def setUp(self): """ Will be called before every test """ # ensure there is no data in the test database when the test starts db.session.commit() db.drop_all() db.create_all() # create test admin user hashed_pw = bcrypt.generate_password_hash('admin2016') admin = Users(first_name="admin", last_name="admin", email="*****@*****.**", password=hashed_pw) # create test non-admin user hashed_pw_2 = bcrypt.generate_password_hash('test2016') employee = Users(first_name="test", last_name="user", email="*****@*****.**", password=hashed_pw_2) # save users to database db.session.add(admin) db.session.add(employee) db.session.commit()
def test_same_password(self): """ Ensuring same password hashed twice does not give same hash. """ password = "******" hashed_1 = bcrypt.generate_password_hash(password) hashed_2 = bcrypt.generate_password_hash(password) self.assertNotEqual(hashed_1, hashed_2)
def setUp(self): """ Creating mock data for mock db """ User(email='*****@*****.**', password=bcrypt.generate_password_hash('qwerty123')).save() User(email='*****@*****.**', password=bcrypt.generate_password_hash('qwerty321')).save() self.userAll = routes.UserAll() self.userByEmail = routes.UserByEmail()
def edit_users(): if current_user.permission not in ["Couple", "2nd line", "Wedding party"]: return redirect(url_for('home')) users = User.query.all() form = Modify_Account_Form() if form.validate_on_submit(): user = User.query.filter_by(id=form.id.data).first() if user: if form.first_name.data != '': user.first_name = form.first_name.data db.session.commit() if form.last_name.data != '': user.last_name = form.last_name.data db.session.commit() if form.role.data in [ "Guest", "Couple", "2nd line", "Wedding party" ]: user.permission = form.role.data db.session.commit() if form.email.data != '': user.email = form.email.data db.session.commit() if form.password.data != '': user.password = bcrypt.generate_password_hash( form.password.data) db.session.commit() return redirect(url_for('edit_users')) else: if form.role not in [ "Guest", "Couple", "2nd line", "Wedding party" ]: r = "Guest" else: r = form.role.data user = User(first_name=form.first_name.data, last_name=form.last_name.data, permission=r, email=form.email.data, password=bcrypt.generate_password_hash( form.password.data)) db.session.add(user) db.session.commit() return redirect(url_for('edit_users')) return render_template('editAccounts.html', title='Edit users', form=form, users=users)
def setUp(self): """Will be called before every test""" db.drop_all() db.create_all() db.session.commit() hashed_pw = bcrypt.generate_password_hash('Adm1nSy5temT35t1n8') admin_user = Users( user_name="Admin", email="*****@*****.**", password=hashed_pw, record=1 ) admin_details = Users( first_name="Admin", middle_name="System", last_name="Testing", sex = "Male" dob_day = 1 dob_month = 1 dob_year = 2000 sub_day = 1 sub_month = 1 sub_year = 2020 sub_time = 00:00 ) hashed_pw_2 = bcrypt.generate_password_hash('Sy5temT35t1n8') employee = Users( user_name="Employee", email="*****@*****.**", password=hashed_pw_2, record=2 ) employee_details = Users( first_name="Employee", middle_name="System", last_name="User", sex = "Female" dob_day = 5 dob_month = 1 dob_year = 2000 sub_day = 5 sub_month = 1 sub_year = 2020 sub_time = 00:00 ) db.session.add(admin_details) db.session.add(admin)
def auth_new_friseur(): if request.method == "GET": return render_template("auth/new_friseur.html", form=UserForm()) form = UserForm(request.form) if not form.validate(): return render_template("auth/new_friseur.html", form=form) user = User.query.filter_by(username=form.username.data).first() if user: flash("Username exists, pick another one", "alert-warning") return render_template("auth/new_friseur.html", form=form) # Encrypt password and assign friseur role password_hash = bcrypt.generate_password_hash(form.password.data) user = User(form.name.data, form.username.data, password_hash) user.role = Role.query.get(2) db.session().add(user) db.session().flush() # Add all upcoming work days to friseur upcoming_work_days = Work_day.upcoming_work_days() for day in upcoming_work_days: friseur_work_day = Friseur_work_day(user.id, day.get("id"), 10, 17) db.session().add(friseur_work_day) db.session().flush() db.session().commit() flash("New friseur with username %s created." % user.username, "alert-warning") return redirect(url_for("friseur_index"))
