def app_login():
"""这是app端登陆的方法。app端发送取得的token,这里再取到用户信息进去注册或者登陆"""
access_token = request.json.get('access_token')
userid = request.json.get('userid')
appkey = current_app.config['APPKEY_QQ_MOBILE']
userInfoUrl = str.format('https://graph.qq.com/user/get_user_info?oauth_consumer_key={0}&access_token={1}&openid={2}&format=json', appkey, access_token, userid)
print userInfoUrl
res = requests.get(str.format('https://graph.qq.com/user/get_user_info?oauth_consumer_key={0}&access_token={1}&openid={2}&format=json', appkey, access_token, userid))
resJson = res.json()
if resJson['ret'] != 0:
return jsonres(rv=resJson)
userinfo = resJson
security = current_app.extensions['security']
datastore = security.datastore
user = datastore.find_user(openid=userid, provider='qq')
if user is None:
user = datastore.create_user(openid=userid, provider='qq', nickname=userinfo['nickname'], avatar=userinfo['figureurl_qq_1'], bind_remind=0)
datastore.commit()
else:
# 这里把user的openid当成password了~其实这个passwd谁也不知道~只是后面用业生成token时,如果password为空,security里生成token会报错
if user.password is None:
user.password = userid
datastore.commit()
pass
# print 'user :'******'is here'
login_user(user)
# print user.get_auth_token()
loginRes = dict(authentication_token=user.get_auth_token(), nickname=(user.nickname or user.email), avatar=user.avatar)
return jsonres(rv=dict(user=loginRes))
def Login():
# print 'Headers'
# for key, value in request.headers.items():
# print key, value
# print request.json['username']
# for key, value in request.values.items():
# print 'keys', key
# print 'values', value, '#' * 20
# print '=' * 50
# if request.form.get('username') and request.form.get('password'):
if request.json['username'] and request.json['password']:
# username = request.form.get('username')
username = request.json['username']
# password = request.form.get('password')
password = request.json['password']
user = Users.objects(username=username).first()
if user is None:
return jsonify({'code': 4000, 'message': 'Username or password is wrong!'})
if not user.password == hashpasswd(password):
return jsonify({'code': 4000, 'message': 'Username or password is wrong!'})
login_user(user)
print 'Login successfully', '#' * 100
time_ = int(time.time())
token = jwt.encode({'time': time_}, Config.TOKEN_KEY, algorithm='HS256')
return jsonify({'code': 2000, 'token': token})
else:
return jsonify({'code': 6000, 'message': 'Username or password is wrong!'})
def _create_deposit(user, schema_name, metadata=None, experiment=None, publish=False):
"""
Create a new deposit for given user and schema name
e.g cms-analysis-v0.0.1,
with minimal metadata defined for this schema type.
"""
with app.test_request_context():
# create schema for record
create_schema('records/{}'.format(schema_name), is_deposit=False,
experiment='CMS')
# create schema for deposit
schema = create_schema('deposits/records/{}'.format(schema_name),
experiment=experiment)
metadata = metadata or minimal_metadata(jsonschemas_host,
'deposits/records/{}'.format(schema_name))
login_user(user)
id_ = uuid4()
deposit_minter(id_, metadata)
deposit = Deposit.create(metadata, id_=id_)
if publish:
deposit.publish()
_, record = deposit.fetch_published()
RecordIndexer().index(record)
current_search.flush_and_refresh('records')
current_search.flush_and_refresh(schema.index_name)
return Deposit.get_record(deposit.id)
def register():
try:
data = registerSchema.validate(request.json)
except SchemaError as e:
error = {
'code': 'auth.register.invalid',
'message': 'Invalid data for register',
'details': str(e)
}
return jsonify(error=error), 403
if User.by_username(request.json['username']).count() > 0:
error = {
'code': 'auth.register.username_taken',
'message': 'Username already taken'
}
return jsonify(error=error), 403
if User.by_email(request.json['email']).count() > 0:
error = {
'code': 'auth.register.email_in_use',
'message': 'A user with the supplied email already exists'
}
return jsonify(error=error), 403
user = userstore.create_user(**data)
session.add(user)
session.commit()
login_user(user, True)
auth_token = user.get_auth_token()
return jsonify(user=user.as_personal_json(),
auth_token=auth_token), 201
def test_basic_workflow(app, db, users, deposit):
"""Test simple deposit publishing workflow."""
with app.test_request_context(environ_base={'REMOTE_ADDR': '127.0.0.1'}):
datastore = app.extensions['security'].datastore
login_user(datastore.get_user(users[0]['email']))
deposit.files['one.txt'] = BytesIO(b'Test')
deposit.files['two.txt'] = BytesIO(b'Test2')
deposit = deposit.publish()
# Should create one SIP, one RecordSIP and two SIPFiles
assert SIP.query.count() == 1
assert RecordSIP.query.count() == 1
assert SIPFile.query.count() == 2
sip = SIP.query.one()
assert sip.user_id == users[0]['id']
assert sip.agent['email'] == users[0]['email']
assert sip.agent['ip_address'] == '127.0.0.1'
