def make_random_user():
# Make the user
first_name, last_name = gen_new_name(user_names_used, first_names, last_names)
if first_name is None:
return
user_names_used.add((first_name, last_name))
password = Secret.make_key(20)
password_hash = User.pwd_context.encrypt(password)
if random.randint(0, 1):
searcher_role = 'educator'
searching_for_role = 'partner'
bio = generate_educator_bio()
associations = [gen_random_institution(schools, educator_roles)]
else:
searcher_role = 'partner'
searching_for_role = 'educator'
bio = generate_expert_bio()
associations = [
gen_random_institution(companies, partner_roles) for _ in range(random.randint(1, 2))
]
new_user = User(
name='{0} {1}'.format(first_name, last_name),
email=gen_email(first_name, last_name),
password_hash=password_hash,
picture_filename=random.choice(profile_picture_filenames),
bio=bio,
institution_associations=associations,
is_administrator=False,
email_confirmed=True
)
store.session.add(new_user)
store.session.commit()
# Make the search
latitude, longitude = make_random_location()
search = Search(
searcher_user_id=new_user.id,
searcher_role=searcher_role,
searching_for_role=searching_for_role,
latitude=latitude,
longitude=longitude,
)
search.labels = Label.name_list_to_object_list(gen_labels())
store.session.add(search)
store.session.commit()
if search.searcher_role == 'educator':
new_user.educator_profile_search = search
else:
new_user.community_partner_profile_search = search
store.session.add(new_user)
store.session.commit()
def make_random_user():
# Make the user
finished = False
while not finished:
first_name = random_item_from_list(first_names)
last_name = random_item_from_list(last_names)
combined = (first_name, last_name)
if combined not in user_names_used:
finished = True
user_names_used.add(combined)
password = Secret.make_key(20)
email = make_email(first_name, last_name)
password_hash = User.pwd_context.encrypt(password)
name = '{0} {1}'.format(first_name, last_name)
picture_filename = random_item_from_list(profile_picture_filenames)
randombinary = random.randint(0, 1)
if randombinary:
searcher_role = 'educator'
searching_for_role = 'partner'
bio = generate_educator_bio()
institution_associations = [
InstitutionAssociation(
institution=random_item_from_list(schools),
role=random_item_from_list(educator_roles)
)]
else:
searcher_role = 'partner'
searching_for_role = 'educator'
bio = generate_expert_bio()
n_institutions = random.randint(1, 2)
institution_associations = [
InstitutionAssociation(
institution=random_item_from_list(companies),
role=random_item_from_list(partner_roles))
for x in range(n_institutions)]
new_user = User(name=name, email=email, password_hash=password_hash,
picture_filename=picture_filename, bio=bio,
institution_associations=institution_associations,
is_administrator=False, email_confirmed=True)
store.session.add(new_user)
store.session.commit()
# Make the search
location = make_random_location()
search = Search(
searcher_user_id=new_user.id,
searcher_role=searcher_role,
searching_for_role=searching_for_role,
latitude=location[0],
longitude=location[1],
)
search.labels = Label.name_list_to_object_list(get_labels())
store.session.add(search)
store.session.commit()
if search.searcher_role == 'educator':
new_user.educator_profile_search = search
else:
new_user.community_partner_profile_search = search
store.session.add(new_user)
store.session.commit()
def make_random_user(password_hash):
# Make the user
first_name, last_name = gen_new_name(user_names_used, first_names, last_names)
if first_name is None:
return
user_names_used.add((first_name, last_name))
if random.randint(0, 1):
searcher_role = 'educator'
searching_for_role = 'partner'
bio = generate_educator_bio()
associations = [gen_random_institution(schools, educator_roles)]
else:
searcher_role = 'partner'
searching_for_role = 'educator'
bio = generate_expert_bio()
associations = [
gen_random_institution(companies, partner_roles) for _ in range(random.randint(1, 2))
]
new_user = User(
name='{0} {1}'.format(first_name, last_name),
email=gen_email(first_name, last_name),
password_hash=password_hash,
picture_filename=random.choice(profile_picture_filenames),
bio=bio,
institution_associations=associations,
is_administrator=False,
email_confirmed=True
)
store.session.add(new_user)
store.session.commit()
# Make the search
latitude, longitude = make_random_location()
search = Search(
searcher_user_id=new_user.id,
searcher_role=searcher_role,
searching_for_role=searching_for_role,
latitude=latitude,
longitude=longitude,
)
search.labels = Label.name_list_to_object_list(gen_labels())
store.session.add(search)
store.session.commit()
if search.searcher_role == 'educator':
new_user.educator_profile_search = search
else:
new_user.community_partner_profile_search = search
store.session.add(new_user)
store.session.commit()
def search():
requester = get_requesting_user()
search_text = request.args.get('search_text', None)
date_created_greaterthan = request.args.get('date_created.greaterthan', None)
date_created_lessthan = request.args.get('date_created.lessthan', None)
users = User.search(search_text, date_created_greaterthan, date_created_lessthan)
return {'data': serialize_many(requester, users)}
def dump_csv():
csv_obj = User.dump_csv()
response = make_response(csv_obj.getvalue())
response.headers["Content-Type"] = "text/csv"
response.headers[
"Content-Disposition"] = "attachment; filename=communityshare.csv"
return response
def usersignup():
data = request.json
user = data.get('user', None)
email = user.get('email', '')
password = data.get('password', None)
