def create_test_user(self, email, password): user_datastore = SQLAlchemyUserDatastore(db, User, Role) user = user_datastore.create_user(email=email, password=encrypt_password(password), confirmed_at=datetime.now()) user.role = 'Admin' user.active = True db.session.add(user) db.session.commit() db.session.refresh(user)
def create_user(email, role): from flask_security import SQLAlchemyUserDatastore from security_monkey.datastore import User from security_monkey.datastore import Role user_datastore = SQLAlchemyUserDatastore(db, User, Role) ROLES = ['View', 'Comment', 'Justify', 'Admin'] if role not in ROLES: sys.stderr.write('[!] Role must be one of [{0}].\n'.format(' '.join(ROLES))) sys.exit(1) users = User.query.filter(User.email == email) if users.count() == 0: password1 = prompt_pass("Password") password2 = prompt_pass("Confirm Password") if password1 != password2: sys.stderr.write("[!] Passwords do not match\n") sys.exit(1) user = user_datastore.create_user(email=email, password=password1, confirmed_at=datetime.now()) else: sys.stdout.write("[+] Updating existing user\n") user = users.first() user.role = role db.session.add(user) db.session.commit()
def api_server(custom_settings=None): # init server server = Flask(__name__) # init settings server.config.from_object("settings.default") server.config.from_envvar("SETTINGS", silent=True) server.config.from_object(custom_settings) # init db db.init_app(server) # init user user_datastore = SQLAlchemyUserDatastore(db, User, Role) security.init_app(server, user_datastore) # import features server.register_blueprint(index) server.register_blueprint(dreams) # render context with server.app_context(): db.create_all() if not User.query.first(): user_datastore.create_user(email="*****@*****.**", password=encrypt_password("user")) db.session.commit() return server
def seed_user(email, role, dept, password): """ Creates a new user in the database. """ from beacon.models.users import User, Role, Department from flask_security import SQLAlchemyUserDatastore user_datastore = SQLAlchemyUserDatastore(db, User, Role) seed_email = email if email else app.config.get("SEED_EMAIL") user_exists = User.query.filter(User.email == seed_email).first() department = Department.query.filter(Department.name == db.func.lower(dept)).first() if user_exists: print "User {email} already exists".format(email=seed_email) else: try: user_datastore.create_user( email=seed_email, created_at=datetime.datetime.utcnow(), department=department if department else None, password=password, roles=[Role.query.get(int(role))], confirmed_at=datetime.datetime.now(), ) db.session.commit() print "User {email} successfully created!".format(email=seed_email) except Exception, e: print "Something went wrong: {exception}".format(exception=e.message)
def build_sample_db(): """ Populate a small db with some example entries. """ import string import random db.drop_all() db.create_all() # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) with app.app_context(): user_role = Role(name='user') super_user_role = Role(name='superuser') db.session.add(user_role) db.session.add(super_user_role) db.session.commit() test_user = user_datastore.create_user( first_name='Admin', email='admin', password=encrypt_password('admin'), roles=[user_role, super_user_role] ) first_names = [ 'Harry', 'Amelia', 'Oliver', 'Jack', 'Isabella', 'Charlie', 'Sophie', 'Mia', 'Jacob', 'Thomas', 'Emily', 'Lily', 'Ava', 'Isla', 'Alfie', 'Olivia', 'Jessica', 'Riley', 'William', 'James', 'Geoffrey', 'Lisa', 'Benjamin', 'Stacey', 'Lucy' ] last_names = [ 'Brown', 'Smith', 'Patel', 'Jones', 'Williams', 'Johnson', 'Taylor', 'Thomas', 'Roberts', 'Khan', 'Lewis', 'Jackson', 'Clarke', 'James', 'Phillips', 'Wilson', 'Ali', 'Mason', 'Mitchell', 'Rose', 'Davis', 'Davies', 'Rodriguez', 'Cox', 'Alexander' ] for i in range(len(first_names)): tmp_email = first_names[i].lower() + "." + last_names[i].lower() + "@example.com" tmp_pass = ''.join(random.choice(string.ascii_lowercase + string.digits) for i in range(10)) user_datastore.create_user( first_name=first_names[i], last_name=last_names[i], email=tmp_email, password=encrypt_password(tmp_pass), roles=[user_role, ] ) db.session.commit() return
def create_app(priority_settings=None): app = Flask(__name__, static_url_path='') app.config.from_object(settings) app.config.from_envvar('TODO_SETTINGS', silent=True) app.config.from_object(priority_settings) db.init_app(app) user_datastore = SQLAlchemyUserDatastore(db, User, Role) security.init_app(app, user_datastore) app.register_blueprint(index) app.register_blueprint(todos) with app.app_context(): db.create_all() if not User.query.first(): user_datastore.create_user( email='*****@*****.**', password=encrypt_password('password')) db.session.commit() return app
def create_app(): import os from os import environ import psycopg2 from flask import Flask from flask_sqlalchemy import SQLAlchemy from flask_migrate import Migrate from flask_heroku import Heroku from flask_admin.contrib.sqla import ModelView from flask_wtf.csrf import CSRFProtect from flask import render_template, request, redirect, jsonify, url_for, flash, session from sqlalchemy.orm import relationship, sessionmaker from models import User, Order, Customer, Role, OrderDetails, Product, Supplier, Payment, Shipper, users_schema, orders_schema, products_schema, customers_schema, order_details_schema, suppliers_schema, payments_schema, shippers_schema, MyAdminIndexView, UserAdmin, RoleAdmin from flask_admin import Admin from flask_login import UserMixin, LoginManager, current_user, login_user, logout_user from flask_security import SQLAlchemyUserDatastore, Security, utils, login_required from wtforms.fields import PasswordField from passlib.hash import pbkdf2_sha256 from flask_marshmallow import Marshmallow import stripe import datetime from flask_mail import Mail, Message from decimal import Decimal from flask_caching import Cache from flask_assets import Environment, Bundle from PIL import Image APPLICATION_NAME = "Kokeshi" app = Flask(__name__) csrf.init_app(app) app.config.from_pyfile('config_default.cfg') assets = Environment(app) try: app.config.from_envvar('KOKESHI_SETTINGS') except: pass # Flask Security Config app.config['SECURITY_REGISTERABLE'] = True # Flask-Mail Config app.config.update(dict( MAIL_SERVER=os.environ['MAIL_SERVER'], MAIL_PORT=465, MAIL_USERNAME=os.environ['MAIL_USERNAME'], MAIL_USE_TLS=False, MAIL_USE_SSL=True, MAIL_PASSWORD=os.environ['MAIL_PASSWORD'], SECURITY_PASSWORD_HASH='pbkdf2_sha512', SECURITY_PASSWORD_SALT=os.environ['SECURITY_PASSWORD_SALT'] )) cache = Cache(app, config={'CACHE_TYPE': 'simple'}) # Flask-Assets config scss_bundle = Bundle('scss/*.scss', filters='pyscss, cssmin', output='css/styles.css', extra={'rel': 'stylesheet/scss'}, ) js_bundle = Bundle('js/*.js', filters='jsmin', output='js/main.min.js', ) assets.register('scss_all', scss_bundle) assets.register('js_all', js_bundle) scss_bundle.build() js_bundle.build() imagePath = "static/img/artisan-placeholder.jpg" outputPath = "static/img/artisan-placeholder.webp" quality = "80" im = Image.open(imagePath) im.save(outputPath, 'webp', quality=quality) app.url_map.strict_slashes = False # Initialize the SQLAlchemy data store and Flask-Security. user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) # Create admin views. admin = Admin(app, index_view=MyAdminIndexView()) admin.add_view(UserAdmin(User, db.session)) admin.add_view(RoleAdmin(Role, db.session)) # Stripe payments implementation. STRIPE_PUBLISHABLE_KEY = 'pk_test_GM1d2F2DgrIl6jnkIwSaZ8Dd' stripe_keys = { 'secret_key': os.environ['STRIPE_SECRET_KEY'], 'publishable_key': STRIPE_PUBLISHABLE_KEY } stripe.api_key = stripe_keys['secret_key'] ################# # App functions # ################# ####################### # User administration # ####################### # Populate the db with products and placeholder data """@app.before_first_request def before_first_request(): db.create_all() user_datastore.find_or_create_role( name='super', description='Super User') user_datastore.find_or_create_role( name='admin', description='Administrator') user_datastore.find_or_create_role( name='artisan', description='Artisan') encrypted_password = utils.encrypt_password('password') if not user_datastore.get_user('*****@*****.**'): user_datastore.create_user( email='*****@*****.**', password=encrypted_password ) if not user_datastore.get_user('*****@*****.**'): user_datastore.create_user( email='*****@*****.**', password=encrypted_password ) if not user_datastore.get_user('*****@*****.**'): user_datastore.create_user( email='*****@*****.**', password=encrypted_password ) db.session.commit() user_datastore.add_role_to_user('*****@*****.**', 'super') user_datastore.add_role_to_user('*****@*****.**', 'admin') user_datastore.add_role_to_user('*****@*****.**', 'artisan') db.session.commit() db_items = [ Product( name="Zao Kokeshi", description="A traditional handcrafted Japanese Kokeshi doll, made with care to the height of the newborn child", price=200, is_available=True ), Product( name="Yonezawa Kokeshi", description="A traditional handcrafted Japanese Kokeshi doll, made with care to the height of the newborn child", price=200, is_available=True ), Product( name="Sagae Kokeshi", description="A traditional handcrafted Japanese Kokeshi doll, made with care to the height of the newborn child", price=200, is_available=True ), Product( name="Tendo Kokeshi", description="A traditional handcrafted Japanese Kokeshi doll, made with care to the height of the newborn child", price=200, is_available=True ), Product( name="Message", description="A handwritten message on the back of the kokeshi doll", price=50, is_available=True ), Supplier( name="Sato", phone="08011112222", email="*****@*****.**" ), Supplier( name="Suzuki", phone="08011199002", email="*****@*****.**" ), Supplier( name="Miyagi", phone="090000009999", email="*****@*****.**" ), Shipper( companyName="Kuro Neko", phone="08051516161", email="*****@*****.**", contactName="Kurosawa" ) ] for item in db_items: db.session.add(item) db.session.commit()""" @app.route('/login', methods=['GET', 'POST']) def showLogin(): """ Use a custom LoginForm to validate with WTForms """ form = LoginForm() if form.validate_on_submit(): # Login and validate the user. # user should be an instance of the `User` class login_user(user) flask.flash('Logged in successfully.') next = flask.request.args.get('next') # is_safe_url should check if the url is safe for redirects. # See http://flask.pocoo.org/snippets/62/ for an example. if not is_safe_url(next): return flask.abort(400) return flask.redirect(next or flask.url_for('index')) return flask.render_template('login.html', form=form) @app.route('/logout') def showLogout(): logout_user() flask.flash('Logged out successfully.') return 'Logged out' ########################## # General Administration # ########################## @app.before_request def force_https(): """ Redirect from http to https """ if os.environ.get('DATABASE_URL') is not None: if not request.is_secure: url = request.url.replace('http://', 'https://', 1) code = 301 return redirect(url, code=code) ################## # JSON API calls # ################## @app.route('/suppliers/JSON') @login_required def showSuppliersJSON(): """ Return order data in JSON """ suppliers = Supplier.query.all() return jsonify(suppliers_schema.dump(suppliers).data) @app.route('/shippers/JSON') @login_required def showShippersJSON(): """ Return order data in JSON """ shippers = Shipper.query.all() return jsonify(shippers_schema.dump(shippers).data) @app.route('/products/JSON') @login_required def showProductsJSON(): """ Return order data in JSON """ products = Product.query.all() return jsonify(products_schema.dump(products).data) @app.route('/orders/JSON') @login_required def showOrdersJSON(): """ Return order data in JSON """ orders = Order.query.all() return jsonify(orders_schema.dump(orders).data) @app.route('/orders/unfulfilled/JSON') @login_required def showUnfulfilledOrdersJSON(): """ Return unfulfilled order data in JSON """ unful_orders = Order.query.filter_by(wasOrdered=False).all() return jsonify(orders_schema.dump(unful_orders).data) @app.route('/customers/JSON') @login_required def showCustomersJSON(): """ Return customer data in JSON """ customers = Customer.query.all() return jsonify(customers_schema.dump(customers).data) ####################### # Client facing pages # ####################### @app.route('/orders') @login_required def showOrders(): """ Display the supplier - facing orders page. The supplier can accept the job, then is directed to the showAcceptOrder """ unaccepted_orders = Order.query.filter_by(wasAccepted=False).all() session['supplier'] = current_user.email return render_template('auth/unassigned_orders.html', orders=unaccepted_orders) @app.route('/orders/<int:order_id>/accepted', methods=['GET', 'POST']) @login_required def showAcceptOrder(order_id): """ Display the supplier-facing order accepted page. """ order = Order.query.filter_by(orderID=order_id).first() supplier = Supplier.query.filter_by( email=session['supplier']).first() selected_order = Order.query.filter_by(orderID=order_id).first() selected_order_details = OrderDetails.query.filter_by( order_ID=order_id).first() supplier_id = supplier.supplierID order.wasAccepted = True selected_order.supplier_ID = supplier_id db.session.add(selected_order) db.session.commit() return render_template('auth/selected_order.html', order=selected_order_details) @app.route('/', methods=["GET", "POST"]) @app.route('/home') @cache.cached(timeout=86400) def showHome(): """ Display the landing page. """ return render_template('home.html') @app.route('/about') @cache.cached(timeout=86400) def showAbout(): """ Display the About Us page. """ return render_template('about.html') @app.route('/design', methods=['GET', 'POST']) @cache.cached(timeout=86400) def showDesign(): """ Display a kokeshi designing page that, when