def register(): if current_user.is_authenticated: return redirect(url_for('home')) form = RegistrationForm() if form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user = User(name=form.name.data, email=form.email.data, password=hashed_password, classITA=form.classITA.data, isRepr=form.isRepr.data) db.session.add(user) for subject in Subject.query.filter_by(classITA=user.classITA).all(): user.subjects.append(subject) abs = Absence(student=user, subject=subject, abs=0.0, just=0) db.session.add(abs) db.session.flush() db.session.commit() flash('Sua conta foi criada! Agora você pode ingressar no sistema.', 'success') return redirect(url_for('login')) return render_template('register.html', title='Cadastro', form=form)
def __init__(self, name, last_name, genre, username, email, pw): self.name = name self.last_name = last_name self.genre = genre self.username = username self.email = email self._password = bcrypt.generate_password_hash(pw)
def register(): form = RegistrationForm() register_fields = [ form.email, form.first_name, form.last_name, form.username, form.password, form.confirm_password ] if current_user.is_authenticated: return redirect(url_for('home')) if form.validate_on_submit(): hashed_pw = bcrypt.generate_password_hash(form.password.data) user = User(email=form.email.data, first_name=form.first_name.data, last_name=form.last_name.data, username=form.username.data, password=hashed_pw) db.session.add(user) db.session.commit() login_user(user) return redirect(url_for('create_team')) else: print(form.errors) return render_template("register.html", title="Register", form=form, fields=register_fields)
def teacher_forgot_password_token(token): # If the user is logged in, abort with 404 code if current_user.is_authenticated: abort(404) # Get the user's email based on the serializer's value try: user = User.query.filter_by(email=serializer.loads( token, salt=os.environ.get('SECRET_KEY') + 'reset', max_age=7200)).first() # If there was an issue, that means the token was incorrect, then abort with 404 except: abort(404) # Initialize the form form = ChangePasswordForm() # If the form validated, then generate a password hash, # change the user's password, then let the user know if form.validate_on_submit(): hashed_password = bcrypt.generate_password_hash( form.password.data).decode('utf-8') user.password = hashed_password db.session.commit() flash('Your password has been changed.', 'success') return redirect(url_for('teacher_login')) # Show the HTML page return render_template('teacher/general/change-password.html', form=form, page_title='Change your password')
def __init__(self, campaign_name, game_system, password, admin_id): self.campaign_name = campaign_name self.game_system = game_system if password: self.password = bcrypt.generate_password_hash(password).decode( "utf8") self.admin_id = admin_id
def auth_add_user(): if request.method == "GET": return render_template("auth/add_user.html", form=AddUserForm()) else: form = AddUserForm(request.form) errors = [] if form.validate_on_submit(): user = User.query.filter_by(username=form.username.data).first() if not user: user = User( form.name.data, form.username.data, bcrypt.generate_password_hash( form.password.data).decode("utf-8")) user.role = Role.query.filter_by(name="user").first().id db.session.add(user) db.session.commit() print("Käyttäjä %s luotu" % user.name) login_user(user) else: errors.append("Käyttäjänimi on jo käytössä.") else: errors.append("Tarkista lomakkeen tiedot.") if len(errors) > 0: return render_template("auth/add_user.html", form=form, errors=errors) return redirect(url_for("index"))
def account_edit_password(): """Change user's password.""" form = PasswordForm(request.form) if not form.validate(): return render_template("error.html", errors=form.errors.values()) new_password = form.new_password.data.strip() current_password = form.current_password.data.strip() account = Account.query.filter_by(email=current_user.email).first() pass_okay = bcrypt.check_password_hash(account.password, current_password) if not pass_okay: return render_template("error.html", errors=["Nykyinen salasana on väärin."]) hashed_password = bcrypt.generate_password_hash(new_password, 12).decode("utf-8") account.password = hashed_password db.session().commit() return redirect(url_for("account_edit", _anchor="password_tab"))
def kayttajan_luonti(): if request.method == "GET": return render_template("auth/createaccount.html", form=CreateAccount()) form = CreateAccount(request.form) # tarkistetaan, löytyykö käyttäjää jo tietokannasta user = Kayttaja.query.filter_by(tunnus=form.tunnus.data).first() if user: return render_template("auth/createaccount.html", form=form, error="Käyttäjätunnus on jo olemassa.") if not form.validate(): return render_template("auth/createaccount.html", form=form) # hashataan salasana ja lisätään käyttäjä password = form.salasana.data.encode('utf-8') pw_hash = bcrypt.generate_password_hash(password).decode('utf-8') k = Kayttaja(form.tunnus.data, pw_hash) db.session.add(k) db.session.commit() # kirjaudutaan sisään uudella käyttäjällä user = Kayttaja.query.filter_by(tunnus=form.tunnus.data).first() login_user(user) return redirect(url_for("index"))
