def initdb():
'''Init/reset database.'''
if not os.environ.get('PRODUCTION'):
db.connection.drop_database(app.config['MONGODB_DB'])
user_datastore = MongoEngineUserDatastore(db, User, Role)
admin_role = user_datastore.create_role(name='admin', description='Admin User')
user = user_datastore.create_user(
email='*****@*****.**',
password='******'
)
user_datastore.add_role_to_user(user, admin_role)
def configure_extensions(app, admin):
babel.configure(app)
generic.configure(app)
Cache(app)
Mail(app)
Dealer(app)
error_handlers.configure(app)
db.init_app(app)
fixtures.configure(app)
themes.configure(app, db) # Themes should be configured after db
context_processors.configure(app)
template_filters.configure(app)
user_datastore = MongoEngineUserDatastore(db, User, Role)
Security(app, user_datastore)
blueprints.load_from_packages(app)
blueprints.load_from_folder(app)
configure_admin(app, admin)
if app.config.get('DEBUG_TOOLBAR_ENABLED'):
try:
from flask_debugtoolbar import DebugToolbarExtension
DebugToolbarExtension(app)
except:
pass
before_request.configure(app)
views.configure(app)
return app
def _mk_ctx():
return dict(app=app,
db=db,
models=models,
services=services,
userdatastore=MongoEngineUserDatastore(db, models.User,
models.Role))
def register_flask_security(app):
"""Register Flask-Security extension"""
from flask.ext.security import MongoEngineUserDatastore
from edx_data_research.web_app.auth.forms import ExtendedRegisterForm
from edx_data_research.web_app.models import User, Role
user_datastore = MongoEngineUserDatastore(db, User, Role)
security.init_app(app, user_datastore, register_form=ExtendedRegisterForm)
def register_extensions(app):
cache.init_app(app)
db.init_app(app)
admin.init_app(app)
register_admin_views(admin)
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app,
user_datastore,
confirm_register_form=ExtendedRegisterForm)
mail.init_app(app)
debug_toolbar.init_app(app)
return None
def create_app(auth_config=None, debug=True):
app = create_base_app(auth_config, debug)
app.config['MONGODB_DB'] = 'flask_social_test'
app.config['MONGODB_HOST'] = 'localhost'
app.config['MONGODB_PORT'] = 27017
db = MongoEngine(app)
class Role(db.Document, RoleMixin):
name = db.StringField(required=True, unique=True, max_length=80)
description = db.StringField(max_length=255)
class User(db.Document, UserMixin):
email = db.StringField(unique=True, max_length=255)
password = db.StringField(required=True, max_length=120)
active = db.BooleanField(default=True)
remember_token = db.StringField(max_length=255)
authentication_token = db.StringField(max_length=255)
roles = db.ListField(db.ReferenceField(Role), default=[])
@property
def connections(self):
return Connection.objects(user_id=str(self.id))
class Connection(db.Document):
user_id = db.ObjectIdField()
provider_id = db.StringField(max_length=255)
provider_user_id = db.StringField(max_length=255)
access_token = db.StringField(max_length=255)
secret = db.StringField(max_length=255)
display_name = db.StringField(max_length=255)
full_name = db.StringField(max_length=255)
profile_url = db.StringField(max_length=512)
image_url = db.StringField(max_length=512)
rank = db.IntField(default=1)
@property
def user(self):
return User.objects(id=self.user_id).first()
app.security = Security(app, MongoEngineUserDatastore(db, User, Role))
app.social = Social(app, MongoEngineConnectionDatastore(db, Connection))
@app.before_first_request
def before_first_request():
for m in [User, Role, Connection]:
m.drop_collection()
populate_data()
app.get_user = lambda: User.objects().first()
return app
def initdb():
'''Init/reset database.'''
