def send_otp(): data = request.get_json() token = random.randint(100001, 999999) msg = '{} is one time password. Use this within 3 minutes'.format(token) msisdn = data['msisdn'] sms = utils.send_sms(msg, msisdn) print(sms) res = { 'status': -1, 'message': "Successfully sent the OTP", 'smsResultCode': sms['statusCode'] } if sms['statusCode'] in [100, 101, 102]: m1 = Sms(message=msg, msisdn=msisdn, message_id=sms['messageId'], status=1) now = datetime.datetime.now() expiry_date = now + datetime.timedelta(minutes=3) m2 = Token(token=token, owner_id=msisdn, status=0, expiry_date=expiry_date) db.session.add(m1) db.session.add(m2) db.session.commit() res['status'] = 0 res['message'] = "Successfully sent the OTP" return jsonify(res) else: return jsonify(res)
def create_user(): data = request.get_json() code = generate_code() if not data: return jsonify({ 'error': { 'message': 'Invalid Credentials' }, 'data': None }), 400 try: user = User(username=data['username'], email=data['email'], code=code, password_hash=data['password']) user.insert() token = Token(user_id=user.id, code=code) token.insert() except exc.IntegrityError: return jsonify({ 'error': { 'message': 'user already exists' }, 'data': None }), 400 send_mail('Email Verification', user.email, 'mail.html', code=code, username=user.username) return jsonify({'error': None, 'data': "success"}), 201
def get(self, request): response_data = RESPONSE_DATA_OBJ.copy() try: _obj_list = [] for i in range(TOKEN_COUNT): _obj_list.append( Token( **{ "token": (jwt.encode( {"some": str(time.time())}, "secret", algorithm="HS256", )).decode("utf-8"), })) Token.objects.bulk_create(_obj_list) response_data.update({ "code": status.HTTP_200_OK, "message": TOKEN_GENERATE_SUCCESS_MSG }) response = Response(response_data, status=status.HTTP_200_OK) except Exception as e: print(e) response_data.update({ "code": status.HTTP_500_INTERNAL_SERVER_ERROR, "message": COMMON_SERVER_ERROR, }) response = Response(response_data, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return response
def __init__(self, username=None): """ Processes lost password form :param username: Username of the user """ self.username = username self.user = User.query.filter_by(username=username.lower()).first() or User.\ query.filter_by(email=username.lower()).first() if self.user is None: flash("No user or email found!") else: # Database updating token = Tokens() token = token.token token_db = Token(token=token, type="password", user_id=self.user.id) db = Database() db.add(token_db) # Email ip_list = [] for ip in range(len(public_ip_list)): ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('reset', token=token)) link = '\n'.join(ip_list) ip_list = [] email = Email(user=self.user) email.pass_reset(link=link) flash("Please follow the link in the recovery email!")
def user(username): """ User profile page :param username: Username of the user. :return: Profile page of the user with given username. """ user = UserView(username=username, id=request.args.get('id')) action_arg = request.args.get('action') action = user.action(action=action_arg) token_db = Token() if action: if action_arg == "download": return send_file(action, as_attachment=True, attachment_filename=user.file.filename) elif action_arg == "delete": return redirect(action) return render_template('user.html', time=datetime, int=int, timeuser=user.timeuser, user=user.user, files=user.file_view, title='Profile - Synco', token=token_db)
def __init__(self, form=None): """ Processes register form :param form: Register form """ # User user = User(username=form.username.data.lower(), email=form.email.data.lower()) user.set_password(form.password.data) db = Database() db.add(user) # Token token = Tokens() token = token.token token_db = Token(token=token, type="confirmation", user_id=user.id) # Avatar avatar = Avatar(user=user) # Commits to Database db.add(token_db, avatar) # Email ip_list = [] for ip in range(len(public_ip_list)): ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('confirmation', token=token)) link = '\n'.join(ip_list) ip_list = [] email = Email(user=user) email.confirmation(link=link) # Flash flash('A confirmation has been sent to your mail. Please verify!')
