def add():
try:
uid = int(request.headers['Uid'])
data = request.json
if data is None:
return response_error(MESSAGE.INVALID_DATA, CODE.INVALID_DATA)
response_json = []
for item in data:
token = Token(symbol=item['symbol'],
name=item['name'],
decimal=int(item['decimal']),
contract_address=item['contract_address'],
created_user_id=uid)
db.session.add(token)
db.session.flush()
task = Task(task_type=CONST.TASK_TYPE['ERC_20'],
data=json.dumps(token.to_json()),
action=CONST.TASK_ACTION['ADD_TOKEN'],
status=-1,
contract_address=g.ERC20_TOKEN_REGISTRY_SMART_CONTRACT,
contract_json=g.ERC20_TOKEN_REGISTRY_JSON)
db.session.add(task)
db.session.flush()
response_json.append(token.to_json())
db.session.commit()
return response_ok(response_json)
except Exception, ex:
db.session.rollback()
return response_error(ex.message)
def post(self):
form = CreateTokenForm()
tokens = Token.query.order_by(Token.id.desc()).all()
if form.validate_on_submit():
try:
# Generate UUID
gen_uuid = str(uuid.uuid4())
# Create database entry
t = Token()
t.uuid = gen_uuid
t.email = form.email.data or None
t.active = True
t.package = form.package.data
db.session.add(t)
db.session.commit()
return redirect('/admin/tokens/')
except:
import traceback
db.session.rollback()
traceback.print_exc()
return redirect('/admin/tokens/')
return render_template('admin/tokens.html', form=form, tokens=tokens)
return render_template('admin/tokens.html', form=form, tokens=tokens)
def create_user():
data = request.get_json()
code = generate_code()
if not data:
return jsonify({
'error': {
'message': 'Invalid Credentials'
},
'data': None
}), 400
try:
user = User(username=data['username'],
email=data['email'],
code=code,
password_hash=data['password'])
user.insert()
token = Token(user_id=user.id, code=code)
token.insert()
except exc.IntegrityError:
return jsonify({
'error': {
'message': 'user already exists'
},
'data': None
}), 400
send_mail('Email Verification',
user.email,
'mail.html',
code=code,
username=user.username)
return jsonify({'error': None, 'data': "success"}), 201
def signup(request):
form = OrgSignUpForm()
if request.method == 'POST':
form = OrgSignUpForm(request.POST)
if form.is_valid():
user = User()
user.email = form.cleaned_data.get('email').lower()
user.username = form.cleaned_data.get('email').lower()[:30] # TODO: fix it in #135
user.set_password(form.cleaned_data.get('password'))
user.save()
org = Organization(name=form.cleaned_data.get('organization_name'))
org.save()
_orgmem = OrganizationMember(user=user, is_owner=True, organization=org).save()
token = Token(user=user, type='signup')
token.save()
link = request.build_absolute_uri(reverse('activate-account', args=[token.token]))
send_mail('Account activation', settings.ACCOUNT_ACTIVATION_EMAIL % (org.name, link,),
'*****@*****.**', [user.email, ])
# messages.add_message(request, messages.SUCCESS,
# _('Please click the activation link which was sent to your email'))
_user = authenticate(email=form.cleaned_data['email'], password=form.cleaned_data['password'])
if _user is not None: # TODO: only sign in users which activated their account
login(request, _user)
messages.add_message(request, messages.SUCCESS, _('Please update your profile'))
return redirect('settings')
return redirect('/')
return render(request, 'app/signup.html', locals())
def test_check_token(self):
tk = Token.get_token(self.u1)
db.session.commit()
checked = Token.check(tk.token)
self.assertIsNotNone(checked)
checked.revoke()
db.session.commit()
self.assertIsNone(Token.check(tk.token))
def test_save(self) -> None:
db.session.add = Mock()
db.session.commit = Mock()
token = Token(id=123)
token.save()
db.session.add.assert_called_once_with(token)
db.session.commit.assert_called_once_with()
def test_new_token_is_created_if_expired(self):
tk = Token.get_token(self.u1)
db.session.commit()
tk.revoke()
db.session.commit()
tk2 = Token.get_token(self.u1)
self.assertNotEqual(tk.token, tk2.token)
db.session.commit()
tk3 = Token.get_token(self.u1)
self.assertEqual(tk2.token, tk3.token)
def callback(self):
"""
Coinbase callback receiver. Generates token and sends the code via email to user.
