def update_faculty_table(dept):
# Do not display table for aggregate views
if dept in ['AS', 'HUM', 'NS', 'SS']:
return [], {'display': 'none'}
# Do not display table without chair-level access
# to the selected department
current_user = User()
if dept not in current_user.deptprofile_access('dept_chair'):
return [], {'display': 'none'}
else:
resp = table.query(KeyConditionExpression=
'PK = :pk AND SK BETWEEN :lower AND :upper',
ExpressionAttributeValues={
':pk':
f'DEPT#{dept}',
':lower':
f'DATA#FACULTY_LIST#{MAX_FISCAL_YEAR}',
':upper':
f'DATA#FACULTY_LIST#{MAX_FISCAL_YEAR}$',
},
ScanIndexForward=True)
return resp['Items'], {'display': 'inline'}
def init_data(self):
#default test user
demo =User(
first_name=u'demo',
last_name=u'demo',
user_name=u'demo',
password=u'123456',
role_code=ADMIN,
status_code=ACTIVE,
user_settings=UserSettings(
sex_code=MALE,
phone='555-555-5555',
bio=u'just a demo guy'))
email = Email(address= "*****@*****.**", is_primary=True, status_code=VERIFIED)
demo.add_email(email)
db.session.add(demo)
db.session.add(email)
db.session.commit()
"""Add in post categories"""
for c in CATEGORIES:
hashtag = Hashtag(name = c)
db.session.add(hashtag)
db.session.commit()
self.demo_user= demo
'''Add in circles'''
ucla = Circle(name=u'ucla', description=u'ucla.edu emails only')
ucla.add_member(demo)
db.session.add(ucla)
db.session.commit()
def load_user(id):
a = teach.find_one({"_id": id})
if a is not None:
return User(id=a.get("_id"), password=a.get("pword"), type="T")
else:
a = stu.find_one({"_id": id})
return User(id=a.get("_id"), password=a.get("pword"), type="S")
def login():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = UserLoginForm()
search_form = SearchForm()
if form.validate_on_submit():
user = mongo.db.users.find_one({'username': form.username.data})
if user and User.check_password(user['password'], form.password.data):
user_obj = User(user['username'], user['email'], user['_id'],
user['is_admin'])
login_user(user_obj)
# accesses the 'next page' query string to determine which url user wanted to visit
# before being redirected to the login page. If no next page was given then redirects user
# to the index page. 'url_parse.netloc' prevents malicious redirect attacks. This prevents
#redirects by ensuring that the url is relative to the page.
next_page = request.args.get('next')
if not next_page or url_parse(next_page).netloc != '':
next_page = url_for('index')
return redirect(next_page)
else:
flash('Wrong username or password', 'warning')
return render_template('loginform.html',
form=form,
search_form=search_form,
title='Login')
def setUp(self):
"""Set up test"""
self.user = User()
self.current_users = USERS
self.user_email = "*****@*****.**"
self.username = "******"
self.password = "******"
def init_data(self):
#default test user
demo = User(first_name=u'demo',
last_name=u'demo',
user_name=u'demo',
password=u'123456',
role_code=ADMIN,
status_code=ACTIVE,
user_settings=UserSettings(sex_code=MALE,
phone='555-555-5555',
bio=u'just a demo guy'))
email = Email(address="*****@*****.**",
is_primary=True,
status_code=VERIFIED)
demo.add_email(email)
db.session.add(demo)
db.session.add(email)
db.session.commit()
"""Add in post categories"""
for c in CATEGORIES:
hashtag = Hashtag(name=c)
db.session.add(hashtag)
db.session.commit()
self.demo_user = demo
'''Add in circles'''
ucla = Circle(name=u'ucla', description=u'ucla.edu emails only')
ucla.add_member(demo)
db.session.add(ucla)
db.session.commit()
class ShoppingListTests(unittest.TestCase):
"""
Class to hold test cases
"""
def setUp(self):
"""
Setting up User before testing
"""
self.user = User()
def tearDown(self):
"""
Clearing dataset after testing
"""
del self.user
def test_if_user_exists(self):
"""
Test case to check if a user already exists
"""
self.user.create_user("random", "pass123", "pass123")
result = self.user.create_user("random", "pass123", "pass123")
self.assertEqual(result, "The user already exists.")
if __name__ == '__main__':
unittest.main()
def initdb():
"""Init/reset database."""
db.drop_all(bind=None)
db.create_all(bind=None)
admin = User(
first_name=u"admin",
last_name=u"admin",
user_name=u"admin",
password=u"123456",
role_code=ADMIN,
status_code=ACTIVE,
user_settings=UserSettings(
sex_code=MALE, age=10, phone="555-555-5555", bio=u"admin Guy is ... hmm ... just a admin guy."
