def test_create_chat_in_put_data_event(self): with self.app.test_client() as client1, self.app.test_client() as client2: self.init_two_clients(client1, client2) socket_io_client1, socket_io_client2 = self.get_socket_io_clients(client1, client2) socket_io_client1.emit('enter_room', namespace=self.events_namespace) socket_io_client2.emit('enter_room', namespace=self.events_namespace) result = db.session.execute(select(chats)) self.assertEqual(len(result.all()), 0) result.close() self.assertFalse(User.is_chat_between(1, 2)) self.assertEqual(User.is_chat_between.cache_info().currsize, 1) socket_io_client1.emit('put_data', {'message': 'test_message', 'timestamp_milliseconds': time.time() * 1000}, namespace=self.events_namespace) self.assertEqual(User.is_chat_between.cache_info().currsize, 0) result = db.session.execute(select(chats)) self.assertEqual(len(result.all()), 1) result.close() self.assertTrue(User.is_chat_between(1, 2)) self.assertTrue(User.is_chat_between(2, 1)) self.assertEqual(User.is_chat_between.cache_info().currsize, 2) User.is_chat_between.cache_clear() self.assertTrue(User.is_chat_between(1, 2)) socket_io_client2.emit('put_data', {'message': 'test_message2', 'timestamp_milliseconds': time.time() * 1000}, namespace=self.events_namespace) self.assertEqual(User.is_chat_between.cache_info().currsize, 2) result = db.session.execute(select(chats)) self.assertEqual(len(result.all()), 1) result.close() self.assertTrue(User.is_chat_between(2, 1)) self.assertEqual(User.is_chat_between.cache_info().currsize, 2)
def test_chat_messages_list_post(self): self.init_main_user() self.register_users(1) User.create_chat(1, 2) db.session.commit() self.assertEqual(db.session.query(Message).count(), 0) response = self.test_client.post('/api/chats/1/messages', json={'texts': ['first']}, headers=self.basic_auth_header) self.assertEqual(response.status_code, 201) data = response.json self.assertTrue(data['user_id'] == 1 and data['chat_id'] == 1) self.assertEqual(db.session.query(Message).count(), 1) message = Message.query.first() self.assertTrue( message.text == 'first' and message.sender_id == 1 and message.receiver_id == 2 and message.chat_id == 1) response = self.test_client.post('/api/chats/1/messages', json={'texts': ['second', 'third', 'fourth']}, headers=self.bearer_auth_header) self.assertEqual(response.status_code, 201) data = response.json self.assertTrue(data['user_id'] == 1 and data['chat_id'] == 1) self.assertEqual(db.session.query(Message).count(), 4) new_messages = Message.query.all()[1:] self.assertTrue( new_messages[0].text == 'second' and new_messages[1].text == 'third' and new_messages[2].text == 'fourth')
def test_chats_list(self): self.init_main_user() self.register_users(3) User.create_chat(1, 2) User.create_chat(1, 3) db.session.commit() self.assertEqual(db.session.query(chats).count(), 2) response = self.test_client.get('/api/chats', headers=self.bearer_auth_header) self.assertEqual(response.status_code, 200) data = response.json self.assertEqual(data['user_id'], 1) self.assertEqual(len(data['data']), 2) chat1, chat2 = data['data'] self.assertTrue(chat1['chat_id'] == 1 and chat1['user1_id'] == 1 and chat1['user2_id'] == 2) self.assertTrue(chat2['chat_id'] == 2 and chat2['user1_id'] == 1 and chat2['user2_id'] == 3) response = self.test_client.post('/api/chats', json={'companion_id': 4}, headers=self.bearer_auth_header) self.assertEqual(response.status_code, 201) self.assertEqual(db.session.query(chats).count(), 3) data = response.json self.assertTrue(data['user_id'] == 1 and data['companion_id'] == 4 and data['chat_id'] == 3) response = self.test_client.get('/api/chats', headers=self.bearer_auth_header) self.assertEqual(response.status_code, 200) data = response.json self.assertEqual(len(data['data']), 3) chat3 = data['data'][2] self.assertTrue(chat3['chat_id'] == 3 and chat3['user1_id'] == 1 and chat3['user2_id'] == 4) response = self.test_client.post('/api/chats', json={'companion_id': 4}, headers=self.bearer_auth_header) self.assertEqual(response.status_code, 400)
