コード例 #1
0
ファイル: common.py プロジェクト: sriharshakappala/ggrc-core
    def collection_get(self):
        if "Accept" in self.request.headers and "application/json" not in self.request.headers["Accept"]:
            return current_app.make_response(("application/json", 406, [("Content-Type", "text/plain")]))

        objs = self.get_collection()
        collection = self.collection_for_json(objs)
        if "If-None-Match" in self.request.headers and self.request.headers["If-None-Match"] == self.etag(collection):
            return current_app.make_response(("", 304, [("Etag", self.etag(collection))]))
        return self.json_success_response(collection, self.collection_last_modified())
コード例 #2
0
ファイル: common.py プロジェクト: sriharshakappala/ggrc-core
 def collection_post(self):
     if self.request.headers["Content-Type"] != "application/json":
         return current_app.make_response(("Content-Type must be application/json", 415, []))
     obj = self.model()
     src = UnicodeSafeJsonWrapper(self.request.json)
     root_attribute = self.model._inflector.table_singular
     try:
         src = src[root_attribute]
     except KeyError, e:
         return current_app.make_response(('Required attribute "{0}" not found'.format(root_attribute), 400, []))
コード例 #3
0
ファイル: common.py プロジェクト: alaeddine10/ggrc-core
 def collection_post(self):
   if self.request.headers['Content-Type'] != 'application/json':
     return current_app.make_response((
       'Content-Type must be application/json', 415,[]))
   obj = self.model()
   src = UnicodeSafeJsonWrapper(self.request.json)
   try:
     src = src[self.model_name]
   except KeyError, e:
     return current_app.make_response((
       'Required attribute "{0}" not found'.format(self.model_name), 400, []))
コード例 #4
0
def related_objects():
  obj_id = request.args['oid']
  obj_type = request.args['otype']
  far_type = request.args['related_model']

  related_object_results = RelatedObjectResults(obj_id, obj_type, far_type)
  results = related_object_results.get_results()

  current_app.make_response((
      'application/json', 200, [('Content-Type', 'application/json')]))
  return as_json(results)
コード例 #5
0
ファイル: converters.py プロジェクト: google/ggrc-core
def export_file(export_to, filename, csv_string=None):
  """Export file to csv file or gdrive file"""
  if export_to == "gdrive":
    gfile = fa.create_gdrive_file(csv_string, filename)
    headers = [('Content-Type', 'application/json'), ]
    return current_app.make_response((json.dumps(gfile), 200, headers))
  if export_to == "csv":
    headers = [
        ("Content-Type", "text/csv"),
        ("Content-Disposition", "attachment"),
    ]
    return current_app.make_response((csv_string, 200, headers))
  raise wzg_exceptions.BadRequest(app_errors.BAD_PARAMS)
コード例 #6
0
def export_file(export_to, filename, csv_string=None):
  """Export file to csv file or gdrive file"""
  if export_to == "gdrive":
    gfile = fa.create_gdrive_file(csv_string, filename)
    headers = [('Content-Type', 'application/json'), ]
    return current_app.make_response((json.dumps(gfile), 200, headers))
  if export_to == "csv":
    headers = [
        ("Content-Type", "text/csv"),
        ("Content-Disposition",
         "attachment; filename='{}'".format(filename)),
    ]
    return current_app.make_response((csv_string, 200, headers))
  raise BadRequest("Bad params")
コード例 #7
0
ファイル: v1.py プロジェクト: ampersand8/crane
def users():
    """
    Undocumented API path required for docker login when apache configured for auth
    See get_post_users()
    https://github.com/docker/docker-registry/blob/master/docker_registry/index.py
    """
    if request.method == 'GET':
        response = current_app.make_response(json.dumps('OK'))
        response.headers['X-Docker-Registry-Standalone'] = True
        return response
    response = current_app.make_response((json.dumps('User Created'), 201))
    response.headers['Content-Type'] = 'application/json'
    response.headers['X-Docker-Registry-Standalone'] = True
    return response
コード例 #8
0
ファイル: common.py プロジェクト: sriharshakappala/ggrc-core
 def get(self, id):
     obj = self.get_object(id)
     if obj is None:
         return self.not_found_response()
     if "Accept" in self.request.headers and "application/json" not in self.request.headers["Accept"]:
         return current_app.make_response(("application/json", 406, [("Content-Type", "text/plain")]))
     if not permissions.is_allowed_read(self.model.__name__, obj.context_id):
         raise Forbidden()
     object_for_json = self.object_for_json(obj)
     if "If-None-Match" in self.request.headers and self.request.headers["If-None-Match"] == self.etag(
         object_for_json
     ):
         return current_app.make_response(("", 304, [("Etag", self.etag(object_for_json))]))
     return self.json_success_response(object_for_json, self.modified_at(obj))
コード例 #9
0
ファイル: common.py プロジェクト: FlowGR/ggrc-core
  def collection_get(self):
    if 'Accept' in self.request.headers and \
       'application/json' not in self.request.headers['Accept']:
      return current_app.make_response((
        'application/json', 406, [('Content-Type', 'text/plain')]))

    objs = self.get_collection()
    collection = self.collection_for_json(objs)
    if 'If-None-Match' in self.request.headers and \
        self.request.headers['If-None-Match'] == self.etag(collection):
      return current_app.make_response((
        '', 304, [('Etag', self.etag(collection))]))
    return self.json_success_response(
      collection, self.collection_last_modified())
コード例 #10
0
ファイル: converters.py プロジェクト: Smotko/ggrc-core
def handle_export_request():
  try:
    with benchmark("handle export request"):
      data = parse_export_request()
      objects = data.get("objects")
      export_to = data.get("export_to")
      query_helper = QueryHelper(objects)
      ids_by_type = query_helper.get_ids()
    with benchmark("Generate CSV array"):
      converter = Converter(ids_by_type=ids_by_type)
      csv_data = converter.to_array()
    with benchmark("Generate CSV string"):
      csv_string = generate_csv_string(csv_data)
    with benchmark("Make response."):
      object_names = "_".join(converter.get_object_names())
      filename = "{}.csv".format(object_names)

      if export_to == "gdrive":
        credentials = get_credentials()

        http_auth = credentials.authorize(httplib2.Http())
        drive_service = discovery.build('drive', 'v3', http=http_auth)