if not os.environ.get('PRODUCTION'):
db.connection.drop_database(app.config['MONGODB_DB'])
user_datastore = MongoEngineUserDatastore(db, User, Role)
admin_role = user_datastore.create_role(name='super_admin', description='Super Admin')
team_role = user_datastore.create_role(name='team_admin', description='Team Admin')
user = user_datastore.create_user(
email='*****@*****.**',
password=encrypt_password('password')
)
user_datastore.add_role_to_user(user, admin_role)
def configure_extensions(app, admin):
cache.init_app(app)
babel.configure(app)
generic.configure(app)
Mail(app)
Dealer(app)
error_handlers.configure(app)
db.init_app(app)
themes.configure(app, db) # Themes should be configured after db
context_processors.configure(app)
template_filters.configure(app)
app.security = Security(app, MongoEngineUserDatastore(db, User, Role))
fixtures.configure(app, db)
blueprints.load_from_packages(app)
blueprints.load_from_folder(app)
# enable .pdf support for posts
weasyprint.configure(app)
configure_admin(app, admin)
if app.config.get('DEBUG_TOOLBAR_ENABLED'):
try:
from flask_debugtoolbar import DebugToolbarExtension
DebugToolbarExtension(app)
except:
pass
before_request.configure(app)
views.configure(app)
oauthlib.configure(app)
if app.config.get('SENTRY_ENABLED', False):
from .sentry import configure
configure(app)
return app
def create_user(username, role, password):
class Roles(db.Document, RoleMixin):
name = db.StringField(max_length=80, unique=True)
description = db.StringField(max_length=255)
class Users(db.Document, UserMixin):
email = db.StringField(max_length=255)
password = db.StringField(max_length=255)
emri = db.StringField(max_length=255)
mbiemri = db.StringField(max_length=255)
role = db.StringField()
active = db.BooleanField(default=True)
klinika = db.ListField(default=[])
nr_licences = db.StringField(max_length=255)
kualifikimi = db.StringField(max_length=255)
roles = db.ListField(db.ReferenceField(Roles), default=[])
user_datastore = MongoEngineUserDatastore(db, Users, Roles)
'''
Create the roles using the flask-security plugin.
'''
# Create User role
try:
Roles.objects.get(name=role)
except DoesNotExist:
# Create the user role
user_datastore.create_role(
name=role,
description='User of the system.'
)
try:
Users.objects.get(email=username)
# Create the admin user
except DoesNotExist:
user = user_datastore.create_user(
emri="",
mbiemri="",
klinika=[],
nr_licences = "",
kualifikimi = "",
email=username,
role=role,
password=bcrypt.generate_password_hash(password, rounds=12),
)
user_datastore.add_role_to_user(user, role)
def create_app(config, **kwargs):
app = create_base_app(config)
app.config['MONGODB_SETTINGS'] = dict(
db='flask_security_test',
host='localhost',
port=27017
)
db = MongoEngine(app)
class Role(db.Document, RoleMixin):
name = db.StringField(required=True, unique=True, max_length=80)
description = db.StringField(max_length=255)
class User(db.Document, UserMixin):
email = db.StringField(unique=True, max_length=255)
username = db.StringField(max_length=255)
password = db.StringField(required=True, max_length=255)
last_login_at = db.DateTimeField()
current_login_at = db.DateTimeField()
last_login_ip = db.StringField(max_length=100)
current_login_ip = db.StringField(max_length=100)
login_count = db.IntField()
active = db.BooleanField(default=True)
confirmed_at = db.DateTimeField()
roles = db.ListField(db.ReferenceField(Role), default=[])
@app.before_first_request
def before_first_request():
User.drop_collection()
Role.drop_collection()
populate_data(app.config.get('USER_COUNT', None))
app.security = Security(app, datastore=MongoEngineUserDatastore(db, User, Role), **kwargs)
add_context_processors(app.security)
return app
def __call__(self, name, **kwargs):
self.app = Flask(name, **kwargs)