def test_return_chat_or_abort(self): users = init_users(2) User.create_chat(1, 2) db.session.add_all(users) db.session.commit() chat = return_chat_or_abort(1) self.assertEqual(chat.user1_id, 1) self.assertEqual(chat.user2_id, 2) with self.assertRaises(NotFound): return_chat_or_abort(2)
def test_abort_if_not_a_participant(self): users = init_users(3) User.create_chat(1, 2) User.create_chat(2, 3) db.session.add_all(users) with self.assertRaises(Forbidden): abort_if_not_a_participant(1, return_chat_or_abort(2)) try: abort_if_not_a_participant(2, return_chat_or_abort(2)) except Forbidden: self.fail(msg="403 error must not have been raised")
def testfunctionhashpassword(self): new_user = User( username='******', email='*****@*****.**', password='******', role=1, status=1 ) db.session.add(new_user) db.session.commit() self.assertTrue(new_user.check_password('test'))
def test_reset_password_expired_get(self): user = User(email='*****@*****.**', username='******', password_hash='123') db.session.add(user) db.session.commit() token = user.get_reset_password_token(0.5) time.sleep(1) response = self.test_client.get( f'/authentication/reset_password/{token}') self.assertEqual(response.status_code, 200) self.assertTrue('<title>Expired</title>' in response.data.decode())
def delete(self, chat_id: int): """Deletes the certain chat with a given id.""" current_user_id = g.user.user_id chat = return_chat_or_abort(chat_id) abort_if_not_a_participant(current_user_id, chat) Message.delete_messages(chat_id=chat_id) User.delete_chat(chat_id=chat_id) db.session.commit() return { 'user_id': current_user_id, 'chat_id': chat_id, 'message': 'Chat was successfully deleted' }, 200
def test_generate_token(self): user = User( username='******', email='*****@*****.**', password='******', role=1, status=1 ) db.session.add(user) db.session.commit() with app.test_request_context(): token = user.generate_token() self.assertTrue(user.verify_token(token) == user)
def register_user(): form = RegistrationForm() if current_user.is_authenticated: flash('you are already registered') return redirect(url_for('main.display_books')) if form.validate_on_submit(): User.create_user( user=form.name.data, email=form.email.data, password=form.password.data) flash('Registration Successful') return redirect(url_for('authentication.do_the_login')) return render_template('registration.html', form=form)
def test_get_more_messages(self): messages_limit = self.app.config['MESSAGES_PER_LOAD_EVENT'] with self.app.test_client() as client1, self.app.test_client() as client2: self.init_two_clients(client1, client2) socket_io_client1, socket_io_client2 = self.get_socket_io_clients(client1, client2) socket_io_client1.emit('enter_room', namespace=self.events_namespace) socket_io_client2.emit('enter_room', namespace=self.events_namespace) User.create_chat(1, 2) # erase status messages socket_io_client1.get_received(namespace=self.events_namespace) socket_io_client2.get_received(namespace=self.events_namespace) number_of_messages = 15 db.session.add_all( [Message(text=str(figure), sender_id=1, receiver_id=2) for figure in range(number_of_messages)]) db.session.commit() self.assertEqual(len(Message.query.all()), number_of_messages) for messages_offset in range(0, number_of_messages): socket_io_client1.emit('get_more_messages', {'messages_offset': messages_offset}, namespace=self.events_namespace) received1 = socket_io_client1.get_received(self.events_namespace) received2 = socket_io_client2.get_received(self.events_namespace) self.assertEqual(len(received2), 0) self.assertEqual(len(received1), 1) received_data = received1[0]['args'][0] self.assertTrue(received_data['messages_number'] <= messages_limit) self.assertEqual(received_data['messages_number'], number_of_messages - messages_offset if number_of_messages - messages_offset <= messages_limit else messages_limit) messages_offset = 10 socket_io_client1.emit('get_more_messages', {'messages_offset': messages_offset}, namespace=self.events_namespace) received1 = socket_io_client1.get_received(self.events_namespace) received_messages = received1[0]['args'][0]['messages'] for