),
)
email = Email(address="*****@*****.**", is_primary=True, status_code=VERIFIED)
admin.add_email(email)
db.session.add(admin)
db.session.add(email)
db.session.commit()
hashtag = None
"""Add in all post hashtag"""
for (key, id) in CATEGORIES.iteritems():
hashtag = Hashtag(id=id, name=key)
db.session.add(hashtag)
db.session.commit()
# generate 1000 random post
"""
for x in range(0,1000):
post = Post(name='test-'+str(x), price=10, description='AOH LALAL')
post.user_id = admin.id
post.add_hashtag(hashtag)
db.session.add(post)
db.session.commit()
chat = Chat(buyer= admin)
msg = ChatMessage(body = "TEST MESSAGE", created_by = admin.id)
post.add_chat(chat)
chat.add_message(msg)
db.session.commit()
db.session.commit()
"""
# Add in ucla circle
ucla = Circle(name=u"ucla", description=u"ucla.edu emails only")
ucla.add_member(admin)
db.session.add(ucla)
db.session.commit()
ucla_info = CollegeInfo(
circle_id=ucla.id, domain=u"ucla.edu", fb_group_id=267279833349705, fb_sell_id=267375200006835
)
db.session.add(ucla_info)
db.session.commit()
def logview():
if current_user.is_authenticated:
if current_user.type == 'S':
return redirect(url_for('stuhome'))
else:
return redirect(url_for('profhome'))
l1 = LoginForm()
if l1.validate_on_submit():
user = teach.find_one({"_id": l1.id.data})
if user is not None and l1.password.data == user.get("pword"):
t = User(id=user.get("_id"), password=user.get("pword"), type="T")
login_user(t, duration=datetime.timedelta(hours=1))
return redirect(url_for('profhome'))
elif user is not None:
flash('Invalid username/password combination.')
else:
user = stu.find_one({"_id": l1.id.data})
if user is not None and l1.password.data == user.get("pword"):
t = User(id=user.get("_id"),
password=user.get("pword"),
type="S")
login_user(t, duration=datetime.timedelta(hours=1))
return redirect(url_for('stuhome'))
else:
flash('Invalid username/password combination.')
return render_template('login.html',
form=l1,
title='Log in.',
template='login-page',
body="Log in with your User account.")
def like(self, liking_user : User):
if liking_user._id not in self.liked_by:
chat = spawn_chat(self.user, liking_user._id)
if chat.accept(liking_user._id):
from app.notifications import Notification, UserNotifications
note = Notification(User.get({"_id" : self.user}), User.get({"_id" : liking_user._id}), Notification.ACTION_LINKED)
UserNotifications.notify(note)
note = Notification(liking_user, User.get({"_id" : self.user}), Notification.ACTION_LINKED)
UserNotifications.notify(note)
pass #mutual like
chat.save()
self.liked_by.append(liking_user._id)
def GetUserFromToken(tok: str) -> User:
usr = User()
try:
tokenObj = jwt.decode(tok, os.environ['SECRET'], algorithms=['HS256'])
except:
print("problem decoding token")
return usr
usr.id = tokenObj["id"]
usr.username = tokenObj["username"]
usr.email = tokenObj["email"]
return usr
def serve_sal_layout():
current_user = User()
depts = current_user.salary_access()
if depts:
logger.log_access(has_access=True)
# Create a list of dropdown options based on user permissions
# Do this here to call salary_access only once
dept_dropdown_options = []
for option in ALL_DEPT_DROPDOWN_OPTIONS:
if option['value'].strip('_') in depts:
dept_dropdown_options.append(option)
layout = html.Div([
serve_navbar(),
html.Div(
[
header,
html.Div(id='test-div'),
serve_filters(dept_dropdown_options),
chart,
table,
],
className='container pb-5',
),
])
else:
# Log that a user accesssed this view and was NOT authorized
logger.log_access(has_access=False)
no_access_alert = dbc.Alert([
html.H5('You don\'t have access to this page.',
className='alert-heading'),
html.P(
'Please reach out to Timur Gulyamov (tg2648) to get access.',
className='mb-0',
),
],
color='warning',
className='mt-3')
layout = html.Div([
serve_navbar(),
html.Div([no_access_alert], className='container'),
])
return layout
def register():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = RegistrationForm()
if form.validate_on_submit():
user = User(login=form.login.data)
user.set_password(form.password.data)
register_user(user.login, user.password_hash)
flash('Congratulations, you are now a registered user!')
