def homepage(): if (basic_auth.username() == current_app.config['VERIFY_TOKEN_USERNAME'] or basic_auth.username() == current_app.config['ISSUE_TOKEN_USERNAME'] or basic_auth.username() == current_app.config['EMAIL_USER_USERNAME']): return make_response('', 403) elif basic_auth.username() == current_app.config['ADMIN_PORTAL_USERNAME']: return redirect('/admin/', 301) elif basic_auth.username() == current_app.config['EMAIL_ADMIN_USERNAME']: return redirect('/email/', 301) else: return render_template('query.html')
def decode_user(): if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']: abort(403) action = request.form['action'] username = request.form['username'] user = DecodeUser.query.filter_by(username=username).first() if action == 'delete': if user: db.session.delete(user) db.session.commit() return make_response('User ' + username + ' has been deleted.') else: return make_response( 'The username you want to delete does not exist.') elif action == 'update': if request.form['pwd'] != request.form['pwd_confirm']: return make_response('Two passwords do not match. Try again.') if request.form['pwd'] != ''.join(request.form['pwd'].split()): return make_response( 'The password should not contain any whitespace characters.') password_hash = pbkdf2_sha256.hash(request.form['pwd']) if user: user.password_hash = password_hash else: user = DecodeUser(username=username, password_hash=password_hash) db.session.add(user) db.session.commit() return make_response('User ' + username + ' has been added or updated successfully.')
def clearall(): if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']: abort(403) Token.query.delete() User.query.delete() db.session.commit() return make_response('All token and user records have been deleted.')
def result(): if (basic_auth.username() == current_app.config['VERIFY_TOKEN_USERNAME'] or basic_auth.username() == current_app.config['ISSUE_TOKEN_USERNAME'] or basic_auth.username() == current_app.config['EMAIL_USER_USERNAME']): return abort(403) encoded_ids = request.form['Encoded_ID_List'].strip().split('\n') results = '' for i, x in enumerate(encoded_ids): x = x.strip() results += ('\t<tr>\n\t\t<td>' + str(i + 1).zfill(3) + '</td>\n\t\t<td class="second">') user = User.query.filter_by(user_id=x).first() y = 'Not Found' if user is None else user.real_id results += (x + '</td>\n\t\t<td>' + y + '</td>\n\t</tr>\n') return render_template('results.html', results=results)
def email_alert(): if basic_auth.username() != current_app.config['EMAIL_USER_USERNAME']: return make_response(jsonify({'error': 'Forbidden'}), 403) try: supervisor_report, configs, messages = load_request_and_config() except BadRequest: return make_response(jsonify({'error': 'Invalid json data'}), 400) except AttributeError: return make_response(jsonify({'error': 'No admin config available'}), 500) except KeyError as e: return make_response(jsonify({'error': 'Failed to retrieve required key: ' + str(e)}), 400) except ValueError as e: return make_response(jsonify({'error': str(e)}), 400) try: invalid_ids = {} if messages['ignore_invalid_ids'] else None decode_ids(messages, invalid_ids) except ValueError as e: return make_response(jsonify({'error': str(e)}), 400) except SQLAlchemyError: return make_response(jsonify({'error': 'Internal Database Error'}), 500) try: send_email(configs, messages, supervisor_report) except (ConnectionRefusedError, smtplib.SMTPConnectError): return make_response(jsonify({'error': 'Cannot access the mail server ' + configs['smtp_host']}), 500) except smtplib.SMTPAuthenticationError: return make_response(jsonify({'error': 'Mail server authentication failed'}), 400) except smtplib.SMTPException as e: return make_response(jsonify({'error': 'Cannot send emails because a SMTP excetion was rasied: ' + str(e)}), 500) response = invalid_ids if invalid_ids else {} response['status'] = 'Success' return make_response(jsonify(response), 200)
def settings(): if basic_auth.username() != current_app.config['EMAIL_ADMIN_USERNAME']: abort(403) settings = EmailSettings.query.first() settings.smtp_host = request.form['smtp_host'] settings.smtp_port = request.form['smtp_port'] settings.use_ssl = True if request.form['use_ssl'] == 'true' else False settings.sender_address = request.form['sender_address'] settings.test_receiver = request.form['test_receiver'] settings.email_address_regex = request.form['email_address_regex'] settings.supervisor_address = request.form['supervisor_address'] db.session.commit() return make_response('All settings have been updated successfully.')