def sign_up(): '''Sign up route''' if current_user.is_authenticated: return redirect(url_for('auth.profile')) form = SignUpForm() if form.validate_on_submit(): try: hashed_password = bcrypt.generate_password_hash(form.password.data ).decode('utf-8') user = User(username=form.username.data, firstname=form.firstname.data, lastname=form.lastname.data, email=form.email.data, password=hashed_password) db.session.add(user) db.session.commit() flash('Account created successfully!', 'success') return redirect(url_for('auth.login')) except Exception: db.session.rollback() flash('An error ocurred!', 'fail') return redirect(url_for('auth.signup')) return render_template('auth/signup.html', form=form)
def auth_update(user_id): form = UpdateUserForm(request.form) u = User.query.get(user_id) if not form.validate(): return render_template("auth/view.html", user=u, form=form) if u.id == current_user.id or current_user.is_admin(): if form.username.data: u.username = form.username.data if form.new_password.data: if form.new_password.data != form.repeat_password.data: form.repeat_password.errors.append('Passwords do not match') return render_template("auth/view.html", user=u, form=form) pw_hash = bcrypt.generate_password_hash( form.new_password.data).decode('utf-8') u.password = pw_hash if form.name.data: u.name = form.name.data if form.email.data: u.email = form.email.data if current_user.is_admin(): u.roles = form.role.data u.categories = form.category.data try: db.session.commit() except IntegrityError: db.session.rollback() return render_template("auth/view.html", user=u, form=form, username_taken=True) return redirect(url_for("auth_index"))
def auth_create(): form = NewUserForm(request.form) if not form.validate(): return render_template("auth/new.html", form=form) if form.new_password.data != form.repeat_password.data: form.repeat_password.errors.append('Passwords do not match') return render_template("auth/new.html", form=form) pw_hash = bcrypt.generate_password_hash( form.new_password.data).decode('utf-8') u = User(name=form.name.data, username=form.username.data, password=pw_hash, email=form.email.data) db.session.add(u) try: default_category = db.session.query(Category).get(1) u.categories.append(default_category) db.session.commit() except IntegrityError: db.session.rollback() return render_template("auth/new.html", form=form, username_taken=True) return redirect(url_for("auth_index"))
def show(user_id): empty_form = EmptyForm() found_user = User.query.get(user_id) delete_form = DeleteForm() if request.method == b'PATCH': form = UserForm(request.form) if form.validate(): found_user.username = form.username.data found_user.password = bcrypt.generate_password_hash( form.password.data).decode('UTF-8') db.session.add(found_user) db.session.commit() flash('User Updated!', 'positive') return redirect(url_for('users.index')) return render_template('users/edit.html', user=found_user, form=form) if request.method == b'DELETE': delete_form = DeleteForm(request.form) if delete_form.validate(): db.session.delete(found_user) db.session.commit() session.pop('user_id') flash('User Deleted!', 'positive') return redirect(url_for('auth.login')) return render_template('users/show.html', user=found_user, empty_form=empty_form, delete_form=delete_form)
def register(): if current_user.is_authenticated: return redirect(url_for('home')) form = RegisterForm() if form.validate_on_submit(): hashed_pw = bcrypt.generate_password_hash(form.password.data) user = Users(email=form.email.data, first_name=form.first_name.data, last_name=form.last_name.data, photo=form.photo.data.filename, password=hashed_pw) db.session.add(user) db.session.commit() f = form.photo.data app.config["IMAGE_UPLOADS"] = "/tmp" f.save(os.path.join(app.config["IMAGE_UPLOADS"], f.filename)) #return f s3 = boto3.resource('s3') #bucket = s3.Bucket('qpwoei-qpwoei') #bucket.upload_file('tmp/f') #bucket=s3.Bucket('qpwoei-qpwoei') #bucket.put_object(Body=request.files['f'], Key="/tmp/"+str(f.filename)) s3.meta.client.upload_file("/tmp/"+str(f.filename), 'qpwoei-qpwoei', "/tmp/"+str(f.filename)) os.remove("/tmp/"+str(f.filename)) return redirect(url_for('login')) return render_template('register.html', title='Register', form=form)
