def post(self):
# get the post data
data = request.get_json(force=True)
data['user_id'] = session.get('user_id')
data['user'] = User(data).filter_by_email()
# check if user already exists
errors = validate_user_details(data)
if len(errors) > 0:
response_object = {'errors': errors}
return make_response(jsonify(response_object)), 404
try:
user = User(data).save()
auth_token = encode_auth_token(user.get('user_id'),
user.get('username')).decode()
response_object = {
'message': 'Successfully registered.',
'auth_token': auth_token
}
return make_response(jsonify(response_object)), 201
except Exception as e:
print(e)
response_object = {
'error': 'Some error occurred. Please try again.'
}
return make_response(jsonify(response_object)), 401
def client():
_client = view.app.test_client()
auth_service = MagicMock()
event_service = MagicMock()
test_user1 = User(1, 'test', 'test', 'test')
test_user2 = User(2, 'test', 'test', 'test')
test_user1.auth = Authorisation(1, 'test',
'5f4dcc3b5aa765d61d8327deb882cf99', [])
test_user2.auth = Authorisation(1, 'test',
'5f4dcc3b5aa765d61d8327deb882cf99', [])
auth_service.authenticate = MagicMock(return_value=test_user1)
auth_service.add = MagicMock(return_value=test_user2)
auth_service.change_password = MagicMock(return_value=test_user2)
project = Project(1, 1, 'test name', 'test description')
events = [AnalyticalEvent(1, datetime.now(), 'test', 'test', 'test', 1)]
event_service.add_project = MagicMock(return_value=project.id)
event_service.change_project_name = MagicMock(return_value=project.id)
event_service.change_project_description = MagicMock(
return_value=project.id)
event_service.get_all_projects = MagicMock(return_value=[project])
event_service.get_project = MagicMock(return_value=project)
event_service.get_all_events = MagicMock(return_value=[e for e in events])
event_service.add_event = MagicMock(return_value=1)
view.event_service = event_service
view.auth_service = auth_service
return _client
def register():
if current_user.is_authenticated:
flash("You have already logged in", "warning")
return redirect(url_for('posts.home'))
form = RegistrationForm() # instatiating a form
if form.validate_on_submit():
username = form.username.data # datafiled from the username attribute
email = form.email.data
password = form.password.data
hashed_password = bcrypt.generate_password_hash(password).decode(
'utf-8')
new_user = User(username=username,
email=email,
password=hashed_password)
db.session.add(new_user)
db.session.commit()
print(username, "has registered :3")
flash("Cool, you're done, {}!".format(username),
"success") # success is for color category name
return redirect(url_for('auth.login')) # here name of the function
return render_template("register.html", reg_form=form)
def post(self):
try:
data = request.get_json()
print(data)
username = data.get('username', None)
password = data.get('password', None)
if username and password:
user = User.query.filter_by(username=username).first()
if user:
return jsonify(
{'error': 'username has already been registered!'})
else:
new_user = User()
new_user.username = username
new_user.set_password(password)
new_user.public_id = str(uuid.uuid4())
new_user.is_admin = False
db.session.add(new_user)
db.session.commit()
return jsonify({'message': 'Successful!'})
raise Exception('Invalid input')
except Exception as value:
return jsonify({'error': 'Invalid input'}), 406
def post(self):
# creates a dictionary of the form data
data = request.form
# gets values of data dictionary
first_name, last_name = data.get('first_name'), data.get('last_name')
email, password = data.get('email'), data.get('password')
# checking for existing user
user = User.query.filter_by(email=email).first()
if not user:
# database ORM object
user = User(public_id=str(uuid.uuid4()),
first_name=first_name,
last_name=last_name,
email=email,
password=generate_password_hash(password))
# insert user
db.session.add(user)
db.session.commit()
return make_response('Successfully registered.', 201)
else:
# returns 202 if user already exists
return make_response('User already exists. Please Log in.', 202)
def post(self):
form = self.form
openid = self.openid
if form.validate():
encpass = enc_login_passwd(form.password.data)
U = User(username=form.username.data,
password=encpass,
language=self.language)
user_info = self.get_user_info
U.nickname = user_info.get('nickname', U.username)
U.email = form.email.data
self.db.add(U)
self.db.commit()
U.init_account(self.db)
U.last_login = datetime.datetime.now()
openid.user_id = U.id
self.db.commit()
self.save_session(U.id)
self.db.delete(self.K)
self.db.commit()
return self.redirect_next('/account')
self.render()
def signup():
form = SignupForm(request.form)
if form.validate_on_submit():
username = form.username.data
email = form.email.data
password = form.password.data
if not username:
username = email.split('@')[0]
user = User(username, email)
user.password = password
user.password_hash
user.role = Role.USER
user.status = Status.ACTIVE
db.session.add(user)
db.session.commit()
flash(gettext('You can now login.'))