assert len(sip.sip_files) == 2
assert sip.sip_files[0].sip_id == sip.id
assert sip.sip_files[1].sip_id == sip.id
# Publishing the second time shuld create a new SIP and new RecordSIP
# but no new SIPFiles. This is under assumption that users cannot
# upload new files to the already published deposit.
deposit = deposit.edit()
deposit['title'] = 'New Title'
deposit = deposit.publish()
assert SIP.query.count() == 2
assert RecordSIP.query.count() == 2
assert SIPFile.query.count() == 2
# Fetch the last RecordSIP and make sure, that
# the corresponding SIP doesn't have any files
recsip = RecordSIP.query.order_by(RecordSIP.created.desc()).first()
assert not recsip.sip.sip_files
def user_box(the_user):
which_user = User.query.filter(User.name == str(the_user)).first()
if current_user.__name__ is 'AnonymousUser':
return redirect(url_for("index"))
if which_user is None or current_user is None:
return redirect(url_for("index"))
login_user(which_user)
email_domain = which_user.email.split("@", 1)[1]
if email_domain == 'demo.com':
demo = True
else:
demo = False
try:
port_4000 = urllib2.urlopen(str(request.url) + '/website')
port_4000 = True
print "port 4000 website found"
except Exception:
print "no port 4000 site"
port_4000 = False
time_left = which_user.dhbox_duration - DockerBackend.how_long_up(which_user.name)
time_left = DockerBackend.display_time(time_left)
resp = make_response(render_template('dhbox.html',
user=the_user,
apps=filter(lambda app: app.get('hide', False) != True, all_apps),
demo=demo,
time_left=time_left,
bootstrap_container='container-fluid',
fixed_scroll='fixed_scroll',
port_4000=port_4000
)
)
return resp
def logged_user_fixture(app, client, user_fixture):
"""Find user and log in it."""
with app.app_context():
datastore = app.extensions['security'].datastore
user = datastore.find_user(email='*****@*****.**')
login_user(user)
return user
def permission(self):
invitekey = request.args.get(INVITE_KEY_URLARG, None)
if invitekey:
permitted = True
invite = Invite.query.filter_by(invitekey=invitekey).one()
user = localuser2user(invite.user)
if current_user != user:
# log out and in automatically
# see https://flask-security-too.readthedocs.io/en/stable/api.html#flask_security.login_user
logout_user()
login_user(user)
db.session.commit()
flash('you have been automatically logged in as {}'.format(current_user.name))
# at this point, if current_user has the target user (may have been changed by invitekey)
# check role permissions, permitted = True (from above) unless determined otherwise
roles_accepted = MEETINGS_MEMBER_ROLES
allowed = False
for role in roles_accepted:
if current_user.has_role(role):
allowed = True
break
if not allowed:
permitted = False
# no rsvpkey, not permitted
else:
permitted = False
return permitted
def test_cleanup_indexed_deposits(app, db, es, locations, users,
deposit_metadata, sip_metadata_types):
with app.test_request_context():
datastore = app.extensions['security'].datastore
login_user(datastore.get_user(users[0]['email']))
id_ = uuid4()
depid = zenodo_deposit_minter(id_, deposit_metadata)
ZenodoDeposit.create(deposit_metadata, id_=id_)
# Emulate a database "failure", which would wipe any models in the session
db.session.remove()
current_search.flush_and_refresh(index='deposits')
# Deposit has been indexed in ES, but not commimted in DB
assert PersistentIdentifier.query.filter(
PersistentIdentifier.pid_type == depid.pid_type,
PersistentIdentifier.pid_value == depid.pid_value).count() == 0
assert (RecordsSearch(index='deposits').get_record(id_).execute()[0]
._deposit.id == depid.pid_value)
cleanup_indexed_deposits.apply()
current_search.flush_and_refresh(index='deposits')
assert PersistentIdentifier.query.filter(
PersistentIdentifier.pid_type == depid.pid_type,
PersistentIdentifier.pid_value == depid.pid_value).count() == 0
assert len(RecordsSearch(index='deposits').get_record(id_).execute()) == 0
def demonstration():
username = '******' + ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(10))
demo_user_object = user_datastore.create_user(email=username + '@demo.com', name=username, password='******', dhbox_duration=3600)
db.session.commit()
login_user(demo_user_object)
DockerBackend.demo_dhbox(username)
return redirect('/dhbox/' + username)
def new_dhbox():
data = {key: request.form.getlist(key)[0] for key in request.form.keys()}
for key in data:
users_dict = key
users_dict = ast.literal_eval(users_dict)
users = users_dict['users']
for user in users:
if 'name' in user:
if 'email' in user: # Then is DH Box admin
name_check = User.query.filter(User.name == user['name']).first()
email_check = User.query.filter(User.name == user['email']).first()
if name_check or email_check:
print "Username taken. Already has a DH Box."
return str('failure')
admin_user = user['name']
admin_email = user['email']
admin_pass = user['pass']
if user['duration'] == 'day':
duration = 86400
elif user['duration'] == 'week':
duration = 604800
else:
duration = 2592000
# if user['duration'] == 'week':
# duration = 604800
# elif user['duration'] == 'month':
# duration = 2592000
# else:
# duration = 13148730
admin_user_object = user_datastore.create_user(email=user['email'], name=user['name'], password=user['pass'], dhbox_duration=duration)
db.session.commit()
login_user(admin_user_object)
the_new_dhbox = DockerBackend.setup_new_dhbox(admin_user, admin_pass, admin_email)
return str('Successfully created a new DH Box.')
def test_account_setup(app, example_cern, models_fixture):
"""Test account setup after login."""