message, message_text in zip(received_messages, reversed(range( number_of_messages - messages_offset if number_of_messages - messages_offset <= messages_limit else messages_limit))): self.assertTrue(message['is_current_user']) self.assertEqual(message['message_text'], str(message_text)) messages_offset = 10 socket_io_client2.emit('get_more_messages', {'messages_offset': messages_offset}, namespace=self.events_namespace) received2 = socket_io_client2.get_received(self.events_namespace) received_messages = received2[0]['args'][0]['messages'] for message in received_messages: self.assertFalse(message['is_current_user'])
def get_user(): """Get the password from env vars or a default.""" username = environ.get('SEED_USER_USERNAME', 'bchrobot') email = environ.get('SEED_USER_EMAIL', '*****@*****.**') password = environ.get('SEED_USER_PASSWORD', 'Foobar22') new_user = User( username=username, email=email, user_type='user', ) new_user.password_authentication = PasswordAuthentication( password=password) return new_user
def test_verify_token(self): user = User( username='******', email='*****@*****.**', password='******', role=1, status=1 ) db.session.add(user) db.session.commit() usertest = User.query.filter(User.username == 'Testuser').first() with app.test_request_context(): token = user.generate_token(expiration=10) self.assertIs(user.verify_token(token), user) self.assertIsNot(user, usertest.verify_token(token))
def article_update(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) form = ArticleUpdateForm() if request.method == 'POST': if form.validate_on_submit(): section = str(form.section.data) section = section[section.find("'") + 1: section.find(">") - 1] my_article = Article.find_by_id(form.id_article.data) my_article.section_name = section my_article.title = form.title.data my_article.body = form.body.data db.session.commit() return 'update realizado' else: id_article = request.args.get('id') my_article = Article.find_by_id(id_article) if user.username != my_article.user_name: return 'No tiene permisos' form.id_article.data = id_article form.user_name.data = my_article.user_name form.title.data = my_article.title form.body.data = my_article.body form.section.data = my_article.section return render_template('article/update.html', form=form)
def signup(): new_user = request.json phone = new_user['phone'] email = new_user['email'] country = new_user['country'] name = new_user['name'] region = new_user['region'] district = new_user['district'] password = new_user['password'] status = new_user['status'] if user_exist_by_contact(phone): return jsonify(error_return(301, 'user with phone already exists')) if user_exist_by_email(email): return jsonify( error_return(301, 'user with email address already exists')) hashed_password = generate_password_hash(password) new_user_data = User(country, region, district, phone, name, email, hashed_password, status) db.session.add(new_user_data) db.session.commit() return jsonify(success_return(201, {'name': name, 'phone': phone}))
def test_register(self): self.assertEqual(len(User.query.all()), 0) response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'test_name', 'password': '******'}) self.assertEqual(response.status_code, 201) self.assertEqual(len(User.query.all()), 1) user = User.get_user_by_id(1) self.assertTrue( user.email == '*****@*****.**' and user.username == 'test_username' and user.name == 'test_name' and user.verify_password('12345678')) # an existing email response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'test_name', 'password': '******'}) self.assertEqual(response.status_code, 400) # an existing username response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'test_name', 'password': '******'}) self.assertEqual(response.status_code, 400) # an invalid email response = self.test_client.post('/api/register', json={'email': 'test-gmail.com', 'username': '******', 'name': 'test_name', 'password': '******'}) self.assertEqual(response.status_code, 400) # an invalid username response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'test_name', 'password': '******'}) self.assertEqual(response.status_code, 400) # an invalid name response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'te', 'password': '******'}) self.assertEqual(response.status_code, 400) # an invalid password response = self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'test', 'password': '******'}) self.assertEqual(response.status_code, 400)