return redirect(url_for('auth.login'))
return render_template('auth/signup.html',
title=gettext('Sign up'),
form=form)
def register():
if current_user.is_authenticated:
return redirect(url_for('public.index'))
form = RegisterForm()
error = None
if form.validate_on_submit():
username = form.username.data
email = form.email.data
password = form.password.data
# Comprobamos que no hay ya un usuario con ese email
user = User.get_by_email(email)
if user is not None:
flash(
'El email {} ya está siendo utilizado por otro usuario'.format(
email))
else:
# Creamos el usuario y lo guardamos
user = User(name=username, email=email)
user.set_password(password)
user.save()
# Creo el rol del nuevo usuaricio
usuario_nuevo = User.get_by_email(email)
rol = Role(rolename="user", user_id=usuario_nuevo.id)
rol.save()
# Dejamos al usuario logueado
login_user(user, remember=True)
return redirect(url_for('public.index'))
return render_template("register.html", form=form)
def signup():
"""
Sign-up endpoint for users. Makes sure that a user with the same email does not exist
:returns: A redirect to the home page if a user is already signed in, the main budget report page if the user successfully signs up, or the signup page if the user does input minimum requirements
"""
if current_user.is_authenticated:
return redirect(url_for('home'))
signup_form = AuthForm(request.form)
if request.method == 'POST' and signup_form.validate_on_submit():
user_exists = User.query.filter_by(
email=signup_form.email.data).scalar()
# if user does not exist, we create a new one
if user_exists is None:
new_user = User(email=signup_form.email.data,
password=signup_form.password.data)
db.session.add(new_user)
db.session.commit()
login_user(new_user)
return redirect(url_for('budget.report'))
else:
flash('User already exists')
return redirect(url_for('auth.signup'))
return render_template('auth/signup.html',
form=signup_form,
loggedin=current_user.is_authenticated,
title='Sign-Up')
def sign_up():
"""
parameters:
- name: Register
required: username, password, name
description: Registration route to authenticate new users
responses:
400: Register failed
description: Bad User schema
200:
description: Register Success
result schema:
User object
"""
requested_user = request.get_json()
user = User(username=requested_user['username'],
password=requested_user['password'],
name=requested_user['name'],
role=requested_user['role'],
accessToken=requested_user['accessToken'],
tokenType=requested_user['tokenType'],
expiresIn=requested_user['expiresIn'],
refreshToken=requested_user['refreshToken'])
user.set_password(requested_user['password'])
return user.toJSON()
def post(self):
data = request.get_json(force=True)
data['user_id'] = session.get('user_id')
errors = validate_login_details(data)
if len(errors) > 0:
response_object = {'errors': errors}
return make_response(jsonify(response_object)), 404
try:
user = User(data).filter_by_email()
if len(user) >= 1:
if b_crypt.check_password_hash(user[0].get('password'),
data.get('password')):
auth_token = encode_auth_token(user[0].get('user_id'),
user[0].get('username'))
else:
response_object = {
'errors': 'Password or email do not match.'
}
return make_response(jsonify(response_object)), 401
try:
if auth_token:
response_object = {
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(response_object)), 200
except Exception as e:
return {"errors": 'Error decoding token'}, 401
else:
response_object = {'errors': 'User does not exist.'}
return make_response(jsonify(response_object)), 404
except Exception as e:
print(e)
response_object = {'message': 'Try again'}
return make_response(jsonify(response_object)), 500
def register():
form = RegisterForm(request.form)
if form.validate_on_submit():
# create a user instance not yet stored in the database
user = User(name=form.name.data,
email=form.email.data,
password=generate_password_hash(form.password.data))
try:
db.session.add(user)
db.session.commit()
except IntegrityError:
flash(
'Check if your input is correct, else the username or email might already be in use.'