return redirect(url_for('login'))
return render_template('register.html', title='Register', form=form)
class userRegistrationDetailsTestCase(unittest.TestCase):
def setUp(self):
self.myUser=User(1, 2, 3, 4, 2)
def test_typeOfFields(self):
result=self.myUser.create_user(1, 2, 3, 4, 2)
self.assertEquals("Invalid input. Enter character elements", result)
def test_emptyFields(self):
result=self.myUser.create_user("", "","" , "", "")
self.assertEquals("Kindly fill out all the form fields", result)
def test_lengthPasswordLessThanEightCharacters(self):
result=self.myUser.create_user("sue", "smith","sue" , "sue@outlookcom", "vg")
self.assertEquals("Password length too small", result)
def register():
if current_user.is_authenticated:
return redirect(url_for('index'))
form = RegistrationForm()
if form.validate_on_submit():
user = User(email=form.email.data)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
flash('Welcome to Pedagogy. You\'re now registered. Please log in.')
return redirect(url_for('login'))
return render_template('register.html', form=form)
def test_authenticate(self):
guy = self.good_guy
db.session.add(guy)
db.session.commit()
user,authenticated = User.authenticate(guy.user_name, self.correct_password)
self.assertEqual(guy, user)
self.assertTrue(authenticated)
user,authenticated = User.authenticate(guy.user_name, 'asdfasd')
self.assertEqual(guy, user)
self.assertFalse(authenticated)
user,authenticated = User.authenticate('random', 'asdfasd')
self.assertIsNone(user)
self.assertFalse(authenticated)
def setUp(self):
self.create_app()
self.app = app.test_client()
db.create_all()
pw = generate_password_hash("admin123456", method='sha256')
db.session.add(User(username="******", password=pw))
db.session.commit()
def test_authenticate(self):
guy = self.good_guy
db.session.add(guy)
db.session.commit()
user, authenticated = User.authenticate(guy.user_name,
self.correct_password)
self.assertEqual(guy, user)
self.assertTrue(authenticated)
user, authenticated = User.authenticate(guy.user_name, 'asdfasd')
self.assertEqual(guy, user)
self.assertFalse(authenticated)
user, authenticated = User.authenticate('random', 'asdfasd')
self.assertIsNone(user)
self.assertFalse(authenticated)
def current_user(self):
from app.users import User
from bson import ObjectId
if "token" not in session:
raise Exception(message="Need token")
token = decode_token(session["token"])
return User.get({"_id" : ObjectId(token["identity"]['id'])}, {"hash" : 0})
def action_thing(uid, action):
if ObjectId(uid) == current_user._id:
raise APIException(message="You cant Like, Block or report yourself")
if action == "like":
tel = Telemetry.get({"user" : ObjectId(uid)})
tel.like(current_user)
tel.save()
note = Notification(current_user, User.get({"_id" : ObjectId(uid)}), Notification.ACTION_LIKE)
UserNotifications.notify(note)
return APISuccessMessage(displayMessage={"message" : "Liked"}, update={"action" : "replace",
"subject" : "#like", "fn" : "has_been_liked"}).messageSend()
elif action == "block":
from app import resolve_user
blocked = resolve_user(ObjectId(uid))
ttl = Telemetry.get({"user" : current_user._id})
ttl.block(blocked)
ttl.save()
return APISuccessMessage(displayMessage={
"message" : "This user is now %s" % ( "blocked" if blocked._id in ttl.blocked else "unblocked")},
update={
"action" : "change",
"subject" : "#block",
"fn" : "blocking",
"data": "%s" %("Block" if not blocked._id in ttl.blocked else "Unblock")
}).messageSend()
elif action == "report":
#Something or the other, need to think about this
pass
else:
raise APIException(message="Invalid option")
return "OK"
def get(self, username):
user = User.get_user(username)
if not user:
return user['data'], 404
return user['data'], 200
def authenticate(username, password):
print username
print password
user = UserModel.find(_username=username)
print user
if user is not None:
if user.verify_password(password):
return user
def authenticate(username, password):
print username
print password
user = UserModel.find(_username=username)
print user
if user is not None:
if user.verify_password(password):
return user
def post(self):
print request.json['token']
token = PasswordToken.find(_token=request.json['token'])
if token is not None:
user = User.find(id=token.user_id)
user.password = request.json['password']
return '', 200
abort(400)
def post(self):
print request.json['token']
token = PasswordToken.find(_token=request.json['token'])
if token is not None:
user = User.find(id=token.user_id)
user.password = request.json['password']
return '', 200
abort(400)
def serve_req_dropdown():
current_user = User()
current_user_reqs = current_user.searchcom_access()
req_dropdown_options = build_req_dropdown_options(current_user_reqs)
req_dropdown = html.Div(dbc.FormGroup([
dbc.Label("Select search:", html_for="req-num-dropdown"),
dcc.Dropdown(id='req-num-dropdown',
options=req_dropdown_options,
value=req_dropdown_options[0]['value'],
multi=False,
clearable=False),
]),
className='mt-3')
return req_dropdown
def setUp(self):
"""set up for each test"""
APP.config['TESTING'] = True
APP.config['WTF_CSRF_ENABLED'] = False
self.test_app = APP.test_client()
self.user_email = "*****@*****.**"
self.username = "******"
self.user_password = "******"
self.user = User()
def initdb():
"""Init/reset database."""