def test_basic_or_bearer_authorization_required(self): self.init_main_user() user = User.get_user_by_id(1) basic = {'Authorization': f'Basic {base64.b64encode(f"{user.email}:12345678".encode()).decode()}'} self.assertEqual(self.test_client.get('/api/token', headers=basic).status_code, 200) basic_not_existing_email = { 'Authorization': f'Basic {base64.b64encode(f"[email protected]:12345678".encode()).decode()}'} response = self.test_client.get('/api/token', headers=basic_not_existing_email) self.assertEqual(response.status_code, 401) self.assertEqual(response.json['message'], 'Wrong login! Maybe, you have not been registered') basic_wrong_password = { 'Authorization': f'Basic {base64.b64encode(f"{user.email}:wrong".encode()).decode()}'} response = self.test_client.get('/api/token', headers=basic_wrong_password) self.assertEqual(response.status_code, 401) self.assertEqual(response.json['message'], 'Wrong password! Try again') token = user.get_authentication_token(0.5) time.sleep(1) bearer_expired_token = {'Authorization': f'Bearer {token}'} response = self.test_client.get('/api/token', headers=bearer_expired_token) self.assertEqual(response.status_code, 401) self.assertEqual(response.json['message'], 'Your authentication token period has expired') token = user.get_authentication_token() bearer_bad_token = {'Authorization': f'Bearer {token + "salt"}'} response = self.test_client.get('/api/token', headers=bearer_bad_token) self.assertEqual(response.status_code, 401) self.assertEqual(response.json['message'], 'Authentication token is not valid') response_without_auth = self.test_client.get('/api/token') self.assertEqual(response_without_auth.status_code, 403) self.assertEqual(response_without_auth.json['message'], 'To access use Basic (base64) or Bearer (jwt) http authorization')
def recognize_logged_in_user(): """Before each request to the server the function takes user id from the session, receives user instance by the id and add him to flask application context variable. So, each view has an access to the current logged in user""" current_user_id = session.get('current_user_id') user = User.get_user_by_id( current_user_id) if current_user_id is not None else None setattr(g, 'user', user)
def return_user_or_abort(user_id: int) -> 'User': """Returns user model instance if it exists, else - makes abort""" try: return User.get_user_by_id(user_id) except UserNotFoundByIndexError: logger.info('Abort because user was not found') abort(404, message=f'User {user_id} does not exist')
def test_update(self): self.init_main_user() user = User.get_user_by_id(1) self.assertEqual(user.username, 'main_username') self.assertEqual(user.name, 'main_name') response = self.test_client.post('/api/update', json={'name': 'new_name'}, headers=self.basic_auth_header) self.assertEqual(response.status_code, 202) self.assertEqual(user.name, 'new_name') self.assertEqual(response.json['name'], 'new_name') response = self.test_client.post('/api/update', json={'username': '******'}, headers=self.bearer_auth_header) self.assertEqual(response.status_code, 202) self.assertEqual(user.username, 'new_username') self.assertEqual(response.json['username'], 'new_username') response = self.test_client.post('/api/update', json={'name': 'old_name', 'username': '******'}, headers=self.bearer_auth_header) self.assertEqual(response.status_code, 202) self.assertEqual(user.name, 'old_name') self.assertEqual(user.username, 'old_username') self.assertEqual(response.json['name'], 'old_name') self.assertEqual(response.json['username'], 'old_username') response = self.test_client.post('/api/update', json={'name': 'old_name'}, headers=self.basic_auth_header) self.assertEqual(response.status_code, 400) self.assertEqual(response.json['message'], 'Nothing was updated') response = self.test_client.post('/api/update', json={'username': '******'}, headers=self.bearer_auth_header) self.assertEqual(response.status_code, 400) self.assertEqual(response.json['message'], 'Nothing was updated')
