def admin_user_password(userid):
form = UserPasswordForm()
if form.validate_on_submit():
admin_password = form.admin_password.data
new_user_password = form.new_user_password.data
currentuser_password: str = User.find_user(
username_val=current_user.username, retval=USER_PASSWORD_USERKEY)
if User.check_pass(currentuser_password, admin_password):
User.update_val((USER_PASSWORD_USERKEY, new_user_password),
user_id=userid)
return redirect(url_for("admin.admin_manage_users"))
else:
form.admin_password.errors = "Current Admin Password was incorrect!!!"
return render_template("admin/change-user-password.html",
form=form)
return render_template("admin/change-user-password.html", form=form)
def populate_test_data():
db.create_tables([User, Transaction])
user1 = User.create(
name='Misha',
email='*****@*****.**',
telegram_handle='test_telega1',
wallet='somewallet1',
)
user2 = User.create(
name='Vlad',
email='*****@*****.**',
telegram_handle='test_telega2',
wallet='somewallet2',
)
trans1 = Transaction.create(
user=user1,
amount=150,
diff=100,
rate_opened=6444.3,
)
trans2 = Transaction.create(
user=user2,
amount=100,
diff=200,
rate_opened=6328.1,
)
def reset_admin_pass(self):
with self.app.app_context():
User.reset_default_password()
QMessageBox.information(
self, self.get_translation('Password reset'),
self.get_translation('Admin password was reset successfully.'),
QMessageBox.Ok)
def load_user(username):
"""Flask will try to load a user before every request by calling get_id method
from the User class on it and feeding the return value to this function.
If the username returned from Flask is valid the user will be loaded."""
user = User.find_user(username_val=username)
if not user:
return None
return User(username=user[USERNAME], password=user[USER_PASSWORD],
email=[USER_EMAIL], roles=user[USER_ROLES], _id=user[USER_ID])
def adduser():
depts = association.query.all()
roles = Role.query.all()
shifts = shift.query.all()
cycles = cycle.query.all()
print('1')
if request.method == "POST":
print('2')
username = request.form['username']
truename = request.form['truename']
EnrollNumber = request.form['EnrollNumber']
password = '******'
deptid = request.form['dept']
roleid = request.form['role']
shiftid = request.form['shift']
cycleid = request.form['cycle']
startdate = request.form['startdate']
db.session.add(
User(username, truename, password, deptid, roleid, shiftid,
cycleid, startdate, EnrollNumber))
db.session.commit()
flash('添加成功')
print('2')
return redirect(url_for('.getuser'))
return render_template("t-users-add.html",
depts=depts,
roles=roles,
shifts=shifts,
cycles=cycles)
def regist():
if (request.method == 'GET'):
return render_template("signup.html")
else:
userid = request.form.get('userid')
password = request.form.get('password')
password2 = request.form.get('password2')
identity = request.form.get('identity')
if (userid == ''):
return render_template("signup.html", text="请填入学号")
if (password == ''):
return render_template("signup.html", text="请填入密码")
user = User.query.filter(User.id == userid).first()
if (user):
return render_template("signup.html", text="该用户已经注册")
elif (password != password2):
return render_template("signup.html", text="两次密码不同,请核对")
else:
user = User(id=userid,
usertype=identity,
password=generate_password_hash(password))
db.session.add(user)
db.session.commit()
return redirect(url_for("auth.login"))
def user_storage_fees():
form = StorageFeesSearch()
client_list = User.find_user(username_val=current_user.username,
retval=USER_CLIENT_USERKEY)
form.clients.choices = [(client, client) for client in client_list]
if form.validate_on_submit():
chosen_method = form.sort_methods.data
chosen_client = form.clients.data
data_dict = {
SORTMETHOD_KEY: chosen_method,
DESIGNER_USERINVKEY: current_user.username,
CLIENT_USERINVKEY: chosen_client
}
json_dict = json.dumps(data_dict)
return redirect(url_for("user.user_show_fees", data=json_dict))
return render_template("user/storage-fees.html",
form=form,
clients=client_list)
def user_search():
client_list = User.find_user(username_val=current_user.username,
retval=USER_CLIENT_USERKEY)
form = UserSearch()
form.client.choices = [(client, client) for client in client_list]
form.client.choices.insert(0, (NULLVALUE[0], NULLVALUE[0]))
if form.validate_on_submit():
tag_num = form.tag_num.data
shipment_num = form.shipment_num.data
client = form.client.data
data = {
TAG_NUM_USERINVKEY: tag_num,
SHIPMENT_NUM_USERINVKEY: shipment_num,
DESIGNER_USERINVKEY: current_user.username,
CLIENT_USERINVKEY: client
}
data_dict = search_method(data)
json_dict = json.dumps(data_dict)
return redirect(url_for("user.user_view", data=json_dict))
return render_template("user/search.html", form=form)
def db_add_user(config, user_email):
"""Adding user"""
if not os.path.isfile(config.DB_FILE):
print('[WARNING] File [{}] doesn\'t exist.'.format(config.DB_FILE))
sys.exit(1)
app = create_app(config_object=config)
with app.app_context():
DB.init_app(app)
user = User.query.filter_by(email=user_email).first()
if user:
print('[WARNING] User [{}] is already added. '.format(user_email))
sys.exit(0)
admin = User(email=user_email,
password=BCRYPT.generate_password_hash(uuid.uuid4().hex),
gdpr_version=config.GDPR_VERSION,
is_active=True)
DB.session.add(admin)
DB.session.commit()
print(
'[SUCCESS] Admin user was set. For activation, you should reset password.'