def upload_csv(): if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']: abort(403) if 'file' not in request.files or request.files['file'].filename == '': return make_response('No file uploaded') data = request.files['file'] if not data.filename.lower().endswith('.csv'): return make_response('Not a CSV file') rows = data.stream.read().decode("utf-8").split('\n') for row in rows: row = ''.join(row.split()) if row: modify_user(*row.split(',')) return make_response('All records have been added or updated.')
def verify_token(user_id): if basic_auth.username() != current_app.config['VERIFY_TOKEN_USERNAME']: return make_response(jsonify({'error': 'Forbidden'}), 403) try: token = Token.query.get(user_id) if token is None or token.token != request.args.get( 'token') or token.expiration <= dt.datetime.now(): response = make_response(jsonify({'status': 'Invalid'}), 400) else: response = make_response(jsonify({'status': 'Success'}), 200) except SQLAlchemyError: response = make_response(jsonify({'status': 'Database error'}), 500) response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate' return response
def change_password(): if basic_auth.username() != current_app.config['EMAIL_ADMIN_USERNAME']: abort(403) username = request.form['username'] if username not in [current_app.config['EMAIL_ADMIN_USERNAME'], current_app.config['EMAIL_USER_USERNAME']]: abort(400) if request.form['pwd'] != request.form['pwd_confirm']: return make_response('Two passwords do not match. Try again.') if request.form['pwd'] != ''.join(request.form['pwd'].split()): return make_response('The password should not contain any whitespace characters.') password_hash = pbkdf2_sha256.hash(request.form['pwd']) admin = Admin.query.filter_by(username=username).first() admin.password_hash = password_hash db.session.commit() return make_response('The password of ' + username + ' has been changed successfully.')
def issue_token(real_id): if basic_auth.username() != current_app.config['ISSUE_TOKEN_USERNAME']: return make_response(jsonify({'error': 'Forbidden'}), 403) try: user = User.query.get(real_id) if user is None: return make_response(jsonify({'error': 'User not found'}), 400) user_id = user.user_id return make_response( jsonify({ 'user_id': user_id, 'token': generate_token(user_id) }), 200) except SQLAlchemyError: return make_response(jsonify({'error': 'Database error'}), 500)
def dashboard(): if basic_auth.username() != current_app.config['EMAIL_ADMIN_USERNAME']: abort(403) templates = {} templates['email_admin_username'] = current_app.config['EMAIL_ADMIN_USERNAME'] templates['email_user_username'] = current_app.config['EMAIL_USER_USERNAME'] settings = EmailSettings.query.first() templates['smtp_host'] = settings.smtp_host templates['smtp_port'] = settings.smtp_port templates['use_ssl_true'] = 'checked' if settings.use_ssl else '' templates['use_ssl_false'] = '' if settings.use_ssl else 'checked' templates['sender_address'] = settings.sender_address templates['test_receiver'] = settings.test_receiver templates['email_address_regex'] = settings.email_address_regex templates['supervisor_address'] = settings.supervisor_address return render_template('/email/email_index.html', **templates)
def entry(): if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']: abort(403) action = request.form['action'] real_id = request.form['real_id'] if action == 'delete': record = User.query.filter_by(real_id=real_id).first() if record: token_record = Token.query.filter_by( user_id=record.user_id).first() if token_record: db.session.delete(token_record) db.session.delete(record) db.session.commit() return make_response('Record ' + real_id + ' has been deleted.') else: return make_response('Record ' + real_id + ' does not exist.') elif action == 'update': modify_user(real_id, request.form['user_id']) return make_response('Record ' + real_id + ' has been added or updated.') else: abort(400)
def dashboard(): if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']: abort(403) templates = {} templates['admin_portal_username'] = current_app.config[ 'ADMIN_PORTAL_USERNAME'] templates['issue_token_username'] = current_app.config[ 'ISSUE_TOKEN_USERNAME'] templates['verify_token_username'] = current_app.config[ 'VERIFY_TOKEN_USERNAME'] templates['decode_users'] = '' templates['not_usernames'] = '' for x in [ 'ADMIN_PORTAL', 'ISSUE_TOKEN', 'VERIFY_TOKEN', 'EMAIL_ADMIN', 'EMAIL_USER' ]: templates['not_usernames'] += current_app.config[x + '_USERNAME'] + ', ' decode_users = DecodeUser.query.all() if decode_users: for user in decode_users: templates[ 'decode_users'] += '\n <p><strong>' + user.username + '</strong></p>' return render_template('/admin/admin_index.html', **templates)