submitted, updates the shopping cart with the order and redirects to the order page. """ # Create a new cart list. if 'cart' not in session: session['cart'] = [] if request.method == 'POST': # Create a customer object without an email, to attach to the cart # items in the session. customer = Customer(email="") db.session.add(customer) db.session.commit() # Create an order object and tie it to the customer. order = Order(customer_ID=customer.customerID) db.session.add(order) db.session.commit() product = Product.query.filter_by( name=request.form['item']).one() # Assign the order to the customer using the orderID customer.order_ID = order.orderID if request.form.get('is-message', False) == 'on': order_details = OrderDetails( item=request.form['item'], name=request.form['name'], dob=request.form['dob'], height=request.form['height'], weight=request.form['weight'], is_message=True, message=request.form['message'], order_ID=order.orderID, customer_ID=customer.customerID, product_ID=product.productID ) else: order_details = OrderDetails( item=request.form['item'], name=request.form['name'], dob=request.form['dob'], height=request.form['height'], weight=request.form['weight'], is_message=False, order_ID=order.orderID, customer_ID=customer.customerID, product_ID=product.productID ) # Set the price of the item, dependent on the presence or absence of a message. if request.form.get('is-message', False) == 'on': price = 250 else: price = 200 order.price = price db.session.add(customer) db.session.add(order) db.session.add(order_details) db.session.commit() # Append the item to the cart. session['cart'].append( { 'itemID': order_details.orderDetailsID, 'item': order_details.item, 'name': order_details.name, 'dob': order_details.dob, 'height': order_details.height, 'weight': order_details.weight, 'isMessage': order_details.is_message, 'message': order_details.message, 'product': product.name, 'price': price, 'orderID': order_details.order_ID } ) # Create a session variable to select the customer in order to append information. session['customer_ID'] = customer.customerID flash("Success! Your order for '%s kokeshi' has been added to your cart." % order_details.name) return redirect(url_for('showOrder')) else: return render_template('design.html') @app.route('/setCart') def setCart(): cartObj = session['cart'] cartJSON = jsonify(cartObj) return cartJSON @app.route('/removeItem/<int:item_id>', methods=["GET", "POST"]) def removeItem(item_id): """ Remove the selected item from the cart. """ # Check for the existence of an item, then convert it to an int if item_id is not None: item_id = int(item_id) try: session['cart'][:] = [d for d in session['cart'] if d.get('itemID') != item_id] except: msg = "There were no items to remove" print(msg) return redirect(url_for('showOrder')) @app.route('/order', methods=["GET", "POST"]) def showOrder(): """ Display the order page - - a list of all the items in the cart. """ return render_template('order.html') @app.route('/checkout', methods=['GET', 'POST']) def showCheckout(): """ Display the checkout page, which displays the total and a Stripe payments button. """ amount_usd = 0 # Add up the total of all the items in the cart for item in session['cart']: amount_usd += item['price'] # Calculate the amount in US cents for Stripe amount_cents = amount_usd * 100 return render_template( 'auth/index.html', key=stripe_keys['publishable_key'], amount_usd=amount_usd, amount_cents=amount_cents, cart=session['cart'] ) @app.route('/charge', methods=['GET', 'POST']) def charge(): db_customer = Customer.query.filter_by( customerID=session['customer_ID']).one() # Amount in cents amount = 0 items = [] for item in session['cart']: # Add the item prices in cents. amount += item['price'] * 100 items.append(item['item']) customer = stripe.Customer.create( email=request.form['stripeEmail'], source=request.form['stripeToken'] ) # Create a session variable with the customer's email for sending a # confirmation email. session['customer_email'] = request.form['stripeEmail'] # Create a Stripe charge object which sends a confirmation email. charge = stripe.Charge.create( customer=customer.id, amount=amount, currency='usd', description='KokeMama Charge', receipt_email=session['customer_email'] ) # Attempt to add customer data from the stripe input to the customer # object try: db_customer.email = request.form['stripeEmail'] except: print("There is no 'stripeEmail' key") try: db_customer.name = charge.source.name except: print("There is no 'stripeName' key") try: db_customer.address1 = charge.source.address_line1 except: print("There is no 'stripeShippingAddressLine1' key") try: db_customer.zipCode = charge.source.address_zip except: print("There is no 'stripeShippingAddressZip' key") try: db_customer.state = charge.source.address_state except: print("There is no 'stripeShippingAddressState' key") try: db_customer.city = charge.source.address_city except: print("There is no 'stripeShippingAddressCity' key") try: db_customer.country = charge.source.address_country except: print("There is no 'stripeShippingAddressCountry' key") db.session.add(db_customer) db.session.commit() return redirect(url_for('showConfirm')) @app.route('/confirmation') def showConfirm(): """ Display the order confirmation page after an order is submitted. """ # Get the customer from the db using the 'customer_ID' session variable db_customer = Customer.query.filter_by( customerID=session['customer_ID']).one() # Create a list of the cart items for use in the email's message body items = [dic['item'] for dic in session['cart'] if 'item' in dic] # Use the first item in the cart to obtain the 'orderID'. If None, # display 'design' link try: firstItem = session['cart'][0] orderID = firstItem['orderID'] msg = Message( 'Confirmation', sender='*****@*****.**', recipients=[session['customer_email']]) msg.body = "Thank you for your order of: %s. Your order number is: %d." % ( items, orderID) mail.send(msg) # Clear the cart after payment is received and confirmation is sent. session['cart'] = [] return render_template('auth/confirmation.html') except: return redirect(url_for('showHome')) @app.route('/contact', methods=['GET', 'POST']) @cache.cached(timeout=86400) def showContact(): """ Display the contact information page. """ if request.method == 'POST': msg = Message( 'Contact', sender='*****@*****.**', recipients=['*****@*****.**']) msg.body = "Customer name: %s\n" % ( request.form['customer-name']) msg.body += "Customer email: %s\n" % ( request.form['customer-email']) msg.body += "Message: %s" % (request.form['customer-message']) mail.send(msg) customer = Customer( name=request.form['customer-name'], email=request.form['customer-email'] ) db.session.add(customer) db.session.commit() return redirect(url_for('showContactComplete')) else: return render_template('contact.html') @app.route('/contact/complete') def showContactComplete(): """ Show a success message for the contact form. """ return render_template('auth/contact_complete.html') db.init_app(app) login_manager.init_app(app) migrate.init_app(app, db) ma.init_app(app) heroku.init_app(app) mail.init_app(app) # Load the current logged in user. @login_manager.user_loader def load_user(user_id): return User.query.get(user_id) return app
