def post(self):
username = self.request.get('username')
password = self.request.get('password')
verify = self.request.get('verify')
email = self.request.get('email')
uname_error, pwd_error, pwd_error_match, email_error, uname_exists = '', '', '', '', ''
user_re = re.compile(r"^[a-zA-Z0-9_-]{3,20}$")
pwd_re = re.compile(r"^.{3,20}$")
email_re = re.compile(r"^[\S]+@[\S]+\.[\S]+$")
if not user_re.match(username):
uname_error = "That's not a valid username."
if not pwd_re.match(password):
pwd_error = "That wasn't a valid password."
elif password != verify:
pwd_error_match = "Your passwords didn't match."
if email and not email_re.match(email): # email optional
email_error = "That's not a valid email."
user = User(username=username, password_hash=utils.make_pw_hash(username, password))
q = User.all()
q.filter("username ="******"Username exists"
if uname_error or pwd_error or pwd_error_match or email_error or uname_exists:
self.render("signup.html", username_error=uname_error, password_error=pwd_error,
verify_error=pwd_error_match, email_error=email_error, usernam=username,
email=email, username_exists=uname_exists)
else:
user.put()
self.response.headers.add_header('Set-Cookie', 'uname=%s;Path=/' % str(username))
self.redirect("/")
def _get_user(self, member):
try:
return User.objects.get({'_id': member.id})
except User.DoesNotExist:
user = User(user_id=member.id, name=member.name)
user.save()
return user
def _add_ctf_member(self, user, ctf):
member = self._get_member(user.id)
if not member:
member = User(user_id=user.id, name=user.name)
if not ctf in member.ctfs:
member.ctfs.append(ctf)
member.save()
return member
def create_user(user_in: UserIn):
user = User(first_name=user_in.first_name,
last_name=user_in.last_name,
user_name=user_in.user_name,
email=user_in.email,
password=user_in.password)
try:
user.save()
return user
except:
return False
def registerUser(name, email, passwd):
user = db.query(User).filter_by(name=name).first()
if not user:
user = db.query(User).filter_by(email=email).first()
if not user:
user = User(name=name, email=email)
user.set_passwd(passwd)
db.add(user)
db.commit()
return None
return 'This email has already been registered!'
return 'This name is already been changed!'
def create_login():
from forms import register_form
form = register_form(request.form)
if request.method == 'POST' and form.validate():
user = User()
form.populate_obj(user)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('index'))
return render_template("reg.html", form=form)
def create_login():
from forms import register_form
form = register_form(request.form)
if request.method == 'POST' and form.validate():
user = User()
form.populate_obj(user)
user.set_password(form.password.data)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('index'))
return render_template("reg.html", form=form)
def test_add_user():
"""
Tests the instantiation of a User object to the database
:return: tuple (boolean, message list)
"""
messages = []
u1 = User(first_name='u1', last_name='u1', username='******', email='*****@*****.**', password='******', school='KU', grade='col_jun', state='KS')
try:
messages.append("Adding a valid arbitrary user to empty database")
db.session.add(u1)
db.session.commit()
except:
messages.append("User could not be added to the database")
db.session.rollback()
return (False, messages)
try:
messages.append("Testing whether user query list is length 1")
assert len(list(User.query.all())) == 1
except:
messages.append("Query list is not length 1")
return (False, messages)
[x] = list(User.query.all())
try:
messages.append("Testing whether added user is equivalent to created user")
assert x == u1
except:
messages.append("Users are not equivalent")
return (False, messages)
return (True, messages)
def test_empty_post_not_allowed():
"""
Tests whether empty posts are denied from being added to the database
:return: tuple (boolean, message list)
"""
messages = []
messages.append("Adding user to empty database")
u1 = User(first_name='u1', last_name='u1', username='******', email='*****@*****.**', password='******', school='KU', grade='col_jun', state='KS')
db.session.add(u1)
db.session.commit()
messages.append("Creating a post with empty content")
p = UserPost(author_username='******', content=None)
try:
messages.append("Attempting to add empty post to the database")
db.session.add(p)
db.session.commit()
except:
messages.append("Empty post not allowed; exception thrown")
db.session.rollback()
try:
messages.append("Ensuring that query for user posts returns an empty list")
assert UserPost.query.all() == []
except:
messages.append("User posts not empty")
return (False, messages)
return (True, messages)
def test_forum_questions():
"""
Tests whether forum questions are properly added and referenced
:return: tuple (boolean, message list)
"""
messages = []
messages.append("Adding user to empty database")
u1 = User(first_name='u1', last_name='u1', username='******', email='*****@*****.**', password='******', school='KU', grade='col_jun', state='KS')
db.session.add(u1)