def post(self): parser = reqparse.RequestParser() parser.add_argument('username') parser.add_argument('password') parser.add_argument('email') parser.add_argument('displayName') args = parser.parse_args() permissions = 2 rows = db.session.query(User).count() if (rows == 0): permissions = 0 test_user = User.query.get(args.username) if (test_user is not None): return "{'registrationError': true, 'userExists': true}", 409 password = bcrypt_sha256.hash(args.password) try: user = User(args.username, password, args.displayName, args.email, None, None, permissions) db.session.add(user) setting = Setting("configured", "true") db.session.add(setting) db.session.commit() except InvalidRequestError: return "{'registrationError': true, 'databaseError': true}", 409 return "{'registrationError': false}", 201
def __init__(self, *args, **kwargs): sender_id = kwargs.get('sender_id') receiver_id = kwargs.get('receiver_id') if not User.is_chat_between(sender_id, receiver_id): logger.info('Message __init__ is making a chat between users') User.create_chat(sender_id, receiver_id) if 'chat_id' not in kwargs: self.chat_id = User.get_chat_id_by_users_ids( sender_id, receiver_id) else: if not kwargs.get('chat_id') == User.get_chat_id_by_users_ids( sender_id, receiver_id): logger.critical( "Chat id in message __init__ turned out to be wrong somehow" ) raise AssertionError super().__init__(*args, **kwargs)
def article_views(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) article = Article.find_by_author(user.username) return render_template("article/views.html", article=article)
def get(self, token): """Checks token and if it is right, allows user to visit the page and fill out the form""" try: user = User.get_user_by_reset_password_token(token) except SignatureExpired: return render_template( 'authentication/reset_password_expired.html') except BadSignature: abort(404) return render_template('authentication/reset_password.html', user=user)
def profile(): if 'token' not in session: return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: flash(u'Token Time Out', 'error') return redirect(url_for('auth.signin')) else: return render_template('authentication/profile.html')
def test_get_user_chats_and_last_messages(self): users = init_users(5) User.create_chat(1, 2) User.create_chat(1, 3) User.create_chat(1, 4) User.create_chat(2, 3) db.session.add_all(users) m1 = Message(text='m1', sender_id=1, receiver_id=2) m2 = Message(text='m2', sender_id=2, receiver_id=1) m3 = Message(text='m3', sender_id=1, receiver_id=2) m4 = Message(text='m4', sender_id=1, receiver_id=3) m5 = Message(text='m5', sender_id=3, receiver_id=1) m6 = Message(text='m6', sender_id=1, receiver_id=4) m7 = Message(text='m7', sender_id=2, receiver_id=3) m8 = Message(text='m8', sender_id=3, receiver_id=2) db.session.add_all([m1, m2, m3, m4, m5, m6, m7, m8]) db.session.commit() chats1 = get_uc(1).all() self.assertEqual(len(chats1), 3) self.assertEqual(chats1[0][0], 'user4') self.assertEqual(chats1[1][0], 'user3') self.assertEqual(chats1[2][0], 'user2') self.assertEqual(chats1[0][2], 'm6') self.assertEqual(chats1[1][2], 'm5') self.assertEqual(chats1[2][2], 'm3') chats2 = get_uc(2).all() self.assertEqual(len(chats2), 2) self.assertEqual(chats2[0][0], 'user3') self.assertEqual(chats2[1][0], 'user1') self.assertEqual(chats2[0][2], 'm8') self.assertEqual(chats2[1][2], 'm3') chats3 = get_uc(3).all() self.assertEqual(len(chats3), 2) self.assertEqual(chats3[0][0], 'user2') self.assertEqual(chats3[1][0], 'user1') self.assertEqual(chats3[0][2], 'm8') self.assertEqual(chats3[1][2], 'm5') chats4 = get_uc(4).all() self.assertEqual(len(chats4), 1) self.assertEqual(chats4[0][0], 'user1') self.assertEqual(chats4[0][2], 'm6') chats5 = get_uc(5).all() self.assertEqual(len(chats5), 0)