with app.test_client() as c:
ioc = app.extensions['oauthlib.client']
# Ensure remote apps have been loaded (due to before first request)
resp = c.get(url_for('invenio_oauthclient.login', remote_app='cern'))
assert resp.status_code == 302
example_response, example_token, example_account_info = example_cern
mock_response(app.extensions['oauthlib.client'], 'cern',
example_token)
mock_remote_get(ioc, 'cern', example_response)
resp = c.get(url_for(
'invenio_oauthclient.authorized',
remote_app='cern', code='test',
state=get_state('cern')))
assert resp.status_code == 302
assert resp.location == ('http://localhost/account/settings/'
'linkedaccounts/')
assert len(g.identity.provides) == 7
datastore = app.extensions['invenio-accounts'].datastore
user = datastore.find_user(email='*****@*****.**')
assert user
with app.test_request_context():
resp = disconnect_handler(ioc.remote_apps['cern'])
assert resp.status_code >= 300
login_user(user)
assert len(g.identity.provides) == 7
disconnect_handler(ioc.remote_apps['cern'])
def post(self):
"""
登录
---
tags:
- login
parameters:
- in: formData
name: username
type: string
required: true
- in: formData
name: password
type: string
required: true
responses:
200:
description: 用户登录
schema:
id: User
properties:
id:
type: string
description: 用户id
default: Steven Wilson
name: code
"""
args = parser.parse_args()
try:
if not all([args['username'], args['password']]):
raise Exception('Incorrect username or password.')
users = Users.query.filter_by(username=args['username']).first()
# print('status:', users.verify_password(args['password']))
# if not users or not users.verify_password(args['password']):
if not users:
raise Exception('Incorrect username or password.')
else:
if not users.verify_password(args['password']):
raise Exception('Incorrect username or password.')
else:
login_user(users, True)
token = users.generate_auth_token()
# token = create_token(users.id, users.username)
data = {
'token': token,
'id': users.id,
'username': users.username,
'email': users.email,
'mobile': users.mobile,
'department': users.department,
'job': users.job,
'location': users.location,
'sex': users.sex,
'remarks': users.remarks
}
session[token] = True
except Exception as e:
return set_return_val(False, {}, str(e), 1301), 400
return set_return_val(True, data, 'login successful', 1300)
def test_project_publish_with_workflow(api_app, users, api_project, es):
"""Test publish a project with a workflow."""
project, video_1, video_2 = api_project
prepare_videos_for_publish([video_1, video_2])
project_depid = project['_deposit']['id']
project_id = str(project.id)
video_1_depid = video_1['_deposit']['id']
video_1_id = str(video_1.id)
video_2_depid = video_2['_deposit']['id']
receiver_id = 'test_project_publish_with_workflow'
workflow_receiver_video_failing(api_app,
db,
video_1,
receiver_id=receiver_id)
headers = [('Content-Type', 'application/json')]
payload = json.dumps(dict(somekey='somevalue'))
with mock.patch('invenio_indexer.tasks.index_record.delay') \
as mock_indexer, \
api_app.test_request_context(headers=headers, data=payload):
event = Event.create(receiver_id=receiver_id)
db.session.add(event)
event.process()
# check video and project are indexed
assert mock_indexer.called is True
ids = get_indexed_records_from_mock(mock_indexer)
assert video_1_id == ids[0]
assert project_id == ids[1]
db.session.commit()
# check tasks status is propagated to video and project
video_1 = deposit_video_resolver(video_1_depid)
expected = {u'add': u'SUCCESS', u'failing': u'FAILURE'}
assert video_1['_cds']['state'] == expected
assert video_1.project['_cds']['state'] == expected
events = get_deposit_events(deposit_id=video_1_depid)
assert len(events) == 1
def check(project_status, video_1_status, video_2_status):
project = deposit_project_resolver(project_depid)
video_1 = deposit_video_resolver(video_1_depid)
video_2 = deposit_video_resolver(video_2_depid)
assert project.status == project_status
assert video_1.status == video_1_status
assert video_2.status == video_2_status
check('draft', 'draft', 'draft')
login_user(User.query.get(users[0]))
video_2 = deposit_video_resolver(video_2_depid)
video_2.publish()
check('draft', 'draft', 'published')
project = deposit_project_resolver(project_depid)
project.publish()
check('published', 'published', 'published')
def test_sync_records_with_deposits(app, db, location, users,
project_deposit_metadata,
video_deposit_metadata):
"""Test sync records with deposits task."""