def get_token(self, update=False): if self.token: self.token = db.session.merge(self.token) if self.token is None or update or self.token.expires_in + self.token.timestamp <= int( time.time()) + 10: data = dict(grant_type='client_credential', appid=self.appid, secret=self.appsecret) res = requests.get('https://api.weixin.qq.com/cgi-bin/token', data).json() try: if self.token is None: token = Token(access_token=res["access_token"], expires_in=res["expires_in"], timestamp=int(time.time())) self.token = token db.session.add(token) else: # update self.token.access_token = res["access_token"] self.token.expires_in = res["expires_in"] self.token.timestamp = int(time.time()) db.session.commit() except KeyError: print(res)
def add(): try: uid = int(request.headers['Uid']) data = request.json if data is None: return response_error(MESSAGE.INVALID_DATA, CODE.INVALID_DATA) response_json = [] for item in data: token = Token(symbol=item['symbol'], name=item['name'], decimal=int(item['decimal']), contract_address=item['contract_address'], created_user_id=uid) db.session.add(token) db.session.flush() task = Task(task_type=CONST.TASK_TYPE['ERC_20'], data=json.dumps(token.to_json()), action=CONST.TASK_ACTION['ADD_TOKEN'], status=-1, contract_address=g.ERC20_TOKEN_REGISTRY_SMART_CONTRACT, contract_json=g.ERC20_TOKEN_REGISTRY_JSON) db.session.add(task) db.session.flush() response_json.append(token.to_json()) db.session.commit() return response_ok(response_json) except Exception, ex: db.session.rollback() return response_error(ex.message)
def create_service(): service_from_request = get_json_from_request('service') validation_result, validation_errors = valid_service_submission( service_from_request) if not validation_result: return jsonify(error="Invalid JSON", error_details=validation_errors), 400 user = User.query.get(service_from_request['userId']) if not user: return jsonify(error="failed to create service - invalid user"), 400 try: token = Token(token=uuid4(), type='client') db.session.add(token) db.session.flush() service = Service(name=service_from_request['name'], created_at=datetime.utcnow(), token_id=token.id, active=True, restricted=True, limit=current_app.config['MAX_SERVICE_LIMIT']) service.users.append(user) db.session.add(service) db.session.commit() return jsonify(service=service.serialize()), 201 except IntegrityError as e: print(e.orig) db.session.rollback() abort(400, "failed to create service")
def post(self): form = CreateTokenForm() form.package.choices = build_packages_list() tokens = Token.query.order_by(Token.id.desc()).all() if form.validate_on_submit(): try: # Generate UUID gen_uuid = str(uuid.uuid4()) # Create database entry t = Token() t.uuid = gen_uuid t.email = form.email.data or None t.active = True t.package = form.package.data t.package_id = form.package.data db.session.add(t) db.session.commit() return redirect('/admin/tokens/') except: import traceback db.session.rollback() traceback.print_exc() return redirect('/admin/tokens/') return render_template('admin/tokens.html', form=form, tokens=tokens) return render_template('admin/tokens.html', form=form, tokens=tokens)
def get_token(): try: mail = request.json["mail"] g.token = genernate(mail) """ 在这里添加保存至数据库的函数 """ if global_config.engine == 'sqlite': try: t = Token(mail=mail,token=g.token) db.session.add(t) db.session.commit() return jsonify({"token": g.token}) except: db.session.rollback() return jsonify({"token": ''}) else: #mongo try: mongo.db.token.insert_one({"mail": mail,"token": g.token,"check": ""}) return jsonify({"token": g.token}) except: return jsonify({"token": ''}) except: return jsonify({"token": ''})
def login(): json_data = json.loads(request.data) user = db.session.query(User).filter_by(email=json_data['email']).first() if user and user.password == bcrypt.hashpw( json_data.get('password').encode('utf-8'), user.password.decode().encode('utf-8')): token = Token(user.id) db.session.add(token) db.session.commit() json_data_response = jsonify({ "error": "null", "data": { 'id': user.id, 'username': json_data.get('username'), 'token': token.token }, "message": "logged" }) else: json_data_response = jsonify({ "error": "1", "data": {}, "message": 'not logged' }) return json_data_response
