def login():
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
user, status = get_getaway().get_users(email=request.form['email'])
if status == 200 and user is not None:
password = request.form['password']
user = user[0]
password_hash = user['password']
checked = check_password_hash(password_hash, password)
if checked:
usr = User(user['id'], user['is_operator'],
user['is_admin'], user['is_health_authority'],
password_hash, user['rest_id'],
user['is_positive'])
login_user(usr)
return redirect('/')
else:
flash('Wrong password', 'error')
return make_response(
render_template('login.html', form=form), 401)
flash('Wrong email', 'error')
return make_response(render_template('login.html', form=form), 401)
flash('Bad form', 'error')
return make_response(render_template('login.html', form=form), 400)
return make_response(render_template('login.html', form=form), 200)
def login():
if hasattr(
current_user, 'is_authenticated'
) and current_user.is_authenticated is True: ## The connected user cannot create other users
return make_response(
index(),
403) ## They are redirect instantaneously to the main page
form = LoginForm()
if form.validate_on_submit():
email, password = form.data['email'], form.data['password']
q = db.session.query(User).filter(User.email == email
and User.password == password)
user = q.first()
# print(user is None)
# print(user.authenticate(password))
if user is not None and user.authenticate(password):
login_user(user)
return redirect('/')
else:
flash('Wrong email or password', category='error')
return make_response(render_template('login.html', form=form), 401)
return render_template('login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
email, password = form.data["email"], form.data["password"]
q = db.session.query(User).filter(User.email == email)
user = q.first()
if user is not None and user.authenticate(password):
login_user(user)
q = db.session.query(Role).filter(Role.id == user.role_id)
role = q.first()
if role is not None:
session["ROLE"] = role.value
# if is operator, load restaurant information and load in session
if role.value == "OPERATOR":
q = db.session.query(Restaurant).filter(
Restaurant.owner_id == user.id
)
restaurant = q.first()
if restaurant is not None:
session["RESTAURANT_ID"] = restaurant.id
session["RESTAURANT_NAME"] = restaurant.name
return redirect("/")
else:
return render_template(
"login.html", form=form, _test="error_login", message="User not exist"
)
return render_template("login.html", _test="first_visit_login", form=form)
def test_login_logout(self):
# Test login with an unexisting email
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
self.assert_template_used('login.html')
self.assert_message_flashed('This email does not exist.', 'error')
# Test login with wrong password
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
self.assert_template_used('login.html')
self.assert_message_flashed('Password is incorrect.', 'error')
# Test successful login
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
self.assert_template_used('index.html')
all_stories = db.session.query(Story).all()
self.assertEqual(
self.get_context_variable('stories').all(), all_stories)
# Test successful logout
self.client.post('/users/logout', follow_redirects=True)
self.assert_template_used('index.html')
self.assertIsNone(self.get_context_variable('stories'))
def login():
'''
Performs the login of a user.
It checks whether the input is the username or the e-mail address,
the password and performs the authentication.
Returns:
302 -> redirection to the user's homepage if the authentication is succesful
200 -> the login page with the corresponding error message
'''
form = LoginForm()
form.password.errors = []
if current_user.is_authenticated:
return redirect('/')
if form.validate_on_submit():
cred, password = form.data['usrn_eml'], form.data['password']
if '@' in cred:
user = User.query.filter_by(email=cred).one_or_none()
else:
user = User.query.filter_by(username=cred).one_or_none()
if user is not None and user.authenticate(password):
login_user(user)
return redirect(url_for('home.index'))
form.password.errors.append('Wrong username or password.')
return render_template('login.html', form=form)
def login():
form = LoginForm()
if form.validate_on_submit():
email, password = form.data['email'], form.data['password']
q = db.session.query(User).filter(User.email == email)
user = q.first()
if user is not None and user.authenticate(password):
login_user(user)
return redirect('/')
return render_template('login.html', form=form)
def login(message=''):
if not current_user.is_anonymous:
return redirect("/", code=302)
form = LoginForm()
form.message = message
if form.validate_on_submit():
email, password = form.data['email'], form.data['password']
q = db.session.query(User).filter(User.email == email)
user = q.first()
if user is not None and user.authenticate(password):
login_user(user)
return redirect('/')
else:
form.message = "User or Password not correct!"
