.commit()
flash("Your email has been verified.")
return redirect(url_for("auth.login"))
else:
e[1].append("Wrong Key.")
return render_template("error.html", errors=e)
def get_user_id(username):
db = get_db()
user = db.execute("SELECT * FROM user WHERE username = ?",
(username, )).fetchone()
if user is not None:
return user["id"]
return None
def add_user_token(username, auth_token):
db = get_db()
db.execute(
"INSERT INTO token (username, auth_token) VALUES (?,?)",
(username, auth_token),
)
db.commit()
def login():
"""Log in a registered user by adding the user id to the session."""
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
db = get_db()
error = None
user = db.execute("SELECT * FROM user WHERE username = ?",
(username, )).fetchone()
if user is None:
error = "Incorrect username."
elif not check_password_hash(user["password"], password):
error = "Incorrect password."
elif user["is_verified"] == 0:
error = "Your account not verified, check email."
if error is None:
# store the user id in a new session and return to the index
session.clear()
session["user_id"] = user["id"]
update_last_login(db, user["id"])
return redirect(url_for("index"))
flash(error)
return render_template("auth/login.html")
def update_switch_by_admin(pin, name, id):
db = get_db()
db.execute(
"UPDATE switch SET pin = ?, name = ? WHERE id = ?",
(pin, name, id),
)
db.commit()
def add_trigger(switch_id, value, time):
db = get_db()
db.execute(
"INSERT INTO trigger (switch_id, value, time) VALUES (?,?,?)",
(switch_id, value, time),
)
db.commit()
def update_trigger(trigger_id, value, time, is_enable):
db = get_db()
db.execute(
"UPDATE trigger SET value = ?, time = ?, is_enable = ? WHERE id = ?",
(value, time, is_enable, trigger_id),
)
db.commit()
def create_switch_by_admin(username, name, pin):
db = get_db()
db.execute(
"INSERT INTO switch (username, name, pin) VALUES (?,?,?)",
(username, name, pin),
)
db.commit()
def load_logged_in_user():
"""If a user id is stored in the session, load the user object from
the database into ``g.user``."""
user_id = session.get("user_id")
if user_id is None:
g.user = None
else:
g.user = (get_db().execute("SELECT * FROM user WHERE id = ?",
(user_id, )).fetchone())
def get_schedule_work():
now = datetime.datetime.now()
time = now.hour * 60 + now.minute
time = int(time / 30) * 30
db = get_db()
trigger = db.execute(
"SELECT token.auth_token, switch.pin, trigger.value, trigger.time FROM trigger, switch, token "
"WHERE trigger.switch_id = switch.id AND switch.username = token.username AND trigger.is_enable = 1 "
"AND trigger.time > ? AND trigger.time <= ?",
(time, time + 30),
).fetchall()
return trigger
def register():
"""Register a new user.
Validates that the username is not already taken. Hashes the
password for security.
"""
if request.method == "POST":
username = request.form["username"]
password = request.form["password"]
given_name = request.form["given_name"]
db = get_db()
error = None
if not username:
error = "Username is required."
elif not password:
error = "Password is required."
elif (db.execute("SELECT id FROM user WHERE username = ?",
(username, )).fetchone() is not None):
error = "User {0} is already registered.".format(username)
if error is None:
# the name is available, store it in the database and go to
# the login page
create_user_db(db, username, password, given_name, '', 0)
if "@" in username:
user_id = UserData.get_user_id(username)
verify_key = randomString()
db.execute(
"INSERT INTO verify (user_id, subject, verify_key) VALUES (?, ?, ?)",
(user_id, 'verify', verify_key),
)
db.commit()
url = "http://" + str(
request.host) + "/auth/verify/?id=" + str(
user_id) + "&key=" + verify_key
send_mail("verify", url, username, "Verify email address")
message = given_name + ", Your account created. Verify your email"
flash(message)
return redirect(url_for("auth.login"))
flash(error)
return render_template("auth/register.html")
def glogin():
email = request.form["email"]
given_name = request.form["given_name"]
profile_id = request.form["profile_id"]
image_url = request.form["image_url"]
db = get_db()
user = db.execute("SELECT * FROM user WHERE username = ?",
(email, )).fetchone()
if user is None:
# Register User
create_user_db(db, email, profile_id, given_name, image_url, 2)
user = db.execute("SELECT * FROM user WHERE username = ?",
(email, )).fetchone()
else:
# Update user last login
update_last_login(db, user["id"])
session.clear()
session["user_id"] = user["id"]
return redirect(url_for("index"))
def delete_trigger(id):
db = get_db()
db.execute("DELETE FROM trigger WHERE id = ?", (id, ))
db.commit()
def get_trigger(switch_id):
db = get_db()
trigger = db.execute("SELECT * FROM trigger WHERE switch_id = ?",
(switch_id, )).fetchall()
return trigger
def delete_switch_by_admin(id):
db = get_db()
db.execute("DELETE FROM switch WHERE id = ?", (id, ))
db.commit()
def get_tokens():
db = get_db()
token = db.execute("SELECT * FROM token").fetchall()
return token
def get_switch_from_id(id):
db = get_db()
switch = db.execute("SELECT * FROM switch WHERE id = ?", (id, )).fetchone()
return switch
def delete_token(id):
db = get_db()
db.execute("DELETE FROM token WHERE id = ?", (id, ))
db.commit()
def get_token(username):
db = get_db()
token = db.execute("SELECT * FROM token WHERE username = ?",
(username, )).fetchone()
return token
def get_switch(username):
db = get_db()
switch = db.execute("SELECT * FROM switch WHERE username = ?",
(username, )).fetchall()
return switch