self.app.config.from_object(self.config)
self.bind_extensions(db, mail, celery, csrf, cache, htmlmin, toolbar)
register_connection(DB_TEMP_NAME, DB_TEMP_NAME)
self.app.session_interface = MongoEngineSessionInterface(db)
self.app.permanent_session_lifetime = timedelta(weeks=1)
self.app.user_datastore = MongoEngineUserDatastore(db, User, Role)
self.app.security = Security(self.app,
self.app.user_datastore,
login_form=ExtLoginForm)
@self.app.security.send_mail_task
def delay_security_email(msg):
send_security_mail.delay(msg)
# @self.app.errorhandler(Exception)
# def validation_error(err):
# flash(err.message, 'error')
# return redirect(request.path)
self.register_blueprints(BLUEPRINTS)
self.register_template_filters(time_distance, is_list, smart_round,
pretty_date, phonofize)
self.register_context_processors(categories, cart, visited_offers,
pages)
self.app.jinja_env.globals['get_plural'] = get_plural
self.app.add_url_rule('/media/<filename>', 'media', build_only=True)
self.app.wsgi_app = SharedDataMiddleware(
self.app.wsgi_app, {'/media': self.app.config['MEDIA_DIR']})
return self.app
def create_app(testing=False, live=False):
from bhs_api.models import User, Role
from bhs_api.forms import LoginForm
app = Flask(__name__)
app.testing = testing
# load the config file
conf = get_conf()
app.conf = conf
# Our config - need to move everything here
app.config[
'VIDEO_BUCKET_URL'] = "https://storage.googleapis.com/bhs-movies"
app.config[
'IMAGE_BUCKET_URL'] = "https://storage.googleapis.com/bhs-flat-pics"
# Set app config
app.config['DEBUG'] = True
app.config['FRONTEND_SERVER'] = conf.frontend_server
app.config['DEFAULT_NEXT'] = '/mjs'
# Security Config
app.config['SECRET_KEY'] = conf.secret_key
app.config['WTF_CSRF_ENABLED'] = False
app.config['SECURITY_PASSWORDLESS'] = True
app.config['SECURITY_EMAIL_SENDER'] = 'BH Databases<*****@*****.**>'
app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = 'email'
app.config[
'SECURITY_EMAIL_SUBJECT_PASSWORDLESS'] = 'Login link for Your Jewish Story'
app.config['SECURITY_POST_LOGIN_VIEW'] = '/mjs'
app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = ('email', 'username',
'hash')
# Mail Config
app.config['MAIL_SERVER'] = conf.mail_server
app.config['MAIL_PORT'] = conf.mail_port
# Mail optional username and password
try:
app.config['MAIL_USERNAME'] = conf.mail_username
app.config['MAIL_PASSWORD'] = conf.mail_password
except AttributeError:
pass
# DB Config
app.config['MONGODB_DB'] = conf.user_db_name
app.config['MONGODB_HOST'] = conf.user_db_host
app.config['MONGODB_PORT'] = conf.user_db_port
# Redis
app.config['REDIS_HOST'] = conf.redis_host
app.config['REDIS_PORT'] = conf.redis_port
app.config['REDIS_PASSWORD'] = getattr(conf, 'redis_password', None)
# CACHING
app.config['CACHING_TTL'] = conf.caching_ttl
app.mail = Mail(app)
app.db = MongoEngine(app)
app.user_datastore = MongoEngineUserDatastore(app.db, User, Role)
app.security = Security(app,
app.user_datastore,
passwordless_login_form=LoginForm)
# Create database connection object
app.client_data_db = pymongo.MongoClient(
conf.data_db_host,
conf.data_db_port,
read_preference=pymongo.ReadPreference.SECONDARY_PREFERRED)
app.data_db = app.client_data_db[conf.data_db_name]
# Create the elasticsearch connection
app.es = elasticsearch.Elasticsearch(conf.elasticsearch_host)
# Add the user's endpoints
from bhs_api.user import user_endpoints
app.register_blueprint(user_endpoints)
# Add the v1 endpoint
from bhs_api.v1_endpoints import v1_endpoints
app.register_blueprint(v1_endpoints, url_prefix='/v1')
# Initialize autodoc - https://github.com/acoomans/flask-autodoc
#allow CORS
cors = CORS(app,
origins=['*'],
headers=[
'content-type', 'accept', 'authentication-token',
'Authorization'
])