return render_template('login.html', form=form, notlogged=True)
def setUp(self) -> None:
print("SET UP")
with app.app_context():
example = User()
example.firstname = 'Admin'
example.lastname = 'Admin'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 5)
example.is_admin = True
example.set_password('admin')
db.session.add(example)
example2 = User()
example2.firstname = 'Admin'
example2.lastname = 'Admin'
example2.email = '*****@*****.**'
example2.dateofbirth = datetime.datetime(2020, 10, 5)
example2.is_admin = True
example2.set_password('admin')
db.session.add(example2)
db.session.commit()
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
def setUp(self) -> None:
with app.app_context():
# user for login
example = User()
example.firstname = 'Admin'
example.lastname = 'Admin'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 5)
example.is_admin = True
example.set_password('admin')
db.session.add(example)
db.session.commit()
# reacted story
test_story = Story()
test_story.text = "Test story from admin user"
test_story.author_id = 1
test_story.is_draft = 0
test_story.figures = "#Test#admin#"
db.session.add(test_story)
db.session.commit()
# login
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login',
data=form.data,
follow_redirects=True)
def test_random_recent_story(self):
# Random recent story as anonymous user
self.client.get('/stories/random', follow_redirects=True)
self.assert_template_used('story.html')
self.assertEqual(self.get_context_variable('story').text, 'Just another story')
# Login as Admin
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
# No recent stories
self.client.get('/stories/random', follow_redirects=True)
self.assert_template_used('stories.html')
self.assert_message_flashed('Oops, there are no recent stories by other users!')
# Create a new recent story by Admin2
example = Story()
example.text = 'This is a valid recent story'
example.date = datetime.datetime.now()
example.author_id = 2
example.figures = 'story#recent'
example.is_draft = False
db.session.add(example)
db.session.commit()
# Get the only recent story not written by Admin
response = self.client.get('/stories/random', follow_redirects=True)
self.assert_template_used('story.html')
self.assertEqual(self.get_context_variable('story').text, 'This is a valid recent story')
def login():
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
email, password = form.data['email'], form.data['password']
q = db.session.query(User).filter(User.email == email)
user = q.first()
if user is None:
flash('This email does not exist.', 'error')
elif user is not None and not user.authenticate(password):
flash('Password is incorrect.', 'error')
else:
login_user(user)
return redirect('/')
return render_template('login.html', form=form, home_url=HOME_URL)
def login():
form = LoginForm()
message = ""
error = False
if form.validate_on_submit():
email, password = form.data['email'], form.data['password']
q = db.session.query(User).filter(User.email == email)
user = q.first()
if user is not None and user.authenticate(password):
login_user(user)
return redirect('/')
else:
message = "User not found"
error = True
return render_template('login.html',
form=form,
error=error,
message=message)
def setUp(self) -> None:
with app.app_context():
# user for login
example = User()
example.firstname = 'Admin'
example.lastname = 'Admin'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 5)
example.is_admin = True
example.set_password('admin')
db.session.add(example)
# dummy user
dummy_user = User()
dummy_user.firstname = 'Dummy'
dummy_user.lastname = 'Dummy'
dummy_user.email = '*****@*****.**'
dummy_user.dateofbirth = datetime.datetime(2020, 10, 5)
dummy_user.is_admin = True
dummy_user.set_password('admin')
db.session.add(dummy_user)
db.session.commit()
dummy_id = User.query.filter(
User.email == '*****@*****.**').first().id
test_story = Story()
test_story.text = "Test story from admin user"
test_story.author_id = 1
test_story.is_draft = 0
test_story.figures = "#Test#admin#"
dummy_story = Story()
dummy_story.text = "Test story from dummy user"
dummy_story.author_id = dummy_id
dummy_story.is_draft = 0
dummy_story.figures = "#Test#dummy#"
db.session.add(test_story)
db.session.add(dummy_story)
db.session.commit()
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login',
data=form.data,
follow_redirects=True)
def login():
if current_user is not None and hasattr(current_user, 'id'):
return redirect('/')
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
email, password = form.data['email'], form.data['password']
q = db.session.query(User).filter(User.email == email)
user = q.first()
if user is not None and user.authenticate(
password) and user.is_active:
login_user(user)
return redirect('/')
else:
form.password.errors.append("Invalid credentials.")