# Check that the email isn't in use.
existing_user = store.session.query(User).filter(
User.email==email, User.active==True).first()
if existing_user is not None:
response = base_routes.make_bad_request_response(
'That email address is already associated with an account.')
elif password is None:
response = base_routes.make_bad_request_response(
'A password was not specified.');
else:
user = User.admin_deserialize_add(user)
error_messages = user.set_password(password)
if error_messages:
error_message = ', '.join(error_messages)
response = base_routes.make_bad_request_response(error_message)
else:
store.session.add(user)
store.session.commit()
error_message = mail_actions.request_signup_email_confirmation(user)
secret = user.make_api_key()
serialized = user.serialize(user)
response_data = {
'data': serialized,
'apiKey': secret.key,
'warningMessage': 'Failed to send email confirmation: {0}'.format(error_message)
}
response = jsonify(response_data)
return response
def usersignup():
data = request.json
user = data.get('user', None)
email = user.get('email', '')
password = data.get('password', None)
# Check that the email isn't in use.
existing_user = store.session.query(User)
existing_user = existing_user.filter(User.email == email, User.active == True)
existing_user = existing_user.first()
if existing_user is not None:
raise BadRequest('That email address is already associated with an account.')
elif password is None:
raise BadRequest('No password was found. Please include a "password" property in the payload.')
else:
try:
user = User.admin_deserialize_add(user)
error_messages = user.set_password(password)
if error_messages:
raise BadRequest(', '.join(error_messages))
else:
store.session.add(user)
store.session.commit()
error_message = mail_actions.request_signup_email_confirmation(user)
secret = user.make_api_key()
serialized = user.serialize(user)
warning_message = 'Failed to send email confirmation: {0}'.format(error_message)
response_data = {
'data': serialized,
'apiKey': secret.key,
'warningMessage': warning_message,
}
response = response_data
except ValidationException as e:
raise BadRequest(str(e))
return response
def search():
requester = get_requesting_user()
search_text = request.args.get('search_text', None)
date_created_greaterthan = request.args.get('date_created.greaterthan', None)
date_created_lessthan = request.args.get('date_created.lessthan', None)
users = User.search(search_text, date_created_greaterthan, date_created_lessthan)
response = base_routes.make_many_response(requester, users)
return response
def search():
requester = get_requesting_user()
search_text = request.args.get('search_text', None)
date_created_greaterthan = request.args.get('date_created.greaterthan',
None)
date_created_lessthan = request.args.get('date_created.lessthan', None)
users = User.search(search_text, date_created_greaterthan,
date_created_lessthan)
response = base_routes.make_many_response(requester, users)
return response
def make_admin_user(name, email, password):
password_hash = User.pwd_context.encrypt(password)
new_user = User(
name=name,
email=email,
password_hash=password_hash,
is_administrator=True,
email_confirmed=True,
)
store.session.add(new_user)
try:
store.session.commit()
except (IntegrityError, InvalidRequestError):
store.session.rollback()
new_user = None
return new_user
def usersignup():
data = request.json
user = data.get('user', None)
email = user.get('email', '')
password = data.get('password', None)
# Check that the email isn't in use.
existing_user = store.session.query(User)
existing_user = existing_user.filter(User.email == email,
User.active == True)
existing_user = existing_user.first()
if existing_user is not None:
response = base_routes.make_bad_request_response(
'That email address is already associated with an account.', )
elif password is None:
response = base_routes.make_bad_request_response(
'A password was not specified.')