        # make export to sheets
        file_metadata = {
            'name': filename,
            'mimeType': 'application/vnd.google-apps.spreadsheet'
        }
        media = http.MediaInMemoryUpload(csv_string,
                                         mimetype='text/csv',
                                         resumable=True)
        gfile = drive_service.files().create(
            body=file_metadata,
            media_body=media,
            fields='id, name, parents').execute()
        headers = [('Content-Type', 'application/json'), ]
        return current_app.make_response((json.dumps(gfile), 200, headers))
      if export_to == "csv":
        headers = [
            ("Content-Type", "text/csv"),
            ("Content-Disposition",
             "attachment; filename='{}'".format(filename)),
        ]
        return current_app.make_response((csv_string, 200, headers))
  except BadQueryException as exception:
    raise BadRequest(exception.message)
  except:  # pylint: disable=bare-except
    logger.exception("Export failed")
  raise BadRequest("Export failed due to server error.")
コード例 #11
0
ファイル: common.py プロジェクト: sriharshakappala/ggrc-core
 def put(self, id):
     obj = self.get_object(id)
     if obj is None:
         return self.not_found_response()
     if self.request.headers["Content-Type"] != "application/json":
         return current_app.make_response(("Content-Type must be application/json", 415, []))
     header_error = self.validate_headers_for_put_or_delete(obj)
     if header_error:
         return header_error
     src = UnicodeSafeJsonWrapper(self.request.json)
     root_attribute = self.model._inflector.table_singular
     try:
         src = src[root_attribute]
     except KeyError, e:
         return current_app.make_response(('Required attribute "{0}" not found'.format(root_attribute), 400, []))
コード例 #12
0
ファイル: common.py プロジェクト: alaeddine10/ggrc-core
 def get(self, id):
   obj = self.get_object(id)
   if obj is None:
     return self.not_found_response()
   if 'Accept' in self.request.headers and \
      'application/json' not in self.request.headers['Accept']:
     return current_app.make_response((
       'application/json', 406, [('Content-Type', 'text/plain')]))
   object_for_json = self.object_for_json(obj)
   if 'If-None-Match' in self.request.headers and \
       self.request.headers['If-None-Match'] == self.etag(object_for_json):
     return current_app.make_response((
       '', 304, [('Etag', self.etag(object_for_json))]))
   return self.json_success_response(
     self.object_for_json(obj), self.modified_at(obj))
コード例 #13
0
ファイル: common.py プロジェクト: VinnieJohns/ggrc-core
  def get(self, id):
    with benchmark("Query for object"):
      obj = self.get_object(id)
    if obj is None:
      return self.not_found_response()
    if 'Accept' in self.request.headers and \
       'text/html' not in self.request.headers['Accept']:
      return current_app.make_response((
          'text/html', 406, [('Content-Type', 'text/plain')]))
    if not permissions.is_allowed_read(self.model.__name__, obj.id,
                                       obj.context_id):
      raise Forbidden()
    if not permissions.is_allowed_view_object_page_for(obj):
      raise Forbidden()

    with benchmark("Render"):
      rendered_template = self.render_template_for_object(obj)

    # FIXME: Etag based on rendered output, or object itself?
    # if 'If-None-Match' in self.request.headers and \
    #    self.request.headers['If-None-Match'] == self.etag(object_for_json):
    #  return current_app.make_response((
    #    '', 304, [('Etag', self.etag(object_for_json))]))

    return rendered_template
コード例 #14
0
ファイル: v1.py プロジェクト: beav/crane
def repo_images(repo_id):
    """
    Returns a json document containing a list of image IDs that are in the
    repository with the given repo_id.

    Adds the "X-Docker-Endpoints" header.

    :param repo_id: unique ID for the repository. May contain 0 or 1 of the "/"
                    character.
    :type  repo_id: basestring

    :return:    json string containing a list of image IDs
    :rtype:     basestring
    """
    # a valid repository ID will have zero or one slash
    if len(repo_id.split('/')) > 2:
        raise exceptions.HTTPError(httplib.NOT_FOUND)

    images_in_repo = repository.get_images_for_repo(repo_id)
    response = current_app.make_response(images_in_repo)
    # use the configured endpoint if any, otherwise default to the host of
    # the current request.
    configured_endpoint = current_app.config.get(config.KEY_ENDPOINT)
    response.headers['X-Docker-Endpoints'] = configured_endpoint or request.host
    return response
コード例 #15
0
ファイル: search.py プロジェクト: sriharshakappala/ggrc-core
def search():
  terms = request.args.get('q')
  permission_type = request.args.get('__permission_type', 'read')
  permission_model = request.args.get('__permission_model', None)
  if terms is None:
    return current_app.make_response((
      'Query parameter "q" specifying search terms must be provided.',
      400,
      [('Content-Type', 'text/plain')],
      ))

  should_group_by_type = request.args.get('group_by_type', '')
  should_group_by_type = should_group_by_type.lower() == 'true'
  should_just_count = request.args.get('counts_only', '')
  should_just_count = should_just_count.lower() == 'true'

  types = request.args.get('types', '');
  types = [t.strip() for t in types.split(',') if len(t.strip()) > 0]
  if len(types) == 0:
    types = None

  if should_just_count:
    return do_counts(terms, types)
  if should_group_by_type:
    return group_by_type_search(terms, types)
  return basic_search(terms, types, permission_type, permission_model)
コード例 #16
0
ファイル: common.py プロジェクト: alaeddine10/ggrc-core
 def put(self, id):
   obj = self.get_object(id)
   if obj is None:
     return self.not_found_response()
   if self.request.headers['Content-Type'] != 'application/json':
     return current_app.make_response((
       'Content-Type must be application/json', 415,[]))
   header_error = self.validate_headers_for_put_or_delete(obj)
   if header_error:
     return header_error
   src = UnicodeSafeJsonWrapper(self.request.json)
   try:
     src = src[self.model_name]
   except KeyError, e:
     return current_app.make_response((
       'Required attribute "{0}" not found'.format(self.model_name), 400, []))
コード例 #17
0
ファイル: communication.py プロジェクト: altai/altai-api
def make_json_response(data, status_code=200, add_headers=None):
    """Make json response from response data.
    """
    if data is not None:
        if current_app.config['AUDIT_VERBOSITY'] > 0:
            if status_code >= 400 and 'message' in data:
                g.audit_data['message'] = data['message']

