def send_otp():
data = request.get_json()
token = random.randint(100001, 999999)
msg = '{} is one time password. Use this within 3 minutes'.format(token)
msisdn = data['msisdn']
sms = utils.send_sms(msg, msisdn)
print(sms)
res = {
'status': -1,
'message': "Successfully sent the OTP",
'smsResultCode': sms['statusCode']
}
if sms['statusCode'] in [100, 101, 102]:
m1 = Sms(message=msg,
msisdn=msisdn,
message_id=sms['messageId'],
status=1)
now = datetime.datetime.now()
expiry_date = now + datetime.timedelta(minutes=3)
m2 = Token(token=token,
owner_id=msisdn,
status=0,
expiry_date=expiry_date)
db.session.add(m1)
db.session.add(m2)
db.session.commit()
res['status'] = 0
res['message'] = "Successfully sent the OTP"
return jsonify(res)
else:
return jsonify(res)
def create_user():
data = request.get_json()
code = generate_code()
if not data:
return jsonify({
'error': {
'message': 'Invalid Credentials'
},
'data': None
}), 400
try:
user = User(username=data['username'],
email=data['email'],
code=code,
password_hash=data['password'])
user.insert()
token = Token(user_id=user.id, code=code)
token.insert()
except exc.IntegrityError:
return jsonify({
'error': {
'message': 'user already exists'
},
'data': None
}), 400
send_mail('Email Verification',
user.email,
'mail.html',
code=code,
username=user.username)
return jsonify({'error': None, 'data': "success"}), 201
def get(self, request):
response_data = RESPONSE_DATA_OBJ.copy()
try:
_obj_list = []
for i in range(TOKEN_COUNT):
_obj_list.append(
Token(
**{
"token": (jwt.encode(
{"some": str(time.time())},
"secret",
algorithm="HS256",
)).decode("utf-8"),
}))
Token.objects.bulk_create(_obj_list)
response_data.update({
"code": status.HTTP_200_OK,
"message": TOKEN_GENERATE_SUCCESS_MSG
})
response = Response(response_data, status=status.HTTP_200_OK)
except Exception as e:
print(e)
response_data.update({
"code": status.HTTP_500_INTERNAL_SERVER_ERROR,
"message": COMMON_SERVER_ERROR,
})
response = Response(response_data,
status=status.HTTP_500_INTERNAL_SERVER_ERROR)
return response
def __init__(self, username=None):
"""
Processes lost password form
:param username: Username of the user
"""
self.username = username
self.user = User.query.filter_by(username=username.lower()).first() or User.\
query.filter_by(email=username.lower()).first()
if self.user is None:
flash("No user or email found!")
else:
# Database updating
token = Tokens()
token = token.token
token_db = Token(token=token, type="password", user_id=self.user.id)
db = Database()
db.add(token_db)
# Email
ip_list = []
for ip in range(len(public_ip_list)):
ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('reset', token=token))
link = '\n'.join(ip_list)
ip_list = []
email = Email(user=self.user)
email.pass_reset(link=link)
flash("Please follow the link in the recovery email!")
def user(username):
"""
User profile page
:param username: Username of the user.
:return: Profile page of the user with given username.
"""
user = UserView(username=username, id=request.args.get('id'))
action_arg = request.args.get('action')
action = user.action(action=action_arg)
token_db = Token()
if action:
if action_arg == "download":
return send_file(action,
as_attachment=True,
attachment_filename=user.file.filename)
elif action_arg == "delete":
return redirect(action)
return render_template('user.html',
time=datetime,
int=int,
timeuser=user.timeuser,
user=user.user,
files=user.file_view,
title='Profile - Synco',
token=token_db)
def __init__(self, form=None):
"""
Processes register form
:param form: Register form
"""
# User
user = User(username=form.username.data.lower(), email=form.email.data.lower())
user.set_password(form.password.data)
db = Database()
db.add(user)
# Token
token = Tokens()
token = token.token
token_db = Token(token=token, type="confirmation", user_id=user.id)
# Avatar
avatar = Avatar(user=user)
# Commits to Database
db.add(token_db, avatar)
# Email
ip_list = []
for ip in range(len(public_ip_list)):
ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('confirmation', token=token))
link = '\n'.join(ip_list)
ip_list = []
email = Email(user=user)
email.confirmation(link=link)
# Flash
flash('A confirmation has been sent to your mail. Please verify!')