)
return redirect(url_for('auth.register'))
# Log the user in
login_user(user)
# flash will display a message to the user
flash('Thanks for registering')
# redirect user to the 'home' method of the user module
return redirect(url_for('todo.index'))
return render_template('auth/register.html', form=form)
def sign_in():
"""
parameters:
- name: Login
required: username and password
description: Login route to authenticate existing users
responses:
400: Login failed
description: Bad Username/Password
200:
description: Login Success
result schema:
User object
"""
requested_user = request.get_json()
user = User(username=requested_user['username'],
password=requested_user['password'],
accessToken=requested_user['accessToken'],
tokenType=requested_user['tokenType'],
expiresIn=requested_user['expiresIn'],
refreshToken=requested_user['refreshToken'],
name='',
role='')
if user.check_password(requested_user['pwAttempted']):
return user.toJSON()
else:
abort(400)
def make_user():
email = request.json.get('email')
password = request.json.get('password')
if email is None or password is None:
response = jsonify({'status': 'Fail', 'message': 'Missing parameters'})
response.status_code = 400
return response
if User.objects.filter(email=email).first() is not None:
response = jsonify({'status': 'Fail', 'message': 'User already exists'})
response.status_code = 400
return response
user = User(email=email)
user.hash_password(password)
user.activity.created = now()
verification_code = uuid.uuid4()
user.activity.verification_code = str(verification_code)
user.save()
user_registered_email(email, verification_code)
response = jsonify({'status': 'Success', 'message': 'User created'})
response.status_code = 201
return response
def post(self):
# get data from json request
data = request.get_json()
# spliting the data from request
username = data['username']
password = data['password'] # clear data
# checking if the collect data exists
print(user_exists(username))
if user_exists(username):
error = {
'status': 301,
'msg': 'Invalid Credentials'
}
return jsonify(error)
# user checked , time to hash the password
hashpass = generate_password_hash(password, method='sha256')
own = 0.0
debt = 0.0
# username and passw already done, is time do add to db
user = User(username=username, password=hashpass, own=own, debt=debt)
user.save()
# data stored in db, confirmation return
success = {
'status': 200,
'msg': "Success! You have Signup to yoBank!"
}
return jsonify(success)
def create_user():
"""Create a new user."""
# get form info
data = request.json or {}
# check info
error = []
if 'username' not in data:
error.append('username')
if 'password' not in data:
error.append('password')
if 'email' not in data:
error.append('email')
if len(error) > 0:
return jsonify({'message':
'Require {}.'.format(' and '.join(error))}), 400
# check if user existed
if User.filter_by(username=data['username'].strip()).first():
return jsonify({'message': 'Username already exists.'}), 409
# check if email existed
if User.filter_by(email=data['email'].strip()).first():
return jsonify({'message': 'Email has been registered.'}), 409
# create User
user = User(public_id=str(uuid.uuid1()),
username=data['username'].strip(),
email=data['email'].strip())
# password hash
user.set_password(data['password'].strip())
# db commit
user.save()
return jsonify({'message': 'Created a new user.'}), 201
def register():
form = RegisterForm()
if form.validate_on_submit():
logout_session_clear()
user = User(email=form.email.data)
user.hash_password(form.password.data)
user.activity.created = utc_now()
verification_code = uuid.uuid4()
user.activity.payment_reference = user.uid
user.activity.email_verification = EmailVerification(
verification_code=str(verification_code))
user.activity.activity_audit.append(
ActivityAudit(uid=user.uid,
created=utc_now(),
code="USER CREATED",
text="User created",
headers={
"REMOTE_ADDR": request.environ["REMOTE_ADDR"],
"HTTP_USER_AGENT":
request.environ["HTTP_USER_AGENT"],
"REMOTE_PORT": request.environ["REMOTE_PORT"],
}).save())
user.save()
user_registered_email(user.email, user.uid, verification_code)
return render_template('auth/user_registered.html')
return render_template('auth/register.html', form=form)
def test_default(self):
user = User(username='******', email='*****@*****.**', password='******')
user.save()
self.assertTrue(user.is_active is False)
self.assertTrue(user.is_admin is False)
self.assertTrue(isinstance(user.create_at, datetime.datetime) is True)
def auth_register():
if request.method == "GET":
return render_template("auth/register.html", form=LoginForm())
form = LoginForm(request.form)
user = User.query.filter_by(username=form.username.data).first()
if not user:
if not form.validate_on_submit():
return render_template(
"auth/register.html",
form=LoginForm(),
error=
"Username must be at least 3 characters. Password at least 8 characters long."