        if current_app.config.get('PRETTY_PRINT_JSON'):
            data = json.dumps(data, indent=4, sort_keys=True,
                              default=_json_default)
            data += '\n'
        else:
            data = json.dumps(data, separators=(',', ':'),
                              default=_json_default)
    else:
        data = ""
    response = current_app.make_response((data, status_code))

    if add_headers:
        for header, value in add_headers:
            response.headers[header] = value

    response.headers['Content-Type'] = _JSON
    if is_authenticated():
        response.headers['X-GD-Altai-Implementation'] = _IMPLEMENTATION
    return response
コード例 #18
0
def show_raw_results(campaign_id):
  campaign = CampaignController.get(campaign_id)

  if 'lastUpdate' in request.args:
    time = datetime.datetime.utcfromtimestamp(float(request.args['lastUpdate']))
    results = ResultsController.get_all_since_time(campaign_id, time)
  else:
    results = ResultsController.get_all(campaign_id)

  if len(results) > 0:
    first_result = results[0]
    timestamp = (first_result.date_added - datetime.datetime(1970, 1, 1)).total_seconds()
  else:
    timestamp = (datetime.datetime.utcnow() - datetime.datetime(1970, 1, 1)).total_seconds()

  results_arr = []
  for result in results:
    result_obj = msgpack.unpackb(result.data)
    dataset_obj = msgpack.unpackb(result.dataset.data)
    results_arr.append({'dataset': dataset_obj, 'result': result_obj})

  data = msgpack.packb({'timestamp' : timestamp, 'results' : results_arr})
  res = current_app.make_response(data)

  filename = safe_filename(campaign.title) + '_results_' + str(math.floor(timestamp)) + '.msgpack'

  res.headers.add('Content-Disposition', 'attachment;filename=' + filename)
  res.mimetype = 'application/octet-stream'

  return res
コード例 #19
0
ファイル: auth_api.py プロジェクト: halfvector/quips-python
def auth_logout():
    destroy_session()

    # TODO: is there a better way to unset cookies in Flask?
    response = current_app.make_response(redirect(url_for("spa_web.index")))
    # response.set_cookie('aid', '', expires=0)
    return response
コード例 #20
0
ファイル: auth.py プロジェクト: fmfi/infolist-editor
def logout():
  logout_link = 'https://login.uniba.sk/logout.cgi?{}'.format(url_for('index', _external=True))
  response = current_app.make_response(redirect(logout_link))
  if 'COSIGN_SERVICE' in request.environ:
    response.set_cookie(request.environ['COSIGN_SERVICE'], value='',
                        expires=1, path='/', secure=True)
  return response
コード例 #21
0
ファイル: auth.py プロジェクト: dropbox/changes
    def get(self):
        state = ""
        if 'orig_url' in request.args:
            # we'll later redirect the user back the page they were on after
            # logging in
            state = base64.urlsafe_b64encode(request.args['orig_url'].encode('utf-8'))

        # If we're in the PP world, try to log in based on that header.
        if current_app.config.get('PP_AUTH', False):
            email = request.headers.get('X-PP-USER')
            if email is None:
                return current_app.make_response(('Expected PP auth!', 401, {}))
            # All we need to do is make sure that the user exists in the
            # database for get_current_user() to find.
            user, _ = get_or_create(User, where={
                'email': email,
            })
            return get_orig_url_redirect(state)

        # if refresh token available, log in without prompt
        if 'refresh_token' in request.cookies and 'refresh_email' in request.cookies:
            resp = auth_with_refresh_token(request.cookies)
            email = Fernet(current_app.config['COOKIE_ENCRYPTION_KEY']).decrypt(str(request.cookies['refresh_email']))

            set_session_state(access_token=resp['access_token'],
                email=email)

            return get_orig_url_redirect(state)

        redirect_uri = url_for(self.authorized_url, _external=True)

        flow = get_auth_flow(redirect_uri=redirect_uri, state=state)
        auth_uri = flow.step1_get_authorize_url()

        return redirect(auth_uri)
コード例 #22
0
ファイル: converters.py プロジェクト: zidarsk8/ggrc-core
def handle_export_request():
  try:
    with benchmark("handle export request"):
      data = parse_export_request()
      query_helper = QueryHelper(data)
      ids_by_type = query_helper.get_ids()
    with benchmark("Generate CSV array"):
      converter = Converter(ids_by_type=ids_by_type)
      csv_data = converter.to_array()
    with benchmark("Generate CSV string"):
      csv_string = generate_csv_string(csv_data)
    with benchmark("Make response."):
      object_names = "_".join(converter.get_object_names())
      filename = "{}.csv".format(object_names)
      headers = [
          ("Content-Type", "text/csv"),
          ("Content-Disposition",
           "attachment; filename='{}'".format(filename)),
      ]
      return current_app.make_response((csv_string, 200, headers))
  except BadQueryException as exception:
    raise BadRequest(exception.message)
  except:  # pylint: disable=bare-except
    logger.exception("Export failed")
  raise BadRequest("Export failed due to server error.")
コード例 #23
0
ファイル: auth.py プロジェクト: mitsuhiko/changes
    def get(self):
        redirect_uri = url_for(self.authorized_url, _external=True)
        state = request.args.get("state", "")
        flow = get_auth_flow(redirect_uri=redirect_uri, state=state)
        resp = flow.step2_exchange(request.args['code'])

        if current_app.config['GOOGLE_DOMAIN']:
            # TODO(dcramer): confirm this is actually what this value means
            if resp.id_token.get('hd') != current_app.config['GOOGLE_DOMAIN']:
                # TODO(dcramer): this should show some kind of error
                return redirect(url_for(self.complete_url, {'finished_login': '******'}))

        set_session_state(access_token=resp.access_token, email=resp.id_token['email'])

        # if the user came from a specific page, modify response object
        # to reflect that
        response_redirect = (get_orig_url_redirect(state) if state
            else redirect(url_for(self.complete_url, finished_login='******')))

        response = current_app.make_response(response_redirect)