)
sys.exit(0)
def create_post():
form = PostForm()
if request.method == 'POST':
title = request.form.get('title')
body = request.form.get('body')
tags = request.form.get('tags')
file = request.files.get('file')
user = User.objects(id=current_user.get_id()).first()
try:
post = Post(title=title, body=body, user=user)
if tags:
post.tags = make_tags(tags)
if file:
filename = file.filename
if not is_allowed_file(filename):
flash(flashes['badformat'])
elif filename == '':
flash(flashes['nofile'], "error")
attach_file(post, file)
else:
filename = None
post.save()
except Exception:
flash(flashes['error'], "error")
return render_template('posts/create_post.html', form=form)
flash(flashes['created'], "message")
return redirect(url_for('posts_bp.index'))
return render_template('posts/create_post.html', form=form)
def create_account(email):
"""
Create new account.
:param email: e-mail
:return: user.uid.hex
"""
with current_app.app_context():
user = User(password=BCRYPT.generate_password_hash(uuid.uuid4().hex),
email=email,
confirmed_at=None,
gdpr_version=0,
is_active=True)
try:
DB.session.add(user)
DB.session.flush()
DB.session.commit()
except Exception as error: # pylint: disable=broad-except,unused-variable
current_app.logger.error(
'Write new account into DB fails! {}'.format(error))
new_user = User.query.filter_by(email=email).first()
return new_user
def test_update_operator(c):
office = choice(Office.query.all())
new_office = choice(Office.query.all())
while new_office == office:
new_office = choice(Office.query.all())
name = f'{uuid4()}'.replace('-', '')
password = '******'
role = 3
new_name = f'{uuid4()}'.replace('-', '')
c.post('/user_a',
data={
'name': name,
'password': password,
'role': role,
'offices': office.id
})
user = User.query.filter_by(name=name).first()
response = c.post(f'/user_u/{user.id}',
data={
'name': new_name,
'password': password,
'role': role,
'offices': new_office.id
},
follow_redirects=True)
assert response.status == '200 OK'
assert User.get(user.id).name == new_name
assert Operators.get(user.id).office_id == new_office.id
def test_delete_user(c):
user = User.query.filter(User.id != 1).first()
response = c.get(f'/user_d/{user.id}', follow_redirects=True)
assert response.status == '200 OK'
assert User.get(user.id) is None
def post_detail(slug):
try:
post = Post.objects(slug=slug).first()
tags = post.tags if post.tags else []
if post.picture and post.pic_name:
filename = post.pic_name
else:
filename = None
try:
user = post.user.fetch()
user_id = str(user.id)
except Exception:
user_id = None
form = CommentForm()
if current_user.is_authenticated:
comment_author = User.objects(id=current_user.get_id()).first()
else:
comment_author = None
if request.method == 'POST':
comment = request.form.get('comment')
if form.validate_on_submit:
comment = Comment(body=comment, author=comment_author)
post.comments.append(comment)
post.save()
return render_template('posts/post_detail.html', post=post, tags=tags, picture=filename, post_author=user_id, \
form=form, comment_author=comment_author, comments=post.comments[::-1])
except Exception:
return render_template('404.html'), 404
def admin_storage_fees():
designer_list = MetaOps.find_one(DESIGNERS_METAKEY)
form = StorageFees()
form.designer.choices = [(designer, designer)
for designer in designer_list]
client_list = User.find_user(username_val=designer_list[0],
retval=USER_CLIENT_USERKEY)
client_list.insert(0, NULLVALUE[0])
form.client.choices = [(client, client) for client in client_list]
if form.validate_on_submit():
designer = form.designer.data
client = form.client.data
findsearch_key = search_method({
DESIGNER_USERINVKEY: designer,
CLIENT_USERINVKEY: client
})
data = json.dumps(findsearch_key)
return redirect(url_for("admin.admin_show_fees", data=data))
return render_template("admin/storage-fees.html", form=form)
async def index(request):
records = Transaction.select()
users = User.select()
return {
'users': users,
'records': records,
}
def test_delete_user(client):
with client.application.app_context():
user = User.query.filter(User.id != 1).first()
response = client.get(f'/user_d/{user.id}')
assert response.status == '302 FOUND'