team = db.relationship('Team', backref=db.backref('team_member_team', order_by=id)) userId = db.Column(db.Integer, db.ForeignKey('user.id')) user = db.relationship('User', backref=db.backref('team_member_user', order_by=id)) class User_Payment(db.Model): __tablename__ = 'user_payment' id = db.Column(db.Integer, primary_key=True) name = db.Column(db.String(255)) createDate = db.Column(db.DateTime) seasonId = db.Column(db.Integer, db.ForeignKey('season.id')) season = db.relationship('Season', backref=db.backref('user_payment_season', order_by=id)) userId = db.Column(db.Integer, db.ForeignKey('user.id')) User = db.relationship('User', backref=db.backref('user_payment_user', order_by=id)) # Setup Flask-Security userDatastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, userDatastore) login_manager = LoginManager() login_manager.setup_app(app) login_manager.login_view = "login.html" # Set up the DB db.create_all() teamMemberRole = userDatastore.create_role() adminRole = userDatastore.create_role() teamManagerRole = userDatastore.create_role() @login_manager.user_loader def load_user(userid): return User.query.filter_by(id=userid).first()
def create_app(): app = Flask(__name__) app.config.from_pyfile('settings.py') db.init_app(app) url_index = 'http://localhost:8716/' bootstrap = Bootstrap(app) login_manager = LoginManager() login_manager.init_app(app) login_manager.login_view = 'login' user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) admin = flask_admin.Admin( app, 'Superuser', base_template='my_master.html', template_mode='bootstrap3', ) admin.add_view(ContentView(Content, db.session)) admin.add_view(dataCatinView(DataCatin, db.session)) admin.add_view(MyModelView(Role, db.session)) admin.add_view(MyModelView(User, db.session)) @security.context_processor def security_context_processor(): return dict(admin_base_template=admin.base_template, admin_view=admin.index_view, h=admin_helpers, get_url=url_for) @app.route('/', methods=['GET', 'POST']) def index(): return render_template('index_page.html') @app.route('/register', methods=['GET', 'POST']) def register(): form = RegisterFormView() try: if form.validate_on_submit(): hashed_password = form.password.data new_user = User(name=form.name.data, email=form.email.data, password=hashed_password) db.session.add(new_user) db.session.commit() return redirect(url_for('login')) except: return "<h2> Data yang di inputkan harus unique, sepertinya salah satu data yang Anda Masukan sudah terdaftar, " \ "Mohon ulangi input data dengan teliti...!!! <br> <a href=" + url_index + "signup>Ulangi Input Data</a></h2>" return render_template('register.html', form=form) @app.route('/login', methods=['GET', 'POST']) def login(): form = LoginFormView(request.form) if request.method == 'POST': if form.validate_on_submit(): session['email'] = request.form['email'] takeEmail = session['email'] = request.form['email'] try: takeRoles = User.query.filter_by(email=takeEmail).first() takeRoles = takeRoles.roles # takeRoles = ''.join(takeRoles) print('testing', takeRoles) user = User.query.filter_by(email=form.email.data).first() if verify_password(user.password, form.password.data): user.authenticated = True db.session.add(user) db.session.commit() login_user(user) login_user(user, remember=form.remember.data) if takeRoles == ['user']: return redirect(url_for('operator')) elif takeRoles == []: return redirect(url_for('society')) else: pass else: return '<h1>Invalid username or password</h1>' except: return 'Sepertinya user yang Anda masukan belum terdaftar, mohon diperiksa lagi' return render_template('login.html', form=form) @app.route('/logout') @login_required def logout(): logout_user() return redirect(url_for('index')) @app.route('/society') @login_required def society(): dataUser = User('', '', '') id_user = current_user.id try: result, nik_catin_laki_laki = db.session.query(User, DataCatin.NIK_catin_laki_laki).join(DataCatin).\ filter(DataCatin.user_id == current_user.id).first() result, nama_catin_laki_laki = db.session.query(User, DataCatin.nama_catin_laki_laki).join(DataCatin).\ filter(DataCatin.user_id == current_user.id).first() result, nik_catin_perempuan = db.session.query(User, DataCatin.NIK_catin_perempuan).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() result, nama_catin_perempuan = db.session.query(User, DataCatin.nama_catin_perempuan).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() result, tanggal_daftar = db.session.query(User, DataCatin.tanggal_daftar).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() result, jadwal_nikah = db.session.query(User, DataCatin.jadwal_nikah).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() result, jam = db.session.query(User, DataCatin.jam).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() result, tempat_pelaksaan_nikah = db.session.query(User, DataCatin.tempat_pelaksaan_nikah).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() result, status_pendaftaran = db.session.query(User, DataCatin.status_pendaftaran).join(DataCatin). \ filter(DataCatin.user_id == current_user.id).first() except: nik_catin_laki_laki = '-' nama_catin_laki_laki = '-' nik_catin_perempuan = '-' nama_catin_perempuan = '-' tanggal_daftar = '-' jadwal_nikah = '-' jam = '-' tempat_pelaksaan_nikah = '-' status_pendaftaran = '-' # return render_template('society_dashboard.html', WELCOME=current_user.name) return render_template('society_dashboard.html', WELCOME=current_user.name, NIK_LAKI_LAKI=nik_catin_laki_laki, NAMA_CATIN_LAKI_LAKI=nama_catin_laki_laki, NIK_CATIN_PEREMPUAN=nik_catin_perempuan, NAMA_CATIN_PEREMPUAN=nama_catin_perempuan, TANGGAL_DAFTAR=tanggal_daftar, JAM=jam, JADWAL_NIKAH=jadwal_nikah, TEMPAT_PELAKSAAN_NIKAH=tempat_pelaksaan_nikah, STATUS_PENDAFTARAN=status_pendaftaran) @app.route('/societyinputdata', methods=['GET', 'POST']) @login_required def societyInputData(): form = SocietyInputDataView(request.form) if request.method == 'POST': if form.validate_on_submit(): tanggal_daftar = time.strftime("%Y-%m-%d %H:%M:%S") add_jam = request.form['jam'] new_data = DataCatin(form.NIK_catin_laki_laki.data, form.nama_catin_laki_laki.data, form.NIK_catin_perempuan.data, form.nama_catin_perempuan.data, tanggal_daftar, form.jadwal_nikah.data, add_jam, form.tempat_pelaksaan_nikah.data, current_user.id) db.session.add(new_data) db.session.commit() return redirect(url_for('society')) return render_template('society_input_data.html', form=form) @app.route('/operator', methods=['GET', 'POST']) @login_required def operator(): if 'email' in session: name = current_user.name all_user_data = DataCatin.query.all() if request.method == 'POST': all_data_CSV = [] for i in all_user_data: # nik_CL_to_CSV.append({'NIK Catin