# create a project
project = Project.create(project_deposit_metadata)
project_deposit_metadata['report_number'] = ['123']
# create new video
video_deposit_metadata['_project_id'] = project['_deposit']['id']
deposit = Video.create(video_deposit_metadata)
depid = deposit['_deposit']['id']
# insert objects inside the deposit
ObjectVersion.create(deposit.files.bucket,
"obj_1").set_location("mylocation1", 1, "mychecksum1")
ObjectVersion.create(deposit.files.bucket,
"obj_2").set_location("mylocation2", 1, "mychecksum2")
ObjectVersion.create(deposit.files.bucket,
"obj_3").set_location("mylocation3", 1, "mychecksum3")
obj_4 = ObjectVersion.create(deposit.files.bucket,
"obj_4").set_location("mylocation4", 1,
"mychecksum4")
# publish
login_user(User.query.get(users[0]))
prepare_videos_for_publish([deposit])
deposit = deposit.publish()
_, record = deposit.fetch_published()
assert deposit.is_published() is True
# add a new object
ObjectVersion.create(deposit.files.bucket,
"obj_new").set_location("mylocation_new", 1,
"mychecksum")
# modify obj_1
ObjectVersion.create(deposit.files.bucket,
"obj_new").set_location("mylocation2.1", 1,
"mychecksum2.1")
# delete obj_3
ObjectVersion.delete(deposit.files.bucket, "obj_3")
# remove obj_4
obj_4.remove()
# check video and record
files = ['obj_1', 'obj_2', 'obj_3', 'obj_4']
edited_files = ['obj_1', 'obj_2', 'obj_3', 'obj_new']
check_deposit_record_files(deposit, edited_files, record, files)
# try to sync deposit and record
sync_records_with_deposit_files.s(deposit_id=depid).apply_async()
# get deposit and record
deposit = deposit_video_resolver(depid)
_, record = deposit.fetch_published()
assert deposit.is_published() is True
# check that record and deposit are sync
re_edited_files = edited_files + ['obj_4']
check_deposit_record_files(deposit, edited_files, record, re_edited_files)
def test_create_deposit_with_empty_schema_returns_wrong_schema_error(
app, users, location, jsonschemas_host):
with app.test_request_context():
metadata = {'$schema': ''}
login_user(users['superuser'])
id_ = uuid4()
with raises(WrongJSONSchemaError):
Deposit.create(metadata, id_=id_)
def login_user(self, **kwargs) -> str:
data = filter_by_keys(kwargs, auth_login_sw_model.keys())
user = self.auth_user_login_serializer.load(data)
token = generate_login_token(user)
# TODO: Pending to testing whats happen if add a new field in user model when a user is logged
flask_security.login_user(user)
return token
def test_create_deposit_with_non_object_data_returns_wrong_schema_error(
app, users, location, jsonschemas_host):
with app.test_request_context():
metadata = 5
login_user(users['superuser'])
id_ = uuid4()
with raises(EmptyDepositError):
Deposit.create(metadata, id_=id_)
def test_only_videos(db, api_project, users):
"""Test only videos."""
login_user(User.query.get(users[0]))
(project, video_1, video_2) = api_project
prepare_videos_for_publish([video_1, video_2])
for i, video in enumerate([video_1, video_2]):
video = video.publish()
check_deposit(video, 'CERN-MOVIE-2017-1-{}'.format(i + 1))
def test_account_setup(app_rest, example_cern_openid_rest, models_fixture):
"""Test account setup after login."""
with app_rest.test_client() as c:
ioc = app_rest.extensions['oauthlib.client']
# Ensure remote apps have been loaded (due to before first request)
resp = c.get(
url_for('invenio_oauthclient.rest_login',
remote_app='cern_openid'))
assert resp.status_code == 302
example_response, example_token, example_account_info = \
example_cern_openid_rest
mock_response(app_rest.extensions['oauthlib.client'], 'cern_openid',
example_token)
mock_remote_get(ioc, 'cern_openid', example_response)
resp = c.get(
url_for('invenio_oauthclient.rest_authorized',
remote_app='cern_openid',
code='test',
state=get_state('cern_openid')))
assert resp.status_code == 302
expected_url_args = {
"message": "Successfully authorized.",
"code": 200,
}
check_response_redirect_url_args(resp, expected_url_args)
assert len(g.identity.provides) == 3
datastore = app_rest.extensions['invenio-accounts'].datastore
user = datastore.find_user(email='*****@*****.**')
user.password = hash_password("1234")
assert user
with app_rest.test_request_context():
resp = disconnect_rest_handler(ioc.remote_apps['cern_openid'])
assert resp.status_code >= 300
# simulate login (account_info fetch)
g.oauth_logged_in_with_remote = ioc.remote_apps['cern_openid']
login_user(user)
assert len(g.identity.provides) == 3
logout_user()
assert len(g.identity.provides) == 1
assert "cern_resource" not in session
assert OAUTHCLIENT_CERN_OPENID_SESSION_KEY not in session
# Login again to test the disconnect handler
g.oauth_logged_in_with_remote = ioc.remote_apps['cern_openid']
login_user(user)
assert len(g.identity.provides) == 3
disconnect_rest_handler(ioc.remote_apps['cern_openid'])
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
current_app.logger.debug('CODE IS: %s' %code)
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send a request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=request.url,
redirect_url=request.base_url,
code=code
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(_clientId, _clientSecret)
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that you have tokens (yay) let's find and hit the URL
# from Google that gives you the user's profile information,
# including their Google profile image and email
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
current_app.logger.debug('USR_NFO_EPT: %s' %userinfo_endpoint)
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
# You want to make sure their email is verified.
# The user authenticated with Google, authorized your
# app, and now you've verified their email through Google!
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
picture = userinfo_response.json()["picture"]
users_name = userinfo_response.json()["given_name"]
if users_email is not None:
user = User.query.filter(func.lower(User.email) == func.lower(users_email)).one_or_none()
if user is None:
password = ''.join(choice(ascii_uppercase + ascii_lowercase + digits) for _ in range(16))
user = register_user(password=password, email=users_email.lower(), active=True, confirmed_at=datetime.now())
login_user(user, remember=False)
else:
return "User email not available or not verified by Google.", 400
return redirect('/')
def depid(app, users, db):
"""New deposit with files."""
record = {'title': {'title': 'fuu'}}
with app.test_request_context():
login_user(User.query.get(users[0]))
deposit = Deposit.create(record)
deposit.commit()
db.session.commit()
return deposit['_deposit']['id']
def test_project_and_videos(db, api_project, users):
"""Test project and video."""