@return:
"""
# Gather information from callback response
data = json.loads(request.data)
order = data.get("order", None)
customer = data.get("customer", None)
email = customer["email"]
id = order["id"]
status = order["status"]
custom = order["custom"]
button = order["button"]
button_name = button["name"]
## Generate Token and store in database
gen_uuid = str(uuid.uuid4())
try:
t = Token()
t.uuid = gen_uuid
t.email = email
t.active = True
t.package = custom
db.session.add(t)
db.session.commit()
except:
import traceback
db.session.rollback()
traceback.print_exc()
## Send email to user with unique link
try:
msg = Message(
"Guildbit - Order Confirmation",
sender=settings.DEFAULT_MAIL_SENDER,
recipients=[email])
# msg.html = template
msg.html = render_template("emails/payment_thankyou.html", package=button_name, uuid=gen_uuid)
mail.send(msg)
except:
import traceback
traceback.print_exc()
return jsonify({
"status": "received"
})
def test_find_by_jti(self, mock_query: Mock) -> None:
expected = Token(id=123)
filter_by = mock_query.return_value.filter_by
first = filter_by.return_value.first
first.return_value = expected
result = Token.find_by_jti('name-xyz')
filter_by.assert_called_once_with(jti='name-xyz')
first.assert_called_once_with()
assert result == expected
def post(self, request):
organization = request.user.organization
userpic = request.FILES.get('userpic')
notify = json.loads(request.POST.get('notify'))
is_owner = json.loads(request.POST.get('is_owner'))
user_data = json.loads(request.POST.get('user'))
user_id = user_data.get('id')
if user_id is not None:
user = User.objects.get(pk=user_id)
if user not in [m.user for m in organization.members]:
return json_response({'error': 'wrong_user', 'error_text': 'This user doesn\'t belong to your organization'}, status=400)
else:
email = user_data.get('email')
try:
_u = User.objects.get(email=email)
return json_response({'error': 'email_taken', 'error_text': 'This email was already taken'}, status=400)
except User.DoesNotExist:
pass
user = User()
user.email = email
if userpic is not None:
user.userpic = userpic
user.name = user_data.get('name', '')
user.public_email = user_data.get('public_email', '')
user.public_phone = user_data.get('public_phone', '')
user.city = user_data.get('city', '')
user.country = user_data.get('country', '')
user.bio = user_data.get('bio', '')
user.save()
try:
membership = OrganizationMember.objects.get(user=user, organization=organization)
except OrganizationMember.DoesNotExist:
membership = OrganizationMember(user=user, organization=organization)
membership.is_owner = is_owner
membership.save()
if notify:
token = Token()
token.user = user
token.save()
link = request.build_absolute_uri(reverse('reset-password-step1', args=[token.token]))
send_mail('Set password', settings.ORG_MEMBER_CREATED_EMAIL % (organization.name, link,),
'*****@*****.**', [token.user.email, ])
return json_response(membership.to_dict())
def paypal_gateway(self):
"""
Paypal callback receiver. Generates token and sends the code via email to user.
