def login(): form = LoginForm(next=request.args.get('next')) if form.validate_on_submit(): u = User.find_by_identity(request.form.get('identity')) if u and u.authenticated(password=request.form.get('password')): # As you can see remember me is always enabled, this was a design # decision I made because more often than not users want this # enabled. This allows for a less complicated login form. # # If however you want them to be able to select whether or not they # should remain logged in then perform the following 3 steps: # 1) Replace 'True' below with: request.form.get('remember', False) # 2) Uncomment the 'remember' field in user/forms.py#LoginForm # 3) Add a checkbox to the login form with the id/name 'remember' if login_user(u, remember=request.form.get( 'remember', False)) and u.is_active(): u.update_activity_tracking(request.remote_addr) # Handle optionally redirecting to the next URL safely. next_url = request.form.get('next') if next_url: return redirect(safe_next_url(next_url)) if u.role == 'member': return redirect(url_for('user.view')) else: return redirect(url_for('admin.users')) else: flash('This account has been disabled.', 'error') else: flash('Identity or password is incorrect.', 'error') return render_template('user/login.html', form=form)
def seed(): """ Seed the database with an initial user. :return: User instance """ if User.find_by_identity(app.config['SEED_ADMIN_EMAIL']) is not None: return None params = { 'role': 'admin', 'email': app.config['SEED_ADMIN_EMAIL'], 'password': app.config['SEED_ADMIN_PASSWORD'] } return User(**params).save()
def test_deliver_password_reset_email(self, token): """ Deliver a password reset email. """ with mail.record_messages() as outbox: user = User.find_by_identity('*****@*****.**') deliver_password_reset_email(user.id, token) assert len(outbox) == 1 assert token in outbox[0].body
def test_begin_update_credentials_email_change(self): """ Update credentials but only the e-mail address. """ self.login() user = {'current_password': '******', 'email': '*****@*****.**'} response = self.client.post(url_for('user.update_credentials'), data=user, follow_redirects=True) assert_status_with_message(200, response, 'Your sign in settings have been updated.') old_user = User.find_by_identity('*****@*****.**') assert old_user is None new_user = User.find_by_identity('*****@*****.**') assert new_user is not None
def begin_password_reset(): form = BeginPasswordResetForm() if form.validate_on_submit(): u = User.initialize_password_reset(request.form.get('identity')) flash('An email has been sent to {0}.'.format(u.email), 'success') return redirect(url_for('user.login')) return render_template('user/begin_password_reset.html', form=form)
def password_reset(): form = PasswordResetForm(reset_token=request.args.get('reset_token')) if form.validate_on_submit(): u = User.deserialize_token(request.form.get('reset_token')) if u is None: flash('Your reset token has expired or was tampered with.', 'error') return redirect(url_for('user.begin_password_reset')) form.populate_obj(u) u.password = User.encrypt_password(request.form.get('password')) u.save() if login_user(u): flash('Your password has been reset.', 'success') return redirect(url_for('user.settings')) return render_template('user/password_reset.html', form=form)
def test_login_activity(self, users): """ Login successfully and update the activity stats. """ user = User.find_by_identity('*****@*****.**') old_sign_in_count = user.sign_in_count response = self.login() new_sign_in_count = user.sign_in_count assert response.status_code == 200 assert (old_sign_in_count + 1) == new_sign_in_count
def test_password_reset(self, users, token): """ Reset successful. """ reset = {'password': '******', 'reset_token': token} response = self.client.post(url_for('user.password_reset'), data=reset, follow_redirects=True) assert_status_with_message(200, response, 'Your password has been reset.') admin = User.find_by_identity('*****@*****.**') assert admin.password != 'newpassword'
def input(): form = BudgetForm() from track.blueprints.user.models import User if form.validate_on_submit(): budget_year = request.form.get('budget_year') username = request.form.get('username') input_type = request.form.get('input_type') acct_num = request.form.get('acct_num') amount = request.form.get('amount') description = request.form.get('description') u = User.find_by_identity(username) if input_type == 'allocated': a = amount, e = 0.0, i = 0.0 u.update_allocated_total(amount) if input_type == 'expenses': e = amount, a = 0.0, i = 0.0 u.update_expenses_total(amount) if input_type == 'income': i = amount, a = 0.0, e = 0.0 u.update_income_total(amount) params = { 'user_id': username, 'budget_year': budget_year, 'input_type': input_type, 'acct_num': acct_num, 'description': description, 'allocated_amount': a, 'expenses_amount': e, 'income_amount': i } b = Budget(**params) if None in params: flash('Area missing.', 'error') else: b.save() flash('Your budget has been saved.', 'success') return redirect(url_for('admin.users')) return render_template('budget/input.html', form=form)
def test_welcome_with_existing_username(self, users): """ Create username failure due to username already existing. """ self.login() u = User.find_by_identity('*****@*****.**') u.username = '******' u.save() user = {'username': '******'} response = self.client.post(url_for('user.welcome'), data=user, follow_redirects=True) assert_status_with_message(200, response, 'You already picked a username.')