assert User.get(user.id) is None
def test_update_admin_password(c):
new_password = '******'
response = c.post('/admin_u',
data=dict(password=new_password),
follow_redirects=True)
assert response.status == '200 OK'
assert User.get(1).verify_password(new_password)
def test_delete_user(client):
with client.application.app_context():
user = User.query.filter(User.id != 1).first()
response = client.get(f'/user_d/{user.id}', follow_redirects=True)
assert response.status == '200 OK'
assert User.get(user.id) is None
def edit(id):
errors = []
form = EditTaskForm(request.form)
task = None
possible_assigned = [elem.username for elem in list(User.view('users/by_username'))]
possible_project = [elem.title for elem in list (Project.view('projects/by_title'))]
if id == NEW_TASK_ID:
task = Task()
else:
if not g.db.doc_exist(id):
abort(404)
task = Task.get(id)
if request.method == 'GET':
form = EditTaskForm(obj=task)
form.assigned.choices = zip(possible_assigned, possible_assigned)
form.project.choices = zip(possible_project, possible_project)
# dirty hack here: we use referrer to determine from which
# project we came from and set correct value to select field
if PROJECT_ROUTE in request.referrer:
project = request.referrer.split('/')[-1]
project = Project.get(project_id)
form.project.default = project.title
form.process()
if request.method == 'POST' and form.validate():
form.populate_obj(task)
task.author = session['username']
task.update_date = datetime.datetime.utcnow()
task.tags = ' '.join(set(task.tags.split()))
if id == NEW_TASK_ID:
task.create_date = task.update_date
task.save()
for ff in request.files.keys():
f = request.files[ff]
if f:
fname = secure_filename(f.filename)
fld = os.path.join(UPLOADED_FILES, task._id)
if not os.path.exists(fld):
os.mkdir(fld)
target_path = os.path.join(fld, fname)
while os.path.exists(target_path):
filename, ext = os.path.splitext(target_path)
r = ''.join(random.choice('0123456789abcdef') for i in range(8))
target_path = os.path.join(fld, filename + '-' + r + ext)
f.save(target_path)
flash('Successfully uploaded %s' % fname)
flash('Task was successfully %s' % ('created' if id == NEW_TASK_ID else 'updated'))
return redirect(url_for('tasks.show', id=task._id))
errors.extend(format_form_errors(form.errors.items()))
return render_template('task_edit.html', id = id, form = form, errors = errors)
def register():
form = RegistrationForm()
if form.validate_on_submit():
hashedPassword = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data, password=hashedPassword)
db.session.add(user)
db.session.commit()
return redirect(url_for('index'))
return render_template("register.html", title='Register', form=form)
def sign_up():
errors = []
form = SignUpForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
real_name = form.real_name.data
salt, passwd_hash = make_salt_passwd(form.password.data)
user = list(User.view('users/by_username', key=username))
if user:
errors.append('User already exists')
else:
new_user = User(username=username,
real_name=real_name,
salt=salt,
password=passwd_hash)
g.db.save_doc(new_user)
flash('You have successfully registered')
return redirect(url_for('index.index'))
errors.extend(format_form_errors(form.errors.items()))
return render_template('sign_up.html', form=form, errors=errors)
def test_list_operators(c):
bundles = []
with c.application.app_context():
bundles += [(User.get(o.id), Office.get(o.office_id))
for o in Operators.query.all()]
for user, office in bundles:
response = c.get(f'/operators/{office.id}')
page_content = response.data.decode('utf-8')
assert f'<strong>{user.id}. {user.name}</strong>' in page_content
def post():
post_data = request.get_json()
user = User.query.filter_by(email=post_data.get('email')).first()
if not user:
try:
user = User(email=post_data.get('email'),
password=post_data.get('password'))
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token(user.id)
response_object = {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(response_object)), 201
except Exception:
return error_response(
401, 'Some error occurred. Please try again.')
else:
return error_response(202, 'User already exists. Please Log in.')
