def validarLogin(self):
email = self.email.get().strip()
passwd = self.passwd.get()
emailValido = re.match(self.regexEmail, email)
if emailValido == None or (0 == len(passwd) > 8):
return None
user = Users(email=email, passwd=passwd)
cur = self.db.execute(
f"""SELECT cpf, email, senha, cnh from usuario where email = '{user.email}' and senha = '{user.passwd}'"""
)
self.users = cur[0]
if len(self.users) == 1:
cpf = self.users[0][0]
motorista = self.users[0][3]
user.cpf = cpf
user.motorista = motorista
self.user = user
if self.user.motorista:
return False
return True
def reg():
username = request.form['username']
password = request.form['password']
email = request.form['email']
phone = request.form['phone']
Users.regMe(username, password, email, phone)
return redirect('/animals')
def create_user():
body = json.loads(request.data)
correct_user = Users.query.filter_by(username=body.get('username')).first()
if correct_user == None:
user = Users(email=body.get('email'),
username=body.get('username'),
password=body.get('password'))
db.session.add(user)
db.session.commit()
return json.dumps({'success': True, 'data': user.serialize()}), 201
else:
correct_user2 = Users.query.filter_by(
password=body.get('password')).first()
if correct_user == correct_user2 and correct_user != None:
return json.dumps({
'success': True,
'data': correct_user.serialize()
}), 200
return json.dumps({
'success': False,
'error': 'Password is incorrect. Try again.'
}), 404
return json.dumps({
'success':
False,
'error':
'Username or Password is not correct. Try again.'
}), 404
def update_user(user_id):
"""
Update user specified with user ID and return updated user contents
Note: Always return the appropriate response for the action requested.
"""
if Users.update_user(user_id, request) != 0:
return Users.get_users_by_id(user_id).to_json()
else:
return make_response(jsonify({'error': 'User not found'}), 404)
def createUser():
postBody = json.loads(request.data)
name = postBody.get('name')
password = postBody.get('password')
user = Users(name=name, password=password)
db.session.add(user)
db.session.commit()
return json.dumps({'success': True, 'data': user.serialize()}), 201
def logout():
username = request.cookies["username"]
Users.end_session(username)
response = jsonify()
# Send cookies with expired time and empty values for the browser to delete them.
expires_at = time.time() - 1.0
response.set_cookie("username", value="", expires=expires_at)
response.set_cookie("login_token",
value="",
expires=expires_at,
secure=True,
httponly=True)
return response
def addUser():
try:
data = request.json
print(data["formInput"])
if data["formInput"]["name"] != "" and data["formInput"][
"username"] != "" and data["formInput"][
"password"] != "" and data["formInput"]["access"] != "":
name = data["formInput"]["name"]
username = data["formInput"]["username"]
password = data["formInput"]["password"]
access = data["formInput"]["access"]
try:
user = Users(name=name,
username=username,
password=password,
access=access)
session.add(user)
session.commit()
except Exception as e:
session.rollback()
print(e)
return jsonify({"msg": "success"})
else:
return jsonify({"msg": "Failed"})
except Exception as e:
print(e)
return jsonify({"msg": "Failed"})
def createUser(login_session):
newUser = Users(uname=login_session['username'],
email=login_session['email'])
session.add(newUser)
session.commit()
user = session.query(Users).filter_by(email=login_session['email']).one()
return user.id
def get_user(user_id):
result = Users.get_users_by_id(user_id)
if not result:
return make_response(jsonify({'error': 'User not found'}), 404)
return result.to_json()
def regestration(email=None, name = None):
if request.method == 'POST':
name = request.form['name']
email = request.form['email']
password = request.form['password']