login_user(User.query.get(users[0]))
(project, video_1, video_2) = api_project
prepare_videos_for_publish([video_1, video_2])
project = project.publish()
check_deposit(project, 'CERN-MOVIE-2017-1')
for i, video in enumerate(record_video_resolver_sorted(project.video_ids)):
check_deposit(video, 'CERN-MOVIE-2017-1-{}'.format(i + 1))
def test_dataset(app, users, minimal_record_model, recid_pid):
"""Testing the dumping of files in Open Access datasets."""
with app.test_request_context():
datastore = app.extensions['security'].datastore
login_user(datastore.get_user(users[0]['email']))
assert minimal_record_model['access_right'] == 'open'
minimal_record_model['resource_type'] = dict(type='dataset')
minimal_record_model['method'] = 'microscopic supersampling'
minimal_record_model['_files'] = [
{
'bucket': '22222222-2222-2222-2222-222222222222',
'version_id': '11111111-1111-1111-1111-111111111111',
'file_id': '22222222-3333-4444-5555-666666666666',
'checksum': 'md5:11111111111111111111111111111111',
'key': 'test',
'size': 4,
'type': 'txt',
},
{
'bucket': '22222222-2222-2222-2222-222222222222',
'version_id': '11111111-1111-1111-1111-111111111112',
'file_id': '22222222-3333-4444-5555-666666666667',
'checksum': 'md5:11111111111111111111111111111112',
'key': 'test2',
'size': 1000000,
'type': 'pdf',
},
]
data, err = schemaorg.Dataset().dump(
dict(metadata=minimal_record_model))
assert not err
assert data['distribution'] == [{
u'@type':
u'DataDownload',
u'contentUrl':
u'https://localhost/api/files/'
u'22222222-2222-2222-2222-222222222222/test',
u'encodingFormat':
u'txt'
}, {
u'@type':
u'DataDownload',
u'contentUrl':
u'https://localhost/api/files/'
u'22222222-2222-2222-2222-222222222222/test2',
u'encodingFormat':
u'pdf'
}]
assert data['measurementTechnique'] == 'microscopic supersampling'
for right in ['closed', 'embargoed', 'restricted']:
minimal_record_model['access_right'] = right
data, err = schemaorg.Dataset().dump(
dict(metadata=minimal_record_model))
assert not err
assert 'distribution' not in data
def draft_json(running_app, client, minimal_record, users, headers):
"""RDM Draft fixture."""
login_user(users[0], remember=True)
login_user_via_session(client, email=users[0].email)
response = client.post(
"/records", json=minimal_record, headers=headers
)
return response.json
def wrapper(*args, **kwargs):
token = request.headers.get("authorization")
if not token.startswith("Bearer "):
raise Unauthorized(
"You must include an authorization token to continue")
token = token[len("Bearer "):]
user, payload = User.decode_auth_token(token)
login_user(user)
return fn(*args, **kwargs)
def test_project_permissions(es, location, deposit_metadata, users):
"""Test deposit permissions."""
deposit = Project.create(deposit_metadata)
deposit.commit()
user = User.query.get(users[0])
login_user(user)
assert not has_update_permission(user, deposit)
deposit['_access'] = {'update': [user.id]}
assert has_update_permission(user, deposit)
def post(self):
""" Create a new user
---
tags:
- users
parameters:
- in: body
required: true
schema:
type: object
properties:
name:
type: string
email:
type: string
example: '*****@*****.**'
password:
type: string
responses:
200:
schema:
type: object
properties:
message:
type: string
400:
schema:
type: object
properties:
error:
type: string
"""
data = request.get_json()
# Validate email
r = re.compile("[^@]+@[^@]+\.[^@]+")
if not r.match(data['email']):
return {'error': "Invalid email"}, 400
# Check if already in use
user = user_datastore.find_user(email=data['email'])
if user is not None:
return {'error': "User already exists"}, 400
email = data['email']
password = bcrypt.hashpw(data['password'].encode('utf-8'),
bcrypt.gensalt(12))
user = user_datastore.create_user(email=email, password=password)
db.session.flush()
db.session.commit()
flask_security.login_user(user)
return {'message': "User created"}, 200
def test_cli_action_allow(app, script_info, community, authenticated_user, db):
runner = CliRunner()
app.config['SQLALCHEMY_DATABASE_URI'] = os.getenv(
'SQLALCHEMY_DATABASE_URI', 'sqlite://')
role = community[1].roles[0]
current_datastore.add_role_to_user(authenticated_user, role)
read_need = action_factory(COMMUNITY_READ, parameter=True)
login_user(authenticated_user)
assert not Permission(read_need(community[0])).allows(g.identity)
def login_request_and_session(user, client):
"""Logs in the user in the current request AND the current session.
We want to login without posting to 'ldap-login/', so that we don't depend
on LDAP for tests. We want to be logged in on both the current request
and the current session because a request context is pushed by the client
fixture and the client needs to have its session logged in.
