def post(self):
email = context.form.get('email')
password = context.form.get('password')
otp = context.form.get('otp', None)
principal = context.application.__authenticator__.login((email, password))
token = principal.dump().decode()
try:
# TODO: Add this feature for admins
if principal.is_in_roles('client'):
client = Client.query.filter(Client.email == email).one()
if client.has_second_factor is True:
if otp is None:
raise HttpBadRequest('Otp needed', 'bad-otp')
oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email)
is_valid, _ = oath.verify_google_auth(otp)
if is_valid is False:
raise HttpBadRequest('Invalid otp', 'invalid-otp')
login_log = SecurityLog.generate_log(type='login')
DBSession.add(login_log)
DBSession.flush()
except Exception as e:
# FIXME: Fix the warning
context.application.__authenticator__.unregister_session(principal.session_id)
raise e
return dict(token=token)
def register(self):
email = context.form.get('email')
password = context.form.get('password')
name = context.form.get('name')
family = context.form.get('family')
description = context.form.get('description')
role = 'member'
member = DBSession.query(Member) \
.filter(Member.email == email) \
.one_or_none()
if DBSession.query(Member.email).filter(Member.email == email).count():
raise HTTPStatus('601 Email Address Is Already Registered')
member = Member(
email=email,
name=name,
password=password,
family=family,
description=description,
role=role,
)
DBSession.add(member)
return member
def test_modified_mixin(self):
# noinspection PyArgumentList
instance = ModificationCheckingModel(
title='test title',
)
DBSession.add(instance)
DBSession.commit()
self.assertIsNone(instance.modified_at)
self.assertIsNotNone(instance.created_at)
self.assertEqual(instance.last_modification_time, instance.created_at)
instance = DBSession.query(ModificationCheckingModel).one()
self.assertIsNone(instance.modified_at)
self.assertIsNotNone(instance.created_at)
self.assertEqual(instance.last_modification_time, instance.created_at)
instance.title = 'Edited title'
DBSession.commit()
self.assertIsNotNone(instance.modified_at)
self.assertIsNotNone(instance.created_at)
self.assertEqual(instance.last_modification_time, instance.modified_at)
instance = DBSession.query(ModificationCheckingModel).one()
self.assertIsNotNone(instance.modified_at)
self.assertIsNotNone(instance.created_at)
self.assertEqual(instance.last_modification_time, instance.modified_at)
def test_approve_required_mixin(self):
# noinspection PyArgumentList
object1 = ApproveRequiredObject(
title='object 1',
)
DBSession.add(object1)
DBSession.commit()
self.assertFalse(object1.is_approved)
self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 0)
object1.is_approved = True
self.assertTrue(object1.is_approved)
DBSession.commit()
object1 = DBSession.query(ApproveRequiredObject).one()
self.assertTrue(object1.is_approved)
json = object1.to_dict()
self.assertIn('isApproved', json)
self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 1)
self.assertEqual(ApproveRequiredObject.filter_approved().count(), 1)
self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'false'))
self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'FALSE'))
self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'False'))
self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'true'))
self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'TRUE'))
self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'True'))
self.assertEqual(ApproveRequiredObject.import_value(ApproveRequiredObject.title, 'title'), 'title')
def register(self):
email = context.form.get('email')
password = context.form.get('password')
invitation_code = context.form.get('invitationCode', None)
client = Client()
if invitation_code is None and settings.membership.invitation_code_required is True:
raise HttpBadRequest('Bad invitation code', 'bad-invitation-code')
if invitation_code is not None:
invitation = Invitation.query.filter(Invitation.code == invitation_code).with_for_update().one_or_none()
if invitation is None or invitation.is_active is False:
raise HttpBadRequest('Bad invitation code', 'bad-invitation-code')
if invitation.unfilled_sits <= 0:
raise HttpBadRequest('Fully filled invitation code', 'fully-filled-invitation-code')
invitation.filled_sits += 1
client.invitation_code = invitation_code
client.email = email
client.password = password
client.is_active = True
DBSession.add(client)
return client
def claim(self):
email = context.form.get('email')
email_pattern = r'(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)'
if not email:
raise HTTPBadRequest()
if not re.match(email_pattern, email):
raise HTTPStatus('701 Invalid email format.')
if DBSession.query(Member.email).filter(Member.email == email).count():
raise HTTPStatus(
'601 The requested email address is already registered.')