def registerationPage(): form = RegisterationForm(request.form) if current_user.is_authenticated: flash("Your already logged in", 'info') return redirect(url_for('main.home')) if request.form and form.validate() == False: for field_name, field_errors in form.errors.items(): for error in field_errors: flash(f'{field_name}: {error}') return redirect(url_for('auth.registerationPage')) elif form.validate_on_submit(): info = { 'username': form.username.data, 'email': form.email.data, 'password': bcrypt.generate_password_hash(form.password.data).decode('utf-8') } user = User(username=info['username'], email=info['email'], password=info['password'], profileImg='/static/icons/user-profile-img.svg') try: db.session.add(user) db.session.commit() flash('Successfuly registered', 'success') return redirect(url_for('main.home')) except IntegrityError as e: dbErrorMsg = 'Username or Email already used' flash(dbErrorMsg, 'formError') return redirect(url_for('auth.registerationPage')) return render_template('register.html', form=form)
def register(): """This function is to process the users details upon registering.""" if current_user.is_authenticated: return redirect(url_for('<user_name>')) form = RegistrationForm() if form.validate_on_submit(): hash_pw=bcrypt.generate_password_hash(form.password.data) record=Records( first_name=form.first_name.data, irst_name=form.middle_name.data, last_name=form.last_name.data, sex=form.sex.data, dob_day=form.dob_day, dob_month=form.dob_month, dob_year=form.dob_year, sub_day=form.sub_day, sub_month=form.sub_month, sub_year=form.sub_year, sub_time=form.sub_time ) db.session.add(record) db.session.commit() link_account = Records.query.last() user=Users( display_name=form.display_name, email=form.email.data, password=hash_pw, record=link_account.id ) db.session.add(user) db.session.commit() return redirect(url_for('<user_name>')) return render_template('register.html', title='Register', form=form)
def change_password(): user = User.query.get(current_user.id) if request.method == "GET": return render_template("auth/changepassform.html", form=ChangePassForm()) form = ChangePassForm(request.form) if bcrypt.check_password_hash( user.password, form.oldpass.data) and form.newpass.data == form.confirmpass.data: user.password = bcrypt.generate_password_hash( form.newpass.data).decode('utf-8') db.session().commit() flash('Password changed successfully') return redirect(url_for("user_edit")) else: return render_template( "auth/changepassform.html", form=form, error="Passwords did not match or the old password was wrong")
def auth_create(): if request.method == 'GET': return render_template("auth/registerform.html", form=LoginForm()) # If method is POST, validate form data form = LoginForm(request.form) if form.validate(): user = User.query.filter_by(email=form.email.data).first() if user: # Enforce unique emails return render_template("auth/loginform.html", form=form, error="This email is already in use.") # If valid email, create user and hash password, then login and redirect pw_hash = bcrypt.generate_password_hash( form.password.data).decode('utf-8') u = User(email=form.email.data, password=pw_hash) if form.admin.data is True: u.admin = True db.session.add(u) db.session.commit() login_user(u) print(u) return redirect(url_for('events_index')) # If anything in POST goes wrong, serve login form with errors return render_template("auth/registerform.html", form=form, error="Invalid information")
def worker_create(): form = WorkerForm(request.form) if not form.validate(): return render_template("worker/list.html", workers=Worker.query.all(), services=Service.query.all(), wform=form, sform=ServiceForm(), swform=Service_Worker_Form()) pwhash = bcrypt.generate_password_hash(form.password.data).decode('utf-8') username = form.username.data isAdmin = form.role.data role = '' if isAdmin == "True": role = 'ADMIN' else: role = 'WORKER' account = Account(username, pwhash, role) db.session().add(account) db.session().commit() account_id = Account.query.filter_by( username=form.username.data).first().id name = form.name.data worker = Worker(name, account_id) db.session().add(worker) db.session().commit() return redirect(url_for("worker_index"))
def create_user(): if request.method == "GET": return render_template("/auth/newuser.html", form=CreateUserForm()) form = CreateUserForm(request.form) user = User.query.filter_by(username=form.username.data).first() if not user: username = form.username.data passwordHash = bcrypt.generate_password_hash( form.password.data).decode("utf-8") ## CHANGE TO BE BCRYPTED name = form.displayname.data # New user u = User(name, username, passwordHash) # THIS IS A HACK if u.name == "admin": u.role = "ADMIN" else: u.role = "USER" db.session().add(u) db.session().commit() Category.create_default_categories(u.id) return redirect(url_for("auth_login")) return render_template( "/auth/newuser.html", form=form, error="Username already in use! Choose another one.")