        # create and save cookies
        # need to set expires /just in case/ anyone uses IE :(
        encrypted_token = Fernet(current_app.config['COOKIE_ENCRYPTION_KEY']).encrypt(str(resp.refresh_token))
        response.set_cookie('refresh_token', value=encrypted_token,
        max_age=MAX_AGE, expires=int(time.time() + MAX_AGE))

        encrypted_email = Fernet(current_app.config['COOKIE_ENCRYPTION_KEY']).encrypt(str(session['email']))
        response.set_cookie('refresh_email', value=encrypted_email,
        max_age=MAX_AGE, expires=int(time.time() + MAX_AGE))

        return response
コード例 #24
0
ファイル: api.py プロジェクト: icodeface/x.codeface.cn
def api_signin():
    print(request.data)
    print(request.content_type)
    if not request.json:
        email = request.form['email']
        password = request.form['password']
    else:
        email = request.json.get('email')
        password = request.json.get('password')

    user = User.objects(email=email).first()
    if not user or not user.check_password(password):
        return jsonify({
            'code': 0,
            'data': {},
            'tip': 'wrong email or wrong password'
        })
    elif user.group == Group.block or user.group == Group.delete:
        return jsonify({
            'code': 0,
            'data': {},
            'tip': 'no right access'
        })
    else:
        token = user.generate_token()
        data = jsonify({
            'code': 1,
            'data': {'id': str(user.id),
                     'email': user.email,
                     'token': token}
        })
        response = current_app.make_response(data)
        response.set_cookie("token", token, httponly=True)
        return response
コード例 #25
0
ファイル: webapp.py プロジェクト: sng2c/python3_study
def login():
    userid = request.form['id']
    userpw = request.form['pw']

    # 글자 md5 시키기
    # $ python3
    # Python 3.5.1 (default, May 20 2016, 18:18:52)
    # [GCC 4.2.1 Compatible Apple LLVM 7.3.0 (clang-703.0.31)] on darwin
    # Type "help", "copyright", "credits" or "license" for more information.
    # >>> import hashlib
    # >>> hashlib.md5("1111".encode()).hexdigest()
    # 'b59c67bf196a4758191e42f76670ceba'

    userpw = hashlib.md5(userpw.encode()).hexdigest()

    login_ok = False

    with open("passwords.txt") as passfile:
        for passwd in passfile:
            _id, _pw = passwd.rstrip().split(":")
            if userid == _id and userpw == _pw:
                login_ok = True
                break

    if login_ok:
        # 쿠키 발급
        redirection = redirect("/")
        response = current_app.make_response(redirection)
        response.set_cookie('logined_userid', value=userid)
        return response
    else:
        return "Login FAIL"
コード例 #26
0
ファイル: webapp.py プロジェクト: sng2c/python3_study
def logout():
    expire_date = datetime.datetime.now()
    expire_date = expire_date + datetime.timedelta(days=-10)
    redirection = redirect("/")
    response = current_app.make_response(redirection)
    response.set_cookie('logined_userid', value="", expires=expire_date)
    return response
コード例 #27
0
ファイル: registry.py プロジェクト: jonboulle/kpm
def list_packages():
    values = getvalues()
    path = ETCD_PREFIX
    r = {}

    if 'organization' in values:
        path += "/%s" % values['organization']
    try:
        packages = etcd_client.read(path, recursive=True)
    except etcd.EtcdKeyNotFound:
        etcd_client.write(path, None, dir=True)

    for child in packages.children:
        m = re.match("^/%s(.+)/(.+)/(.+)$" % ETCD_PREFIX, child.key)
        if m is None:
            continue
        organization, name, version = (m.group(1), m.group(2), m.group(3))
        package = "%s/%s" % (organization, name)
        if package not in r:
            r[package] = {"name": package, 'available_versions': [], 'version': None}
        r[package]['available_versions'].append(version)

    for _, v in r.iteritems():
        v['available_versions'] = [str(x) for x in sorted(semver.versions(v['available_versions'], False),
                                                          reverse=True)]
        v['version'] = v['available_versions'][0]

    resp = current_app.make_response(json.dumps(r.values()))
    resp.mimetype = 'application/json'
    return resp
コード例 #28
0
ファイル: index.py プロジェクト: LightStyle/FastScripts
def db_data_stats():
	username = '******'
	password = '******' #da cambiare a fine progetto, nasconderla a github
	loginform = '''<form method="POST" action="">
<label><input type="text" name="user"> Username <br></label>
<label><input type="password" name="password"> Password <br></label>
<label style="font-size: 10px"><input type="checkbox" name="remember" value="1"> Ricordami<br></label>
<input type="submit" value="Accedi">
</form>'''
	conn = pymongo.Connection()
	db = conn.fs
	user = param('user')
	pwd = param('password')
	remember = param('remember')
	logged = cookie('logged')
	secs = None
	if user == username and pwd == password:
		logged = True
		if remember:
			secs = 2592000 # 30 giorni
	delete = param('delete')
	if logged:
		if delete:
			db.stats.remove({'_id': pymongo.objectid.ObjectId(delete)})
		data = db.stats.find()
		data_list = []
		for d in data:
			data_list.append(d)
		r = render_template('privstats.html', data_list=data_list, user=user, pwd=pwd)
	else:
		r = loginform
	response = current_app.make_response(r)
	if logged:
		response.set_cookie('logged', '1', max_age=secs)
	return response
コード例 #29
0
ファイル: vote.py プロジェクト: EIREXE/WaifuSite
def vote(pk):
    print(pk)
    if not current_user:
        return redirect("/login")
    if request.method == 'GET':
        if pk + '_vote' in request.cookies:
            return redirect('/already_voted')
        redirect_to_index = redirect("/thankyou")
        response = current_app.make_response(redirect_to_index)
        response.set_cookie(pk + '_vote', value='true')
        waifu = current_app.dbbackend.get(Waifu, {"pk":pk})
        ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)

        try:
            if ip in waifu.votes_l:
                return redirect("/already_voted")
            waifu.votes_l.append(ip)
        except:
            waifu.votes_l = list()
            waifu.votes_l.append(ip)
        user_m = current_user._get_current_object()
        if waifu in user_m.voted_waifus:
                return redirect("/already_voted")
        user_m.voted_waifus.append(waifu)

        current_app.dbbackend.save(user_m)

        waifu.votes = waifu.votes + 1

        current_app.dbbackend.save(waifu)
        current_app.dbbackend.commit()
        current_app.dbbackend = FileBackend("./database")
    return response
コード例 #30
0
ファイル: views.py プロジェクト: mikejs/polipoly2
def svg(state, level, dist):
    dist = District.query.add_columns(District.geom.svg).filter(and_(
        District.level == level,
        District.state == state,
        District.name == dist)).first_or_404()