# FIXME: Token should be put in payload
serializer = \
itsdangerous.URLSafeTimedSerializer(settings.activation.secret)
token = serializer.dumps(email)
DBSession.add(
ActivationEmail(to=email,
subject='Activate your NueMD Coder account',
body={
'activation_token': token,
'activation_url': settings.activation.url
}))
return dict(email=email)
def test_soft_delete_mixin(self):
# noinspection PyArgumentList
instance = SoftDeleteCheckingModel(title='test title')
DBSession.add(instance)
DBSession.commit()
instance.assert_is_not_deleted()
self.assertRaises(ValueError, instance.assert_is_deleted)
instance = SoftDeleteCheckingModel.query.one()
instance.soft_delete()
DBSession.commit()
instance.assert_is_deleted()
self.assertRaises(ValueError, instance.assert_is_not_deleted)
self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 1)
self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 0)
instance.soft_undelete()
DBSession.commit()
instance.assert_is_not_deleted()
self.assertRaises(ValueError, instance.assert_is_deleted)
self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 0)
self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 1)
DBSession.delete(instance)
self.assertRaises(HttpConflict, DBSession.commit)
def mockup(cls):
god = God()
god.email = '*****@*****.**'
god.password = '******'
god.is_active = True
DBSession.add(god)
DBSession.commit()
def send(self, target_id):
mimetype = context.form.get('mimetype')
sender = Member.current()
message = Message(body=context.form.get('body'))
message.target_id = int(target_id)
message.sender_id = sender.id
if 'attachment' in context.form:
message.attachment = context.form.get('attachment')
message.mimetype = message.attachment.content_type
if message.attachment.content_type in BLACKLIST_MIME_TYPES:
raise HTTPUnsupportedMediaType()
elif mimetype:
if mimetype not in SUPPORTED_TEXT_MIME_TYPES:
raise HTTPUnsupportedMediaType()
message.mimetype = context.form.get('mimetype')
else:
message.mimetype = 'text/plain'
DBSession.add(message)
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
webhook = Webhook()
webhook.sent_message(target_id, sender.reference_id)
return message
def subscribe(self):
member = Member.current()
query = DBSession.query(Room)
requested_rooms = Target.filter_by_request(query).all()
if len(requested_rooms) >= settings.room.subscription.max_length:
raise HTTPStatus(
f'716 Maximum {settings.room.subscription.max_length} Rooms '
f'To Subscribe At A Time')
requested_rooms_id = {i.id for i in requested_rooms}
subscribed_rooms = DBSession.query(TargetMember) \
.filter(TargetMember.member_id == member.id) \
.join(Target, Target.id == TargetMember.target_id) \
.filter(Target.type == 'room') \
.all()
subscribed_rooms_id = {i.target_id for i in subscribed_rooms}
not_subscribed_rooms_id = requested_rooms_id - subscribed_rooms_id
flush_counter = 0
for each_room_id in not_subscribed_rooms_id:
flush_counter += 1
target_member = TargetMember(target_id=each_room_id,
member_id=member.id)
DBSession.add(target_member)
if flush_counter % 10 == 0:
DBSession.flush()
not_subscribed_rooms = DBSession.query(Target) \
.filter(Target.id.in_(not_subscribed_rooms_id))
return not_subscribed_rooms
def mockup():
with StoreManager(DBSession):
images = PlaceImageList([
PlaceImage.create_from(f'{IMAGE_PATH}/1.jpeg'),
PlaceImage.create_from(f'{IMAGE_PATH}/2.jpeg'),
])
categories = [
Category(name='جنگل', ),
Category(name='رودخونه', ),
Category(name='کوه', ),
Category(name='مذهبی', ),
]
for i in range(1000):
place = Place(
name=f'foo {i}',
description=description,
address=address,
latitude=random() * 20 + 30,
longitude=random() * 20 + 30,
images=images,
category=choice(categories),
)
DBSession.add(place)
DBSession.commit()
def test_activation_mixin(self):
activated_student = Student()
activated_student.name = 'activated-student'