"""
login_user(user, remember=True)
login_user_via_session(client, email=user.email)
def test_login_audit_columns(self, app):
with app.test_request_context():
alice = users.get_user("alice")
login_count = alice.login_count
login_user(alice)
# time is frozen, so it should work
assert alice.last_login_at == datetime.utcnow()
assert alice.login_count == login_count + 1
def login_user(self, user, remember):
"""
Login user
:param user:
:param remember:
:return:
"""
login_user(user, remember=remember)
db.session.commit()
return True
def deposit(app, es, users, location, db):
"""New deposit with files."""
record = {'title': 'fuu'}
with app.test_request_context():
login_user(users[0])
deposit = Deposit.create(record)
deposit.commit()
db.session.commit()
sleep(2)
return deposit
def login_custom():
user = app.security.datastore.find_user(email=e)
login_user(user)
@after_this_request
def save_user(response):
app.security.datastore.commit()
return response
return redirect("/")
def sigin():
phone = request.json.get("phone")
password = request.json.get("password")
remeber_me = request.json.get('remeber_me')
user = User.query.filter_by(phone = phone).first()
if user is not None and verify_password(password,user.password):
login_user(user, remeber_me)
g.user = user
return jsonify({'user_id':user.id,'token':user.get_auth_token()}),201
return jsonify(401)
def test_create_permission_factory(logged_in, allowed, create_user,
request_ctx):
user = create_user()
if logged_in:
login_user(user)
record = {}
permission = CreatePermission.create(record)
assert permission.can() == allowed
def test_default_sls_handler(appctx, users):
"""Test default SLS handler."""
with appctx.test_request_context():
user = User.query.filter_by(email='*****@*****.**').one()
login_user(user)
assert current_user.is_authenticated
# call the SLS handler
next_url = default_sls_handler(None, '/foo')
assert not current_user.is_authenticated
assert next_url == '/foo'
def login_user(self, user, remember):
"""
Login user
:param user:
:param remember:
:return:
"""
login_user(user, remember=remember)
db.session.commit()
return True
def client_with_credentials(db, client, user, role):
"""Log in a user to the client."""
current_datastore.add_role_to_user(user, role)
action = current_access.actions["superuser-access"]
db.session.add(ActionUsers.allow(action, user_id=user.id))
login_user(user, remember=True)
login_user_via_session(client, email=user.email)
return client
def test_create_deposit_with_empty_schema_raises_DepositValidationError(
app, users, location, jsonschemas_host):
metadata = {'$schema': ''}
with app.test_request_context():
login_user(users['superuser'])
id_ = uuid4()
with raises(DepositValidationError):
Deposit.create(metadata, id_=id_)
def deposit(app, es, users, locations, deposit_metadata, sip_metadata_types):
"""New deposit with files."""
with app.test_request_context():
datastore = app.extensions['security'].datastore
login_user(datastore.get_user(users[0]['email']))
id_ = uuid4()
zenodo_deposit_minter(id_, deposit_metadata)
deposit = Deposit.create(deposit_metadata, id_=id_)
db_.session.commit()
current_search.flush_and_refresh(index='deposits')
return deposit
def test_dataset(app, users, minimal_record_model, recid_pid):
"""Testing the dumping of files in Open Access datasets."""
with app.test_request_context():
datastore = app.extensions['security'].datastore
login_user(datastore.get_user(users[0]['email']))
assert minimal_record_model['access_right'] == 'open'
minimal_record_model['resource_type'] = dict(type='dataset')
minimal_record_model['method'] = 'microscopic supersampling'
minimal_record_model['_files'] = [
{
'bucket': '22222222-2222-2222-2222-222222222222',
'version_id': '11111111-1111-1111-1111-111111111111',
'file_id': '22222222-3333-4444-5555-666666666666',
'checksum': 'md5:11111111111111111111111111111111',
'key': 'test',
'size': 4,
'type': 'txt',
},
{
'bucket': '22222222-2222-2222-2222-222222222222',
'version_id': '11111111-1111-1111-1111-111111111112',
'file_id': '22222222-3333-4444-5555-666666666667',
'checksum': 'md5:11111111111111111111111111111112',
'key': 'test2',
'size': 1000000,
'type': 'pdf',
},
]
data, err = schemaorg.Dataset().dump(
dict(metadata=minimal_record_model))
assert not err
assert data['distribution'] == [
{
u'@type': u'DataDownload',
u'contentUrl': u'https://localhost/api/files/'
u'22222222-2222-2222-2222-222222222222/test',
u'fileFormat': u'txt'
},
{
u'@type': u'DataDownload',
u'contentUrl': u'https://localhost/api/files/'
u'22222222-2222-2222-2222-222222222222/test2',
u'fileFormat': u'pdf'
}
]
assert data['measurementTechnique'] == 'microscopic supersampling'
for right in ['closed', 'embargoed', 'restricted']:
minimal_record_model['access_right'] = right
data, err = schemaorg.Dataset().dump(
dict(metadata=minimal_record_model))
assert not err
assert 'distribution' not in data
def test_create_deposit_with_empty_schema_raises_DepositValidationError(app,
users,
location,
jsonschemas_host):
metadata = {'$schema': ''}
with app.test_request_context():
login_user(users['superuser'])
id_ = uuid4()
with raises(DepositValidationError):
Deposit.create(metadata, id_=id_)
def deposit(app, es, users, location):
"""New deposit with files."""
record = {
'title': 'fuu'
}
with app.test_request_context():
login_user(users[0])
deposit = Deposit.create(record)
deposit.commit()
db_.session.commit()
sleep(2)
return deposit
def openid_login(provider):
"""Return OAuth2 login view for the given provider.
:param provider: OAuth2 provider.