def update_credentials(): form = UpdateCredentials(current_user, uid=current_user.id) if form.validate_on_submit(): new_password = request.form.get('password', '') current_user.email = request.form.get('email') if new_password: current_user.password = User.encrypt_password(new_password) current_user.save() flash('Your sign in settings have been updated.', 'success') return redirect(url_for('user.view')) return render_template('user/update_credentials.html', form=form)
def test_signup(self, users): """ Signup successfully. """ old_user_count = User.query.count() user = {'email': '*****@*****.**', 'password': '******'} response = self.client.post(url_for('user.signup'), data=user, follow_redirects=True) assert_status_with_message(200, response, 'Awesome, thanks for signing up!') new_user_count = User.query.count() assert (old_user_count + 1) == new_user_count new_user = User.find_by_identity('*****@*****.**') assert new_user.password != 'password'
def signup(): form = SignupForm() if form.validate_on_submit(): u = User() form.populate_obj(u) u.password = User.encrypt_password(request.form.get('password')) u.save() if login_user(u): flash('Awesome, thanks for signing up!', 'success') return redirect(url_for('user.welcome')) return render_template('user/signup.html', form=form)
def users(): """ Generate fake users. """ random_emails = [] data = [] click.echo('Working...') # Ensure we get about 100 unique random emails. for i in range(0, 99): random_emails.append(fake.email()) random_emails.append(app.config['SEED_ADMIN_EMAIL']) random_emails = list(set(random_emails)) while True: if len(random_emails) == 0: break fake_datetime = fake.date_time_between(start_date='-1y', end_date='now').strftime('%s') created_on = datetime.utcfromtimestamp( float(fake_datetime)).strftime('%Y-%m-%dT%H:%M:%S Z') random_percent = random.random() if random_percent >= 0.05: role = 'member' else: role = 'admin' email = random_emails.pop() random_percent = random.random() if random_percent >= 0.5: random_trail = str(int(round((random.random() * 1000)))) username = fake.first_name() + random_trail else: username = None fake_datetime = fake.date_time_between(start_date='-1y', end_date='now').strftime('%s') current_sign_in_on = datetime.utcfromtimestamp( float(fake_datetime)).strftime('%Y-%m-%dT%H:%M:%S Z') params = { 'created_on': created_on, 'updated_on': created_on, 'role': role, 'email': email, 'username': username, 'password': User.encrypt_password('password'), 'sign_in_count': random.random() * 100, 'current_sign_in_on': current_sign_in_on, 'current_sign_in_ip': fake.ipv4(), 'last_sign_in_on': current_sign_in_on, 'last_sign_in_ip': fake.ipv4() } # Ensure the seeded admin is always an admin with the seeded password. if email == app.config['SEED_ADMIN_EMAIL']: password = User.encrypt_password(app.config['SEED_ADMIN_PASSWORD']) params['role'] = 'admin' params['password'] = password data.append(params) return _bulk_insert(User, data, 'users')
def test_deserialize_token(self, token): """ Token de-serializer de-serializes a JWS correctly. """ user = User.deserialize_token(token) assert user.email == '*****@*****.**'
def test_deserialize_token_tampered(self, token): """ Token de-serializer returns None when it's been tampered with. """ user = User.deserialize_token('{0}1337'.format(token)) assert user is None