# logging
if live:
app.config['PROPAGATE_EXCEPTIONS'] = True
try:
fh = logging.FileHandler(conf.log_file)
formatter = logging.Formatter(
'%(asctime)s - %(name)s - %(levelname)s - %(message)s')
fh.setFormatter(formatter)
app.logger.addHandler(fh)
except AttributeError:
pass
# redis
try:
app.redis = redis.StrictRedis(host=conf.redis_host,
port=conf.redis_port,
password=app.config['REDIS_PASSWORD'],
db=0)
except AttributeError:
app.redis = None
return app, conf
name = db.StringField(max_length=80, unique=True)
description = db.StringField(max_length=255)
# Generic User schema
class User(db.Document, UserMixin):
firstname = db.StringField(max_length=40) # first name
lastname = db.StringField(max_length=40) # last name
email = db.EmailField(max_length=100, unique=True) # email (contact information)
uid = db.StringField(max_length=40, unique=True) # username, technically 4-12 char
password = db.StringField(max_length=20) # password, at least 1 number
active = db.BooleanField(default=True) # set False for user confirmation
confirmed_at = db.DateTimeField() # confirmation time, currently not used
roles = db.ListField(db.ReferenceField(Role), default=[])
# Setup Flask-Security
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# Generic entry schema, per image uploaded
class Entry(db.Document):
uid = db.StringField(max_length=40) # uploader username
uuid = db.StringField(max_length=255) # image filename, uuid
datetime = db.DateTimeField() # time of upload
diag = db.FloatField() # DR diagnosis of image
# API key schema
class Key(db.Document):
key = db.StringField(max_length=255) # API key, uuid
uid = db.StringField(max_length=40) # username of API key owner
datetime = db.DateTimeField() # time of API key creation
def configure_security(app):
"""
ABOUT
Configures Flask-Security with our app
"""
from .user.models import Role, User
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
# Set the default state
g.user = None
if identity.name is None:
return
# Ok we're ok to proceed now ...
if isinstance(identity.name, (bson.ObjectId)):
user = User.objects(id=identity.name)
elif isinstance(identity.name, (str, unicode)):
user = User.objects(email=identity.name)
if user.count() > 1:
app.logger.error("Got more than one match for user login %s" %
identity.name)
raise Exception(
"[on_identity_loaded] Error getting login information. Please contact an administrator"
)
g.user = None
elif user.count() == 0:
g.user = None
else:
user = user.first()
if hasattr(user, 'id'):
identity.provides.add(UserNeed(user.id))
# Assuming the User model has a list of roles, update the
# identity with the roles that the user provides
if hasattr(user, 'roles'):
for role in user.roles:
identity.provides.add(RoleNeed(role.name))
# Assuming the User model has a list of posts the user
# has authored, add the needs to the identity
if hasattr(user, 'posts'):
for post in user.posts:
identity.provides.add(EditBlogPostNeed(unicode(post.id)))
identity.user = user
g.user = user
# set the user load clalback
@login_manager.user_loader
def load_user(userid):
return User.objects.with_id(userid)
@app.before_request
def before_request():
"""
ABOUT
This was inserted when we started to see errors from
g.user.is_anonymous() for non-registered users, this seemed
to fix that
"""
g.user = current_user
"/answers": {"origins": "*"},
"/task_data": {"origins" : "*"}})
import schema.requester
import schema.question
import schema.task
import schema.role
print "Loading mail extension"
sys.stdout.flush()
mail = Mail(app)
print "Loading security datastore"
sys.stdout.flush()
user_datastore = MongoEngineUserDatastore(db, schema.requester.Requester,
schema.role.Role)
security = Security(app, user_datastore)
print "Done loading security datastore. Ready to serve pages."