    coords = dist[0].geom.coords(session)
    minx, miny = 1000, 1000
    maxx, maxy = -1000, -1000
    for c in coords:
        for [x, y] in c:
            if x < minx:
                minx = x
            if x > maxx:
                maxx = x
            if y < miny:
                miny = y
            if y > maxy:
                maxy = y

    width = abs(maxx - minx)
    height = abs(maxy - miny)

    resp = current_app.make_response(render_template('out.svg',
                                                     name=dist[0].name,
                                                     path=dist[1],
                                                     minx=minx,
                                                     miny=-maxy,
                                                     height=height,
                                                     width=width))
    resp.mimetype = 'image/svg+xml'
    return resp
コード例 #31
0
ファイル: __init__.py プロジェクト: chokribr/invenio-1
 def page_not_found(error):
     try:
         from invenio.legacy.wsgi import \
             application as legacy_application
         response = legacy_application(request.environ, g.start_response)
         if not isinstance(response, BaseResponse):
             response = current_app.make_response(str(response))
         if response.status_code == 404:
             return render_template('404.html'), 404
         else:
             return response
     except HTTPException as e:
         if e.code != 404:
             current_app.logger.exception(request.path)
         error = e
     if error.code == 404:
         return render_template('404.html'), 404
     return str(error), error.code
コード例 #32
0
def register():
    form = request.form.to_dict()
    email = form['email']
    verify_code = form.pop('verify_code', '')
    if cache.exists(email) and int(cache.get(email)) == int(verify_code):
        u = User.register(form)
        if u is not None:
            session_id = session_user(u.id)
            res = current_app.make_response(
                flask.redirect(url_for('homepage.index')))
            res.set_cookie('cache_session', session_id)
            return res
        else:
            flash('用户名长度必须大于2或用户名已存在!')
            return redirect(url_for('index.register_view', email=email))
    else:
        flash('验证码错误')
        return redirect(url_for('index.register_view', email=email))
コード例 #33
0
    def make_response(self, res):
        if isinstance(res,
                      (current_app.response_class, WerkzeugResponse, tuple)):
            if self.modified:
                # If we receive a response - most likely one created by send_file - we do not allow any
                # external modifications.
                raise Exception(
                    'Cannot combine response object with custom modifications')
            return res

        # Return a plain string if that's all we have
        if not res and not self.modified:
            return ''

        res = current_app.make_response((res, self.status, self.headers))
        if self.content_type:
            res.content_type = self.content_type
        return res
コード例 #34
0
def login():
    form = request.form
    u = User.validate_login(form)
    log('login user <{}>'.format(u))

    if u is None:
        return redirect(url_for('.index'))
    else:
        session_id = str(uuid.uuid4())
        k = 'session_id_{}'.format(session_id)
        v = u.id
        cache.set(k, v)

        redirect_to_index = redirect(url_for('bp_topic.index'))
        response = current_app.make_response(redirect_to_index)
        response.set_cookie('session_id', value=session_id)

        return response
コード例 #35
0
ファイル: common.py プロジェクト: wqw-dream/ggrc-core
  def get(self, id):
    obj = self.get_object(id)
    if obj is None:
      return self.not_found_response()
    if 'Accept' in self.request.headers and \
       'text/html' not in self.request.headers['Accept']:
      return current_app.make_response((
        'text/html', 406, [('Content-Type', 'text/plain')]))

    rendered_template = self.render_template_for_object(obj)

    # FIXME: Etag based on rendered output, or object itself?
    #if 'If-None-Match' in self.request.headers and \
    #    self.request.headers['If-None-Match'] == self.etag(object_for_json):
    #  return current_app.make_response((
    #    '', 304, [('Etag', self.etag(object_for_json))]))

    return rendered_template
コード例 #36
0
def login():
    form = request.form
    u = User.validate_login(form)
    print('login user <{}>'.format(u))
    if u is None:
        flash('用户名或密码错误')
        return redirect(url_for('.index'))
    else:
        # session 中写入 user_id
        # session['user_id'] = u.id
        # 设置 cookie 有效期为 永久
        # session.permanent = True
        session_id = session_user(u.id)
        res = current_app.make_response(
            flask.redirect(url_for('homepage.index')))
        res.set_cookie('cache_session', session_id)
        # return redirect(url_for('homepage.index'))
        return res
コード例 #37
0
    def process(self):
        if request.method not in HTTP_VERBS:
            # Just to be sure that we don't get some crappy http verb we don't expect
            raise BadRequest

        res = ''
        g.rh = self
        sentry_set_tags({'rh': self.__class__.__name__})

        if self.EVENT_FEATURE is not None:
            self._check_event_feature()

        logger.info('%s %s [IP=%s] [PID=%s]',
                    request.method, request.relative_url, request.remote_addr, os.getpid())

        try:
            init_email_queue()
            self._check_csrf()
            res = self._do_process()
            signals.after_process.send()

            if self.commit:
                db.session.commit()
                flush_email_queue()
            else:
                db.session.rollback()
        except DatabaseError:
            db.session.rollback()
            handle_sqlalchemy_database_error()  # this will re-raise an exception
        except Exception:
            # rollback to avoid errors as rendering the error page
            # within the indico layout may trigger an auto-flush
            db.session.rollback()
            raise
        logger.debug('Request successful')

        if res is None:
            # flask doesn't accept None but we might be returning it in some places...
            res = ''

        response = current_app.make_response(res)
        if self.DENY_FRAMES:
            response.headers['X-Frame-Options'] = 'DENY'
        return response
コード例 #38
0
ファイル: index.py プロジェクト: yivocs/flask-bbs
def login():
    form = request.form
    u = User.validate_login(form)
    if u is None:
        return redirect(url_for('.index'))
    else:
        # session 中写入 user_id 并用 cache 存储
        session_id = str(uuid.uuid4())
        key = 'session_id_{}'.format(session_id)
        log('index login key <{}> user_id <{}>'.format(key, u.id))
        cache.set(key, u.id)

        # 设置 cookie > response.set_cookie
        # 删除 cookie > response.delete_cookie
        redirect_to_index = redirect(url_for('topic.index'))
        response = current_app.make_response(redirect_to_index)
        response.set_cookie('session_id', value=session_id)
        # 转到 topic.index 页面
        return response
コード例 #39
0
ファイル: auth.py プロジェクト: simudream/changes
    def get(self):
        redirect_uri = url_for(self.authorized_url, _external=True)
        state = request.args.get("state", "")
        flow = get_auth_flow(redirect_uri=redirect_uri, state=state)
        resp = flow.step2_exchange(request.args['code'])

        if current_app.config['GOOGLE_DOMAIN']:
            # TODO(dcramer): confirm this is actually what this value means
            if resp.id_token.get('hd') != current_app.config['GOOGLE_DOMAIN']:
                # TODO(dcramer): this should show some kind of error
                return redirect(
                    url_for(self.complete_url, {'finished_login': '******'}))

        set_session_state(access_token=resp.access_token,
                          email=resp.id_token['email'])