def get_token(self, update=False):
if self.token:
self.token = db.session.merge(self.token)
if self.token is None or update or self.token.expires_in + self.token.timestamp <= int(
time.time()) + 10:
data = dict(grant_type='client_credential',
appid=self.appid,
secret=self.appsecret)
res = requests.get('https://api.weixin.qq.com/cgi-bin/token',
data).json()
try:
if self.token is None:
token = Token(access_token=res["access_token"],
expires_in=res["expires_in"],
timestamp=int(time.time()))
self.token = token
db.session.add(token)
else: # update
self.token.access_token = res["access_token"]
self.token.expires_in = res["expires_in"]
self.token.timestamp = int(time.time())
db.session.commit()
except KeyError:
print(res)
def add():
try:
uid = int(request.headers['Uid'])
data = request.json
if data is None:
return response_error(MESSAGE.INVALID_DATA, CODE.INVALID_DATA)
response_json = []
for item in data:
token = Token(symbol=item['symbol'],
name=item['name'],
decimal=int(item['decimal']),
contract_address=item['contract_address'],
created_user_id=uid)
db.session.add(token)
db.session.flush()
task = Task(task_type=CONST.TASK_TYPE['ERC_20'],
data=json.dumps(token.to_json()),
action=CONST.TASK_ACTION['ADD_TOKEN'],
status=-1,
contract_address=g.ERC20_TOKEN_REGISTRY_SMART_CONTRACT,
contract_json=g.ERC20_TOKEN_REGISTRY_JSON)
db.session.add(task)
db.session.flush()
response_json.append(token.to_json())
db.session.commit()
return response_ok(response_json)
except Exception, ex:
db.session.rollback()
return response_error(ex.message)
def create_service():
service_from_request = get_json_from_request('service')
validation_result, validation_errors = valid_service_submission(
service_from_request)
if not validation_result:
return jsonify(error="Invalid JSON",
error_details=validation_errors), 400
user = User.query.get(service_from_request['userId'])
if not user:
return jsonify(error="failed to create service - invalid user"), 400
try:
token = Token(token=uuid4(), type='client')
db.session.add(token)
db.session.flush()
service = Service(name=service_from_request['name'],
created_at=datetime.utcnow(),
token_id=token.id,
active=True,
restricted=True,
limit=current_app.config['MAX_SERVICE_LIMIT'])
service.users.append(user)
db.session.add(service)
db.session.commit()
return jsonify(service=service.serialize()), 201
except IntegrityError as e:
print(e.orig)
db.session.rollback()
abort(400, "failed to create service")
def post(self):
form = CreateTokenForm()
form.package.choices = build_packages_list()
tokens = Token.query.order_by(Token.id.desc()).all()
if form.validate_on_submit():
try:
# Generate UUID
gen_uuid = str(uuid.uuid4())
# Create database entry
t = Token()
t.uuid = gen_uuid
t.email = form.email.data or None
t.active = True
t.package = form.package.data
t.package_id = form.package.data
db.session.add(t)
db.session.commit()
return redirect('/admin/tokens/')
except:
import traceback
db.session.rollback()
traceback.print_exc()
return redirect('/admin/tokens/')
return render_template('admin/tokens.html',
form=form,
tokens=tokens)
return render_template('admin/tokens.html', form=form, tokens=tokens)
def get_token():
try:
mail = request.json["mail"]
g.token = genernate(mail)
"""
在这里添加保存至数据库的函数
"""
if global_config.engine == 'sqlite':
try:
t = Token(mail=mail,token=g.token)
db.session.add(t)
db.session.commit()
return jsonify({"token": g.token})
except:
db.session.rollback()
return jsonify({"token": ''})
else:
#mongo
try:
mongo.db.token.insert_one({"mail": mail,"token": g.token,"check": ""})
return jsonify({"token": g.token})
except:
return jsonify({"token": ''})
except:
return jsonify({"token": ''})
def login():
json_data = json.loads(request.data)
user = db.session.query(User).filter_by(email=json_data['email']).first()
if user and user.password == bcrypt.hashpw(
json_data.get('password').encode('utf-8'),
user.password.decode().encode('utf-8')):
token = Token(user.id)
db.session.add(token)
db.session.commit()
json_data_response = jsonify({
"error": "null",
"data": {
'id': user.id,
'username': json_data.get('username'),
'token': token.token
},
"message": "logged"
})
else:
json_data_response = jsonify({
"error": "1",
"data": {},
"message": 'not logged'
})
return json_data_response
def create_token():
request_name = request.json.get('name')
if not request_name:
return {'message': 'Name not provided'}, 400
if not Token.query.filter_by(name=request_name).all():
new_dir = str(uuid.uuid4())
token = str(uuid.uuid4())
token_hash = hashlib.md5((token + SALT).encode()).hexdigest()
new_token = Token(name=request_name,
token_hash=token_hash,
root_dir=new_dir)
db.session.add(new_token)
path = f'{ROOT_PATH}{new_dir}'
os.makedirs(path)
db.session.commit()
return {
'message': 'Created',
'access_token': token,
'name': request_name
}, 201
else:
return {'message': 'Name is not unique'}, 409
def prepare_db():
client1 = Client(
name='dev', client_id='dev', client_secret='dev',