def test_token(self): self.test_client.post('/api/register', json={'email': '*****@*****.**', 'username': '******', 'name': 'test_name', 'password': '******'}) response = self.test_client.get('/api/token', headers={ 'Authorization': f'Basic {base64.b64encode(b"[email protected]:12345678").decode()}'}) self.assertEqual(response.status_code, 200) data = response.json self.assertEqual(data['expires_in'], current_app.config['AUTHENTICATION_TOKEN_DEFAULT_EXPIRES_IN']) self.assertEqual(User.get_user_by_authentication_token(data['token']).email, '*****@*****.**') response = self.test_client.get('/api/token', headers={'Authorization': f'Bearer {data["token"]}'}) self.assertEqual(response.status_code, 200)
def signup(): form = SignupForm() if ('token' in session) and (User.verify_token(session['token'])): return redirect(url_for('auth.profile')) if request.method == 'POST': if form.validate() is False: return render_template("authentication/signup.html", form=form) else: new_user = User(form.username.data, form.email.data, form.password.data, READ_ROLE + COMMENT_ROLE + WRITE_ROLE, 1) db.session.add(new_user) db.session.commit() session['user_id'] = new_user.id session['token'] = new_user.generate_token() session['email'] = new_user.email session['user_name'] = new_user.username return redirect(url_for('auth.profile')) elif request.method == 'GET': return render_template("authentication/signup.html", form=form)
def change_pass(): token = request.args.get('token',None) verified_result = User.verify_token_email(token) if token and verified_result: print verified_result password_submit_form = ResetPasswordSubmit(request.form) if password_submit_form.validate_on_submit(): verified_result.password = generate_password_hash(password_submit_form.password.data) db.session.commit() flash("password updated successfully") return render_template('authentication/base.html') return render_template("authentication/change_pass.html",form=password_submit_form)
def post(self): """Simple registration route. Any user can put his credentials and receive an answer. If everything is alright, the user will be registered by system""" parser = reqparse.RequestParser() parser.add_argument('email', type=str, required=True) parser.add_argument('username', type=str, required=True) parser.add_argument('name', type=str, required=True) parser.add_argument('password', type=str, required=True) args = parser.parse_args() email = args.get('email') username = args.get('username') name = args.get('name') password = args.get('password') try: validate_email(email) validate_length( username, 3, 25, error_message='Username length must be between 3 and 25 chars') validate_length( name, 3, 25, error_message='Name length must be between 3 and 25 chars') validate_password_length(password) except ValidationError as error: abort(400, message=error.message) if User.query.filter_by(email=email).first(): abort(400, message=f"User '{email}' has been registered!") elif User.query.filter_by(username=username).first(): abort(400, message= f"Username '{username}' is busy! Try putting another one") else: user = User(email=email, username=username, name=name) user.set_password(password) db.session.add(user) db.session.commit() return {'email': email, 'message': 'Successfully registered!'}, 201
def change_pass(): token = request.args.get("token", None) verified_result = User.verify_token(token) if token and verified_result: print verified_result password_submit_form = ResetPasswordSubmit(request.form) if password_submit_form.validate_on_submit(): verified_result.password = generate_password_hash(password_submit_form.password.data) db.session.commit() flash("password updated successfully") return redirect("users") return render_template("change_pass.html", form=password_submit_form)