        # if the user came from a specific page, modify response object
        # to reflect that
        response_redirect = (
            get_orig_url_redirect(state) if state else redirect(
                url_for(self.complete_url, finished_login='******')))

        response = current_app.make_response(response_redirect)

        # create and save cookies
        # need to set expires /just in case/ anyone uses IE :(
        encrypted_token = Fernet(
            current_app.config['COOKIE_ENCRYPTION_KEY']).encrypt(
                str(resp.refresh_token))
        response.set_cookie('refresh_token',
                            value=encrypted_token,
                            max_age=MAX_AGE,
                            expires=int(time.time() + MAX_AGE))

        encrypted_email = Fernet(
            current_app.config['COOKIE_ENCRYPTION_KEY']).encrypt(
                str(session['email']))
        response.set_cookie('refresh_email',
                            value=encrypted_email,
                            max_age=MAX_AGE,
                            expires=int(time.time() + MAX_AGE))

        return response
コード例 #40
0
def dispatch_epic_clinical_trial():
    """
    Process request from EPIC, redirect to clinical trial page.
    :return:
    """
    if request.method == 'GET':
        return 'Method unsupported'

    url = FRONT_END_ADDRESS + 'clinicaltrials?epic=true'
    redirect_to_search = redirect(url)
    logging.info('[EPIC] redirect to search URL: ' + url)

    # Build response headers
    response = app.make_response(redirect_to_search)
    response.headers.add('Location', url)

    # Set cookies
    response.set_cookie('epic', value='true', expires=0)
    return response
コード例 #41
0
def create_org():
    name = get_field(request, 'name')
    timezone = get_field(request, 'timezone')

    if timezone not in all_timezones:
        raise ex.InvalidTimezoneError(timezone)

    org = Org(name=name, timezone=timezone)
    db.session.add(org)

    # Make this user a moderator
    user = db.session.query(User).filter_by(id=get_jwt_identity()).first()
    org.mods.append(user)
    db.session.commit()

    return current_app.make_response(('', 201, {
        'Location':
        url_for('.orgs_query', org_id=org.id)
    }))
コード例 #42
0
def login():
    form = request.form
    u = User.validate_login(form)
    log('login u', u)
    if u is None:
        flash('用户名或密码错误,请重试')
        return redirect(url_for('.index'))
    else:
        # session 中写入 user_id
        session_id = str(uuid.uuid4())
        key = 'session_id_{}'.format(session_id)
        log('index login key <{}> user_id <{}>'.format(key, u.id))
        cache.set(key, u.id)

        redirect_to_index = redirect(url_for('topic.index'))
        response = current_app.make_response(redirect_to_index)
        response.set_cookie('session_id', value=session_id)
        # 转到 topic.index 页面
        return response
コード例 #43
0
def response(data=None, code=200, headers=None, raw=False):
    if data is None:
        data = True
    h = {
        'Cache-Control': 'no-cache',
        'Pragma': 'no-cache',
        'Expires': '-1',
        'Content-Type': 'application/json'
    }
    if headers:
        h.update(headers)

    try:
        if raw is False:
            data = json.dumps(data, sort_keys=True, skipkeys=True)
    except TypeError:
        data = str(data)

    return current_app.make_response((data, code, h))
コード例 #44
0
def reset():
    token = request.args.get('token', None)
    try:
        u_id = json.loads(cache.get(token))
    except:
        return abort(Response('无效的token验证码!'))
    if u_id is not None:
        u = User.one(id=u_id)
        # 删除使用后的token
        cache.delete(token)
        # 生成新的token
        token = new_csrf_token(u)
        # 帮用户进行登陆
        session_id = session_user(u.id)
        res = current_app.make_response(render_template('forget/reset.html', token=token))
        res.set_cookie('cache_session', session_id)
        return res
    else:
        return abort(Response('无效的token验证码!'))
コード例 #45
0
ファイル: request.py プロジェクト: zhaochenglan/myblog
        def before_request_func():
            """
            请求前执行函数
            :return:
            """
            request.c_method = request.method
            if app.config[
                    "CLIENT_TOKEN_AUTH_ENABLED"] and request.path.startswith(
                        api.url_prefix):
                # 如果已开启客户端验证, 那只要是api请求都需要token验证
                auth_header = request.headers.get('OSR-RestToken')
                csrf_header = request.headers.get('X-CSRFToken')
                if csrf_header:
                    # 使用CSRF验证
                    csrf.protect()
                elif auth_header:
                    rest_token_auth.auth_rest_token()
                else:
                    response = current_app.make_response(
                        gettext(
                            'Token is miss, unconventional web browsing requests please provide "OSR-RestToken",'
                            ' otherwise provide "X-CSRFToken"'))

                    raise OsrTokenError(response.get_data(as_text=True),
                                        response=response)

            request.argget = Request()
            """
            兼容前端某些js框架或浏览器不能使用DELETE, PUT, PATCH等请求时,
            可以在参数中使用_method'
            """
            if request.argget.all("_method"):
                request.c_method = request.argget.all("_method").upper()
            if "site_global" not in g:
                g.site_global = {
                    "language": {
                        "all_language": get_config('babel', 'LANGUAGES'),
                        "current": self.get_current_lang()
                    }
                }

            get_conf = GetConfig()
            g.get_config = get_conf.get_config
コード例 #46
0
    def make_response(self, res):
        if self.call:
            raise Exception('Cannot use make_response when a callable is set')

        if isinstance(res, app.response_class):
            if self.modified:
                # If we receive a response - most likely one created by send_file - we do not allow any
                # external modifications.
                raise Exception(
                    'Cannot combine response object with custom modifications')
            return res

        if self._redirect:
            return self.make_redirect()

        res = app.make_response((res, self.status, self.headers))
        if self.content_type:
            res.content_type = self.content_type
        return res
コード例 #47
0
ファイル: custom.py プロジェクト: pughlab/matchminer-api
def build_redirect_url_epic(user, trial_match):
    """
    When redirecting to a patient for integration with EPIC, set appropriate tokens, headers, and cookies
    :param user:
    :param trial_match:
    :return:
    """
    db = database.get_db()