_redirect_uris=(
'http://localhost:8000/authorized '
'http://localhost/authorized '
'http://127.0.0.1:8000/authorized'
),
)
client2 = Client(
name='confidential', client_id='confidential',
client_secret='confidential', client_type='confidential',
_redirect_uris=(
'http://localhost:8000/authorized '
'http://localhost/authorized '
'http://127.0.0.1:8000/authorized'
),
)
user = User(username='******', password='******')
temp_grant = Grant(
user_id=1, client_id='confidential',
code='12345', scope='email',
expires=datetime.utcnow() + timedelta(seconds=100)
)
access_token = Token(
user_id=1, client_id='dev', access_token='expired', expires_in=5
)
access_token2 = Token(
user_id=1, client_id='dev', access_token='expired', expires_in=1
)
try:
db.session.add(client1)
db.session.add(client2)
db.session.add(user)
db.session.add(temp_grant)
db.session.add(access_token)
db.session.add(access_token2)
db.session.commit()
except:
db.session.rollback()
def test_allow_a_valid_token(notify_api, notify_db, notify_db_session):
token = Token(id=123, token="token", type='admin')
db.session.add(token)
db.session.commit()
notify_api.config['AUTH_REQUIRED'] = True
response = notify_api.test_client().get(
'/',
headers={'Authorization': 'Bearer token'})
assert 200 == response.status_code
def test_save(self) -> None:
db.session.add = Mock()
db.session.commit = Mock()
token = Token(id=123)
token.save()
db.session.add.assert_called_once_with(token)
db.session.commit.assert_called_once_with()
def notify_db_session(request):
meta = MetaData(bind=db.engine, reflect=True)
# Set up dummy org, with a service and a job
org = Organisation(id=1234, name="org test")
token = Token(id=1234, token="1234", type='admin')
service = Service(
id=1234,
name="service test",
created_at=datetime.utcnow(),
token=token,
active=True,
restricted=False,
limit=100
)
job = Job(id=1234, name="job test", created_at=datetime.utcnow(), service=service)
notification = Notification(
id=1234,
to="phone-number",
message="this is a message",
job=job,
status="created",
method="sms",
created_at=datetime.utcnow()
)
# Setup a dummy user for tests
user = User(
id=1234,
email_address="*****@*****.**",
mobile_number="+449999234234",
password=generate_password_hash('valid-password'),
active=True,
created_at=datetime.utcnow(),
updated_at=datetime.utcnow(),
password_changed_at=datetime.utcnow(),
role='admin'
)
service.users.append(user)
db.session.add(token)
db.session.add(org)
db.session.add(service)
db.session.add(notification)
db.session.add(job)
db.session.add(user)
db.session.commit()
def teardown():
db.session.remove()
for tbl in reversed(meta.sorted_tables):
db.engine.execute(tbl.delete())
request.addfinalizer(teardown)
def insert_user_token(self, user):
"""Insert oauthToken against a user
:param user: user object
:return: generated token object
"""
token = Token(user.id)
self.db.session.add(token)
self.db.session.commit()
return token
def save_token(*, user_id: int, token: str) -> bool:
session = db.get_session()
user = session.query(User).filter(User.id == user_id).one_or_none()
# If user does not exist, do not save token and return False as error
if not user:
return False
session.add(Token(token_str=token, user=user))
session.commit()
return True
def validate(self):
"""
Uploads the file
:return: "upload.html"
"""
file_path = FilesPath()
# Set file model attributes
file = self.form.file.data
filename = self.form.filename.data or file.filename
repo = self.form.repo.data
ext = file_path.get_ext(filename=filename.lower())
# Create dir
if not file_path.isdir():
file_path.newdir()
user = User.query.filter_by(username=current_user.username).first()
file_db = File(filename=filename, repo=repo, uploader=user)
db = Database()
db.add(file_db)
type = None
ext_list = [Extensions.document_list, Extensions.image_list, Extensions.audio_list, Extensions.video_list]
if any(ext in ext_check for ext_check in ext_list):
token = Tokens(length=7)
filename_save = str(file_db.id) + ext
if ext in ext_list[0]:
type = "document"
elif ext in ext_list[1]:
type = "image"
elif ext in ext_list[2]:
type = "audio"
elif ext in ext_list[3]:
type = "video"
file_db.type = type
token_db = Token(token=token.token, type=type, auth=user, file=file_db)
db.add(file_db, token_db)
else:
type = "misc"
filename_save = str(file_db.id)
if file_db.repo == "public":
file_db.path = file_path.public(filename=filename_save, type=type)
db.add(file_db)
file.save(file_path.public(filename=filename_save, type=type))
elif file_db.repo == "private":
file_db.path = file_path.private(filename=filename_save, type=type)
db.add(file_db)
file.save(file_path.private(filename=filename_save, type=type))
flash('File {} uploaded successfully!'.format(file.filename))
return url_for('upload')
def facebook_logged_in(blueprint, token):
if not token:
flash("Failed to log in.", category="error")
return False
resp = blueprint.session.get("/me")
if not resp.ok:
msg = "Failed to fetch user info."