return make_response(render_template('login.html', form=form),
401)
else:
return make_response(render_template('login.html', form=form), 400)
return render_template('login.html', form=form)
def setUp(self) -> None:
with app.app_context():
# Create admin user
example = User()
example.firstname = 'Admin'
example.lastname = 'Admin'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 5)
example.is_admin = True
example.set_password('admin')
db.session.add(example)
db.session.commit()
# Create non admin user
example = User()
example.firstname = 'Abc'
example.lastname = 'Abc'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2010, 10, 5)
example.is_admin = False
example.set_password('abc')
db.session.add(example)
db.session.commit()
# Create another non admin user
example = User()
example.firstname = 'Nini'
example.lastname = 'Nini'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2010, 10, 7)
example.is_admin = False
example.set_password('nini')
db.session.add(example)
db.session.commit()
# Create an account that will have 0 stories
example = User()
example.firstname = 'No'
example.lastname = 'Stories'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2010, 10, 5)
example.is_admin = False
example.set_password('no')
db.session.add(example)
db.session.commit()
# Create the first story, default from teacher's code
example = Story()
example.text = 'Trial story of example admin user :)'
example.author_id = 1
example.figures = '#example#admin#'
example.is_draft = False
example.date = datetime.datetime.strptime('2019-10-20', '%Y-%m-%d')
db.session.add(example)
db.session.commit()
# Create a story that shouldn't be seen in /latest
example = Story()
example.text = 'Old story (dont see this in /latest)'
example.date = datetime.datetime.strptime('2019-10-10', '%Y-%m-%d')
example.likes = 420
example.author_id = 2
example.is_draft = False
example.figures = '#example#abc#'
db.session.add(example)
db.session.commit()
# Create a story that should be seen in /latest
example = Story()
example.text = 'You should see this one in /latest'
example.date = datetime.datetime.strptime('2019-10-13', '%Y-%m-%d')
example.likes = 3
example.author_id = 2
example.is_draft = False
example.figures = '#example#abc#'
db.session.add(example)
db.session.commit()
# Random draft from a non-admin user
example = Story()
example.text = 'DRAFT from not admin'
example.date = datetime.datetime.strptime('2018-12-30', '%Y-%m-%d')
example.likes = 100
example.author_id = 3
example.is_draft = True
example.figures = '#example#nini#'
db.session.add(example)
db.session.commit()
# Create a very old story for range searches purpose
example = Story()
example.text = 'very old story (11 11 2011)'
example.date = datetime.datetime.strptime('2011-11-11', '%Y-%m-%d')
example.likes = 2
example.author_id = 3
example.is_draft = False
example.figures = '#example#nini#'
example.date = datetime.datetime(2011, 11, 11)
db.session.add(example)
db.session.commit()
# Add third reaction (love)
love = ReactionCatalogue()
love.reaction_id = 3
love.reaction_caption = "love"
db.session.add(love)
db.session.commit()
# login
payload = {'email': '*****@*****.**',
'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
def delete_user():
""" Delete the current user profile and log out
The user must confirm the request by entering email and password.
The request is approved only if the user is not positive.
If the user is an operator, the restaurant is also deleted.
In that case, a notification is sent to all users who had active bookings,
and bookings are canceled.
The functionality is not active for the health authority or for the admin.