    # Set token. Must match token set in cookie
    token = str(uuid.uuid4())
    db['user'].update_one(
        {'_id': user['_id']},
        {'$set': {
            'token': token,
            'last_auth': datetime.datetime.now()
        }})

    # Build redirect URL
    patient_id = str(trial_match["_id"])
    url = FRONT_END_ADDRESS + 'dashboard/patients/' + patient_id + '?epic=true'
    redirect_to_patient = redirect(url)
    logging.info('[EPIC] redirect to URL: ' + url)

    # Build response headers
    response = app.make_response(redirect_to_patient)
    response.headers.add(
        'Authorization',
        'Basic' + base64.b64encode(f'{token}:'.encode('utf-8')).decode())
    response.headers.add('Last-Modified', datetime.datetime.now())
    response.headers.add(
        'Cache-Control',
        'no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0'
    )
    response.headers.add('Pragma', 'no-cache')
    response.headers.add('Content-Type', 'application/json')
    response.headers.add('Location', url)

    # Set cookies
    response.set_cookie('user_id', value=str(user['_id']), expires=0)
    response.set_cookie('team_id', value=str(user['teams'][0]), expires=0)
    response.set_cookie('token', value=token, expires=0)
    return response
コード例 #48
0
ファイル: index.py プロジェクト: gurza/form-collector
def form_ctrl():
    kickout_cookie = config.APP_KICKOUT_COOKIE_NAME
    kickout_url = config.APP_REDIRECT_URL

    if kickout_cookie in request.cookies:
        return redirect(kickout_url)

    error_fl = request.args.get('error', 0)
    try:
        error_fl = int(error_fl)
        error_fl = abs(error_fl)
    except ValueError:
        error_fl = 0

    form = LoginForm()
    if form.validate_on_submit():
        login = LoginModel(login=form.login.data, password=form.password.data)
        db.session.add(login)
        db.session.commit()
        if error_fl == 0:
            return redirect('/?error=1')
        else:
            kickout_redirect = redirect(kickout_url)
            response = current_app.make_response(kickout_redirect)
            # Value of cookie doesn't matter
            response.set_cookie(kickout_cookie,
                                value='1',
                                max_age=60 * 60 * 24 * 90)
            return response

    # Show form
    tpl_name = config.APP_TPL_NAME
    title = config.APP_TPL_TITLE
    message = config.APP_TPL_MESSAGE
    action = config.APP_TPL_ACTION
    form.login.data = config.APP_TPL_LOGIN
    return render_template(tpl_name,
                           title=title.decode('utf-8'),
                           message=message.decode('utf-8'),
                           action=action.decode('utf-8'),
                           form=form,
                           error=error_fl)
コード例 #49
0
def login():
    """
    登录页面的路由函数
    """
    form = request.form

    u, result = User.login(form)
    session_id = random_string()
    form = dict(
        session_id=session_id,
        user_id=u.id,
    )
    Session.new(form)

    redirection = redirect(
        url_for('user.login_view', result='{}'.format(result)))
    response = current_app.make_response(redirection)
    response.set_cookie('session_id', session_id, path='/')

    return response
コード例 #50
0
def getPriceHistory():
    sym = request.args.get("sym", default=None, type=str)
    ts = TimeSeries(key='redacted')
    # Get json object with the intraday data and another with  the call's metadata
    try:
        data, meta_data = ts.get_monthly_adjusted(sym)
    except Exception as ex:
        res = current_app.make_response("Could not fetch price data")
        print(traceback.format_exc())
        res.status_code = 404
        return res
    prices = {}
    for k in data.keys():
        #pick closing price for each day
        price = data[k]["4. close"]
        #ignore gaps
        if (float(price) != 0):
            prices[k] = data[k]["4. close"]
    #todo store prices in new db table?
    return json.dumps(prices)
コード例 #51
0
def login():
    cur.execute("SELECT * FROM login")
    rows = cur.fetchall()
    for row in rows:
        if request.form['email'] == row[2] and request.form['pwd'] == row[3]:
            #return redirect(url_for('dispositivosHTML'))
            cur2.execute("SELECT * FROM dispositivos WHERE idUsuario = " +
                         str(row[0]) + " ORDER BY Id ASC")
            rows2 = cur2.fetchall()
            respLogado = current_app.make_response(
                render_template("dispositivos.html",
                                nome=row[1],
                                dispositivos=rows2,
                                pag="0"))
            respLogado.set_cookie('IdUsuario', row[0])
            respLogado.set_cookie('Nome', row[1])
            return respLogado
    return "Email ou senha errado!<br /> <p>Email: {}".format(
        request.form['email']) + "</p><p>Senha: {}".format(
            request.form['pwd']) + "</p>"
コード例 #52
0
def download_worksheets():
    from sagenb.misc.misc import walltime, tmp_filename

    t = walltime()
    print "Starting zipping a group of worksheets in a separate thread..."
    zip_filename = tmp_filename() + ".zip"

    # child
    worksheet_names = set()
    if 'filenames' in request.values:
        import json
        filenames = json.loads(request.values['filenames'])
        worksheets = [
            g.notebook.get_worksheet_with_filename(x.strip())
            for x in filenames if len(x.strip()) > 0
        ]
    else:
        worksheets = g.notebook.worksheet_list_for_user(g.username)

    import zipfile
    zip = zipfile.ZipFile(zip_filename, 'w', zipfile.ZIP_STORED)
    for worksheet in worksheets:
        sws_filename = tmp_filename() + '.sws'
        g.notebook.export_worksheet(worksheet.filename(), sws_filename)
        entry_name = worksheet.name()
        if entry_name in worksheet_names:
            i = 2
            while ("%s_%s" % (entry_name, i)) in worksheet_names:
                i += 1
            entry_name = "%s_%s" % (entry_name, i)
        zip.write(sws_filename, entry_name + ".sws")
        os.unlink(sws_filename)
    zip.close()
    r = open(zip_filename, 'rb').read()
    os.unlink(zip_filename)
    print "Finished zipping %s worksheets (%s seconds)" % (len(worksheets),
                                                           walltime(t))