def tryCreateUser(userName, userPassword, remeberMe, authenticateCode): ''' create User ''' returnBool = False returnString = u'' returnType = 'error' u = userFromUserName(userName) secret = bcrypt.check_password_hash(authenticateCode, app.config['SECRET_KEY']) if u == False and secret == True and passwordCheck(userPassword) == True: hashedpassword = bcrypt.generate_password_hash(userPassword, 7) theUser = User(userName,hashedpassword) db.session.add(theUser) db.session.commit() loginUser(theUser, remeberMe) returnBool = True returnString = '{} created!'.format(userName) returnType = '' else: returnBool = False returnString = 'Could not create user' returnType = 'error' return [returnBool, returnString, returnType]
def create_new_user(): form = NewUserForm(request.form) if not form.validate(): return render_template("user/new.html", form=form) username = form.username.data password = form.password.data role = __resolve_admin(form.admin.data) user = User.query.filter_by(username=username).first() if user != None: error = "Käyttäjänimi on jo käytössä." return render_template("user/new.html", error=error, form=NewUserForm()) else: hashed_password = bcrypt.generate_password_hash(password, 10) utf8_hashed_password = hashed_password.decode("utf-8", "ignore") user = User(username, utf8_hashed_password, role) db.session().add(user) db.session().commit() message = "käyttäjä luotiin onnistuneesti!" return render_template("login.html", message=message, form=LoginForm())
def auth_new_user(): if request.method == "GET": return render_template("auth/registerform.html", form=SignupForm()) form = SignupForm(request.form) if not form.validate(): return render_template("auth/registerform.html", form=form) # get form data and hash password uname = form.username.data pw = bcrypt.generate_password_hash(form.password.data, 13).decode("utf-8") # check if username is available user = User.query.filter_by(username=uname).first() if not user: # create user account entry and save to database a = User(uname, pw) db.session().add(a) db.session().commit() return redirect(url_for("auth_login")) else: return render_template("auth/registerform.html", form = form, error = "Please select another username")
def auth_register(): if request.method == "GET": return render_template("/auth/registrationform.html", form=RegistrationForm()) form = RegistrationForm(request.form) if not form.validate(): return render_template("/auth/registrationform.html", form=form) role = "USER" if form.username.data == "admin": role = "ADMIN" pw_hash = bcrypt.generate_password_hash(form.password.data).decode("utf-8") u = User(form.name.data, form.username.data, pw_hash, role) db.session().add(u) try: db.session().commit() except: return render_template("/auth/registrationform.html", form=form, error="Username is already taken!") return render_template("auth/loginform.html", form=LoginForm(), message="account '" + u.username + "' created!")
def register(): user_form = UserRegistrationForm() if request.method == 'GET': return render_template('register.html', user_form=user_form) if request.method == 'POST': if user_form.validate(): # create the new user new_user = User( name = user_form.name.data , email = user_form.email.data , self_reported_org = user_form.organization.data , hashed_password = bcrypt.generate_password_hash( user_form.password.data, 10) , email_confirmation_code = random_alphanumeric(20) ) new_user.save() new_user.send_verification_email() flash('We have sent you a message to confirm your email address.' , 'info') return redirect(url_for('public.root')) # validation failed flash('Validation failed.', 'error') return redirect(url_for('users.register'))
def user_confirmupdate(user_id): user = User.query.get(user_id) form = UserForm(request.form) if not form.validate(): return render_template("auth/updateuser.html", form=form, user_id=user_id) alreadyExistsUser = User.query.filter_by( username=form.username.data).first() # Tarkistetaan muokkauksessa ettei samannimistä käyttäjää ole, oma olemassaoleva käyttäjätunnus käy if alreadyExistsUser and current_user != alreadyExistsUser: form.username.errors.append( "käyttäjätunnus on jo olemassa, valitse toinen käyttäjätunnus") return render_template("auth/updateuser.html", form=form, user_id=user_id) # Salasanan salaus pw_hash = bcrypt.generate_password_hash(form.password.data).decode('utf-8') user.name = form.name.data user.username = form.username.data user.password = pw_hash db.session().commit() children = Child.query.filter(Child.account_id == user_id) return render_template("auth/showuser.html", children=children, user=user)
def __init__(self, firstname, lastname, email, password): self.firstname = firstname self.lastname = lastname self.email = email self.password = bcrypt.generate_password_hash(password, 7) #hasher kodeordet med bcrypt med 7 kørsler, det optimale ville være 12 men pga. min nuværedene servers hastighed sat til 7 self.created = datetime.datetime.now() self.last_login = self.created
def _set_password(self, pw): self._password = bcrypt.generate_password_hash(pw)