@return:
"""
# Gather information from callback response
first_name = request.form.get("first_name", None)
last_name = request.form.get("last_name", None)
payer_id = request.form.get("payer_id", None)
payer_email = request.form.get("payer_email", None)
item_name = request.form.get("item_name", None)
item_number = request.form.get("item_number", None)
custom = request.form.get("custom", None)
payment_gross = request.form.get("payment_gross", None)
## Generate Token and store in database
gen_uuid = str(uuid.uuid4())
try:
t = Token()
t.uuid = gen_uuid
t.email = payer_email
t.active = True
t.package = item_name
db.session.add(t)
db.session.commit()
except:
import traceback
db.session.rollback()
traceback.print_exc()
## Send email to user with unique link
try:
msg = Message(
"Guildbit - Order Confirmation",
sender=settings.DEFAULT_MAIL_SENDER,
recipients=[payer_email])
msg.html = render_template("emails/payment_thankyou.html", package=item_name, uuid=gen_uuid)
mail.send(msg)
except:
import traceback
traceback.print_exc()
return jsonify({
"status": "received"
})
def reset_password_step0(request):
form = ResetPasswordForm()
if request.method == 'POST':
form = ResetPasswordForm(request.POST)
if form.is_valid():
token = Token()
token.user = User.objects.get(email=form.cleaned_data.get('email'))
token.save()
link = request.build_absolute_uri(reverse('reset-password-step1', args=[token.token]))
send_mail('Reset password', settings.RESET_PASSWORD_EMAIL % (link,),
'*****@*****.**', [token.user.email, ])
messages.add_message(request, messages.SUCCESS,
_('Please click the password reset link which was sent to your email'))
return redirect('login_view')
return render(request, 'app/reset-password/reset-password-step0.html', locals())
def send_otp():
data = request.get_json()
token = random.randint(100001, 999999)
msg = '{} is one time password. Use this within 3 minutes'.format(token)
msisdn = data['msisdn']
sms = utils.send_sms(msg, msisdn)
print(sms)
res = {
'status': -1,
'message': "Successfully sent the OTP",
'smsResultCode': sms['statusCode']
}
if sms['statusCode'] in [100, 101, 102]:
m1 = Sms(message=msg,
msisdn=msisdn,
message_id=sms['messageId'],
status=1)
now = datetime.datetime.now()
expiry_date = now + datetime.timedelta(minutes=3)
m2 = Token(token=token,
owner_id=msisdn,
status=0,
expiry_date=expiry_date)
db.session.add(m1)
db.session.add(m2)
db.session.commit()
res['status'] = 0
res['message'] = "Successfully sent the OTP"
return jsonify(res)
else:
return jsonify(res)
def user(username):
"""
User profile page
:param username: Username of the user.
:return: Profile page of the user with given username.
"""
user = UserView(username=username, id=request.args.get('id'))
action_arg = request.args.get('action')
action = user.action(action=action_arg)
token_db = Token()
if action:
if action_arg == "download":
return send_file(action,
as_attachment=True,
attachment_filename=user.file.filename)
elif action_arg == "delete":
return redirect(action)
return render_template('user.html',
time=datetime,
int=int,
timeuser=user.timeuser,
user=user.user,
files=user.file_view,
title='Profile - Synco',
token=token_db)
def create_service():
service_from_request = get_json_from_request('service')
validation_result, validation_errors = valid_service_submission(
service_from_request)
if not validation_result:
return jsonify(error="Invalid JSON",
error_details=validation_errors), 400
user = User.query.get(service_from_request['userId'])
if not user:
return jsonify(error="failed to create service - invalid user"), 400
try:
token = Token(token=uuid4(), type='client')
db.session.add(token)
db.session.flush()
service = Service(name=service_from_request['name'],
created_at=datetime.utcnow(),
token_id=token.id,
active=True,
restricted=True,
limit=current_app.config['MAX_SERVICE_LIMIT'])
service.users.append(user)
db.session.add(service)
db.session.commit()
return jsonify(service=service.serialize()), 201
except IntegrityError as e:
print(e.orig)
db.session.rollback()
abort(400, "failed to create service")
def __init__(self, username=None):
"""
Processes lost password form
:param username: Username of the user
"""
self.username = username
self.user = User.query.filter_by(username=username.lower()).first() or User.\
query.filter_by(email=username.lower()).first()
if self.user is None:
flash("No user or email found!")
else:
# Database updating
token = Tokens()
token = token.token
token_db = Token(token=token, type="password", user_id=self.user.id)
db = Database()
db.add(token_db)
# Email
ip_list = []
for ip in range(len(public_ip_list)):
ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('reset', token=token))
link = '\n'.join(ip_list)
ip_list = []
email = Email(user=self.user)
email.pass_reset(link=link)
flash("Please follow the link in the recovery email!")