activated_student.activated_at = datetime.now()
DBSession.add(activated_student)
deactivated_student = Student()
deactivated_student.name = 'deactivated-student'
deactivated_student.activated_at = None
DBSession.add(deactivated_student)
DBSession.commit()
# Test ordering:
student_list = Student.query.order_by(desc(Student.is_active)).all()
self.assertIsNotNone(student_list[0].activated_at)
self.assertIsNone(student_list[-1].activated_at)
student_list = Student.query.order_by(asc(Student.is_active)).all()
self.assertIsNotNone(student_list[-1].activated_at)
self.assertIsNone(student_list[0].activated_at)
# Test filtering:
student_list = Student.query.filter(Student.is_active).all()
for student in student_list:
self.assertIsNotNone(student.activated_at)
student_list = Student.query.filter(not_(Student.is_active)).all()
for student in student_list:
self.assertIsNone(student.activated_at)
def insert_mockup(self, args=None): # pragma: no cover
from restfulpy.orm import DBSession
from .models import User
oscar = User(id='pylover',
email='*****@*****.**',
password='******')
DBSession.add(oscar)
DBSession.commit()
def insert_mockup(self):
for i in range(1, 11):
# noinspection PyArgumentList
DBSession.add(
Resource(id=i,
title='resource%s' % i,
password='******' % i))
DBSession.commit()
def add(self):
bank_card = BankCard()
bank_card.client_id = context.identity.id
bank_card.fiat_symbol = context.form.get('fiatSymbol')
bank_card.holder = context.form.get('holder')
bank_card.pan = context.form.get('pan')
DBSession.add(bank_card)
return bank_card
def __call__(self, args):
user = User(
id=args.name,
email=args.email,
password=getpass()
)
DBSession.add(user)
DBSession.commit()
def create(self):
title = context.form.get('title')
if DBSession.query(Person).filter(Person.title == title).count():
raise HTTPStatus('600 Already person has existed')
person = Person(title=context.form.get('title'))
DBSession.add(person)
return person
def add(self):
sheba_address = BankAccount()
sheba_address.client_id = context.identity.id
sheba_address.fiat_symbol = context.form.get('fiatSymbol')
sheba_address.iban = context.form.get('iban')
sheba_address.bic = context.form.get('bic', None)
sheba_address.owner = context.form.get('owner')
DBSession.add(sheba_address)
return sheba_address
def create(self):
title = context.form.get('title')
if DBSession.query(Foo).filter(Foo.title == title).count():
raise HTTPStatus('604 Title Is Already Registered')
foo = Foo()
foo.update_from_request()
DBSession.add(foo)
return foo
def test_auto_activation(self):
# noinspection PyArgumentList
object1 = AutoActiveObject(title='object 1', )
DBSession.add(object1)
DBSession.commit()
self.assertTrue(object1.is_active)
self.assertEqual(
1,
DBSession.query(AutoActiveObject).filter(
AutoActiveObject.is_active).count())
def insert_mockup(self):
url = Url(url='http://www.varzesh3.com')
member = Member(
given_name='mohammad',
family_name='sheikhian',
email='*****@*****.**',
google_access_token='fgbsdibfosdnfosd',
google_refresh_token='fgbdyugbdsiubgdufig'
)
DBSession.add(url)
DBSession.add(member)
DBSession.commit()
def test_orderable_mixin(self):
for i in range(3):
# noinspection PyArgumentList
instance = OrderableCheckingModel(title='test title %s' % i,
order=i)
DBSession.add(instance)
DBSession.commit()
instances = OrderableCheckingModel.apply_default_sort().all()
self.assertEqual(instances[0].order, 0)
self.assertEqual(instances[2].order, 2)
def add(self, id: int, issue_id: int):
instance = self._ensure(id)
issue = WorkGroup.query.filter(Issue.id == issue_id).one_or_none()
if issue is None:
raise HttpNotFound('Cannot find any issue with id %s' % issue_id)
# p1 = Parent()
# c1 = Child()
# p1.children.append(c1)
instance.issue.append(issue)
# instance.update_from_request()
DBSession.add(instance)
