Esempio n. 1
0
def _strong_password_or_400(password):
    """
    Check if the password the user supplies when signing up contains:
        no whitespace
        8 characters or greater
        at least 1 uppercase character
        at least 1 number
        at least 1 special character

    Return the error messages found in the password in response.
    """
    message = {}

    if " " in password:
        message["whitespace"] = "whitespace is not allowed"

    if len(password) < 8:
        message["length"] = "must be 8 characters in length"

    if not any(char.isupper() for char in password):
        message["uppercase"] = "must contain at least one uppercase letter"

    if not any(char.isdigit() for char in password):
        message["number"] = "must contain at least one number"

    special_characters = string.punctuation
    if not any(char in special_characters for char in password):
        message["symbol"] = "must contain at least one symbol"

    if any(message.values()):
        fail(400, data={"password": message})
Esempio n. 2
0
def get_sort_by():
    """
    Return the string for sqlalchemy to use for order_by from query_params.
    """
    sort_by = snakecase(request.args.get("sortby", "id"))
    if sort_by not in UserSchema().field_names():
        fail(400, {"sortby": "Sortby is not a valid field for resource"})

    order = request.args.get("order", "asc").lower()
    if order not in ["asc", "desc"]:
        fail(400, {"order": "Order must be asc or desc"})

    return sql.text(f"{sort_by} {order}")
Esempio n. 3
0
def _validate_create_user_form(form):
    """
    Password is required here but is not required by marshmallow because
    it is load only so we need to check the field exists here instead.

    Also check unique username, email and that the user has used a strong
    password.
    """
    if not form.get("password"):
        fail(400, {"form": {"password": "******"}})
    _unique_email_or_409(form["email"])
    _unique_username_or_409(form["username"])
    _strong_password_or_400(form["password"])
Esempio n. 4
0
 def get(self):
     """
     Get all users.
     """
     page, size = get_pagination_args()
     sort = get_sort_by()
     users = User.get_many(sort, page, size)
     if not users:
         fail(404, {
             "status": "fail",
             "data": {
                 "Not Found": "No users found."
             }
         })
     return success(jsonify_users(users))
Esempio n. 5
0
def add_worker(request):
    print('api:add_worker')
    try:
        data = WorkerAddForm(request).validate()
    except (ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(dict(mobile=data.mobile, uid=data.worker_id))
Esempio n. 6
0
def tmp_pull_one_question(request):
    print('api:tmp_pull_one_question')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = TmpQuestionForm(request).validate()
        qid = QuestionInfoColl.choose_one_subquestion_by_type(conn=mongo_conn,
                                                              uid=data.uid,
                                                              pid=data.pid,
                                                              tid=data.tid,
                                                              type=data.type)

        question = QuestionColl.one_question(conn=mongo_conn,
                                             uid=data.uid,
                                             pid=data.pid,
                                             tid=data.tid,
                                             qid=qid)
        url, info = question['url'], question['info']
        content = [dict(id="0", info={}, content={"nodes": [], "lines": []})]

    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(uid=data.uid,
                             pid=data.pid,
                             tid=data.tid,
                             qid=qid,
                             url=url,
                             info=info,
                             content=content))
Esempio n. 7
0
 def get(self, conf_token):
     """
     Check the token and if the user still exists or has not previously
     confirmed their token.
     """
     email = confirm_token(conf_token)
     if email is None:
         fail(401,
              {"form": "Account with this email address does not exist"})
     user = User.query.filter_by(email=email).first_or_404()
     if user.confirmed_on:
         fail(400, {"form": "Account already confirmed. Please login."})
     user.save_email_confirmation()
     if commit_to_db():
         return success({"confirm": "You have confirmed your account."})
     error(500, {"user": "******"})
Esempio n. 8
0
def question_info(request):
    print('api:question_info')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = QuestionForm(request).validate()
        question_content = QuestionInfoColl.all_sub_questions(conn=mongo_conn,
                                                              uid=data.uid,
                                                              pid=data.pid,
                                                              tid=data.tid,
                                                              qid=data.qid)

        question = QuestionColl.one_question(conn=mongo_conn,
                                             uid=data.uid,
                                             pid=data.pid,
                                             tid=data.tid,
                                             qid=data.qid)
        url, info = question['url'], question['info']
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(uid=data.uid,
                             pid=data.pid,
                             tid=data.tid,
                             qid=data.qid,
                             url=url,
                             info=info,
                             content=question_content))
Esempio n. 9
0
    def post(self):
        """
        Check if the user exists and if their email has been confirmed.
        Check the password and if correct returns an auth cookie.

        For auth we only need the email and password to identify a user.
        """
        user_schema = UserSchema(only=["email", "password"])
        form = user_schema.validate_or_400(request.get_json())
        user = User.query.filter_by(email=form["email"]).first()
        # Check the email and password are correct.
        if not user or not user.check_password(form["password"]):
            fail(401, {"form": "Incorrect email address or password"})