flash(msg, category="error")
return False
info = resp.json()
user_id = info["id"]
# Find this OAuth token in the database, or create it
query = OAuth.query.filter_by(provider=blueprint.name,
provider_user_id=user_id)
try:
oauth = query.one()
except NoResultFound:
oauth = OAuth(provider=blueprint.name,
provider_user_id=user_id,
token=token)
if oauth.user:
login_user(oauth.user)
flash("Successfully signed in.")
else:
# Create a new local user account for this user
user = User(name=info["name"])
# Associate the new local user account with the OAuth token
oauth.user = user
# Save and commit our database models
db.session.add_all([user, oauth])
db.session.commit()
new_profile = Profile(user_id=user.id)
db.session.add(new_profile)
db.session.commit()
# Log in the new local user account
login_user(user)
flash("Successfully signed in.")
# Disable Flask-Dance's default behavior for saving the OAuth token
token_query = Token.query.filter_by(user_id=current_user.id)
try:
token = token_query.one()
except NoResultFound:
token = Token(user_id=current_user.id, uuid=str(uuid.uuid4().hex))
db.session.add(token)
db.session.commit()
return redirect("http://localhost:3000/?api_key={}".format(token.uuid))
def GenerateVotingToken(eid):
allchar = string.ascii_letters + string.digits
token = "".join(
random.choice(allchar) for x in range(random.randint(50, 50)))
t = Token.query.filter_by(token=token, election=eid).first()
if t is None:
t = Token(token=token, election=eid)
db.session.add(t)
db.session.commit()
return token
else:
GenerateVotingToken(eid)
def paypal_gateway(self):
"""
Paypal callback receiver. Generates token and sends the code via email to user.
@return:
"""
print(request.form)
# Gather information from callback response
first_name = request.form.get("first_name", None)
last_name = request.form.get("last_name", None)
payer_id = request.form.get("payer_id", None)
payer_email = request.form.get("payer_email", None)
item_name = request.form.get("item_name", None)
item_number = request.form.get("item_number", None)
custom = request.form.get("custom", None)
payment_gross = request.form.get("payment_gross", None)
## Generate Token and store in database
gen_uuid = str(uuid.uuid4())
try:
t = Token()
t.uuid = gen_uuid
t.email = payer_email
t.active = True
t.package = item_name
t.package_id = item_number
db.session.add(t)
db.session.commit()
except:
import traceback
db.session.rollback()
traceback.print_exc()
## Send email to user with unique link
try:
msg = Message(
"Guildbit - Order Confirmation",
sender=settings.DEFAULT_MAIL_SENDER,
recipients=[payer_email])
msg.html = render_template("emails/payment_thankyou.html", package=item_name, uuid=gen_uuid)
mail.send(msg)
except:
import traceback
traceback.print_exc()
return jsonify({
"status": "received"
})
def handle_login(redirect_type="client"):
# Returns a shallow mutable copy of the immutable
# multi dict.
request_args = request.args.copy()
redirect_url = request_args.pop("redirect_url", "/")
query_args = "&".join(
[arg + "=" + value for arg, value in request_args.items()]
)
if query_args:
redirect_url += "?" + query_args
if is_authenticated(request):
return redirect_response(redirect_url, redirect_type)
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
token = request.form.get("token")
# Check whether the given user exists.
user = User.query.filter(User.username == username).first()
invalid_login_msg = "Username password combination does not exist."