birthday = request.form['birthday']
try:
password = hashlib.sha256(password.encode('ascii')).hexdigest()
row = Users(name=name, email=email, password=password, birthday=birthday,
total_order_amount=0, discount=0)
db.session.add(row)
global global_email
global_email = email
global global_name
global_name = name
db.session.commit()
#return render_template("menu.html", email=global_email, name=global_name)
return redirect('/menu')
except:
print('This email is already used')
else:
return render_template("sign_up.html", email=global_email, name=name)
async def all_other_messages(message: types.Message):
if message.text == "Добавить канал ➕":
await message.answer(
"<b>Как добавить свой канал в нашу базу?</b>\n\n"
"Чтобы добавить канал в нашу базу, добавьте в свое сообщества нашего бота @addev_bot, "
"потом перешлите любой пост из канала сюда.",
parse_mode="HTML")
if message['forward_from_chat']:
if await bot.get_chat_member(message['forward_from_chat']['id'],
BOT_ID):
subs = await bot.get_chat_members_count(
message['forward_from_chat']['id'])
Channels().register_channel(
message['forward_from_chat']['id'],
message['forward_from_chat']['username'],
message['forward_from_chat']['title'], message.from_user.id,
message.from_user.username, subs)
Users().add_channel_user(message.from_user.id,
message['forward_from_chat']['username'])
await message.answer(
"Заявка на добавление в базу принята, ответ может занять некоторое время, просим прощения😔\n\n"
"Как только ваш канал проверят, Вам придет сообщение 'Биржа открыта!', "
"тогда вы сможете получать и выполнять заказы по рекламе. Спасибо, "
+ message.from_user.first_name + "!")
await message.answer("Канал успешно добавлен в базу!",
reply_markup=keyboard.main())
else:
await message.answer(
"Дайте права администратора боту, заново отпрвьте мне пост")
def create_user():
if Signs.query.all() == []:
load_scopes()
body = json.loads(request.data)
name = body.get("name")
sign_name = body.get("sign")
sign_num = 0
for key in scope_dict:
if scope_dict.get(key) == sign_name:
sign_num = key
sign = Signs.query.filter_by(sign=sign_num).first()
if name is None or sign is None:
return failure_response("Missing field!", 400)
new_user = Users(name=name, sign_id=sign.serialize().get("id"))
db.session.add(new_user)
db.session.commit()
return success_response(new_user.serialize(), 201)
def delete_user(user_id):
"""
Delete user specified in user ID
Note: Always return the appropriate response for the action requested.
"""
if Users.objects(Id=user_id).delete() != 0:
return "User deleted successfully"
else:
return make_response(jsonify({'error': 'User not found'}), 404)
def create_user():
"""
Should add a new user to the users collection, with validation
note: Always return the appropriate response for the action requested.
"""
user = Users.create_users(request)
if not user:
return make_response(jsonify({'error': 'User already exist'}), 400)
return user.to_json()
def check_session_soft():
"""Determine whether the user is logged in."""
if "username" not in request.cookies:
return False
if "login_token" not in request.cookies:
return False
username = request.cookies["username"]
login_token = request.cookies["login_token"]
return Users.verify_session(username, login_token)
async def create_user(user: UserInDB):
query = Users.insert().values(
username=user.username,
first_name=user.first_name,
last_name=user.last_name,
email=user.email,
country=user.country,
password=user.password,
)
return await database.execute(query=query)
def test_userConfirm_success():
signup(email)
user = Users.find_one({"email": email})
uniqid = user['is_check']['id']
query = " {userConfirm(email: \"" + email + "\", uniqid: \"" + uniqid + "\")}"
r = requests.get("{}/graphql?query={}".format(url,
urllib.parse.quote(query)))
assert r.status_code == 200