def get_token(self, update=False):
if self.token:
self.token = db.session.merge(self.token)
if self.token is None or update or self.token.expires_in + self.token.timestamp <= int(
time.time()) + 10:
data = dict(grant_type='client_credential',
appid=self.appid,
secret=self.appsecret)
res = requests.get('https://api.weixin.qq.com/cgi-bin/token',
data).json()
try:
if self.token is None:
token = Token(access_token=res["access_token"],
expires_in=res["expires_in"],
timestamp=int(time.time()))
self.token = token
db.session.add(token)
else: # update
self.token.access_token = res["access_token"]
self.token.expires_in = res["expires_in"]
self.token.timestamp = int(time.time())
db.session.commit()
except KeyError:
print(res)
def get(self, request):
response_data = RESPONSE_DATA_OBJ.copy()
try:
_obj_list = []
for i in range(TOKEN_COUNT):
_obj_list.append(
Token(
**{
"token": (jwt.encode(
{"some": str(time.time())},
"secret",
algorithm="HS256",
)).decode("utf-8"),
}))
Token.objects.bulk_create(_obj_list)
response_data.update({
"code": status.HTTP_200_OK,
"message": TOKEN_GENERATE_SUCCESS_MSG
})
response = Response(response_data, status=status.HTTP_200_OK)
except Exception as e:
print(e)
response_data.update({
"code": status.HTTP_500_INTERNAL_SERVER_ERROR,
"message": COMMON_SERVER_ERROR,
})
response = Response(response_data,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return response
def login():
json_data = json.loads(request.data)
user = db.session.query(User).filter_by(email=json_data['email']).first()
if user and user.password == bcrypt.hashpw(
json_data.get('password').encode('utf-8'),
user.password.decode().encode('utf-8')):
token = Token(user.id)
db.session.add(token)
db.session.commit()
json_data_response = jsonify({
"error": "null",
"data": {
'id': user.id,
'username': json_data.get('username'),
'token': token.token
},
"message": "logged"
})
else:
json_data_response = jsonify({
"error": "1",
"data": {},
"message": 'not logged'
})
return json_data_response
def create_token():
request_name = request.json.get('name')
if not request_name:
return {'message': 'Name not provided'}, 400
if not Token.query.filter_by(name=request_name).all():
new_dir = str(uuid.uuid4())
token = str(uuid.uuid4())
token_hash = hashlib.md5((token + SALT).encode()).hexdigest()
new_token = Token(name=request_name,
token_hash=token_hash,
root_dir=new_dir)
db.session.add(new_token)
path = f'{ROOT_PATH}{new_dir}'
os.makedirs(path)
db.session.commit()
return {
'message': 'Created',
'access_token': token,
'name': request_name
}, 201
else:
return {'message': 'Name is not unique'}, 409
def get_leases_by_user(token: str, res: Response, with_closed: bool = False):
token_user, error, code = get_user_by_token(token)
if error:
res.status_code = code
return error
l = [
x.to_dict()
for x in select(
u
for u in Lease
if u.user_id.id == token_user.id and u.is_returned in (with_closed, False)
)[:]
]
res = []
for lease in l:
t = Token.get(lease_id=lease["id"])
if t is None:
res.status_code = status.HTTP_400_BAD_REQUEST
return {"err": f"Lease without token with id {lease['id']}"}
try:
c = Cell[lease["cell_id"]]
except RowNotFound:
c = None
if c is None:
res.status_code = status.HTTP_400_BAD_REQUEST
return {"err": f"Lease without cell with id {lease['id']}"}
current = lease
current["token"] = t.value
current["cell_type"] = c.cell_type_id
res.append(current)
return res
def __init__(self, form=None):
"""
Processes register form
:param form: Register form
"""
# User
user = User(username=form.username.data.lower(), email=form.email.data.lower())
user.set_password(form.password.data)
db = Database()
db.add(user)
# Token
token = Tokens()
token = token.token
token_db = Token(token=token, type="confirmation", user_id=user.id)
# Avatar
avatar = Avatar(user=user)
# Commits to Database
db.add(token_db, avatar)
# Email
ip_list = []
for ip in range(len(public_ip_list)):
ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('confirmation', token=token))
link = '\n'.join(ip_list)
ip_list = []
email = Email(user=user)
email.confirmation(link=link)
# Flash
flash('A confirmation has been sent to your mail. Please verify!')
def user_approve_new_token():
"""
" Add token that approved by user. It's used for ERC20 function.
