def validate_attendance(form, field):
code = AttendanceCodes.query.filter_by(oid=get_org_id(),
code=field.data.strip()).first()
if code is None:
raise ValidationError("Invalid attendance code!")
if code.start > get_time():
raise ValidationError("This code is not yet active!")
if code.end < get_time():
raise ValidationError("This code has expired!")
if AttendanceRecords.query.filter_by(
oid=get_org_id(), cid=code.id, uid=user.id).count() > 0:
raise ValidationError("Attendance code already used!")
def test_direct_login(uid, client, assert_redirect):
assert_redirect(client.get("/direct-login/?token=%s" % make_jwt(dict(
exp = get_time() + 60,
email = "*****@*****.**" % uid
))), route = "/")
assert_redirect(client.get("/logout/"), route = "/")
def update_user(uid, **kwargs):
user = Users.query.filter_by(id=uid).first()
# TODO handle email change
if "username" in kwargs:
user.username = kwargs.pop("username")
if "desc" in kwargs:
user.desc = kwargs.pop("desc")
if "real_name" in kwargs:
user.real_name = kwargs.pop("real_name")
if "npass" in kwargs:
user.password_hash = pass_hash(kwargs.pop("npass"), user.salt)
user.revoke_tokens_before = get_time()
set_user(user)
if "subscribed" in kwargs:
user.subscribed = kwargs.pop("subscribed")
if kwargs:
logger.warn("WARNING update_user not complete: %s" % kwargs)
db_commit()
def serve_change_password(form):
password = form.password.data
user.password_hash = pass_hash(password, user.salt)
user.permissions.revoke_tokens_before = get_time()
db_commit()
set_user(user._get_current_object())
flash("Your account password has been updated!", category="SUCCESS")
return redirect("/edit-profile/", code=303)
def link_email(email, next):
user = Users.query.filter_by(email=email).first()
if not user:
return
token = make_jwt(
dict(exp=get_time() + SIGNUP_EXPIRY, uid=user.id, email=email))
send_link_email(email, token, next)
def reset_password(email):
user = Users.query.filter_by(email=email).first()
if not user:
return
token = make_jwt(
dict(exp=get_time() + ACTION_EXPIRY, uid=user.id, email=email))
send_reset_email(email, token)
def _inner(form, field):
user = Users.query.filter_by(**{
param: getattr(form, param).data
}).first()
if user and user.password_hash:
if pass_hash(field.data, user.salt) == user.password_hash:
if get_time() >= user.permissions.can_login_after:
return
else:
raise ValidationError(ERROR_MESSAGES["account_disabled"])
raise ValidationError(ERROR_MESSAGES["invalid_credentials"])
def attendance_organizations(self):
time = get_time()
return Organizations.query. \
join(OrganizationUsers). \
join(Users). \
join(AttendanceCodes). \
filter(
~db.exists(). \
where(db.and_(AttendanceRecords.uid == Users.id, AttendanceRecords.cid == AttendanceCodes.id)),
Users.id == self.id, AttendanceCodes.start <= time, time <= AttendanceCodes.end
).distinct(Organizations.id).all()
def serve_attendance(org):
form = AttendanceForm()
if form.validate_on_submit():
AttendanceRecords.add(cid=AttendanceCodes.query.filter_by(
code=form.attendance_code.data.strip()).first().id,
oid=get_org_id(),
uid=user.id,
time=get_time())
db_commit()
flash("Your attendance was confirmed!", category="SUCCESS")
flash_form_errors(form)
return render_template(
"account/attendance.html",
form=form,
off=(AttendanceCodes.query.filter_by(oid=get_org_id()).count() == 0))
def test_direct_login_expired(client):
assert client.get("/direct-login/?token=%s" % make_jwt(dict(
exp = get_time() - 1,
email = "*****@*****.**"
))).status_code == 400
def test_create_account_valid(client):
assert client.get(
"/create-account/?token=%s" %
make_jwt(dict(email="*****@*****.**",
exp=get_time() + 60))).status_code == 200
def news_sudo_create(form, oid):
org = Organizations.query.filter_by(oid = oid).first()
article = News.add(oid = get_org_id(), nid = form.nid.data, title = form.title.data, body = form.body.data, time = get_time())
db_commit()
for uid in form.authors.data.split():
NewsAuthors.add(nid = article.id, uid = int(uid), oid = get_org_id())
if form.email.data:
co = Organizations.query.filter_by(id = get_org_id()).first()
send_many([
tup[0]
for tup in db.session.query(Users.email).\
join(OrganizationUsers).\
filter(OrganizationUsers.oid == co.id, Users.subscribed == True).all()
],
"%s Announcement - %s" % ("CS Center" if org.id == 1 else org.name, form.title.data), md.render(form.body.data))
db_commit()
def current_objs(self, oid):
"""Get the current attendance codes"""
t = get_time()
return self.query.filter(self.oid == oid, self.start <= t, t <= self.end).all()
def verify_email(email, next):
token = make_jwt(dict(exp=get_time() + SIGNUP_EXPIRY, email=email))
send_verify_email(email, token, next)
def test_create_account_redir(user1):
assert user1.get("/create-account/?token=%s" % make_jwt(
dict(email="*****@*****.**", exp=get_time() + 60))).status_code == 303
def global_logout():
user.permissions.revoke_tokens_before = get_time()
db_commit()
return ""
def test_create_account_expired(client):
assert client.get("/create-account/?token=%s" % make_jwt(
dict(email="*****@*****.**", exp=get_time() - 1))).status_code == 400