db.session.commit()
messages.append("Adding 2 forum questions under the created user's username")
forumq1 = ForumQuestion(author_username='******', content='This is a test post')
forumq2 = ForumQuestion(author_username='******', content='This is another test post')
db.session.add(forumq1)
db.session.add(forumq2)
db.session.commit()
try:
messages.append("Testing whether there are 2 forum questions referenced by user")
assert len(list(u1.forum_questions)) == 2
except:
messages.append("There are not two referenced forum questions")
return (False, messages)
try:
messages.append("Testing whether the referenced forum questions are equivalent")
assert list(u1.forum_questions) == [forumq1, forumq2]
except:
messages.append("Different content")
return (False, messages)
return (True, messages)
def test_forum_posts():
"""
Tests whether forum posts are properly added and referenced
:return: tuple (boolean, message list)
"""
messages = []
messages.append("Adding user to empty database")
u1 = User(first_name='u1', last_name='u1', username='******', email='*****@*****.**', password='******', school='Blue Valley West', grade='hs_jun', state='KS')
db.session.add(u1)
db.session.commit()
messages.append("Adding a user-referenced forum question to database")
forumq1 = ForumQuestion(author_username='******', content='This is a test post')
db.session.add(forumq1)
db.session.commit()
messages.append("Adding 2 forum posts to database, referenced by both username and forum question id")
forumpost1 = ForumPost(author_username='******', forum_question_id=forumq1.id, content='Test forum reply')
forumpost2 = ForumPost(author_username='******', forum_question_id=forumq1.id, content='Test forum reply 2')
db.session.add(forumpost1)
db.session.add(forumpost2)
db.session.commit()
try:
messages.append("Testing whether there are 2 forum posts referenced by username")
assert len(list(u1.forum_posts)) == 2
except:
messages.append("There are not 2 referenced forum posts by username")
return (False, messages)
try:
messages.append("Testing whether there are 2 forum posts referenced by forum question id")
assert len(list(forumq1.forum_posts)) == 2
except:
messages.append("There are not 2 referenced forum posts by forum question id")
return (False, messages)
return (True, messages)
def register():
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username:
return jsonify({"msg": "Missing username parameter"}), 400
if not password:
return jsonify({"msg": "Missing password parameter"}), 400
maybe_user = User.query.filter_by(username=username).first()
if maybe_user:
return jsonify({"msg": "Username already registered"}), 409
new_user = User(username=username, password=password)
# Create sample document
if os.path.isfile(DOCUMENTS_FOLDER + "/document-SAMPLE.document"):
sample_document = get_document("SAMPLE")
id = uuid4()
dbDocument = DBDocument(id=id, name="Document", user=new_user)
save_document(sample_document, id)
db.session.add(dbDocument)
db.session.add(new_user)
db.session.commit()
# Identity can be any data that is json serializable
access_token = create_access_token(identity=username)
return jsonify(access_token=access_token,
status="success",
username=username), 200
def get_user_from_token(token: str) -> str:
# Check the token cache first:
if not token:
return None
cached = db.session.query(TokenCache).filter(TokenCache.token == token).first()
if cached:
print('Loading from cache')
return cached.email
print('Triggered a check')
t1 = time.perf_counter_ns()
user_data = requests.get(ENDPOINT, {'access_token': token}).json()
# user = oauth.google.authorize_access_token(token)
email = user_data.get('email')
if email:
exists = db.session.query(User).filter(User.email == email).first()
if not exists:
user = User(email=email, first_name=user_data.get('given_name'), last_name=user_data.get('family_name'))
db.session.add(user)
db.session.commit()
print(f'Added user {user}')
# Wipe the user from cache
db.session.query(TokenCache).filter(TokenCache.email == email).delete()
update_cache = TokenCache(token=token, email=email, token_provider='google')
db.session.add(update_cache)
db.session.commit()
t2 = time.perf_counter_ns()
print(t2 - t1)
return email
return None
def add_user():
# user_id = request.cookies.get('user_id')
user_id = session.get('user_id')
if not user_id:
return redirect(url_for('login'))
else:
user = User.query.get(int(user_id))
if user.name == 'admin':
if request.method == 'POST':
userdata = request.form.to_dict()
new_user = User(name=userdata['name'],
password=userdata['password'],
email=userdata['email'])
db.session.add(new_user)
try:
db.session.commit()
except:
db.session.rollback()
users = User.query.all()
response = make_response(
redirect(url_for('user_list', username=user.name,
users=users)))
return response
else:
return "<h1> 当前用户无权限查看该页面</h1>"
def sign():
if request.method == 'POST':
userdata = request.form.to_dict()
print 'sign - userdata: ', userdata
if len(userdata.get('name')) < 3:
flash(
" The length of username should be more than 2 bytes. please input again."