"""
try:
data = request.json
if data is None or \
'token_id' not in data:
return response_error(MESSAGE.INVALID_DATA, CODE.INVALID_DATA)
uid = int(request.headers['Uid'])
token_id = data['token_id']
token = Token.find_token_by_id(token_id)
if token is None or \
token.tid is None or \
token.status == -1:
return response_error(MESSAGE.TOKEN_NOT_FOUND,
CODE.TOKEN_NOT_FOUND)
user = User.find_user_with_id(uid)
if token not in user.tokens:
user.tokens.append(token)
else:
return response_error(MESSAGE.TOKEN_APPROVED_ALREADY,
CODE.TOKEN_APPROVED_ALREADY)
db.session.commit()
return response_ok(user.to_json())
except Exception, ex:
db.session.rollback()
return response_error(ex.message)
def get_token():
try:
mail = request.json["mail"]
g.token = genernate(mail)
"""
在这里添加保存至数据库的函数
"""
if global_config.engine == 'sqlite':
try:
t = Token(mail=mail,token=g.token)
db.session.add(t)
db.session.commit()
return jsonify({"token": g.token})
except:
db.session.rollback()
return jsonify({"token": ''})
else:
#mongo
try:
mongo.db.token.insert_one({"mail": mail,"token": g.token,"check": ""})
return jsonify({"token": g.token})
except:
return jsonify({"token": ''})
except:
return jsonify({"token": ''})
def _get_user_from_x_api_auth_token():
if "X-Api-Auth-Token" in request.headers:
from app.models import Token
token = Token.find_one({ "token": request.headers["X-Api-Auth-Token"] })
if token is not None and not token.expired:
return token.user
else:
return None
def test_get_token(self):
"""Ensure token is present"""
token = self.token_dao.insert_user_token(self.user)
token_gen = token.generate_auth_token()
valid_token = Token.get_auth_token(token_gen)
self.assertEqual(valid_token.to_json(), token.to_json())
def prepare_db():
client1 = Client(
name='dev', client_id='dev', client_secret='dev',
_redirect_uris=(
'http://localhost:8000/authorized '
'http://localhost/authorized '
'http://127.0.0.1:8000/authorized'
),
)
client2 = Client(
name='confidential', client_id='confidential',
client_secret='confidential', client_type='confidential',
_redirect_uris=(
'http://localhost:8000/authorized '
'http://localhost/authorized '
'http://127.0.0.1:8000/authorized'
),
)
user = User(username='******', password='******')
temp_grant = Grant(
user_id=1, client_id='confidential',
code='12345', scope='email',
expires=datetime.utcnow() + timedelta(seconds=100)
)
access_token = Token(
user_id=1, client_id='dev', access_token='expired', expires_in=5
)
access_token2 = Token(
user_id=1, client_id='dev', access_token='expired', expires_in=1
)
try:
db.session.add(client1)
db.session.add(client2)
db.session.add(user)
db.session.add(temp_grant)
db.session.add(access_token)
db.session.add(access_token2)
db.session.commit()
except:
db.session.rollback()
def post(self):
form = CreateTokenForm()
form.package.choices = build_packages_list()
tokens = Token.query.order_by(Token.id.desc()).all()
if form.validate_on_submit():
try:
# Generate UUID
gen_uuid = str(uuid.uuid4())
# Create database entry
t = Token()
t.uuid = gen_uuid
t.email = form.email.data or None
t.active = True
t.package = form.package.data
t.package_id = form.package.data
db.session.add(t)
db.session.commit()
return redirect('/admin/tokens/')
except:
import traceback
db.session.rollback()
traceback.print_exc()
return redirect('/admin/tokens/')
return render_template('admin/tokens.html',
form=form,
tokens=tokens)
return render_template('admin/tokens.html', form=form, tokens=tokens)
def test_allow_a_valid_token(notify_api, notify_db, notify_db_session):
token = Token(id=123, token="token", type='admin')
db.session.add(token)
db.session.commit()
notify_api.config['AUTH_REQUIRED'] = True
response = notify_api.test_client().get(
'/',
headers={'Authorization': 'Bearer token'})
assert 200 == response.status_code
def _get_user_from_authorization_header():
if "Authorization" in request.headers:
auth = request.headers["Authorization"].split()
if len(auth) == 2 and auth[0] == "Token":
