def init_db():
"""initialize database and create schema"""
from app import db
# drop and create tables
models = db.Model.__subclasses__()
models += {m2m.get_through_model() for model in models for m2m in model._meta.manytomany.values()}
model_dict = {model.__name__: model for model in models}
db.database.drop_tables(models)
db.database.create_tables(models)
# initialize data
from flask_peewee.utils import make_password
User.create(username='******', password=make_password('admin'), email='*****@*****.**',
permission=0b10000)
user = User.create(username='******', password=make_password('user'), email='*****@*****.**')
User.create(username='******', password=make_password('user2'), email='*****@*****.**')
with open(join(dirname(__file__), 'data.json'), encoding='utf-8') as f:
data = json.load(f)
for key, items in data.items():
model = model_dict[key]
for item in items:
model.create(**item)
TestPaper.get_by_id(1).choices.add(Choice.select().order_by(fn.Random()).limit(3))
TestPaper.get_by_id(2).choices.add(Choice.select().order_by(fn.Random()).limit(3))
Exam.get_by_id(1).users.add(User.select().where(User.id > 0))
Exam.get_by_id(2).users.add(User.select().where(User.id > 1))
Report.create(user=user, exam=Exam.get_by_id(1), score=100)
print('db init finished')
def test_passwords(self):
p = make_password('testing')
self.assertTrue(check_password('testing', p))
self.assertFalse(check_password('testing ', p))
self.assertFalse(check_password('Testing', p))
self.assertFalse(check_password('', p))
p2 = make_password('Testing')
self.assertFalse(p == p2)
def test_passwords(self):
p = make_password('testing')
self.assertTrue(check_password('testing', p))
self.assertFalse(check_password('testing ', p))
self.assertFalse(check_password('Testing', p))
self.assertFalse(check_password('', p))
p2 = make_password('Testing')
self.assertFalse(p == p2)
def test_auth_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# this request is not authorized
resp = self.app.post('/api/user/', data=serialized)
self.assertEqual(resp.status_code, 401)
# authorized, but user does not exist in database
resp = self.app.post('/api/user/',
data=serialized,
headers=self.auth_headers('xxx', 'xxx'))
self.assertEqual(resp.status_code, 401)
# authorized, user in database, but not an administrator
resp = self.app.post('/api/user/',
data=serialized,
headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 401)
# authorized as an admin
resp = self.app.post('/api/user/',
data=serialized,
headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
def edit_(self, obj, data):
if "password" in data:
current_password = data.pop("current_password", None)
new_password = make_password(data.pop("password"))
if check_password(current_password, obj.password):
data["password"] = new_password
return super(UserResource, self).edit_(obj, data)
def read_request_data(self):
"""
overrides read_request_data() to mask password
"""
data = request.data or request.form.get('data') or ''
dt = json.loads(data.decode('utf8'))
password = dt.get('password')
if password:
dt['password'] = make_password(password)
return dt
def init_db():
if not SyncLog.table_exists():
SyncLog.create_table()
if not User.table_exists():
User.create_table()
User.create(username='******',
password=make_password('admin'),
admin=True)
for mod_class in MASTER_CLASSES.keys():
if not MODELS_CLASS[mod_class].table_exists():
MODELS_CLASS[mod_class].create_table()
for mod_class in sorted(DEPENDENT_CLASSES.keys()):
if not MODELS_CLASS[mod_class].table_exists():
MODELS_CLASS[mod_class].create_table()
def init_db():
if not SyncLog.table_exists():
SyncLog.create_table()
if not User.table_exists():
User.create_table()
User.create(username='******',
password=make_password('admin'),
admin=True)
for mod_class in MASTER_CLASSES.keys():
if not MODELS_CLASS[mod_class].table_exists():
MODELS_CLASS[mod_class].create_table()
for mod_class in sorted(DEPENDENT_CLASSES.keys()):
if not MODELS_CLASS[mod_class].table_exists():
MODELS_CLASS[mod_class].create_table()
def test_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
new_user = User.get(username='******')
self.assertTrue(check_password('test', new_user.password))
resp_json = self.response_json(resp)
self.assertAPIUser(resp_json, new_user)
def test_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
new_user = User.get(username='******')
self.assertTrue(check_password('test', new_user.password))
resp_json = self.response_json(resp)
self.assertAPIUser(resp_json, new_user)
def homepage():
login_form = LoginForm(request.form)
register_form = RegisterForm(request.form)
login_errors = ""
register_errors = ""
if request.method == "POST":
if login_form.username.name in request.form and login_form.validate():
try:
#makes a select query here to see if username post data is in database
user = User.select().where(User.username==request.form['username']).get()
if check_password(request.form["username"],
make_password(request.form["username"])):
auth.login_user(user)
return redirect(url_for("dashboard"))
except User.DoesNotExist:
login_errors = "This User does not exist"
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
elif register_form.register_username.name in request.form and register_form.validate():
try:
exists = User.select().where(User.username==request.form["register_username"]).get()
register_errors= "Sorry, %s has been taken." % (request.form["register_username"])
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
except User.DoesNotExist:
if register_form.register_password.data != register_form.confirm.data:
register_errors= "Passwords do not match"
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
else:
u = User(
username=register_form.register_username.data,
email=register_form.email.data,
creation_date=datetime.datetime.now(),
active=True
)
u.set_password(register_form.register_password.data)
u.save()
auth.login_user(u)
return redirect(url_for("dashboard"))
else:
return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
def test_auth_create(self):
self.create_users()
new_pass = make_password('test')
user_data = {'username': '******', 'password': new_pass, 'email': ''}
serialized = json.dumps(user_data)
# this request is not authorized
resp = self.app.post('/api/user/', data=serialized)
self.assertEqual(resp.status_code, 401)
# authorized, but user does not exist in database
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('xxx', 'xxx'))
self.assertEqual(resp.status_code, 401)
# authorized, user in database, but not an administrator
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('normal', 'normal'))
self.assertEqual(resp.status_code, 401)
# authorized as an admin
resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin'))
self.assertEqual(resp.status_code, 200)
def set_password(self, password):
self.password = make_password(password)
def make_token(self, exam):
return make_password(str(exam.id) + str(exam.token))
def init_db():
if not User.table_exists():
User.create_table()
User.create(username='******',
password=make_password('admin'),
admin=True)
def init_db():
if not User.table_exists():
User.create_table()
User.create(username='******',
password=make_password('admin'),
admin=True)
def set_password(self, password):
self.password = make_password(password)
def create_(self, data):
data["password"] = make_password(data.get("password"))
return super(UserResource, self).create_(data)