assert r.json()['data']['userConfirm'] == True
delete_user(email)
def guestup(self):
self.ids.id_label.text = " "
account = Users(user_id=None,
fname=self.ids.id_name.text,
email="*****@*****.**",
password=self.ids.id_pass.text)
if len(self.ids.id_name.text) < 1 or len(
self.ids.id_pass.text) < 1 or len(self.ids.id_conf.text) < 1:
self.ids.id_label.text = "Please fill all Spaces"
else:
if self.ids.id_pass.text != self.ids.id_conf.text:
self.ids.id_label.text = "Passwords don't match"
else:
if MainDataB.database.users.find_one(
{'fname': self.ids.id_name.text}):
self.ids.id_label.text = "Username is already in use"
else:
MainDataB.database.users.insert(account.get_as_json())
self.ids.id_label.text = "Account Created"
self.parent.current = "Signin"
def post(self):
if self.form.validate_on_submit():
res = Users.query.filter_by(
username=self.form.username.data).first()
if res is None:
if self.form.password_validate.data != self.form.password.data:
flash('Password validating failed', category='danger')
return redirect('/registration')
user = Users(username=self.form.username.data,
status='user',
active=True,
name=self.form.name.data,
surname=self.form.surname.data,
patronymic=self.form.patronymic.data)
user.set_password(self.form.password.data)
db.session.add(user)
db.session.commit()
flash('Successful!', category='success')
return redirect('/login')
flash('Account already exists', category='danger')
return redirect('/registration')
async def register(message: types.Message):
Users().register_user(message.from_user.id,
message.from_user.username,
message.from_user.first_name,
message.from_user.last_name)
text = "Привет, " + message.from_user.first_name + "! Меня разработал @thebordevs, видеоролик по созданию этого бота ты сможешь найти на его YouTube\nКод проекта на GitHub"
await message.answer(text, reply_markup=keyboard.start())
await message.answer("<b>Что я умею?</b>"
"\n\n<i>Я могу вести статистику твоего Телеграм канала, вести переговоры с рекламодателями, "
"зарабатывая тем самым тебе копеечку. Добавь бота в администраторы своего сообщества, предоставь доступ к"
"сообщениям и все! Предложения по рекламным контрактом буду присылать тебе лично, но такжже ты и сам можешь найти его себе на нашей "
"бирже! Все очень просто!</i>", parse_mode="HTML", reply_markup=keyboard.main())
def _check_session():
"""Verify that the user is logged in to allow a request."""
if "username" not in request.cookies:
abort(400)
if "login_token" not in request.cookies:
abort(400)
username = request.cookies["username"]
login_token = request.cookies["login_token"]
if not Users.verify_session(username, login_token):
logger.warning(
f"User likely attempted to forge login token: {username}")
abort(403)
async def update_user(id: int, user: UserOut):
query = (
Users.update()
.where(id == Users.c.id)
.values(
username=user.username,
first_name=user.first_name,
last_name=user.last_name,
email=user.email,
country=user.country,
)
)
return await database.execute(query=query)
def login():
username = request.form.get("username", "")
qq = request.form.get("qq", "")
if username and qq:
user = Users.query.filter_by(name=username).first()
while not user:
u = Users(name=username, qq=qq)
db.session.add(u)
db.session.commit()
user = Users.query.filter_by(name=username).first()
session['name'] = username
session['qq'] = user.qq
session['id'] = user.id
return redirect("/")
def login():
credentials = request.get_json()
username = credentials["username"]
password = credentials["password"]
remember_me = credentials["rememberMe"]
if not Users.verify_user(username, password):
abort(401, "Invalid login. Please try again.")
expires_in = 3600.0 # 1 hour.
if remember_me:
expires_in = 2592000.0 # 1 month.
token, expires_at = Users.set_session(username, expires_in=expires_in)