Laki-laki': i.NIK_catin_laki_laki}) all_data_CSV.append({ 'NIK Catin Laki-laki': i.NIK_catin_laki_laki, 'Nama Catin Laki-laki': i.nama_catin_laki_laki, 'NIK Catin Perempuan': i.NIK_catin_perempuan, 'Nama Catin Perempuan': i.nama_catin_perempuan, 'Tanggal Daftar': i.tanggal_daftar, 'Jadwal Nikah': i.jadwal_nikah, 'Jam': i.jam, 'Tempat Pelaksanaan Nikah': i.tempat_pelaksaan_nikah, 'Status Pendaftaran': i.status_pendaftaran }) return send_csv( all_data_CSV, "laporan pendaftaran.csv", [ 'NIK Catin Laki-laki', 'Nama Catin Laki-laki', 'NIK Catin Perempuan', 'Nama Catin Perempuan', 'Tanggal Daftar', 'Jadwal Nikah', 'Jam', 'Tempat Pelaksanaan Nikah', 'Status Pendaftaran' ], cache_timeout=1, delimiter=';') return render_template('operator_dashboard.html', WELCOME=name, catin=all_user_data, DOWNLOAD_CSV='') else: return redirect(url_for('index')) @app.route('/csv') def csv(): all_user_data = DataCatin.query.all() # nik_CL_to_CSV = [] all_data_CSV = [] for i in all_user_data: # nik_CL_to_CSV.append({'NIK Catin Laki-laki': i.NIK_catin_laki_laki}) all_data_CSV.append({ 'NIK Catin Laki-laki': i.NIK_catin_laki_laki, 'Nama Catin Laki-laki': i.nama_catin_laki_laki, 'NIK Catin Perempuan': i.NIK_catin_perempuan, 'Nama Catin Perempuan': i.nama_catin_perempuan, 'Tanggal Daftar': i.tanggal_daftar, 'Jadwal Nikah': i.jadwal_nikah, 'Jam': i.jam, 'Tempat Pelaksanaan Nikah': i.tempat_pelaksaan_nikah, 'Status Pendaftaran': i.status_pendaftaran }) return send_csv( all_data_CSV, "testing.csv", [ '<b>NIK Catin Laki-laki</b>', 'Nama Catin Laki-laki', 'NIK Catin Perempuan', 'Nama Catin Perempuan', 'Tanggal Daftar', 'Jadwal Nikah', 'Jam', 'Tempat Pelaksanaan Nikah', 'Status Pendaftaran' ], cache_timeout=1, delimiter=';') @app.route('/operatorAddData', methods=['GET', 'POST']) @login_required def operatorAddData(): dataUser = User('', '', '') form = OperatorAddDataView(request.form) operator_name = current_user.name if request.method == 'POST': if form.validate_on_submit(): add_jam = request.form['jam'] new_data = DataCatin(form.NIK_catin_laki_laki.data, form.nama_catin_laki_laki.data, form.NIK_catin_perempuan.data, form.nama_catin_perempuan.data, form.tanggal_daftar.data, form.jadwal_nikah.data, add_jam, form.tempat_pelaksaan_nikah.data, current_user.id, False, form.status_pendaftaran.data) db.session.add(new_data) # db.session.commit() try: db.session.commit() except: return 'Data yang dimasukan sudah ada, mohon diulangi!!!' return redirect(url_for('operator')) return render_template('operatorAddData.html', form=form, OPERATOR_NAME=operator_name) @app.route('/delete_data/<id>') def delete_data(id): data = db.session.query( DataCatin, User).join(User).filter(DataCatin.id == id).first() if data.DataCatin.is_public: return render_template('catin_detail.html', catin=data) else: # if current_user.is_authenticated and data.DataCatin.user_id == current_user.id: if current_user.is_authenticated: data = DataCatin.query.filter_by(id=id).first() db.session.delete(data) db.session.commit() return redirect(url_for('operator')) @app.route('/catin_edit/<id>', methods=['GET', 'POST']) def catin_edit(id): data = db.session.query( DataCatin, User).join(User).filter(DataCatin.id == id).first() form = EditCatin(request.form) if request.method == 'POST': if form.validate_on_submit(): # if current_user.is_authenticated and data.DataCatin.user_id == current_user.id: if current_user.is_authenticated: data = DataCatin.query.filter_by(id=id).first() new_nik_L = form.NIK_catin_laki_laki.data new_name_L = form.nama_catin_laki_laki.data new_nik_P = form.NIK_catin_perempuan.data new_name_P = form.nama_catin_perempuan.data new_tanggal_daftar = form.tanggal_daftar.data new_jadwal = form.jadwal_nikah.data new_jam = request.form['jam'] new_tempat_pelaksaan_nikah = form.tempat_pelaksaan_nikah.data new_status_pendaftaran = form.status_pendaftaran.data try: data.NIK_catin_laki_laki = new_nik_L data.nama_catin_laki_laki = new_name_L data.NIK_catin_perempuan = new_nik_P data.nama_catin_perempuan = new_name_P data.jadwal_nikah = new_jadwal data.tanggal_daftar = new_tanggal_daftar data.jam = new_jam data.tempat_pelaksaan_nikah = new_tempat_pelaksaan_nikah data.status_pendaftaran = new_status_pendaftaran db.session.commit() except Exception as e: return {'error': str(e)} return redirect(url_for('operator')) return render_template('edit_catin.html', form=form, catin=data) return app
def create_app(): app = Flask(__name__) app.config.from_pyfile('settings.py') db.init_app(app) admin = Admin(app, name='Flask01', template_mode='bootstrap3', index_view=SecuredAdminIndexView()) admin.add_view(PageModelView(Page, db.session)) admin.add_view(MenuModelView(Menu, db.session)) user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) @app.route('/') @app.route('/<url>') def index(url=None): print('here', url) if url is not None: # contoh /about page = Page.query.filter_by(url=url).first() else: # contoh / page = Page.query.filter_by(is_homepage=True).first() if page is None: # TODO cute 404 return 'Page not found for {} or homepage not set'.format(url) contents = 'empty' if page is not None: contents = page.contents menu = Menu.query.order_by('order') return render_template('index.html', TITLE='Flask-01', CONTENT=contents, menu=menu) @app.route('/rahasia') @login_required def rahasia(): return '<h1>Luke dies!<h1>' @app.route('/testdb') def testdb(): import psycopg2 con = psycopg2.connect( 'dbname=flask01 user=devuser password=devpassword host=postgres') cur = con.cursor() cur.execute('select * from page;') id, title = cur.fetchone() con.close() return 'Output table page: {} - {}'.format(id, title) return app
index_view=HomeAdminView(name='Главная')) admin.add_view(PostAdminView(Post, db.session, name='Посты')) admin.add_view(TagAdminView(Tag, db.session, name='Теги')) admin.add_view(UserAdminView(User, db.session, name='Пользователи')) admin.add_view(AdminView(Role, db.session, name='Роли')) admin.add_view(FeedBackAdminView(Feedback, db.session, name='Отзывы')) admin.add_view(AllAdminView(Tablenso, db.session, name='НСО')) admin.add_view(AllAdminView(Aggregates, db.session, name='Структурность')) admin.add_view( AllAdminView(Bulkweight, db.session, name='Равновесная плотность')) admin.add_view(AllAdminView(Deflation, db.session, name='Дефляция')) admin.add_view(AllAdminView(Erosion, db.session, name='Эрозия')) admin.add_view( AllAdminView(Granulometry, db.session, name='Гранулометрический состав')) admin.add_view(AllAdminView(Humus, db.session, name='Содержание гумуса')) admin.add_view(AllAdminView(Moisture, db.session, name='Продуктивная влага')) admin.add_view(AllAdminView(Ph, db.session, name='Кислотность')) admin.add_view(AllAdminView(Phosphorus, db.session, name='Подвижный фосфор')) admin.add_view(AllAdminView(Potassium, db.session, name='Подвижный калий')) admin.add_view( AllAdminView(Power, db.session, name='Мощность гумусового горизонта')) admin.add_view(AllAdminView(Salinization, db.session, name='Засоление почв')) admin.add_view(AllAdminView(Solonetzes, db.session, name='Виды солонцов')) admin.add_view( AllAdminView(Water_resistant, db.session, name='Водопрочные агрегаты')) admin.add_view(AllAdminView(Xoz, db.session, name='Хозяйства')) # Flask-security user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore)