else:
try:
user = User.admin_deserialize_add(user)
error_messages = user.set_password(password)
if error_messages:
error_message = ', '.join(error_messages)
response = base_routes.make_bad_request_response(
error_message)
else:
store.session.add(user)
store.session.commit()
error_message = mail_actions.request_signup_email_confirmation(
user)
secret = user.make_api_key()
serialized = user.serialize(user)
warning_message = 'Failed to send email confirmation: {0}'.format(
error_message)
response_data = {
'data': serialized,
'apiKey': secret.key,
'warningMessage': warning_message,
}
response = jsonify(response_data)
except ValidationException as e:
response = base_routes.make_bad_request_response(str(e))
return response
def get_requesting_user():
authorization = request.headers.get('Authorization', None)
authorized_user = None
if authorization is not None:
bits = authorization.split(':')
if len(bits) == 3 and bits[0] == 'Basic':
email = bits[1]
password = bits[2]
logger.debug('Authorizing with email={0}'.format(email))
if email == 'api':
authorized_user = User.from_api_key(password)
else:
user = store.session.query(User).filter_by(email=email, active=True).first()
if user is not None:
if user.is_password_correct(password):
authorized_user = user
if authorized_user is not None:
if not authorized_user.active:
authorized_user = None
return authorized_user
def post_picture(user_id: int, requester: User) -> Response:
if user_id != requester.id and not requester.is_administrator:
raise Unauthorized()
image_file = request.files['file']
if not image_file:
raise FileTypeNotImplemented(
'Missing image data. Request needs to provide binary\n'
'image data as the request parameter named "file".'
)
image_data = image_file.read()
if not is_allowable_image(image_data):
image_type = get_image_type(image_data)
if image_type is None:
reason = 'Could not infer type of image.'
else:
reason = 'Inferred image type {} is not allowed.'
reason = reason.format(image_type)
raise FileTypeNotPermitted(
'{reason}\n\n'
'Allowable types are {types}.'
.format(
reason=reason,
types=', '.join(picture_types),
)
)
filename = image_to_user_filename(image_data, user_id)
store_image(image_file, filename)
requester.picture_filename = filename
store.session.add(requester)
store.session.commit()
logger.info('Saving image {!r}'.format(filename))
return make_OK_response()
def get_requesting_user():
authorization = request.headers.get('Authorization', None)
authorized_user = None
if authorization is not None:
bits = authorization.split(':')
if len(bits) == 3 and bits[0] == 'Basic':
email = bits[1]
password = bits[2]
logger.debug('Authorizing with email={0}'.format(email))
if email == 'api':
authorized_user = User.from_api_key(password)
else:
user = store.session.query(User).filter_by(
email=email, active=True).first()
if user is not None:
if user.is_password_correct(password):
authorized_user = user
if authorized_user is not None:
if not authorized_user.active:
authorized_user = None
return authorized_user
def get_users(
requesting_user,
search_text=None,
created_after=None,
created_before=None,
number=10,
offset=0,
):
users = User.search(
search_text,
created_after,
created_before,
number=number,
offset=offset,
)
count = users.count()
users = [user.serialize(requesting_user) for user in users]
users = [user for user in users if user is not None]
return users, count
def process_password_reset(secret_key, new_password):
user = None
error_messages = User.is_password_valid(new_password)
if not error_messages:
secret = Secret.lookup_secret(secret_key)
error_message = ''
if secret is not None:
secret_info = secret.get_info()
userId = secret_info.get('userId', None)
action = secret_info.get('action', None)
if action == 'password_reset' and userId is not None:
user = store.session.query(User).filter_by(id=userId).first()
if user is not None:
error_messages += user.set_password(new_password)
if not error_messages:
secret.used = True
store.session.add(user)
store.session.add(secret)
store.session.commit()
else:
error_messages.append('Authorization for this action is invalid or expired.')
return (user, error_messages)
def process_password_reset(secret_key, new_password):
user = None
error_messages = User.is_password_valid(new_password)
if not error_messages:
secret = Secret.lookup_secret(secret_key)
error_message = ''
if secret is not None:
secret_info = secret.get_info()
userId = secret_info.get('userId', None)
action = secret_info.get('action', None)
if action == 'password_reset' and userId is not None:
user = store.session.query(User).filter_by(id=userId).first()
if user is not None:
error_messages += user.set_password(new_password)
if not error_messages:
secret.used = True
store.session.add(user)
store.session.add(secret)
store.session.commit()
else:
error_messages.append(
'Authorization for this action is invalid or expired.')
return (user, error_messages)
def test_is_administrator_not_writeable_on_add(self):
potential_admin_user = dict(user)
potential_admin_user['is_administrator'] = True
created_user = User.admin_deserialize_add(potential_admin_user)
self.assertFalse(created_user.is_administrator)
def activate_email():
User.activate_email()
def request_api_key(requester: User) -> Response:
return {
'apiKey': requester.make_api_key().key,
'user': serialize(requester, requester),
}
def activate_email():
User.activate_email()
def dump_csv(requester: User) -> Response:
csv_obj = User.dump_csv()
response = make_response(csv_obj.getvalue())
response.headers["Content-Type"] = "text/csv"
response.headers["Content-Disposition"] = "attachment; filename=communityshare.csv"
return response