)
if form.password.data != form.password_again.data:
return render_template("auth/register.html",
form=form,
error="Password fields need to match.")
user = User(form.username.data)
user.password = form.password.data
db.session().add(user)
db.session().commit()
login_user(user)
else:
return render_template("auth/register.html",
form=form,
error="Username is already taken.")
return redirect(url_for("index"))
def signup():
"""Signup route
Returns:
response:
- 201 : Successfully registered, user created in database
- 202 : User already exists
- 401 : Missing parameters
"""
auth = request.get_json()
if not auth or not auth['username'] or not auth['password'] or not auth[
'email']:
return jsonify({'message': 'Missing parameters.'}), 401
user = User.query.filter_by(name=auth['username']).first()
if not user:
user = User(public_id=str(uuid.uuid4()),
name=auth['username'],
email=auth['email'],
password=generate_password_hash(auth['password']))
db.session.add(user)
db.session.commit()
return jsonify({'message': 'Successfully registered.'}), 201
else:
return jsonify({'message': 'User already exists. Please Log in.'}), 202
def init_database():
"""
This method will create
the database.
:return: None
"""
from app.auth.models import User
db.create_all()
try:
email = TestConstants.TEST_USER_EMAIL
password = TestConstants.TEST_USER_PASSWORD
hashed_password = get_hashed_password(password)
user = User(name=TestConstants.TEST_USER_NAME,
email=email,
password=hashed_password)
# Insert user data
db.session.add(user)
# Commit changes for user
db.session.commit()
yield db # This is where testing happens
except Exception as err:
logger.info(err)
raise Exception(err)
finally:
db.session.remove()
db.drop_all()
def post(self):
form = CreateUserForm(self)
if form.validate():
user = self.db.query(User).filter_by(
username=form.username.data).first()
if user:
form.username.errors.append(_('This username is occupied'))
else:
enc_password = enc_login_passwd(form.password.data)
new = User(username=form.username.data, password=enc_password)
self.db.add(new)
self.db.commit()
new.init_account(self.db)
profile = UserProfile(new)
self.db.add(profile)
self.db.commit()
url = self.reverse_url('admin:user:view')
url += '?id=%s' % new.id
return self.redirect(url)
self.render(form=form)
def login():
if current_user.is_authenticated:
flash('You are already logged in.')
return redirect(url_for('auth.home'))
form = LoginForm()
if request.method == 'POST' and form.validate():
username = request.form.get('username')
password = request.form.get('password')
try:
User.try_login(username, password)
except ldap.INVALID_CREDENTIALS:
flash('Invalid username or password. Please try again.', 'danger')
return render_template('login.html', form=form)
user = User.query.filter_by(username=username).first()
if not user:
user = User(username, password)
db.session.add(user)
db.session.commit()
login_user(user)
return redirect(url_for('auth.home'))
if form.errors:
flash(form.errors, 'danger')
return render_template('login.html', form=form)
def load_db():
users = get_users()
for us in users:
u = User(name=us.name, email=us.email, password=us.password)
db.session.add(u)
db.session.commit()
def test_reset_password(self, db):
pass_before_reset = hash_password('beforereset')
user = User(email='*****@*****.**',
first_name='forgot',
last_name='password',
hashed_password=pass_before_reset,
email_verified=True)
db.add(user)
db.commit()
reset_token = password_reset_token(user.email)
data = {'token': reset_token, 'password': '******'}
response = client.post(app.url_path_for('password_reset_confirm'),
json=data)
assert response.status_code == status.HTTP_200_OK
# log in with new password
data = {'username': user.email, 'password': '******'}
response = client.post(app.url_path_for('login'), data=data)
assert response.status_code == status.HTTP_200_OK
assert 'access_token' in response.json()
# confirm cannot login with old password:
data = {'username': user.email, 'password': '******'}
response = client.post(app.url_path_for('login'), data=data)
assert response.status_code == status.HTTP_401_UNAUTHORIZED
assert 'access_token' not in response.json()
def init_database():
"""
This method will create
the database.