def test_user_chats_list(self): with self.test_client as client: client.post('/authentication/register', data={ 'email': '*****@*****.**', 'username': '******', 'name': 'Ann1', 'password1': 'Who am I', 'password2': 'Who am I' }, follow_redirects=True) client.post('/authentication/register', data={ 'email': '*****@*****.**', 'username': '******', 'name': 'Ann2', 'password1': 'Who am I', 'password2': 'Who am I' }, follow_redirects=True) client.post('/authentication/login', data={ 'email': '*****@*****.**', 'password': '******' }, follow_redirects=True) User.create_chat(1, 2) db.session.add( Message(text='test_text', sender_id=1, receiver_id=2)) db.session.commit() response = client.get('/chats/list') self.assertEqual(response.status_code, 200) response_data = response.data.decode() self.assertTrue('<title>Chats list</title>' in response_data) self.assertTrue('test_text' in response_data) self.assertTrue('Ann2' in response_data) self.assertTrue('test_user2' in response_data)
def post(self): """ Receives user data, verify it and add new user to database. :return: rendered html code or :class:`Response` (redirect) :rtype:str, Response """ email = request.form['email'] username = request.form['username'] name = request.form['name'] password1 = request.form['password1'] password2 = request.form['password2'] try: validate_email(email) validate_length( name, 3, 25, error_message= 'Please, input name with a length between 3 and 25 chars') validate_equal_passwords(password1, password2) validate_password_length(password2) except ValidationError as error: flash(error.message) return render_template('authentication/register.html') if User.query.filter_by(email=email).first(): flash('User with such an email has been registered!') elif User.query.filter_by(username=username).first(): flash('This username is busy! Try putting another one') else: user = User(email=email, username=username, name=name) user.set_password(password2) db.session.add(user) db.session.commit() flash('Successfully registered!') return redirect(url_for('authentication.login')) return render_template('authentication/register.html')
def delete_messages(two_users_ids: list = None, chat_id: int = None): """ Deletes all the messages from the chat between two given users in the list. Instead of list, chat id can be used directly to delete all the messages from it. Changes must be committed after executing this method in order to save them. :param two_users_ids: users ids in a list. The chat between them will be deleted :type two_users_ids: list :param chat_id: the chat, which will be deleted :type chat_id: int """ chat_id = chat_id or User.get_chat_id_by_users_ids(*two_users_ids) db.session.execute(delete(Message).where(Message.chat_id == chat_id)) logger.warning( f"All the messages between {two_users_ids} were deleted")
def change_pass(): token = request.args.get('token', None) verified_result = User.verify_token_email(token) if token and verified_result: print verified_result password_submit_form = ResetPasswordSubmit(request.form) if password_submit_form.validate_on_submit(): verified_result.password = generate_password_hash( password_submit_form.password.data) db.session.commit() flash("password updated successfully") return render_template('authentication/base.html') return render_template("authentication/change_pass.html", form=password_submit_form)
def signin(): form = LoginForm(request.form) if 'token' in session: user = User.verify_token(session['token']) if user: return redirect(url_for('auth.profile')) if request.method == 'POST': if form.validate(): user = User.query.filter_by(email=form.email.data).first() session['user_id'] = user.id session['token'] = user.generate_token() session['email'] = user.email session['user_name'] = user.username return redirect(url_for('auth.profile')) return render_template("authentication/signin.html", form=form)
def post(self): """Creates a new chat between the current user and the users with the given in json id""" parser = reqparse.RequestParser() parser.add_argument('companion_id', required=True, type=int, help='User\'s id to create a chat with') args = parser.parse_args() current_user_id = g.user.user_id user_id = args.get('companion_id') return_user_or_abort(user_id) try: User.create_chat(current_user_id, user_id) except ChatAlreadyExistsError: abort(400, message=f'Your chat with the user {user_id} already exists') db.session.commit() return { 'user_id': current_user_id, 'companion_id': user_id, 'chat_id': User.get_chat_id_by_users_ids(current_user_id, user_id), 'message': 'Chat was successfully created' }, 201