Error status codes:
400 -- The request is not valid, the form is filled out incorrectly or a generic error has occurred
401 -- The current user is not a customer or operator
Success codes:
200 -- The form is sent
302 -- The elimination was carried out
"""
if current_user.is_admin or current_user.is_health_authority:
return make_response(render_template('error.html', error='401'), 401)
form = LoginForm()
if request.method == 'POST':
if form.validate_on_submit():
users, status_code = get_getaway().get_users(
email=form.data['email'])
if status_code != 200:
flash('Wrong password or mail', 'success')
return make_response(
render_template('error.html', title="Unregister"), 400)
if users is not None:
email, password = form.data['email'], form.data['password']
user = users[0].toDict()
else:
flash('Wrong email', 'error')
return make_response(
render_template('delete_profile.html',
form=form,
title="Unregister"), 400)
checked = check_password_hash(user['password'], password)
if checked:
usr, status = get_getaway().delete_user(user['id'])
if status == 204:
flash('Account deleted', 'success')
logout_user()
return redirect("/")
if status == 400:
flash(usr.detail, 'warning')
return make_response(
render_template('error.html', title="Unregister"), 400)
if status == 500:
flash('Please try again', 'error')
return make_response(
render_template('error.html', title="Unregister"), 500)
else:
flash('Wrong password', 'error')
return make_response(
render_template('delete_profile.html',
form=form,
title="Unregister"), 400)
else:
flash('Bad form', 'error')
return make_response(
render_template('delete_profile.html',
form=form,
title="Unregister"), 400)
return render_template('delete_profile.html',
form=form,
title="Unregister")
def setUp(self) -> None:
print("SET UP")
with app.app_context():
# Add Admin user
example = User()
example.firstname = 'Admin'
example.lastname = 'Admin'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 5)
example.is_admin = True
example.set_password('admin')
db.session.add(example)
# Add another user for testing
example = User()
example.firstname = 'Test'
example.lastname = 'Man'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 6)
example.is_admin = False
example.set_password('test')
db.session.add(example)
# Add some stories for user 1
example = Story()
example.text = 'Trial story of example admin user :)'
example.author_id = 1
example.figures = '#example#admin#'
example.is_draft = False
db.session.add(example)
db.session.commit()
example = Story()
example.text = 'Another story!'
example.author_id = 1
example.is_draft = True
example.figures = '#another#story#'
db.session.add(example)
db.session.commit()
# Add reactions for user 1
like = Counter()
like.reaction_type_id = 1
like.story_id = 1
like.counter = 23
dislike = Counter()
dislike.reaction_type_id = 2
dislike.story_id = 1
dislike.counter = 5
db.session.add(like)
db.session.add(dislike)
db.session.commit()
# login
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login',
data=form.data,
follow_redirects=True)
def setUp(self) -> None:
with app.app_context():
# Create admin user (if not present)
q = db.session.query(User).filter(User.email == '*****@*****.**')
user = q.first()
if user is None:
example = User()
example.firstname = 'Admin'
example.lastname = 'Admin'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2020, 10, 5)
example.is_admin = True
example.set_password('admin')
db.session.add(example)
db.session.commit()
# Create non admin user (if not present)
q = db.session.query(User).filter(User.email == '*****@*****.**')
user = q.first()
if user is None:
example = User()
example.firstname = 'Abc'
example.lastname = 'Abc'
example.email = '*****@*****.**'
example.dateofbirth = datetime.datetime(2010, 10, 5)
example.is_admin = False
example.set_password('abc')
db.session.add(example)
db.session.commit()
# Create the first story, default from teacher's code
q = db.session.query(Story).filter(Story.id == 1)
story = q.first()
if story is None:
example = Story()
example.text = 'Trial story of example admin user :)'
example.author_id = 1
example.figures = '#example#admin#'
example.is_draft = False
db.session.add(example)
db.session.commit()
# Create a story of a different user
q = db.session.query(Story).filter(Story.id == 2)
story = q.first()
if story is None:
example = Story()
example.text = 'You won\'t modify this story'
example.author_id = 2
example.figures = '#modify#story#'
example.is_draft = False
db.session.add(example)
db.session.commit()
# Create a draft for the logged user
q = db.session.query(Story).filter(Story.id == 3)
story = q.first()
if story is None:
example = Story()
example.text = 'This is an example of draft'
example.author_id = 1
example.figures = '#example#draft#'
example.is_draft = True
db.session.add(example)
db.session.commit()
# Create a draft of a different user
q = db.session.query(Story).filter(Story.id == 4)
story = q.first()
if story is None:
example = Story()
example.text = 'This is an example of draft that you can\'t modify'
example.date = datetime.datetime.strptime('2018-12-30', '%Y-%m-%d')
example.author_id = 2
example.figures = '#example#draft#'
example.is_draft = True
db.session.add(example)
db.session.commit()
payload = {'email': '*****@*****.**', 'password': '******'}
form = LoginForm(data=payload)
self.client.post('/users/login', data=form.data, follow_redirects=True)