def create_token(): request_name = request.json.get('name') if not request_name: return {'message': 'Name not provided'}, 400 if not Token.query.filter_by(name=request_name).all(): new_dir = str(uuid.uuid4()) token = str(uuid.uuid4()) token_hash = hashlib.md5((token + SALT).encode()).hexdigest() new_token = Token(name=request_name, token_hash=token_hash, root_dir=new_dir) db.session.add(new_token) path = f'{ROOT_PATH}{new_dir}' os.makedirs(path) db.session.commit() return { 'message': 'Created', 'access_token': token, 'name': request_name }, 201 else: return {'message': 'Name is not unique'}, 409
def prepare_db(): client1 = Client( name='dev', client_id='dev', client_secret='dev', _redirect_uris=( 'http://localhost:8000/authorized ' 'http://localhost/authorized ' 'http://127.0.0.1:8000/authorized' ), ) client2 = Client( name='confidential', client_id='confidential', client_secret='confidential', client_type='confidential', _redirect_uris=( 'http://localhost:8000/authorized ' 'http://localhost/authorized ' 'http://127.0.0.1:8000/authorized' ), ) user = User(username='******', password='******') temp_grant = Grant( user_id=1, client_id='confidential', code='12345', scope='email', expires=datetime.utcnow() + timedelta(seconds=100) ) access_token = Token( user_id=1, client_id='dev', access_token='expired', expires_in=5 ) access_token2 = Token( user_id=1, client_id='dev', access_token='expired', expires_in=1 ) try: db.session.add(client1) db.session.add(client2) db.session.add(user) db.session.add(temp_grant) db.session.add(access_token) db.session.add(access_token2) db.session.commit() except: db.session.rollback()
def test_allow_a_valid_token(notify_api, notify_db, notify_db_session): token = Token(id=123, token="token", type='admin') db.session.add(token) db.session.commit() notify_api.config['AUTH_REQUIRED'] = True response = notify_api.test_client().get( '/', headers={'Authorization': 'Bearer token'}) assert 200 == response.status_code
def test_save(self) -> None: db.session.add = Mock() db.session.commit = Mock() token = Token(id=123) token.save() db.session.add.assert_called_once_with(token) db.session.commit.assert_called_once_with()
def notify_db_session(request): meta = MetaData(bind=db.engine, reflect=True) # Set up dummy org, with a service and a job org = Organisation(id=1234, name="org test") token = Token(id=1234, token="1234", type='admin') service = Service( id=1234, name="service test", created_at=datetime.utcnow(), token=token, active=True, restricted=False, limit=100 ) job = Job(id=1234, name="job test", created_at=datetime.utcnow(), service=service) notification = Notification( id=1234, to="phone-number", message="this is a message", job=job, status="created", method="sms", created_at=datetime.utcnow() ) # Setup a dummy user for tests user = User( id=1234, email_address="*****@*****.**", mobile_number="+449999234234", password=generate_password_hash('valid-password'), active=True, created_at=datetime.utcnow(), updated_at=datetime.utcnow(), password_changed_at=datetime.utcnow(), role='admin' ) service.users.append(user) db.session.add(token) db.session.add(org) db.session.add(service) db.session.add(notification) db.session.add(job) db.session.add(user) db.session.commit() def teardown(): db.session.remove() for tbl in reversed(meta.sorted_tables): db.engine.execute(tbl.delete()) request.addfinalizer(teardown)
def insert_user_token(self, user): """Insert oauthToken against a user :param user: user object :return: generated token object """ token = Token(user.id) self.db.session.add(token) self.db.session.commit() return token
def save_token(*, user_id: int, token: str) -> bool: session = db.get_session() user = session.query(User).filter(User.id == user_id).one_or_none() # If user does not exist, do not save token and return False as error if not user: return False session.add(Token(token_str=token, user=user)) session.commit() return True
def validate(self): """ Uploads the file :return: "upload.html" """ file_path = FilesPath() # Set file model attributes file = self.form.file.data filename = self.form.filename.data or file.filename repo = self.form.repo.data ext = file_path.get_ext(filename=filename.lower()) # Create dir if not file_path.isdir(): file_path.newdir() user = User.query.filter_by(username=current_user.username).first() file_db = File(filename=filename, repo=repo, uploader=user) db = Database() db.add(file_db) type = None ext_list = [Extensions.document_list, Extensions.image_list, Extensions.audio_list, Extensions.video_list] if any(ext in ext_check for ext_check in ext_list): token = Tokens(length=7) filename_save = str(file_db.id) + ext if ext in ext_list[0]: type = "document" elif ext in ext_list[1]: type = "image" elif ext in ext_list[2]: type = "audio" elif ext in ext_list[3]: type = "video" file_db.type = type token_db = Token(token=token.token, type=type, auth=user, file=file_db) db.add(file_db, token_db) else: type = "misc" filename_save = str(file_db.id) if file_db.repo == "public": file_db.path = file_path.public(filename=filename_save, type=type) db.add(file_db) file.save(file_path.public(filename=filename_save, type=type)) elif file_db.repo == "private": file_db.path = file_path.private(filename=filename_save, type=type) db.add(file_db) file.save(file_path.private(filename=filename_save, type=type)) flash('File {} uploaded successfully!'.format(file.filename)) return url_for('upload')
def facebook_logged_in(blueprint, token): if not token: flash("Failed to log in.", category="error") return False resp = blueprint.session.get("/me") if not resp.ok: msg = "Failed to fetch user info." flash(msg, category="error") return False info = resp.json() user_id = info["id"] # Find this OAuth token in the database, or create it query = OAuth.query.filter_by(provider=blueprint.name, provider_user_id=user_id) try: oauth = query.one() except NoResultFound: oauth = OAuth(provider=blueprint.name, provider_user_id=user_id, token=token) if oauth.user: login_user(oauth.user) flash("Successfully signed in.") else: # Create a new local user account for this user user = User(name=info["name"]) # Associate the new local user account with the OAuth token oauth.user = user # Save and commit our database models db.session.add_all([user, oauth]) db.session.commit() new_profile = Profile(user_id=user.id) db.session.add(new_profile) db.session.commit() # Log in the new local user account login_user(user) flash("Successfully signed in.") # Disable Flask-Dance's default behavior for saving the OAuth token token_query = Token.query.filter_by(user_id=current_user.id) try: token = token_query.one() except NoResultFound: token = Token(user_id=current_user.id, uuid=str(uuid.uuid4().hex)) db.session.add(token) db.session.commit() return redirect("http://localhost:3000/?api_key={}".format(token.uuid))
def GenerateVotingToken(eid): allchar = string.ascii_letters + string.digits token = "".join( random.choice(allchar) for x in range(random.randint(50, 50))) t = Token.query.filter_by(token=token, election=eid).first() if t is None: t = Token(token=token, election=eid) db.session.add(t) db.session.commit() return token else: GenerateVotingToken(eid)
def paypal_gateway(self): """ Paypal callback receiver. Generates token and sends the code via email to user. @return: """ print(request.form) # Gather information from callback response first_name = request.form.get("first_name", None) last_name = request.form.get("last_name", None) payer_id = request.form.get("payer_id", None) payer_email = request.form.get("payer_email", None) item_name = request.form.get("item_name", None) item_number = request.form.get("item_number", None) custom = request.form.get("custom", None) payment_gross = request.form.get("payment_gross", None) ## Generate Token and store in database gen_uuid = str(uuid.uuid4()) try: t = Token() t.uuid = gen_uuid t.email = payer_email t.active = True t.package = item_name t.package_id = item_number db.session.add(t) db.session.commit() except: import traceback db.session.rollback() traceback.print_exc() ## Send email to user with unique link try: msg = Message( "Guildbit - Order Confirmation", sender=settings.DEFAULT_MAIL_SENDER, recipients=[payer_email]) msg.html = render_template("emails/payment_thankyou.html", package=item_name, uuid=gen_uuid) mail.send(msg) except: import traceback traceback.print_exc() return jsonify({ "status": "received" })