from app.models import Token
token = Token.find_one({"token": auth[1]})
if token is not None and not token.expired:
return token.user
return None
def notify_db_session(request):
meta = MetaData(bind=db.engine, reflect=True)
# Set up dummy org, with a service and a job
org = Organisation(id=1234, name="org test")
token = Token(id=1234, token="1234", type='admin')
service = Service(
id=1234,
name="service test",
created_at=datetime.utcnow(),
token=token,
active=True,
restricted=False,
limit=100
)
job = Job(id=1234, name="job test", created_at=datetime.utcnow(), service=service)
notification = Notification(
id=1234,
to="phone-number",
message="this is a message",
job=job,
status="created",
method="sms",
created_at=datetime.utcnow()
)
# Setup a dummy user for tests
user = User(
id=1234,
email_address="*****@*****.**",
mobile_number="+449999234234",
password=generate_password_hash('valid-password'),
active=True,
created_at=datetime.utcnow(),
updated_at=datetime.utcnow(),
password_changed_at=datetime.utcnow(),
role='admin'
)
service.users.append(user)
db.session.add(token)
db.session.add(org)
db.session.add(service)
db.session.add(notification)
db.session.add(job)
db.session.add(user)
db.session.commit()
def teardown():
db.session.remove()
for tbl in reversed(meta.sorted_tables):
db.engine.execute(tbl.delete())
request.addfinalizer(teardown)
def test_verify_token(self):
"""Ensure token is verified"""
token = self.token_dao.insert_user_token(self.user)
user = Token.verify_auth_token(token.generate_auth_token())
expected_user = self.mock_user_response
expected_user['id'] = self.user.id
self.assertEqual(user.to_json(), expected_user)
def test_invalid_token(self):
"""Ensure token is invalid"""
token = self.token_dao.insert_user_token(self.user)
user = Token.verify_auth_token("fake token")
expected_user = self.mock_user_response
expected_user['id'] = self.user.id
self.assertIsNone(user)
def insert_user_token(self, user):
"""Insert oauthToken against a user
:param user: user object
:return: generated token object
"""
token = Token(user.id)
self.db.session.add(token)
self.db.session.commit()
return token
def save_token(*, user_id: int, token: str) -> bool:
session = db.get_session()
user = session.query(User).filter(User.id == user_id).one_or_none()
# If user does not exist, do not save token and return False as error
if not user:
return False
session.add(Token(token_str=token, user=user))
session.commit()
return True
def validate(self):
"""
Uploads the file
:return: "upload.html"
"""
file_path = FilesPath()
# Set file model attributes
file = self.form.file.data
filename = self.form.filename.data or file.filename
repo = self.form.repo.data
ext = file_path.get_ext(filename=filename.lower())
# Create dir
if not file_path.isdir():
file_path.newdir()
user = User.query.filter_by(username=current_user.username).first()
file_db = File(filename=filename, repo=repo, uploader=user)
db = Database()
db.add(file_db)
type = None
ext_list = [Extensions.document_list, Extensions.image_list, Extensions.audio_list, Extensions.video_list]
if any(ext in ext_check for ext_check in ext_list):
token = Tokens(length=7)
filename_save = str(file_db.id) + ext
if ext in ext_list[0]:
type = "document"
elif ext in ext_list[1]:
type = "image"
elif ext in ext_list[2]:
type = "audio"
elif ext in ext_list[3]:
type = "video"
file_db.type = type
token_db = Token(token=token.token, type=type, auth=user, file=file_db)
db.add(file_db, token_db)
else:
type = "misc"
filename_save = str(file_db.id)
if file_db.repo == "public":
file_db.path = file_path.public(filename=filename_save, type=type)
db.add(file_db)
file.save(file_path.public(filename=filename_save, type=type))
elif file_db.repo == "private":
file_db.path = file_path.private(filename=filename_save, type=type)
db.add(file_db)
file.save(file_path.private(filename=filename_save, type=type))
flash('File {} uploaded successfully!'.format(file.filename))
return url_for('upload')