)
elif userdata.get('password') != userdata.get('password1'):
flash(" Your passwords are different, please input again.")
else:
del userdata['password1']
# new_user = User(name=userdata['name'], password=userdata['password'], email=userdata['email'])
new_user = User(**userdata)
db.session.add(new_user)
try:
db.session.commit()
flash("Sign Successfully,jump to your home page now.")
except:
db.session.rollback()
response = make_response(redirect(url_for('problems')))
response.set_cookie('user_id', str(new_user.id))
session['user_id'] = new_user.id
return response
return render_template('sign.html')
def db_seed():
mercury = Planet(planet_name='Mercury',
planet_type='Class D',
home_star='Sol',
mass=3.258e23,
radius=1516,
distance=35.98e6)
venus = Planet(planet_name='Venus',
planet_type='Class K',
home_star='Sol',
mass=4.867e24,
radius=3760,
distance=67.24e6)
earth = Planet(planet_name='Earth',
planet_type='Class M',
home_star='Sol',
mass=5.972e24,
radius=3959,
distance=92.96e6)
db.session.add(mercury)
db.session.add(venus)
db.session.add(earth)
test_user = User(first_name='William',
last_name='Herschel',
email='*****@*****.**',
password='******')
db.session.add(test_user)
db.session.commit()
print('Database seeded')
def register():
form = RegisterForm()
if form.validate_on_submit():
if User.query.filter_by(email=form.email.data).first():
print(User.query.filter_by(email=form.email.data).first())
# User already exists
flash("You've already signed up with that email, log in instead!")
return redirect(url_for('login'))
hash_and_salted_password = generate_password_hash(
form.password.data, method='pbkdf2:sha256', salt_length=8)
new_user = User(
email=form.email.data,
name=form.name.data,
password=hash_and_salted_password,
)
db_session.add(new_user)
db_session.commit()
login_user(new_user)
return redirect(url_for("get_all_posts"))
return render_template("register.html",
form=form,
current_user=current_user)
def initialize(self, *a, **kw):
webapp2.RequestHandler.initialize(self, *a, **kw)
cookie = self.request.cookies.get('user_id')
self.user = None
if cookie:
uid, coded_val = cookie.split('|')
if (enc.validate(uid, coded_val)):
self.user = User.get_by_id(int(uid))
def createUser(login_session):
newUser = User(name=login_session['username'],
email=login_session['email'],
picture=login_session['picture'])
session.add(newUser)
session.commit()
user = session.query(User).filter_by(email=login_session['email']).one()
return user.id
def verify_password(username_or_token, password):
user = User.verify_auth_token(username_or_token)
if not user:
user = User.query.filter_by(username=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
def post(self):
orig_user = self.request.get("username")
username = cgi.escape(orig_user, quote=True)
password = cgi.escape(self.request.get("password"), quote=True)
verify = cgi.escape(self.request.get("verify"), quote=True)
email = cgi.escape(self.request.get("email"), quote=True).strip()
name = validate_username(username)
passw = validate_password(password)
ver = validate_verify(password, verify)
mail = validate_email(email)
res = {
"username": username,
"error_name": "" if name else "That's not a valid username.",
"password": password,
"error_pass": "" if passw else "That wasn't a valid password.",
"verify": verify,
"error_ver":
"" if not passw or ver else "Your passwords didn't match.",
"mail": email,
"error_mail": "" if mail else "That's not a valid email."
}
exists = False
if name:
# check if user exists in the User db
users = db.GqlQuery("SELECT * FROM User WHERE username=:1",
username)
user_len = 0
for user in users:
user_len += 1
exists = user_len != 0
if name and passw and ver and mail and not exists:
user = User(username=username,
password=enc.hash_passw(password),
email=email)
user.put()
user_key = str(user.key().id())
hidden_key = enc.encode(user_key)
cookie_val = str("user_id=%s|%s; Path=/" % (user_key, hidden_key))
self.response.headers.add_header('Set-Cookie', cookie_val)
self.redirect('/')
else:
if exists:
res["error_name"] = "Username '%s' already taken." % username
self.render("registration.html", **res)
def delete_comments_by_author(author: str):
user = User.objects(user_name=author)
if user:
comments = Comment.objects(author=author)
for comment in comments:
comment.delete()
return True
return False
def login():
req_data = get_post_data_from_req(request)
user = User.login_user(req_data.get("username"), req_data.get("password"))
if user:
login_user(user)
return transitify({"username": user.username, "id": user.id})
else:
return transitify({"error": "No user found"})
def login():
req_data = get_post_data_from_req(request)
user = User.login_user(req_data.get("username"), req_data.get("password"))
if user:
login_user(user)
return transitify({"username": user.username, "id": user.id})
else:
return transitify({"error": "No user found"})
def create_user(db: Session, user: UserCreate) -> User:
""" Create a new entry in the database user table """
user_data = user.dict()
user_data["password"] = hash_password(user.password)
db_user = User(**user_data)
db.add(db_user)
db.commit()
db.refresh(db_user)
return db_user