def create_app(config_name): """ Application factory """ # Flask init app = Flask(__name__) # most of the work done right here. Thanks, Flask! app.config.from_object('settings') # load my settings which pull from .env ''' FLASK EXTENTIONS ''' db.init_app(app) # load my database extension from .models import User, Role user_datastore = SQLAlchemyUserDatastore(db, User, Role) # load my security extension security.init_app(app, user_datastore, confirm_register_form=ExtendedRegisterForm) mail.init_app(app) # load my mail extensioin # load my writing tool extension md = Markdown(app, extensions=['fenced_code', 'tables']) migrate.init_app(app, db) # load my database updater tool moment.init_app(app) # time formatting jwt.init_app(app) #### # ASSETS ### assets.init_app(app) js = Bundle('vendor/bootstrap/js/bootstrap.bundle.min.js', 'vendor/jquery-easing/jquery.easing.min.js', 'js/sb-admin-2.min.js', filters='jsmin', output='js/packed.js') sass = Bundle('scss/custom.scss', filters='scss', output='css/custom.css') all_css = Bundle( sass, # add more CSS files here filters='cssmin', output="css/packed.css") # EXTENSIONS THAT SOMETIMES CRASH # TODO: don't be lazy, Mr. A, get rid of this try-except try: assets.register('js_all', js) assets.register('all_css', all_css) admin.init_app(app) ckeditor.init_app(app) from .models import Post, Buzz # importing models carefully as needed to avoid circular import issues from .models.main import UserAdmin, RoleAdmin # not db tables admin.add_view(UserAdmin(User, db.session)) admin.add_view(RoleAdmin(Role, db.session)) admin.add_view(RoleAdmin(Post, db.session)) admin.add_view(RoleAdmin(Buzz, db.session)) # Add new models here so you can manage data from Flask-Admin's convenient tools except Exception as e: app.logger.error(f'Failed activating extensions: {e}') # TODO: Setup sentry.io! # sentry_sdk.init(dsn="", integrations=[FlaskIntegration()]) # activate the flaskinni blueprint (blog, user settings, and other basic routes) from .main import main as main_blueprint app.register_blueprint(main_blueprint) # activate API blueprint: https://stackoverflow.com/questions/38448618/using-flask-restful-as-a-blueprint-in-large-application jwt.init_app(app) # bolt on our Javascript Web Token tool from .api import api_blueprint restful = Api(api_blueprint, prefix="/api/v1") from .api import add_resources add_resources(restful) app.register_blueprint( api_blueprint ) # registering the blueprint effectively runs init_app on the restful extension # Callback function to check if a JWT exists in the redis blocklist @jwt.token_in_blocklist_loader def check_if_token_is_revoked(jwt_header, jwt_payload): jti = jwt_payload["jti"] return models.RevokedTokenModel.is_jti_blocklisted(jti) # --- NEW BLUEPRINTS GO BELOW THIS LINE --- # custom error handlers, these call the functions at the top of the file app.register_error_handler(500, crash_page) app.register_error_handler(404, page_not_found) app.register_error_handler(403, page_forbidden) # Executes before the first request is processed. @app.before_first_request def before_first_request(): """ What do we do before we respond to the first request """ # Create any database tables that don't exist yet. db.create_all() # Create the Roles "admin" and "end-user" -- unless they already exist user_datastore.find_or_create_role(name='admin', description='Administrator') user_datastore.find_or_create_role(name='end-user', description='End user') # Create two Users for testing purposes -- unless they already exists. # In each case, use Flask-Security utility function to encrypt the password. encrypted_password = utils.encrypt_password( app.config['STARTING_ADMIN_PASS']) for email in app.config['STARTING_ADMINS']: if not user_datastore.get_user(email): user_datastore.create_user(email=email, password=encrypted_password) # Commit any database changes; the User and Roles must exist before we can add a Role to the User db.session.commit() for email in app.config['STARTING_ADMINS']: user_datastore.add_role_to_user(email, 'admin') confirmed_admin = user_datastore.get_user(email) confirmed_admin.confirmed_at = datetime.utcnow() db.session.commit() @app.before_request def before_request(): """ What we do before every single handled request """ if current_user.is_authenticated: first_time = True if not current_user.last_seen else False current_user.last_seen = datetime.utcnow() db.session.commit() return app
# !/usr/bin/env python # coding=utf8 # Author: quheng import sys sys.path.append("..") from manager import db, app from admin.admin_models import Role from admin.admin_models import Manager from flask_security import SQLAlchemyUserDatastore from flask_security.utils import encrypt_password import key with app.app_context(): user_role = Role(name='user') super_user_role = Role(name='superuser') db.session.add(user_role) db.session.add(super_user_role) db.session.commit() user_datastore = SQLAlchemyUserDatastore(db, Manager, Role) test_user = user_datastore.create_user(\ first_name=key.MANAGER_NAME,\ email=key.MAIL_USERNAME,\ password=encrypt_password(key.MANAGER_PASSWORD),\ roles=[user_role, super_user_role]) db.session.commit()
#!/usr/bin/env python # -*- coding: utf-8 -*- from models import User, Role from config import app, db from flask_security.utils import encrypt_password from flask_security import Security, SQLAlchemyUserDatastore, \ UserMixin, RoleMixin, login_required, current_user db.drop_all() db.create_all() user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) with app.app_context(): user_role = Role(name='user') super_user_role = Role(name='superuser') db.session.add(user_role) db.session.add(super_user_role) db.session.commit() test_user = user_datastore.create_user( username='******', password=encrypt_password('admin'), active=True, roles=[user_role, super_user_role], )