def handle_login(redirect_type="client"): # Returns a shallow mutable copy of the immutable # multi dict. request_args = request.args.copy() redirect_url = request_args.pop("redirect_url", "/") query_args = "&".join( [arg + "=" + value for arg, value in request_args.items()] ) if query_args: redirect_url += "?" + query_args if is_authenticated(request): return redirect_response(redirect_url, redirect_type) if request.method == "POST": username = request.form.get("username") password = request.form.get("password") token = request.form.get("token") # Check whether the given user exists. user = User.query.filter(User.username == username).first() invalid_login_msg = "Username password combination does not exist." if user is None: return jsonify({"error": invalid_login_msg}), 401 else: if password is not None: can_login = check_password_hash(user.password_hash, password) elif token is not None and user.token_hash is not None: can_login = check_password_hash(user.token_hash, token) else: can_login = False if can_login: # remove old token if it exists Token.query.filter(Token.user == user.uuid).delete() token = Token(user=user.uuid, token=str(secrets.token_hex(16))) db.session.add(token) db.session.commit() resp = redirect_response(redirect_url, redirect_type) resp.set_cookie("auth_token", token.token) resp.set_cookie("auth_username", username) return resp else: return jsonify({"error": invalid_login_msg}), 401
def callback(self): """ Coinbase callback receiver. Generates token and sends the code via email to user. @return: """ # Gather information from callback response data = json.loads(request.data) order = data.get("order", None) customer = data.get("customer", None) email = customer["email"] id = order["id"] status = order["status"] custom = order["custom"] button = order["button"] button_name = button["name"] ## Generate Token and store in database gen_uuid = str(uuid.uuid4()) try: t = Token() t.uuid = gen_uuid t.email = email t.active = True t.package = custom db.session.add(t) db.session.commit() except: import traceback db.session.rollback() traceback.print_exc() ## Send email to user with unique link try: msg = Message( "Guildbit - Order Confirmation", sender=settings.DEFAULT_MAIL_SENDER, recipients=[email]) # msg.html = template msg.html = render_template("emails/payment_thankyou.html", package=button_name, uuid=gen_uuid) mail.send(msg) except: import traceback traceback.print_exc() return jsonify({ "status": "received" })
def test_find_by_jti(self, mock_query: Mock) -> None: expected = Token(id=123) filter_by = mock_query.return_value.filter_by first = filter_by.return_value.first first.return_value = expected result = Token.find_by_jti('name-xyz') filter_by.assert_called_once_with(jti='name-xyz') first.assert_called_once_with() assert result == expected
def create_new_token(user_id: int, lease_id: int): while True: try: t = Token( user_id=user_id, expires_at=datetime.utcnow() + timedelta(days=30), lease_id=lease_id, value=generate_token_value(), ) commit() break except: pass return t
def test_should_not_be_able_to_create_service_on_client_token( notify_api, notify_db, notify_db_session): token = Token(token='client', type='client') db.session.add(token) db.session.commit() response = notify_api.test_client().post( '/service', data=json.dumps({'service': { 'userId': 1234, 'name': 'my service' }}), headers={'Authorization': 'Bearer client'}, content_type='application/json') assert response.status_code == 403
def save_token(token, request): authCode = AuthorizationCode.query.filter_by( code=request.code, client_id=request.client.client_id).first() print(authCode) if authCode and not authCode.is_expired(): payment_agreement = PaymentAgreement.query.filter_by( user_id=authCode.user_id, client_id=authCode.client_id).first() item = Token(client_id=authCode.client_id, user_id=authCode.user_id, payment_agreement_id=payment_agreement.id, **token) db.session.add(item) db.session.commit()
def login(): config_data = get_user_conf() if not config_data["AUTH_ENABLED"]: return make_response( render_template("client_side_redirect.html", url="/")) if request.method == "POST": username = request.form.get("username") password = request.form.get("password") token = request.form.get("token") user = User.query.filter(User.username == username).first() if user is None: return render_login_failed() else: if password is not None: can_login = check_password_hash(user.password_hash, password) elif token is not None and user.token_hash is not None: can_login = check_password_hash(user.token_hash, token) else: can_login = False if can_login: # remove old token if it exists Token.query.filter(Token.user == user.uuid).delete() token = Token(user=user.uuid, token=str(secrets.token_hex(16))) db.session.add(token) db.session.commit() resp = make_response( render_template("client_side_redirect.html", url="/")) resp.set_cookie("auth_token", token.token) resp.set_cookie("auth_username", username) return resp else: return render_login_failed() else: return render_template("login.html", **static_render_context())