def register():
req_data = get_post_data_from_req(request)
user = User.register_user(req_data.get("username"), req_data.get("email"),
req_data.get("password"),
req_data.get("r-password"))
if isinstance(user, str):
return transitify({"error": user})
login_user(user)
return transitify({"username": user.username, "id": user.id})
def register():
req_data = get_post_data_from_req(request)
user = User.register_user(req_data.get("username"),
req_data.get("email"),
req_data.get("password"),
req_data.get("r-password"))
if isinstance(user, basestring):
return transitify({"error": user})
login_user(user)
return transitify({"username": user.username, "id": user.id})
def greet(message):
user_id = message.from_user.id
user = session.query(User).get(user_id)
if user is None:
user = User(id=user_id)
session.add(user)
session.commit()
bot.reply_to(
message,
"Hello, %s! \n Send '/jobs' to get offers" % message.chat.username)
def addUser(netid, name, year):
# below is my shitty code for the secret admirers issue
# your code's not shitty homie ily <3
user = User(netid=netid,
name=name,
year=year,
visible=True,
secretAdmirers=0)
# user = User(netid=netid, name=name, year=year, visible=True)
db.session.add(user)
db.session.commit()
def createUser():
newUser = User(name=login_session['username'],
email=login_session['email'],
picture=login_session['picture'])
DB_session.add(newUser)
DB_session.commit()
try:
user = DB_session.query(User).filter_by(
email=login_session['email']).one()
return user.id
except NoResultFound:
return None
def create_or_get_user(username):
session = Session()
user = session.query(User).filter_by(username=username).first()
if not user:
user = User(username=username)
session.add(user)
session.commit()
user_id = user.id
session.close()
return user_id
def test_unique_email():
"""
Tests whether only unique email addresses are allowed
:return: tuple (boolean, message list)
"""
messages = []
messages.append("Attempting to add 2 users with same email address to the empty database")
u1 = User(first_name='u1', last_name='u1', username='******', email='*****@*****.**', password='******', school='KU', grade='col_jun', state='KS')
db.session.add(u1)
db.session.commit()
u2 = User(first_name='u2', last_name='u2', username='******', email='*****@*****.**', password='******', school='KU', grade='col_jun', state='KS')
try:
db.session.add(u2)
db.session.commit()
except:
db.session.rollback()
try:
messages.append("Testing whether the number of database users is 1")
assert len(list(User.query.all())) == 1
except:
messages.append("Not one user in database")
return (False, messages)
return (True, messages)
def test_password_verification():
"""
Tests the password verification method
:return: tuple (boolean, message list)
"""
messages = []
messages.append("Adding a user with known password to the empty database")
u1 = User(first_name='u1', last_name='u1', username='******', email='*****@*****.**', password='******', school='KU', grade='col_jun', state='KS')
db.session.add(u1)
db.session.commit()
try:
messages.append("Verfiying the known password")
assert u1.test_password('password') == True
except:
messages.append("Verification failed")
return (False, messages)
try:
messages.append("Testing verification of incorrect passwords")
assert u1.test_password('diffpassword') == False
except:
messages.append("Verification failed")
return (False, messages)
return (True, messages)
def register():
creds = request.get_json()
user = Session.query(User).filter_by(
email=creds.get('email'), password=creds.get('password')).first()
if user:
abort(409, 'User exists.')
try:
new_user = User(email=creds.get('email'),
password=creds.get('password'))
Session.add(new_user)
Session.commit()
return 'Success!'
except Exception as e:
print(e)
Session.rollback()
abort(500)
def post(self):
username = self.request.get('username')
password = self.request.get('password')
q = User.all()
q.filter("username ="******"login.html", invalid_login="******")
return
user = q.get()
if not utils.valid_pw(username, password, user.password_hash):
self.render("login.html", invalid_login="******")
return
else:
self.response.headers.add_header('Set-Cookie', 'uname=%s;Path=/' % str(username))
self.redirect("/")
def register():
email = request.form['email']
test = User.query.filter_by(email=email).first()
if test:
return jsonify(message='That email already exists'), 409
else:
first_name = request.form['first_name']
last_name = request.form['last_name']
password = request.form['password']
user = User(first_name=first_name,
last_name=last_name,
password=password)
db.session.add(user)
db.session.commit()
return jsonify(message='User created successfully'), 201
def build_sample_db():
db.create_all()
db.drop_all()
db.create_all()
user = User()
user.first_name = 'admin'
user.last_name = 'admin'
user.login = '******'
user.email = user.login + "@example.com"
user.password = generate_password_hash('admin')
db.session.add(user)
db.session.add(RequestType(type='User'))
db.session.add(RequestType(type='Bot'))
db.session.add(Technique(name='chi_square'))
db.session.add(Technique(name='Kolmogorov-Smirnov'))
db.session.commit()