def test_no_sms(app, get_message): # Make sure that don't require tf_phone_number if SMS isn't an option. from sqlalchemy import ( Boolean, Column, Integer, String, ) from sqlalchemy.orm import relationship, backref from flask_sqlalchemy import SQLAlchemy from flask_security.models import fsqla_v2 as fsqla from flask_security import Security, UserMixin, hash_password app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:" db = SQLAlchemy(app) fsqla.FsModels.set_db_info(db) class Role(db.Model, fsqla.FsRoleMixin): pass class User(db.Model, UserMixin): id = Column(Integer, primary_key=True) email = Column(String(255), unique=True, nullable=False) password = Column(String(255), nullable=False) active = Column(Boolean(), nullable=False) # Faster token checking fs_uniquifier = Column(String(64), unique=True, nullable=False) # 2FA tf_primary_method = Column(String(64), nullable=True) tf_totp_secret = Column(String(255), nullable=True) roles = relationship("Role", secondary="roles_users", backref=backref("users", lazy="dynamic")) with app.app_context(): db.create_all() ds = SQLAlchemyUserDatastore(db, User, Role) app.security = Security(app, datastore=ds) with app.app_context(): client = app.test_client() ds.create_user( email="*****@*****.**", password=hash_password("password"), ) ds.commit() data = dict(email="*****@*****.**", password="******") client.post("/login", data=data, follow_redirects=True) with app.mail.record_messages() as outbox: response = client.post("/tf-setup", data=dict(setup="email"), follow_redirects=True) msg = b"To complete logging in, please enter the code sent to your mail" assert msg in response.data code = outbox[0].body.split()[-1] # sumbit right token and show appropriate response response = client.post("/tf-validate", data=dict(code=code), follow_redirects=True) assert b"You successfully changed your two-factor method" in response.data
def __init__(self, db, user_moel): SQLAlchemyUserDatastore.__init__(self, db, user_moel, None)
def create_app(config_cls): """ 创建 Flask 实例 :param config_cls: 配置类 :return: """ app = Flask(__name__) app.config.from_object(config_cls) db.init_app(app) migrate.init_app(app, db) babel.init_app(app) # Excel 操作库 excel.init_excel(app) # 创建后台管理模块 from app.models import Game, Hero, Quotation, User, Role _admin = Admin( app, name=u'后台管理系统', base_template='admin/my_master.html', index_view=MyHomeView(), template_mode='bootstrap3' ) _admin.add_view(DataManageView(name=u'导入导出管理', endpoint='manage')) _admin.add_view(MySuperUserModelView(Game, db.session, name=u'游戏')) _admin.add_view(MySuperUserModelView(Hero, db.session, name=u'英雄角色')) _admin.add_view(MySuperUserModelView(Quotation, db.session, name=u'语录')) _admin.add_view(UserModelView(User, db.session, name=u'用户管理')) _admin.add_view(MySuperUserModelView(Role, db.session, name=u'用户角色管理')) # 创建权限控制实例 user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) # 定义一个上下文处理器,用于将 flask-admin 的模板上下文合并到 flask-security 视图。 @security.context_processor def security_context_processor(): return dict( admin_base_template=_admin.base_template, admin_view=_admin.index_view, h=admin_helpers, get_url=url_for ) # 注册错误处理模块蓝图 from app.errors import bp as errors_bp app.register_blueprint(errors_bp) # 注册主模块蓝图 from app.main import bp as main_bp app.register_blueprint(main_bp) # 注册 api 接口模块蓝图 from app.api import bp as api_bp app.register_blueprint(api_bp, url_prefix='/api') return app
def create_app(): myapp = Flask(__name__) myapp.config['DEBUG'] = True myapp.config['SECRET_KEY'] = 'super-secret' myapp.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite://' # As of Flask-SQLAlchemy 2.4.0 it is easy to pass in options directly to the # underlying engine. This option makes sure that DB connections from the # pool are still valid. Important for entire application since # many DBaaS options automatically close idle connections. myapp.config["SQLALCHEMY_ENGINE_OPTIONS"] = { "pool_pre_ping": True, } myapp.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False myapp.config['SECURITY_PASSWORD_SALT'] = 'onetwothreefourfive' myapp.config['SECURITY_REGISTERABLE'] = True myapp.config['SECURITY_CONFIRMABLE'] = False myapp.config['SECURITY_RECOVERABLE'] = True myapp.config['SECURITY_TRACKABLE'] = True myapp.config['SECURITY_CHANGEABLE'] = True myapp.config['MAIL_SERVER']='localhost' myapp.config['MAIL_PORT']=8025 db.init_app(myapp) mail.init_app(myapp) db_admin.init_app(myapp) from app.models import User, Role from app.forms import ExtendedRegisterForm user_datastore = SQLAlchemyUserDatastore(db, User, Role) security.init_app(myapp, datastore=user_datastore, register_form=ExtendedRegisterForm, confirm_register_form=ExtendedRegisterForm) from app.main import bp as main_bp myapp.register_blueprint(main_bp) from app.db_admin import bp as db_admin_bp myapp.register_blueprint(db_admin_bp) # This is junk. This should be in the security blueprint, but the "myapp" variable is not # available there, so I had to register it here. # I thought I could put connect_via(bp), but that didn't work # Here are some hints for fixing this # https://stackoverflow.com/questions/16163139/catch-signals-in-flask-blueprint # https://stackoverflow.com/questions/57866541/how-to-get-user-registered-signal-in-flask-user # https://stackoverflow.com/questions/17146724/setting-a-default-role-in-flask-security?rq=1 @user_registered.connect_via(myapp) def user_registered_sighandler(app, user, confirm_token): default_role = user_datastore.find_role("user") user_datastore.add_role_to_user(user, default_role) db.session.commit() # debug only for testing. app_context = myapp.app_context() app_context.push() db.create_all() # Create the Roles "admin" and "end-user" -- unless they already exist user_datastore.find_or_create_role(name='admin', description='Administrator') user_datastore.find_or_create_role(name='user', description='End user') user_datastore.create_user(email='*****@*****.**', password='******') user_datastore.create_user(email='*****@*****.**', password='******') db.session.commit() # Give one User has the "end-user" role, while the other has the "admin" role. (This will have no effect if the # Users already have these Roles.) Again, commit any database changes. user_datastore.add_role_to_user('*****@*****.**', 'user') user_datastore.add_role_to_user('*****@*****.**', 'admin') db.session.commit() return myapp
def create_app(db_connection_string=None, testing=None): app = Flask(__name__) try: secret_key = faraday.server.config.faraday_server.secret_key except Exception: # Now when the config file does not exist it doesn't enter in this # condition, but it could happen in the future. TODO check save_new_secret_key(app) else: if secret_key is None: # This is what happens now when the config file doesn't exist. # TODO check save_new_secret_key(app) else: app.config['SECRET_KEY'] = secret_key if faraday.server.config.faraday_server.agent_token is None: save_new_agent_creation_token() login_failed_message = ("Invalid username or password", 'error') app.config.update({ 'SECURITY_PASSWORD_SINGLE_HASH': True, 'WTF_CSRF_ENABLED': False, 'SECURITY_USER_IDENTITY_ATTRIBUTES': ['username'], 'SECURITY_POST_LOGIN_VIEW': '/_api/session', 'SECURITY_POST_LOGOUT_VIEW': '/_api/login', 'SECURITY_POST_CHANGE_VIEW': '/_api/change', 'SECURITY_CHANGEABLE': True, 'SECURITY_SEND_PASSWORD_CHANGE_EMAIL': False, 'SECURITY_MSG_USER_DOES_NOT_EXIST': login_failed_message, 'SECURITY_TOKEN_AUTHENTICATION_HEADER': 'Authorization', # The line bellow should not be necessary because of the # CustomLoginForm, but i'll include it anyway. 