return instance
def schedule(self):
email = context.form.get('email')
client = Client.query.filter(Client.email == email).one_or_none()
if client is not None:
principal = ResetPasswordPrincipal({'email': client.email})
# noinspection PyArgumentList
task = ResetPasswordEmail(
to=client.email,
subject='Reset password',
body={'token': principal.dump().decode()},
)
DBSession.add(task)
return dict(success=True)
def post(self):
url = context.form.get('url')
if not url.startswith('http'):
url = f'http://{url}'
url_exist = DBSession.query(Url).filter_by(url=url).one_or_none()
if url_exist is None:
url_exist = Url(url=url)
DBSession.add(url_exist)
DBSession.commit()
hash_id = hashids.encode(url_exist.id)
return dict(hash_id=hash_id)
def __schedule_email_verification(self):
client = Client.current()
if client.is_email_verified is True or client.is_evidence_verified is True:
raise HttpConflict('Already verified.', 'already-verified')
principal = VerificationEmailPrincipal({'id': client.id})
# noinspection PyArgumentList
task = VerificationEmail(
to=client.email,
subject='Email verification',
body={'token': principal.dump().decode()},
)
DBSession.add(task)
return
def create(self):
member_username_check = DBSession.query(Member) \
.filter(Member.user_name == context.form.get('userName')) \
.one_or_none()
if member_username_check is not None:
raise StatusRepetitiveUsername()
member_email_check = DBSession.query(Member) \
.filter(Member.email == context.form.get('email')) \
.one_or_none()
if member_email_check is not None:
raise StatusRepetitiveEmail()
member = Member()
member.update_from_request()
DBSession.add(member)
return member
def insert(): # pragma: no cover
admin = Member(
title='GOD',
first_name='First name',
last_name='Last name',
email='*****@*****.**',
password='******',
)
DBSession.add(admin)
DBSession.commit()
print('Admin has been created.')
print(f' Title: {admin.title}\n'
f' First Name: {admin.first_name}\n'
f' Last Name: {admin.last_name}\n'
f' Email: {admin.email}\n'
f' Password: 123456\n')
def claim(self):
email = context.form.get('email')
if DBSession.query(Member.email).filter(Member.email == email).count():
raise HTTPStatus('601 Email Address Is Already Registered')
token = RegisterationToken(dict(email=email))
DBSession.add(
RegisterEmail(to=email,
subject='Register your CAS account',
body={
'registeration_token':
token.dump(),
'registeration_callback_url':
settings.registeration.callback_url
}))
return dict(email=email)
def get(self):
if(context.query_string.get('code') is None) or \
(client_secret_data['client_id'] is None) or \
(client_secret_data['client_secret'] is None):
raise HttpBadRequest
body_token = dict()
body_token['grant_type'] = 'authorization_code'
body_token['code'] = context.query_string.get('code')
body_token['client_id'] = client_secret_data['client_id']
body_token['redirect_uri'] = settings.redirect_uri_auth
body_token['client_secret'] = client_secret_data['client_secret']
response_token = requests.post(settings.auth_google_uri_token,
body_token)
if response_token.status_code != 200:
raise HttpForbidden()
response_get_profile = requests.get(
settings.oauth_url_google_api,
headers={
'Authorization':
'OAuth ' +
json_library.loads(response_token.text)['access_token']
})
if response_get_profile.status_code != 200:
raise HttpNotFound()
profile = json_library.loads(response_get_profile.text)
if 'refresh_token' in response_token.text:
member = Member(given_name=profile['given_name'],
family_name=profile['family_name'],
email=profile['email'],
google_access_token=json_library.loads(
response_token.text)['access_token'],
google_refresh_token=json_library.loads(
response_token.text)['refresh_token'])
DBSession.add(member)
DBSession.commit()
return dict(authorization=JwtPrincipal(profile).dump().decode("utf-8"))