sys.stdout.flush()
print "Loading Celery"
def make_celery(app):
celery = Celery(app.import_name, backend=app.config['REDIS_URL'],
broker=app.config['REDIS_URL'])
celery.conf.update(app.config)
TaskBase = celery.Task
class ContextTask(TaskBase):
abstract = True
def __call__(self, *args, **kwargs):
with app.app_context():
def initdb():
"""Init/reset database."""
user_datastore = MongoEngineUserDatastore(db, User, Role)
user_datastore.create_user(email='*****@*****.**', password='******')
def create_app(settings_override=None, register_security_blueprint=True):
"""Returns the frontend application instance"""
app = factory.create_app(__name__, __path__, settings_override)
# Init assets
assets.init_app(app)
menu.init_app(app)
gravatar.init_app(app)
userdatastore = MongoEngineUserDatastore(db, models.User, models.Role)
security.init_app(app,
userdatastore,
login_form=DeploymentLoginForm,
register_blueprint=register_security_blueprint)
app.session_interface = CustomMongoEngineSessionInterface(db)
csrf.init_app(app)
init_admin(admin, app)
# Register custom error handlers
if not app.debug:
for e in [500, 404, 403]:
app.errorhandler(e)(handle_error)
@app.before_first_request
def create_user_roles():
userdatastore.find_or_create_role('clerk')
userdatastore.find_or_create_role('manager')
userdatastore.find_or_create_role('analyst')
userdatastore.find_or_create_role('admin')
# register deployment selection middleware
app.before_request(set_request_presets)
# add Jinja2 filters
app.jinja_env.filters.update(custom_filters)
# Login and logout signal handlers
# user_logged_out.connect(lambda app, user: session.clear())
user_logged_out.connect(clear_session)
@identity_loaded.connect_via(app)
def on_identity_loaded(sender, identity):
needs = services.perms.get_all_needs(
models.User(**identity.user._data))
for need in needs:
identity.provides.add(need)
@app.context_processor
def inject_permissions():
ga_key = app.config.get('GOOGLE_ANALYTICS_KEY')
return dict(perms=permissions, ga_key=ga_key)
# clickjacking protection
@app.after_request
def frame_buster(response):
response.headers['X-Frame-Options'] = app.config.get(
'X_FRAME_OPTIONS', 'DENY')
return response
# content security policy
@app.after_request
def content_security_policy(response):
response.headers['Content-Security-Policy'] = "default-src 'self' " + \
"*.googlecode.com *.google-analytics.com *.persona.org " + \
"'unsafe-inline' 'unsafe-eval'; img-src * data:"
return response
return app
def init_flask_security(app):
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# This step may not be necessary
app.security = security
class NotAuthenticatedMenuLink(MenuLink):
def is_accessible(self):
return not current_user.is_authenticated()
admin.add_link(NotAuthenticatedMenuLink(name='Login', url='/login'))
admin.add_link(AuthenticatedMenuLink(name='Logout', url='/logout'))
db.init_app(app)
admin.init_app(app)
from api import models
from api import views
from api import administration
# Setup Flask-Security
user_datastore = MongoEngineUserDatastore(db, models.User, models.Role)
security = Security(app, user_datastore)
# sanyam = models.User(email="*****@*****.**", password="******")
@app.before_first_request
def before_first_request():
user_datastore.find_or_create_role(name='admin', description='Administrator')
user_datastore.find_or_create_role(name='super_admin', description='Super Administrator')
encrypted_password = encrypt_password('password')
if not user_datastore.get_user('*****@*****.**'):
user_datastore.create_user(email='*****@*****.**', password=encrypted_password)
user_datastore.add_role_to_user('*****@*****.**', 'admin')
user_datastore.add_role_to_user('*****@*****.**', 'super_admin')
def configure(app, db):
from quokka.modules.accounts.models import User, Role
app.security = Security(
app=app,
datastore=MongoEngineUserDatastore(db, User, Role),
)