    response = current_app.make_response(r)
    response.headers['Content-Type'] = 'application/zip'
    return response
コード例 #53
0
    def post(self):
        """
        登录
        ---
        tags:
           - 认证接口
        parameters:
            -   name: username
                in: body
                required: true
                description: 用户名
            -   name: password
                in: body
                required: true
                description: 密码
        responses:
            200:
                examples:
                    返回数据: [
                                {
                                    "priority": 1,
                                    "color": "1",
                                    "content": "啦啦啦",
                                    "image": "http://www.qq.com/qq.png",
                                    "url": "http://www.qq.com",
                                },....
                            ]
            测试链接:
                description: http://127.0.0.1:3000/v1/admin/home
        """
        from BasicDemo.extentions.jwt import UserJwt

        user = UserJwt(1, "admin", 1)
        resp = current_app.make_response({
            "message": "login succeed",
            "role": user.admin,
            "id": user.id
        })
        set_access_cookies(resp, create_access_token(identity=user))
        set_refresh_cookies(resp, create_refresh_token(identity=user))
        return resp
コード例 #54
0
ファイル: routes.py プロジェクト: pewen/mapeoColectivo
def logout():
    """
    Logout and remove all the cookies

    TODO:
    ----
    * Guardar la url de la que viene para volver a la misma
    """
    next_url = request.args.get('next')

    allowed_routes = ['accionDirecta', 'mapeoCiudadano', 'historico']
    if next_url not in allowed_routes:
        next_url = '/'

    response = current_app.make_response(redirect(next_url))

    # Remove all the cookies
    response.set_cookie('status', '', expires=0)
    response.set_cookie('session', '', expires=0)

    return response
コード例 #55
0
def handle_error(error):
    """
    Creates a v2 compatible error response.

    :param error:   exception raised to indicate that an HTTP error response
                    should be generated and returned.
    :type  error:   crane.exceptions.HTTPError

    :return:    error details in json within response body.
    :rtype:     flask.response
    """
    data = {
        "errors": [
            dict(code=str(error.status_code),
                 message=error.message or httplib.responses[error.status_code])
        ]
    }
    response = current_app.make_response(json.dumps(data))
    response.headers['Content-Type'] = 'application/json'
    response.status_code = error.status_code
    return response
コード例 #56
0
ファイル: auth.py プロジェクト: simudream/changes
    def get(self):
        session.pop('uid', None)
        session.pop('access_token', None)
        session.pop('email', None)

        response_redirect = redirect(url_for(self.complete_url))

        # if the url contains ?return, go back to the referrer page
        if 'return' in request.args and request.referrer:
            is_same_host = (urlparse.urlparse(
                request.referrer).netloc == urlparse.urlparse(
                    request.host_url).netloc)
            if is_same_host:
                response_redirect = redirect(request.referrer)

        # remove refresh token and login email
        response = current_app.make_response(response_redirect)
        response.delete_cookie('refresh_token')
        response.delete_cookie('refresh_email')

        return response
コード例 #57
0
 def patch(self):
   """PATCH operation handler."""
   src = self.request.json
   if self.request.mimetype != 'application/json':
     return current_app.make_response(
         ('Content-Type must be application/json', 415, []))
   with utils.benchmark("Do bulk update"):
     updated_objects = self.model.bulk_update(src)
   with utils.benchmark("Status propagation on bulk update"):
     self.propagate_status(updated_objects)
   with utils.benchmark("Log Event"):
     self.log_event()
   with utils.benchmark("Commit"):
     db.session.commit()
   with utils.benchmark("Make response"):
     updated_ids = {u.id for u in updated_objects}
     skipped_ids = {int(item['id']) for item in src
                    if int(item["id"]) not in updated_ids}
     result = [{'status': 'updated', 'id': idx} for idx in updated_ids]
     result.extend([{'status': 'skipped', 'id': idx} for idx in skipped_ids])
     return self.json_success_response(result, datetime.datetime.now())
コード例 #58
0
def login():
    """
    登录页面的路由函数
    """
    form = request.form

    u, result = User.login(form)
    # session 会话
    # token 令牌
    # 设置一个随机字符串来当令牌使用
    session_id = random_string()
    form = dict(
        session_id=session_id,
        user_id=u.id,
    )
    Session.new(form)

    redirect_to_index = redirect(url_for('user.login_view', result=result))
    response = current_app.make_response(redirect_to_index)
    response.set_cookie('session_id', value=session_id)
    return response
コード例 #59
0
    def post(self):
        """ Speech endpoint

            Args:
                voice_id (str): id of the voice
                audio_format (str, optional): wav|ogg|mp3
                text (str): text to process

            Returns:
                streamed audio file of the processed speech
        """

        args = spch_parser.parse_args()
        if isinstance(args, current_app.response_class):
            return args
        voice = Voice.query.filter_by(id=args['voice_id']).first()
        if voice is None:
            return mk_response("Voice could not be found", 400)

        # creating syntesised speech and saving into file
        tanglevoice = TangleVoice(voice_dir=os.path.abspath(voice.directory),
                                  loglvl=current_app.logger.level)
        audio_fn = os.path.abspath(uuid.uuid4().hex[:8] + '.wav')
        waveform = tanglevoice.speak(args['text'])
        _wav_to_file(waveform, audio_fn)

        # convert to requested type
        if 'audio_format' in args and args['audio_format'] != "wav":
            old_audio_fn = audio_fn
            audio_fn = _convert_to(args['audio_format'], audio_fn)
            os.remove(old_audio_fn)
        elif 'audio_format' not in args:
            args['audio_format'] = "wav"
        # get the audio as bytes, delete the file and return audio as bytes
        with open(audio_fn, 'rb') as audio_f:
            wavefile = b''.join(audio_f.readlines())
        os.remove(audio_fn)
        response = current_app.make_response(wavefile)
        response.headers['Content-Type'] = 'audio/' + args['audio_format']
        return response
コード例 #60
0
 def post(self, uid, op):
     me = UserService(db).get(g.user_id)
     if me.role != UserRole.ADMIN and uid != g.user_id:
         return None, 404
     username = request.form.get('username')
     email = request.form.get('email')
     role = request.form.get('role')
     if me.role != UserRole.ADMIN:
         role = UserRole.NORMAL
     if uid == 1:
         role = UserRole.ADMIN  # root must be role
     user = UserService(db).get(uid)
     user.username = username
     user.email = email
     user.role = role
     db.session.commit()
     return current_app.make_response(
         render_template(
             'user.html',
             user=user,
             user_role=UserRole,
         ))