def article_delete(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) id = request.args.get('id', None) if(id): article = Article.query.filter_by(id=id).first() if(not (article is None)): db.session.delete(article) db.session.commit() flash(u'Article Deleted', 'messages') return redirect(url_for('art.article_views'))
def test_forgot_password_expired_and_bad_token(self): self.init_main_user() user = User.get_user_by_id(1) token = user.get_reset_password_token(0.5) time.sleep(1) response = self.test_client.post('/api/reset-password', json={'token': token, 'password': '******'}) self.assertEqual(response.status_code, 400) self.assertEqual(response.json['message'], 'Reset password token has expired. Use a new one') token = user.get_reset_password_token() response = self.test_client.post('/api/reset-password', json={'token': token + 'salt', 'password': '******'}) self.assertEqual(response.status_code, 400) self.assertEqual(response.json['message'], 'Reset password token is not valid') response = self.test_client.post('/api/reset-password', json={'token': token, 'password': '******'}) self.assertEqual(response.status_code, 400) self.assertEqual(response.json['message'], 'Password is too short')
def post(self, token): """Receives new user password and save it""" password1 = request.form['password1'] password2 = request.form['password2'] user = User.get_user_by_reset_password_token(token) try: validate_equal_passwords(password1, password2) validate_password_length(password2) except ValidationError as error: flash(error.message) return render_template('authentication/reset_password.html', user=user) user.set_password(password2) db.session.add(user) db.session.commit() flash('You password was successfully reset') return redirect(url_for('authentication.login'))
def article_create(): if 'token' not in session: flash(u'You Need Login', 'error') return redirect(url_for('auth.signin')) user = User.verify_token(session['token']) if user is None: return redirect(url_for('auth.signin')) username = user.username form = ArticleCreateForm() form.user_name.data = user.username if request.method == 'POST': if form.validate_on_submit(): article = Article() form.populate_obj(article) db.session.add(article) db.session.commit() return 'CREADO' return render_template('article/create.html', form=form, user=user, username=username)
def seed_db(): """Seed the database.""" default_user = get_user() # Create Mason Lab mason_lab = User( username='******', email='*****@*****.**', user_type='organization', ) membership = OrganizationMembership(role='admin') membership.user = default_user mason_lab.user_memberships.append(membership) db.session.add_all([mason_lab, membership]) db.session.commit() # Create ABRF sample group abrf_uuid = UUID('00000000-0000-4000-8000-000000000000') abrf_description = 'ABRF San Diego Mar 24th-29th 2017' abrf_2017_group = SampleGroup( name='ABRF 2017', owner_uuid=mason_lab.uuid, owner_name=mason_lab.username, is_library=True, analysis_result=create_abrf_result(save=True), description=abrf_description) abrf_2017_group.uuid = abrf_uuid abrf_sample_01 = Sample(name='SomethingUnique_A', library_uuid=abrf_uuid, analysis_result=create_abrf_result(save=True), metadata=generate_metadata()).save() abrf_sample_02 = Sample(name='SomethingUnique_B', library_uuid=abrf_uuid, analysis_result=create_abrf_result(save=True), metadata=generate_metadata()).save() abrf_2017_group.samples = [abrf_sample_01, abrf_sample_02] db.session.add(abrf_2017_group) db.session.commit() # Create fuzzed group fuzz_uuid = UUID('00000000-0000-4000-8000-000000000001') create_saved_group(owner=mason_lab, uuid=fuzz_uuid)
def testarticlecreateget(self): test = app.test_client(self) response = test.get('/art/create/', content_type='html/text') self.assertEqual(response.status_code, 302) assert 'token' in session self.assertTrue(User.verify_token(session['token'])!=None)