:return: None
"""
from app.auth.models import User
db.create_all()
try:
email = "*****@*****.**"
password = "******"
hashed_password = get_hashed_password(password)
user1 = User(name="TestUser", email=email, password=hashed_password)
# Insert user data
db.session.add(user1)
# Commit changes for user
db.session.commit()
yield db # This is where testing happens
except Exception as err:
logger.info(err)
raise Exception(err)
finally:
db.session.remove()
db.drop_all()
def signup():
"""
Handle requests to the /signup route
Add an user to the database through the registration form
"""
form = RegisterForm()
if form.validate_on_submit():
email = form.email.data
# Add a check for specific email domain
# dumb trick
if email.endswith('@example.com'):
user = User(email=form.email.data,
name=form.name.data,
password=form.password.data)
user.is_admin = False
# add user to the database
db.session.add(user)
db.session.commit()
flash('You have successfully registered! You may now login.')
# redirect to the login page
return redirect(url_for('auth.signin'))
else:
# redirect to the login page as the email domain does not match
flash("Sorry, We are not accepting users at this time.")
return redirect(url_for('home.index'))
# load registration template
return render_template('auth/signup.html', form=form)
def signup():
status_code = HTTPStatus.CREATED
if request.method == "POST":
email = request.form.get("email")
name = request.form.get("name")
password = request.form.get("password")
user = User.query.filter_by(email=email).first()
"""If user exists shows an error and redirects to signup to try
with other user.
"""
if user:
RESPONSE_BODY["message"] = "User already exist!"
RESPONSE_BODY["errors"].append("User already exist")
status_code = HTTPStatus.BAD_REQUEST
return RESPONSE_BODY, status_code
"""Creates new user in DB with hashed password for security reasons"""
new_user = User(email=email,
name=name,
password=generate_password_hash(password,
method="sha256"))
db.session.add(new_user)
db.session.commit()
user = User.query.filter_by(email=email).first()
login_user(user, remember=False)
RESPONSE_BODY["message"] = "Singup successfully"
RESPONSE_BODY["data"] = {"redirect": url_for('products.catalog')}
status_code = HTTPStatus.OK
return RESPONSE_BODY, status_code
else:
RESPONSE_BODY["message"] = "Method not Allowed"
status_code = HTTPStatus.METHOD_NOT_ALLOWED
return RESPONSE_BODY, status_code
def post(self):
# get the post data
post_data = request.get_json()
# check if user already exists
user = User.query.filter_by(email=post_data.get('email')).first()
if not user:
try:
user = User(email=post_data.get('email'),
password=post_data.get('password'))
# insert the user
db.session.add(user)
db.session.commit()
# generate the auth token
auth_token = user.encode_auth_token(user.id)
responseObject = {
'status': 'success',
'message': 'Successfully registered.',
'email': user.email,
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 201
except Exception:
responseObject = {
'status': 'fail',
'message': 'Some error occurred. Please try again.'
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'User already exists. Please Log in.',
}
return make_response(jsonify(responseObject)), 202
def register():
form = RegForm()
if form.validate_on_submit():
error = False
user_name = User.query.filter_by(name=form.name.data).first()
user_email = User.query.filter_by(email=form.email.data).first()
if user_name:
error = True
flash(
f'User name {user_name.name} is already used. Choose a different one',
'warning')
if user_email:
error = True
flash(
f'Email {user_email.email} is already used. Choose a different one',
'warning')
if not error:
name = form.name.data
email = email = form.email.data
password = generate_password_hash(form.password.data)
user = User(name=name,
email=email,
password=password,
role=1,
status=1)
db.session.add(user)
db.session.commit()
flash('Registration successful!', 'success')
return redirect(url_for('auth.login'))
return render_template('/auth/register.html', form=form)