        # Check the user has confirmed their email.
        if not user.confirmed_on:
            fail(401, {"form": "Please confirm email"})
        return _login_success_response(user)
Esempio n. 10
0
def update_task(request):
    print('api:update_task')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = TaskUpdateForm(request).validate()
        TaskColl.update_task(conn=mongo_conn, uid=data.uid, info=data.info)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict())
Esempio n. 11
0
def delete_label(request):
    print('api:delete_label')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = LabelDeleteForm(request).validate()
        LabelColl.delete_label(conn=mongo_conn, pid=data.pid, lid=data.lid)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success()
Esempio n. 12
0
def add_label(request):
    print('api:add_label')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = LabelAddForm(request).validate()
        new_label = LabelColl.add_label(conn=mongo_conn, pid=data.pid, label=data.label, name=data.name, type=data.type,
                                        options=data.options, level=data.level)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=new_label)
Esempio n. 13
0
def label_list(request):
    print('api:label_list')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        pid = request.GET.get("pid", None)
        if not pid:
            raise ValidationError(msg="pid is required")
        labels = LabelColl.all_labels(conn=mongo_conn, pid=pid)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(content=labels, nums=len(labels)))
Esempio n. 14
0
def all_tasks(request):
    print('api:all_tasks')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        projects = ProjectColl.all_projects(conn=mongo_conn, uid='admin')
        sets = TaskColl.all_tasks(conn=mongo_conn,
                                  uid='admin',
                                  projects=projects)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(content=sets))
Esempio n. 15
0
def add_project(request):
    print('api:add_project')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = ProjectAddForm(request).validate()
        add_pid = ProjectColl.add_project(conn=mongo_conn,
                                          uid=data.uid,
                                          info=data.info)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(pid=add_pid))
Esempio n. 16
0
def add_task(request):
    print('api:all_tasks')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = TaskAddForm(request).validate()
        new_task = TaskColl.add_task(conn=mongo_conn,
                                     uid=data.uid,
                                     info=data.info)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(
        data=make_dict_from(new_task, 'uid', 'pid', 'tid', 'level', 'status'))
Esempio n. 17
0
def password_login(request):
    """
    客户端用户使用密码登录
    :param request:
    :return:
    """
    print('api:password_login')
    if request.session.get(USER_SESSION_KEY):
        print("###api:password_login request.session.session_key已经存在: ",
              request.session.session_key)
        return fail(ResultCode.COMMONERR, "失败:用户已登录")
    else:
        pass
    try:
        # 提交检验中完成用户存在性和密码正确性的检查 通过后更新登陆时间
        data = PasswordLoginForm(request).validate()
        # 保存session 设置权限
        request.session[USER_SESSION_KEY] = data.worker_id
        request.session["user-agent"] = request.META.get("HTTP_USER_AGENT", "")
        if not request.session.session_key:
            print(
                "###api:password_login request.session.session_key不存在 将生成新的ttf-token"
            )
            request.session.create()
        else:
            print("###api:password_login request.session.session_key已经存在")
            pass
        ttf_token = request.session.session_key

        print("###api:password_login 获取到session_key即ttf_token: ", ttf_token)
        print(f"用户:{data.mobile} {data.worker_id} 登陆成功,ttf-token: {ttf_token}")
    except (ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    except Exception as e:
        return fail(sc=CommonError.sc, msg="未知错误")
    response = success(
        dict(mobile=data.mobile, uid=data.worker_id, ttf_token=ttf_token))
    # 设置cookie
    #response["Access-Control-Allow-Credentials"] = "true" 不用也可以?
    return response
Esempio n. 18
0
def upload_check(request):
    print("api:check")
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = UploadCheckForm(request).validate()
        result = UploadCheckColl.do_check(mongo_conn, data.uid, data.pid,
                                          data.tid, data.content)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(uid=data.uid,
                             pid=data.pid,
                             tid=data.tid,
                             content=result,
                             num=len(result)))
Esempio n. 19
0
def upload_apply(request):
    print('api:apply')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = UploadApplyForm(request).validate()
        result = UploadApplyColl.apply(mongo_conn, data.uid, data.pid,
                                       data.tid, data.info)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success(data=dict(uid=data.uid,
                             pid=data.pid,
                             tid=data.tid,
                             content=result,
                             num=len(result)))
Esempio n. 20
0
def update_question(request):
    print('api:update_question')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = QuestionUpdateForm(request).validate()
        QuestionInfoColl.update_question(conn=mongo_conn,
                                         uid=data.uid,
                                         pid=data.pid,
                                         tid=data.tid,
                                         qid=data.qid,
                                         question_info=data.info,
                                         new_items=data.content)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success()
Esempio n. 21
0
def direct_upload(request):
    def handle_uploaded_file(f):
        with open('test', 'wb+') as destination:
            for chunk in f.chunks():
                print(1)
                destination.write(chunk)

    print('api:direct_upload')
    try:
        print(request.POST, request.FILES)
        #form = UploadFileForm(request.POST, request.FILES)
        #if form.is_valid():
        handle_uploaded_file(request.FILES['file'])
    except Exception as e:
        return fail(sc=400, msg='')
    return success()
Esempio n. 22
0
def add_question(request):
    # 没有任何检查重复机制
    print('api:add_question')
    try:
        mongo_conn = MongoDBBase(config=MONGODB_CONFIG)
        data = QuestionAddForm(request).validate()
        QuestionColl.add_question(conn=mongo_conn,
                                  uid=data.uid,
                                  pid=data.pid,
                                  tid=data.tid,
                                  qid=data.qid,
                                  info=data.info,
                                  url=data.url)
    except (CommonError, ValidationError) as e:
        return fail(sc=e.sc, msg=e.msg)
    return success()
Esempio n. 23
0
 def wrapper(*args, **kwargs):
     email = get_jwt()["email"]
     # __import__('pdb').set_trace()
     if not e.enforce(email, obj, act):
         fail(403, {"Forbidden": f"Permission denied for {obj}:{act}"})
     return f(*args, **kwargs)
Esempio n. 24
0
def _unique_email_or_409(email):
    if User.query.filter_by(email=email).first():
        message = {"user": "******"}
        fail(409, data=message)
Esempio n. 25
0
def _unique_username_or_409(username):
    if User.query.filter_by(username=username).first():
        message = {"user": "******"}
        fail(409, data=message)
Esempio n. 26
0
 def validate_or_400(self, form):
     errors = self.validate(form)
     if errors:
         message = {"form": errors}
         fail(400, data=message)
     return form