def auth_register():
if request.method == "GET":
return render_template("auth/register.html", form=LoginForm())
form = LoginForm(request.form)
user = User.query.filter_by(username=form.username.data).first()
if not user:
if not form.validate_on_submit():
return render_template(
"auth/register.html",
form=LoginForm(),
error=
"Username must be at least 3 characters. Password at least 8 characters long."
)
if form.password.data != form.password_again.data:
return render_template("auth/register.html",
form=form,
error="Password fields need to match.")
user = User(form.username.data)
user.password = form.password.data
db.session().add(user)
db.session().commit()
login_user(user)
else:
return render_template("auth/register.html",
form=form,
error="Username is already taken.")
return redirect(url_for("index"))
def signup():
form = SignupForm(request.form)
if form.validate_on_submit():
username = form.username.data
email = form.email.data
password = form.password.data
if not username:
username = email.split('@')[0]
user = User(username, email)
user.password = password
user.password_hash
user.role = Role.USER
user.status = Status.ACTIVE
db.session.add(user)
db.session.commit()
flash(gettext('You can now login.'))
return redirect(url_for('auth.login'))
return render_template('auth/signup.html',
title=gettext('Sign up'),
form=form)
def admin():
logged_user = google_users.get_current_user()
form = AdminForm(request.form)
if form.validate_on_submit():
user = User()
user.email = form.email.data
user.name = form.name.data
user.password = generate_password_hash(form.password.data)
user.put()
return redirect(url_for("auth.admin"))
users = User.query().order(-User.created_at)
return render_template(
"auth/admin.html", form=form, users=users, logged_user=logged_user, google_users=google_users
)
def admin():
logged_user = google_users.get_current_user()
form = AdminForm(request.form)
if form.validate_on_submit():
user = User()
user.email = form.email.data
user.name = form.name.data
user.password = generate_password_hash(form.password.data)
user.put()
return redirect(url_for('auth.admin'))
users = User.query().order(-User.created_at)
return render_template("auth/admin.html",
form=form,
users=users,
logged_user=logged_user,
google_users=google_users)
def admin(email):
"""Create an administrator account"""
# Check if the user already exists
user = User.query.filter(User.email == email).first()
if not user:
user = User(email=email)
user.password = query_password()
db.session.add(user)
sys.stdout.write("Creating '%s'" % email)
else:
sys.stdout.write("User '%s' already exists " % email)
if not Grant.check_grant(user, Roles.ADMIN):
if query_yes_no(", are you sure you want to grant admin rights?", default="no"):
db.session.add(Grant(user=user, role=Roles.ADMIN))
db.session.commit()
return "User with email '%s' is now an administrator" % email
else:
return "Command cancelled"
print("and is an administrator.")
def test_password_attribute_raises_exception(self, app):
"""Trying to read User.password should raise an attribute error."""
dummy = User()
dummy.password = '******'
with pytest.raises(AttributeError):
dummy.password
def test_password_setter(self, app):
"""User.password = <pw> should set User.password_hash."""
dummy = User()
dummy.password = '******'
assert dummy.password_hash is not None