"""
# get parser for provider
parser = eval(str.format('{0}_parser', provider.lower()))
code = request.args.get('code')
oauth_kwargs = current_app.config[str.format('OAUTH_{0}', provider.upper())]
c = Client(**oauth_kwargs)
# get request token
c.request_token(parser=parser, redirect_uri=current_app.config['KINORSI_SERVER_HOST'], grant_type='authorization_code', code=code)
if hasattr(c, 'error') and c.error != 0:
current_app.logger.info(c.error_description)
return redirect(url_for_security('login'))
else:
session[u'access_token'] = c.access_token
session[u'refresh_token'] = c.refresh_token
session[u'expires_in'] = c.expires_in
# get open id
res = c.request("/oauth2.0/me", parser=parser)
res['oauth_consumer_key'] = res['client_id']
# get nickname.
user_info = c.request('/user/get_user_info?' + urllib.urlencode(res), method='GET', parser=parser)
# 看看是不是已经在数据库中了,没有就写一个
security = current_app.extensions['security']
datastore = security.datastore
user = datastore.find_user(openid=res['openid'], provider=provider.lower())
if user is None:
user = datastore.create_user(openid=res['openid'], provider=provider.lower(), nickname=user_info['nickname'], avatar=user_info['figureurl_qq_1'])
datastore.commit()
else:
pass
#print 'user :'******'is here'
login_user(user)
next_url = get_url(request.args.get('next')) or get_url(request.form.get('next')) \
or current_app.extensions['security'].post_login_view or ''
# 如果用户没有绑定,可以让用户尝试进行首次的帐号绑定。如果不绑也可以在以后再绑
# 2014-12-5 先去掉绑定功能。不然似乎有点复杂过头了。
if user.bind_username is None and user.bind_email is None and (user.bind_remind is None or user.bind_remind ):
form_class = _security.login_form
form = form_class()
form.next.data = next_url
return render_template('security/bind_user.html', bind_form=form)
return redirect(next_url)
def test_created_by_population(app, db, users):
"""Test created_by gets populated correctly."""
record = {
'title': 'fuu'
}
deposit = Deposit.create(record)
assert 'created_by' not in deposit['_deposit']
with app.test_request_context():
login_user(users[0])
deposit = Deposit.create(record)
assert deposit['_deposit']['created_by'] == users[0].id
def deposit(app, es, users, location):
"""New deposit with files."""
record = {
'title': 'fuu'
}
with app.test_request_context():
datastore = app.extensions['security'].datastore
login_user(datastore.find_user(email=users[0]['email']))
deposit = Deposit.create(record)
deposit.commit()
db.session.commit()
sleep(2)
return deposit
def login():
form = LoginForm(request.form)
if request.method == 'POST':
if form.validate_on_submit():
login_user(form.user)
after_this_request(_commit)
flash("You are now logged in.", 'success')
if request.args.get("next"):
return redirect(request.args.get("next"))
else:
return redirect(url_for('public.overview'))
else:
flash_errors(form)
return render_template("public/login.html", form=form)
def test_created_by_population(api, users):
"""Test created_by gets populated correctly."""
record = {
'title': 'fuu'
}
deposit = Deposit.create(record)
assert 'created_by' not in deposit['_deposit']
with api.test_request_context():
datastore = api.extensions['security'].datastore
login_user(datastore.find_user(email=users[0]['email']))
deposit = Deposit.create(record)
assert deposit['_deposit']['created_by'] == users[0]['id']
def test_create_deposit_with_wrong_schema_raises_DepositValidationError(app,
users,
location,
jsonschemas_host):
metadata = {
'$schema': 'https://{}/schemas/deposits/records/non-existing-schema.json'.format(
jsonschemas_host)
}
with app.test_request_context():
login_user(users['superuser'])
id_ = uuid4()
with raises(DepositValidationError):
Deposit.create(metadata, id_=id_)
def login():
"""直接使用flask-security的工具方法完成登陆验证"""
username = request.json.get('username', '')
passwd = request.json.get('password', '')
security = current_app.extensions['security']
datastore = security.datastore
user = datastore.get_user(username)
if not verify_and_update_password(passwd, user):
return jsonres(metacode=401, msg=u'用户不在在或密码不正确')
login_user(user)
loginRes = dict(authentication_token=user.get_auth_token(), nickname=(user.nickname or user.email), avatar=user.avatar)
return jsonres(rv=dict(user=loginRes))
def on_login_failed(sender, provider, oauth_response):
"""
This gets called when a user tries a social login and it
is not associated with a 'connection' to any social provider.
We will attempt to create a new account for the user.
"""
print "$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$"
connection_values = get_connection_values_from_oauth_response(provider, oauth_response)
print "provider:", provider
print connection_values
provider_id = connection_values.get('provider_id', None)
full_name = connection_values['full_name']
if type(full_name) == type({}): # Google returns dictionary
full_name = full_name.get("givenName","") + " "+ full_name.get("familyName","")
uid = connection_values['provider_user_id']
email = connection_values.get('provider_email', None)
if provider_id == 'facebook':
if not email:
email = "*****@*****.**" % (uid, full_name.replace(' ', '_'))
elif provider_id == 'twitter':
if not email:
uname = connection_values['display_name'].replace(' ','_')
uname = uname.replace('@','')
email = "*****@*****.**" % (uid, uname)
elif provider_id == 'google':
if not email:
email = "*****@*****.**" % (uid, full_name.replace(' ', '_'))
else:
print "***** Unknown provider id"
print "**** Getting user"
user = findOrAddUser(email, full_name)
#db.session.commit()