def add_user():
content = request.json
if content and all(key in ['id', 'display_name']
for key in content.keys()):
user = User.query.filter(User.id == content['id']).first()
if user:
return json.dumps({'status': 'User already exists'}), 400, {
'Content-Type': 'application/json'
}
else:
user = User()
user.id = content['id']
user.display_name = content['display_name']
current_app.db.session.add(user)
current_app.db.session.commit()
return '', 204
else:
return json.dumps({'status': 'Bad request'}), 400, {
'Content-Type': 'application/json'
}
def populate_db():
"""Populates the database with seed data."""
try:
users = [
User(name=u'admin', role=1),
]
db.session.add_all(users)
db.session.commit()
except:
db.session.rollback()
raise Exception("Failed to populate the database")
finally:
db.session.close()
def admin_create_user():
form = CreateUser()
message = None
if form.validate_on_submit():
username = form.username.data
if User.find_user(username_val=username) == None:
password = form.password.data
email = form.email.data
clients = form.known_clients.data
client_list = clients.strip().upper().split(",")
User.create_user(username, password, email, client_list)
message = "User was Successfully Created."
return render_template("/admin/create-user.html",
form=form,
message=message)
else:
message = "Username Already Exists."
return render_template("/admin/create-user.html",
form=form,
message=message)
return render_template("/admin/create-user.html",
form=form,
message=message)
def add_user(user):
db = connect_db(app.config.get('DB'))
User.set_db(db)
Comment.set_db(db)
#
db_user = User()
db_user.username = user['username']
db_user.real_name = user['name']
db_user.salt, db_user.password = make_salt_passwd(DEFAULT_PASSWORD)
#
db.save_doc(db_user)
def add_user():
id = request.form['facebookId']
try:
user_data = facebook_api.get_user_info(id)
user_name = user_data['username'] if 'username' in user_data else ''
gender = user_data['gender'] if 'gender ' in user_data else ''
new_user = User(id=user_data['id'],
name=user_data['name'],
username=user_name,
gender=gender)
fb_users.add(new_user)
return make_response('', 201)
except Exception as e:
return make_response(jsonify({'error': e}), 500)
def upload():
if request.method == 'POST':
fileUpload = request.files['fileInput']
"""写入数据库"""
username = request.values['username']
if request.values['type'] == 'file':
"""如果是图片"""
num = Album.get_count()
code = "%09d" % num + ".png"
uploadPath = "app/static/upload/" + code
fileUpload.save(uploadPath)
dbPath = uploadPath[4:]
Album(username, dbPath).insert()
else:
"""如果是头像"""
code = username + ".png"
uploadPath = "app/static/portrait/" + code
fileUpload.save(uploadPath)
dbPath = uploadPath[4:]
User.update(username, 'portrait', dbPath)
encode(uploadPath, "app/static/img/back.png", uploadPath, 1.0)
return jsonify({"code": 1111, "msg": "succeed!", "path": dbPath})
def recur():
role_id = role or choice(range(1, 4))
snm = "TEST" + str(randint(10000, 99999999))
go = True if User.query.filter_by(
name=snm).first() is None else False
if not go:
return recur()
user = User(snm, snm, role_id)
db.session.add(user)
db.session.commit()
role_id == 3 and db.session.add(
Operators(id=user.id, office_id=choice(Office.query.all()).id))
def add_user(user):
db = connect_db(app.config.get("DB"))
User.set_db(db)
Comment.set_db(db)
#
db_user = User()
db_user.username = user["username"]
db_user.real_name = user["name"]
db_user.salt, db_user.password = make_salt_passwd(DEFAULT_PASSWORD)
#
db.save_doc(db_user)
def sign_up():
errors = []
form = SignUpForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
real_name = form.real_name.data
salt, passwd_hash = make_salt_passwd(form.password.data)
user = list(User.view('users/by_username', key = username))
if user:
errors.append('User already exists')
else:
new_user = User(username = username, real_name = real_name,
salt = salt, password = passwd_hash)
g.db.save_doc(new_user)
flash('You have successfully registered')
return redirect(url_for('index.index'))
errors.extend(format_form_errors(form.errors.items()))
return render_template('sign_up.html', form = form, errors = errors)
def login():
errors = []
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
password = form.password.data
users = list(User.view('users/by_username', key = username))
if not users:
errors.append('Wrong username')
else:
user = users[0]
if make_passwd_hash(user.salt, password) != user.password:
errors.append('Wrong password')
else:
session['logged_in'] = True
session['uid'] = user._id
session['username'] = user.username
flash('You were logged in')
return redirect(url_for('index.index'))
errors.extend(format_form_errors(form.errors.items()))
return render_template('login.html', form = form, errors = errors)