db.drop_all(bind=None)
db.create_all(bind=None)
admin = User(first_name=u'admin',
last_name=u'admin',
user_name=u'admin',
password=u'gFcPU5XB',
role_code=ADMIN,
status_code=ACTIVE,
user_settings=UserSettings(sex_code=MALE,
age=10,
phone='555-555-5555',
bio=u''))
email = Email(address="*****@*****.**",
is_primary=True,
status_code=VERIFIED)
admin.add_email(email)
db.session.add(admin)
db.session.add(email)
db.session.commit()
hashtag = None
"""Add in all post hashtag"""
for (key, id) in CATEGORIES.iteritems():
hashtag = Hashtag(id=id, name=key)
db.session.add(hashtag)
db.session.commit()
#Add in ucla circle
ucla = Circle(name=u'ucla', description=u'ucla.edu emails only')
ucla.add_member(admin)
db.session.add(ucla)
db.session.commit()
ucla_info = CollegeInfo(circle_id=ucla.id,
domain=u'ucla.edu',
fb_group_id=267279833349705,
fb_sell_id=267375200006835)
db.session.add(ucla_info)
db.session.commit()
def public_profile(uid):
id = ObjectId(uid)
profile_user = User.get({"_id" : id})
profile_telemetry = Telemetry.get({"user" : id})
view_tel = Telemetry.get({"user" : current_user._id})
account = Account.get({"user" : id})
if not current_user._id == id and current_user._id not in profile_telemetry.viewed_by:
profile_telemetry.view(current_user)
profile_telemetry.save()
UserNotifications.notify(Notification(current_user, profile_user, Notification.ACTION_VIEW))
return render_template("account/pages/profile.html", user=profile_user, viewer=current_user, account=account, telemetry=profile_telemetry, showMeta=current_user._id == id, viewer_telemetry=view_tel)
def message(self):
auth = User.get({"_id": self.author}, {"uname": 1})
if self.action == self.ACTION_LIKE:
return "%s liked your page" % auth["uname"]
if self.action == self.ACTION_LINKED:
return "%s and your account is now linked, you can chat" % auth[
"uname"]
if self.action == self.ACTION_VIEW:
return "%s looked at your profile" % auth["uname"]
if self.action == self.ACTION_MESSAGE:
return "%s left you a message" % auth["uname"]
def __init__(self, *args, **kwargs):
super(TestUserModel, self).__init__(*args, **kwargs)
self.correct_password = u'123456'
self.good_guy = User(first_name=u'good',
last_name=u'guy',
user_name=u'test',
password=self.correct_password,
role_code=USER,
status_code=ACTIVE,
user_settings=UserSettings(sex_code=MALE))
self.good_girl = User(first_name=u'good',
last_name='girl',
user_name=u'crazy_girl',
password=self.correct_password,
role_code=USER,
status_code=INACTIVE,
user_settings=UserSettings(sex_code=FEMALE))
self.good_girl_email = Email(address="*****@*****.**",
is_primary=False,
status_code=VERIFIED)
def initdb():
"""Init/reset database."""