if user is None:
return jsonify({"error": invalid_login_msg}), 401
else:
if password is not None:
can_login = check_password_hash(user.password_hash, password)
elif token is not None and user.token_hash is not None:
can_login = check_password_hash(user.token_hash, token)
else:
can_login = False
if can_login:
# remove old token if it exists
Token.query.filter(Token.user == user.uuid).delete()
token = Token(user=user.uuid, token=str(secrets.token_hex(16)))
db.session.add(token)
db.session.commit()
resp = redirect_response(redirect_url, redirect_type)
resp.set_cookie("auth_token", token.token)
resp.set_cookie("auth_username", username)
return resp
else:
return jsonify({"error": invalid_login_msg}), 401
def callback(self):
"""
Coinbase callback receiver. Generates token and sends the code via email to user.
@return:
"""
# Gather information from callback response
data = json.loads(request.data)
order = data.get("order", None)
customer = data.get("customer", None)
email = customer["email"]
id = order["id"]
status = order["status"]
custom = order["custom"]
button = order["button"]
button_name = button["name"]
## Generate Token and store in database
gen_uuid = str(uuid.uuid4())
try:
t = Token()
t.uuid = gen_uuid
t.email = email
t.active = True
t.package = custom
db.session.add(t)
db.session.commit()
except:
import traceback
db.session.rollback()
traceback.print_exc()
## Send email to user with unique link
try:
msg = Message(
"Guildbit - Order Confirmation",
sender=settings.DEFAULT_MAIL_SENDER,
recipients=[email])
# msg.html = template
msg.html = render_template("emails/payment_thankyou.html", package=button_name, uuid=gen_uuid)
mail.send(msg)
except:
import traceback
traceback.print_exc()
return jsonify({
"status": "received"
})
def test_find_by_jti(self, mock_query: Mock) -> None:
expected = Token(id=123)
filter_by = mock_query.return_value.filter_by
first = filter_by.return_value.first
first.return_value = expected
result = Token.find_by_jti('name-xyz')
filter_by.assert_called_once_with(jti='name-xyz')
first.assert_called_once_with()
assert result == expected
def create_new_token(user_id: int, lease_id: int):
while True:
try:
t = Token(
user_id=user_id,
expires_at=datetime.utcnow() + timedelta(days=30),
lease_id=lease_id,
value=generate_token_value(),
)
commit()
break
except:
pass
return t
def test_should_not_be_able_to_create_service_on_client_token(
notify_api, notify_db, notify_db_session):
token = Token(token='client', type='client')
db.session.add(token)
db.session.commit()
response = notify_api.test_client().post(
'/service',
data=json.dumps({'service': {
'userId': 1234,
'name': 'my service'
}}),
headers={'Authorization': 'Bearer client'},
content_type='application/json')
assert response.status_code == 403
def save_token(token, request):
authCode = AuthorizationCode.query.filter_by(
code=request.code, client_id=request.client.client_id).first()
print(authCode)
if authCode and not authCode.is_expired():
payment_agreement = PaymentAgreement.query.filter_by(
user_id=authCode.user_id, client_id=authCode.client_id).first()
item = Token(client_id=authCode.client_id,
user_id=authCode.user_id,
payment_agreement_id=payment_agreement.id,
**token)
db.session.add(item)
db.session.commit()
def login():
config_data = get_user_conf()
if not config_data["AUTH_ENABLED"]:
return make_response(
render_template("client_side_redirect.html", url="/"))
if request.method == "POST":
username = request.form.get("username")
password = request.form.get("password")
token = request.form.get("token")
user = User.query.filter(User.username == username).first()
if user is None:
return render_login_failed()
else:
if password is not None:
can_login = check_password_hash(user.password_hash,
password)
elif token is not None and user.token_hash is not None:
can_login = check_password_hash(user.token_hash, token)
else:
can_login = False
if can_login:
# remove old token if it exists
Token.query.filter(Token.user == user.uuid).delete()
token = Token(user=user.uuid,
token=str(secrets.token_hex(16)))
db.session.add(token)
db.session.commit()
resp = make_response(
render_template("client_side_redirect.html", url="/"))
resp.set_cookie("auth_token", token.token)
resp.set_cookie("auth_username", username)
return resp
else:
return render_login_failed()
else:
return render_template("login.html", **static_render_context())