# TODO: the client can access the username via the cookie, maybe delete this?
response = jsonify({"username": username})
response.set_cookie("username", value=username, expires=expires_at)
response.set_cookie("login_token",
value=token,
expires=expires_at,
secure=True,
httponly=True)
return response
def user_add(user):
rows = s.query(Users).all()
check = []
for row in rows:
check.append(row.user_tg_id)
for curr_row in user:
if str(curr_row['user_tg_id']) not in check:
users = Users(
user_tg_id=curr_row['user_tg_id'],
user_language=curr_row['user_language'],
user_name=curr_row['user_name'],
user_refer_name=curr_row['user_refer_name'],
user_status=curr_row['user_status'],
user_registration_date=curr_row['user_registration_date'])
s.add(users)
s.commit()
def add_user_to_base():
if request.method == 'POST':
session.permanent = True
name = request.form['name']
email = request.form['email']
password = request.form['password']
birthday = request.form['birthday']
try:
password = hashlib.sha256(password.encode('ascii')).hexdigest()
row = Users(name=name,
email=email,
password=password,
birthday=birthday,
total_order_amount=0,
discount=0)
session_app.add(row)
session_app.commit()
user = session_app.query(Users).filter_by(email=email).all()
return render_template("admin_add_user.html",
name='Admin',
email='admin',
act='on',
user=user)
except:
try:
check = session_app.query(Users).filter_by(email=email).all()
if check != None:
return render_template("admin_add_user.html",
action=2,
name='Admin',
email='admin',
act='off')
except:
#else:
return render_template("admin_add_user.html",
action=1,
name='Admin',
email='admin',
act='off')
else:
return render_template("admin_add_user.html",
name='Admin',
email='admin',
act='off')
def main():
"""
script takes in 2 arguments:
username: string
password: string
script will hash password, store username and hashed password in User's Table
"""
if len(sys.argv) != 3:
print(
"add_user takes in 2 arguments, username and password. No users added"
)
exit(1)
username = sys.argv[1]
password = sys.argv[2]
hashed_password = PasswordHasher().hash(password=password)
Session = sessionmaker(bind=engine)
session = Session()
username_exists = session.query(
session.query(Users).filter(Users.name == username).exists()).scalar()
if username_exists:
print("Username {} already exists. No users added".format(username))
exit(1)
else:
# adds new entry to Users Table
print("adding user: {} {}".format(username, hashed_password))
entry = Users(name=username, password=hashed_password)
session.add(entry)
try:
session.commit()
except Exception as e:
session.rollback()
print(e)
finally:
session.close()
print("User {} added successfully.".format(username))
return
def test_login_duration(app, client):
"""Test that /login creates sessions of no more than 1 hour
"""
# Clear data before running
db_session = sessionmaker(bind=engine)()
# Errors are not checked here if there is a database error I want to know
# about it
# Ignoring a failure to delete the DB may break this test
db_session.query(Users).delete()
db_session.query(Sessions).delete()
load_time = datetime.utcnow() - timedelta(seconds=5)
user = Users(
name='testuser',
password=
'******'
)
db_session.add(user)
db_session.commit()
start = datetime.utcnow()
res = client.post('/login',
data='{"user":"******","pass":"******"}',
headers={'Content-Type': 'application/json'})
stop = datetime.utcnow()
assert res.status_code == 200
# Get all cookies set in the last request
cookie_setters = [
header[1] for header in res.headers if header[0] == 'Set-Cookie'
]
# get all session cookies set
session_ids = [
cookie for cookie in cookie_setters if cookie.startswith('session=')
]
assert len(session_ids) == 1
# get cookie value
session_id = session_ids[0].replace('session=', '').split(';')[0]
expire = db_session.query(Sessions).get(session_id).session_expire
assert expire - stop <= timedelta(hours=1)
db_session.close()
def create_account(code_1, email_1, password_1):
try:
if (session.query(Code).filter_by(code_id=code_1).first()).action != 1:
update = session.query(Code).filter_by(code_id=code_1).first()
update.action = 1
session.merge(update)
row = Users(email=email_1, code_id=code_1, password=password_1)
session.add(row)
search_query = (session.query(Code).filter_by(
code_id=code_1).one()).name
print('hello,', search_query)
else:
print('this account is already exist')
except:
print('ups something wrong')
def regestration():
session.pop("email", None)
session.pop("name", None)
if request.method == 'POST':
session.permanent = True
name = request.form['name']
email = request.form['email']
password = request.form['password']
birthday = request.form['birthday']
try:
password = hashlib.sha256(password.encode('ascii')).hexdigest()
row = Users(name=name,
email=email,
password=password,
birthday=birthday,
total_order_amount=0,
discount=0)
session_app.add(row)
session_app.commit()
session['email'] = email
session['name'] = name
return redirect('/menu')
except:
try:
check = session_app.query(Users).filter_by(email=email).all()
session_app.commit()
if check != []:
return render_template("sign_up.html",
action=2,
name=None,
email=None)
except:
return render_template("sign_up.html",
action=1,
name=None,
email=None)
else:
return render_template("sign_up.html", name=None, email=None)