db.drop_all(bind=None)
db.create_all(bind=None)
admin = User(
first_name=u'admin',
last_name=u'admin',
user_name=u'admin',
password=u'gFcPU5XB',
role_code=ADMIN,
status_code=ACTIVE,
user_settings=UserSettings(
sex_code=MALE,
age=10,
phone='555-555-5555',
bio=u''))
email = Email(address= "*****@*****.**", is_primary=True, status_code=VERIFIED)
admin.add_email(email)
db.session.add(admin)
db.session.add(email)
db.session.commit()
hashtag = None
"""Add in all post hashtag"""
for (key,id) in CATEGORIES.iteritems():
hashtag = Hashtag(id=id, name = key)
db.session.add(hashtag)
db.session.commit()
#Add in ucla circle
ucla = Circle(name=u'ucla', description=u'ucla.edu emails only')
ucla.add_member(admin)
db.session.add(ucla)
db.session.commit()
ucla_info = CollegeInfo(circle_id = ucla.id, domain=u'ucla.edu',fb_group_id=267279833349705, fb_sell_id=267375200006835)
db.session.add(ucla_info)
db.session.commit()
def notify(notif: Notification):
tel = Telemetry.get({"user": notif.reciever})
if notif.author in tel.blocked:
return
print("Sending notification")
from .socket import Notifier
Notifier.push_notification(notif)
Notifier.push_alert_count(
notif.reciever,
len(UserNotifications.get_unread(User(_id=notif.reciever))))
notif.save()
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('Your password has been reset.')
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('email', type=str, required=True, location='json')
parser.add_argument('password', type=str, required=True,
location='json')
data = parser.parse_args()
user = User.generate_auth_token(data['email'], data['password'])
if not user['status']:
return user['data'], 401
return user['data'], 200
def get_users():
users = User.get({
"active": True,
"login_location.region_name": {
"$ne": None
}
})
print("Sorting by region")
for i in users[:5]:
print(i.login_location)
users.sort(key=lambda x: x.login_location["region_name"] == current_user.
login_location["region_name"])
print("Got users")
return users
def serve_fif_archive_layout():
current_user = User()
if current_user.has_fif_archive_access():
# If user has elevated access, serve admin view
logger.log_access(has_access=True)
layout = html.Div([
serve_navbar(),
html.Div(
[
header,
serve_admin_fif_list(),
],
className="container pb-5",
),
])
else:
# Otherwise, serve faculty view
logger.log_access(has_access=False)
layout = html.Div([
serve_navbar(),
html.Div(
[
header,
serve_faculty_fif_list(current_user.uni),
],
className="container pb-5",
),
])
return layout
def download(key):
"""
Downloads a file from S3 based on the key in the path
"""
logger = DynamoAccessLogger('facgov_download')
current_user = User()
# Check access, no access if an empty list is returned from a User class
if current_user.has_facgov_access():
client = current_app.config['S3_RESOURCE']
bucket = client.Bucket(current_app.config['FACGOV_BUCKET'])
# Redirect to base url for keys that end with '/' which are valid S3 keys but are not files
if key.endswith('/'):
return redirect(bp.url_prefix)
try:
file_obj = bucket.Object(key).get()
except client.meta.client.exceptions.NoSuchKey: # per boto3 docs
logger.log_access(has_access=False, downloaded_object=key)
raise NotFoundError(f'File {file_name(key)} not found.')
logger.log_access(has_access=True, downloaded_object=key)
return Response(file_obj['Body'].read(),
mimetype=file_type(key),
headers={
"Content-Disposition":
"inline; filename={}".format(file_name(key))
})
else:
logger.log_access(has_access=False, downloaded_object=key)
raise ForbiddenError('You do not have access to this page. \
Please reach out to Timur Gulyamov (tg2648) to get access.'
)
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('email', type=str, required=True, location='json')
parser.add_argument('username', type=str, required=True,
location='json')
parser.add_argument('password', type=str, required=True,
location='json')
data = parser.parse_args()
user = User.create_user(data['email'], data['username'],
data['password'])
if not user['status']:
return user['data'], 409
return {'message': 'success'}, 201
def get(self, id):
user = User.find(id=id)
user.password = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32))
user.save()
token = PasswordToken()
token._token = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32))
token.user_id = user.id
token.save()
msg = Message()
msg.html = render_template('force_email.html', token=token._token)
msg.recipients = [user.email]
msg.subject = 'Action Required: CCMA Password Reset'
mail.send(msg)
return '', 200
def load_user(payload):
user = UserModel.find(id=payload['user_id'])
return user
def get(self):
users = User.get_all_user()
return users, 200
def test_is_user_name_taken(self):
guy = self.good_guy
db.session.add(guy)
db.session.commit()
self.assertTrue(User.is_user_name_taken(guy.user_name))
self.assertFalse(User.is_user_name_taken(self.good_girl.user_name))