connection_values['user_id'] = user.id
# Todo: add connection object to remember this
# provider info for this user...
#connect_handler(connection_values, provider)
login_user(user)
#db.session.commit()
"""
ds = current_app.security.datastore
user = ds.create_user( ... ) #fill in relevant stuff here
ds.commit()
connection_values['user_id'] = user.id
connect_handler(connection_values, provider)
login_user(user)
db.commit()
"""
return render_template("worldviews.html")
def login_view(self):
if request.method=='GET' and current_user.is_authenticated():
return redirect(url_for('.index'))
# handle user login
form = LoginForm(request.form)
if helpers.validate_form_on_submit(form):
user = authenticate(username=form.email.data, password=form.password.data)
if user:
if user.has_role('admin'):
if login_user(user):
user.save() #This is to make sure the track changes occur
return redirect(url_for('.index'))
else:
self._template_args['error'] = "User is not active or could not be logged in."
else:
self._template_args['error'] = "User has insufficient privilege."
else:
self._template_args['error'] = "Invalid user and/or password"
self._template_args['form'] = form
return self.render('admin/login.html')
def login():
user = user_datastore.get_user(session.get('userinfo', {}).get(
'email', session['id_token'].get('sub')))
if not user:
user = create_user(session.get('userinfo'))
user_name = getattr(user, 'name')
if user_name is None:
user_name = session.get('userinfo', {}).get('name')
user.name = user_name
db.session.commit()
login_user(user)
return redirect(url_for('.details'))
def on_login_failed(sender, provider, oauth_response):
connection_values = get_connection_values_from_oauth_response(provider, oauth_response)
ds = current_app.extensions['security'].datastore
chars = string.ascii_letters + string.digits + '!@#$%^&*()'
random.seed = (os.urandom(1024))
user_kwargs = dict(username = connection_values['display_name'] or \
"_".join(connection_values['full_name'].split()) or \
connection_values['email'].split("@")[1],
# have to get a silly email address
email = connection_values['email'] or "*****@*****.**",
password = ''.join(random.choice(chars) for i in range(10)))
user = ds.create_user(**user_kwargs) #fill in relevant stuff here
ds.commit()
connection_values['user_id'] = user.id
connect_handler(connection_values, provider)
login_user(user)
current_app.extensions['sqlalchemy'].db.session.commit()
return redirect(url_for('main.home'))
def login():
try:
data = loginSchema.validate(request.json)
except SchemaError as e:
error = {"code": "auth.login.invalid", "message": "Invalid data for login", "details": str(e)}
return jsonify(error=error), 403
no_match_error = {"code": "auth.login.no_match", "message": "The supplied email and password is invalid"}
user = User.query.filter_by(email=data["email"])
if user.count() != 1:
return jsonify(error=no_match_error), 401
user = user.one()
if not verify_password(data["password"], user.password):
return jsonify(error=no_match_error), 401
login_user(user, True)
auth_token = user.get_auth_token()
return jsonify(user=user.as_personal_json(), auth_token=auth_token), 200
def deposit(app, es, users, location):
"""New deposit with files."""
record = dict(
title='Test title',
creators=[
dict(name='Doe, John', affiliation='Atlantis'),
dict(name='Smith, Jane', affiliation='Atlantis')
],
description='Test Description',
publication_date='2013-05-08',
access_right='open'
)
with app.test_request_context():
datastore = app.extensions['security'].datastore
login_user(datastore.get_user(users[0]['email']))
deposit = Deposit.create(record)
deposit.commit()
db_.session.commit()
current_search.flush_and_refresh(index='deposits')
return deposit
def oauth_authenticate(client_id, user, require_existing_link=False,
remember=False):
"""Authenticate an oauth authorized callback."""
# Authenticate via the access token (access token used to get user_id)
if login_user(user):
if require_existing_link:
account = RemoteAccount.get(user.id, client_id)
if account is None:
logout_user()
return False
return True
return False
def login():
"""
Flask-Login.
"""
if g.user.is_authenticated:
return redirect(url_for('webuiview.index'))
login_form = LoginForm()
if login_form.validate_on_submit():
username = login_form.username.data
user = api.usercontrol.get_by_name(username)
if user is None:
return redirect(url_for('webuiview.login'))
if api.usercontrol.check_user_pass(user, login_form.password.data):
login_user(user, remember=True)
security.datastore.commit()
flash("Logged in!", "success")
return redirect(url_for('webuiview.index'))
else:
flash("Cannot login...", "error")
return render_template('login.html', title='Sign In', form=login_form)
def question_create(product_id):
ctx = dict()
ctx['product'] = facades.ProductFacade(instance_id=product_id).get_local_instance()
product = get_product_by_id(product_id)
question_action.init_form(product, **request.form)
if request.method == 'GET' and current_user.is_authenticated:
question_action.iform.email.data = current_user.email
ctx['action'] = question_action
ctx['form'] = question_action.iform
if request.method == 'POST' and question_action.iform.validate():
payload = {key: value for key, value in request.form.iteritems()}
question = create_question(payload.get('email'), product_id, int(payload.get('product_variants')),
payload.get('question_text'))
if not current_user.is_authenticated and question.user.password is None:
login_user(question.user)
schedule_question_notification_email_to_shop.delay(question.id)
return generate_success_response_from_obj(question, 'question')
return render_template('question-create.html', **ctx)