'SECURITY_MSG_INVALID_PASSWORD': login_failed_message, 'SESSION_TYPE': 'filesystem', 'SESSION_FILE_DIR': faraday.server.config.FARADAY_SERVER_SESSIONS_DIR, 'SQLALCHEMY_TRACK_MODIFICATIONS': False, 'SQLALCHEMY_RECORD_QUERIES': True, # app.config['SQLALCHEMY_ECHO'] = True 'SECURITY_PASSWORD_SCHEMES': [ 'bcrypt', # This should be the default value # 'des_crypt', 'pbkdf2_sha1', # Used by CouchDB passwords # 'pbkdf2_sha256', # 'pbkdf2_sha512', # 'sha256_crypt', # 'sha512_crypt', 'plaintext', # TODO: remove it ], 'PERMANENT_SESSION_LIFETIME': datetime.timedelta(hours=12), 'SESSION_COOKIE_NAME': 'faraday_session_2', 'SESSION_COOKIE_SAMESITE': 'Lax', }) store = FilesystemStore(app.config['SESSION_FILE_DIR']) prefixed_store = PrefixDecorator('sessions_', store) KVSessionExtension(prefixed_store, app) user_logged_in.connect(user_logged_in_succesfull, app) user_logged_out.connect(expire_session, app) storage_path = faraday.server.config.storage.path if not storage_path: logger.warn( 'No storage section or path in the .faraday/config/server.ini. Setting the default value to .faraday/storage' ) storage_path = setup_storage_path() if not DepotManager.get('default'): if testing: DepotManager.configure('default', {'depot.storage_path': '/tmp'}) else: DepotManager.configure('default', {'depot.storage_path': storage_path}) check_testing_configuration(testing, app) try: app.config[ 'SQLALCHEMY_DATABASE_URI'] = db_connection_string or faraday.server.config.database.connection_string.strip( "'") except AttributeError: logger.info( 'Missing [database] section on server.ini. Please configure the database before running the server.' ) except NoOptionError: logger.info( 'Missing connection_string on [database] section on server.ini. Please configure the database before running the server.' ) from faraday.server.models import db # pylint:disable=import-outside-toplevel db.init_app(app) #Session(app) # Setup Flask-Security app.user_datastore = SQLAlchemyUserDatastore( db, user_model=User, role_model=None) # We won't use flask security roles feature Security(app, app.user_datastore, login_form=CustomLoginForm) # Make API endpoints require a login user by default. Based on # https://stackoverflow.com/questions/13428708/best-way-to-make-flask-logins-login-required-the-default app.view_functions['security.login'].is_public = True app.view_functions['security.logout'].is_public = True app.debug = faraday.server.config.is_debug_mode() minify_json_output(app) for handler in LOGGING_HANDLERS: app.logger.addHandler(handler) app.logger.propagate = False register_blueprints(app) register_handlers(app) app.view_functions['agent_api.AgentCreationView:post'].is_public = True return app
model.generate_slug() return super(BaseModelView, self).on_model_change(form, model, is_created) class AdminView(AdminMixin, ModelView): pass class HomeAdminView(AdminMixin, AdminIndexView): pass class PostAdminView(AdminMixin, BaseModelView): form_columns = ['title', 'body', 'tags'] class TagAdminView(AdminMixin, BaseModelView): form_columns = ['name', 'posts'] admin = Admin(app, 'FlaskApp', url='/', index_view=HomeAdminView('Home')) admin.add_view(PostAdminView(Post, database.session)) admin.add_view(TagAdminView(Tag, database.session)) # Flask security user_datastore = SQLAlchemyUserDatastore(database, User, Role) security = Security(app, user_datastore) import views
def test_uuid(app, request, tmpdir, realdburl): """ Test that UUID extension of postgresql works as a primary id for users """ import uuid from flask_sqlalchemy import SQLAlchemy from sqlalchemy import Boolean, Column, DateTime, Integer, ForeignKey, String from sqlalchemy.dialects.postgresql import UUID from sqlalchemy.orm import relationship, backref from flask_security import SQLAlchemyUserDatastore from conftest import _setup_realdb, _teardown_realdb # UUID type only supported by postgres - not sqlite. if not realdburl or "postgres" not in realdburl: skip("This test only works on postgres") db_url, db_info = _setup_realdb(realdburl) app.config["SQLALCHEMY_DATABASE_URI"] = db_url db = SQLAlchemy(app) class RolesUsers(db.Model): __tablename__ = "roles_users" id = Column(Integer(), primary_key=True) user_id = Column("user_id", UUID(as_uuid=True), ForeignKey("user.id")) role_id = Column("role_id", UUID(as_uuid=True), ForeignKey("role.id")) class User(db.Model, UserMixin): __tablename__ = "user" id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4, index=True) email = Column(String(255), unique=True) first_name = Column(String(255), index=True) last_name = Column(String(255), index=True) username = Column(String(255), unique=True) password = Column(String(255)) active = Column(Boolean()) created_at = Column(DateTime, default=datetime.datetime.utcnow) confirmed_at = Column(DateTime()) roles = relationship("Role", secondary="roles_users", backref=backref("users", lazy="dynamic")) class Role(db.Model, RoleMixin): __tablename__ = "role" id = Column(UUID(as_uuid=True), primary_key=True, default=uuid.uuid4, index=True) name = Column(String(80), unique=True) description = Column(String(255)) # __hash__ is required to avoid the exception # TypeError: unhashable type: 'Role' when saving a User def __hash__(self): return hash(self.name) with app.app_context(): db.create_all() def tear_down(): db.drop_all() _teardown_realdb(db_info) request.addfinalizer(tear_down) ds = SQLAlchemyUserDatastore(db, User, Role) app.security = Security(app, datastore=ds) with app.app_context(): user = ds.get_user("*****@*****.**") assert not user
import app from flask_security import Security, SQLAlchemyUserDatastore user_datastore = SQLAlchemyUserDatastore(app.db, app.models.User, app.models.Role) security = Security(app, user_datastore)
# security/__init__.py from flask import url_for from flask_admin import helpers from flask_security import Security, SQLAlchemyUserDatastore from flask_security.utils import hash_password from backend import server from backend.extensions import admin, db from .models import UserModel, RolesModel from .utilities import ExtendedLoginForm user_datastore = SQLAlchemyUserDatastore(db, UserModel, RolesModel) security = Security(server, user_datastore, login_form=ExtendedLoginForm) # Create a user to test with @server.before_first_request def create_user(): if not UserModel.find(1): user_datastore.create_role(name="user") user_datastore.create_role(name="superuser") user_datastore.create_user(username='******', password=hash_password( server.config['DEFAULT_PASSWORD']), roles=["superuser"]) db.session.commit() @security.context_processor
return True def is_admin(self): if db.session.query(Profile).filter_by( username=self.username).join(Role).filter( self.fk_roles == Role.id).first(): return True else: return False def get_id(self): return self.id # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, Profile, Role) security = Security(app, user_datastore) def createResponse(status): response = jsonify({ 'status': status, }) return response def polygonCoords(coords): coordsList = list(coords) previousCommaRemoved = False for index, char in enumerate(coordsList):
from datetime import date from flask_security.utils import hash_password from flask_security import AnonymousUser, SQLAlchemyUserDatastore from meltano.api.models.security import db, User, Role, RolePermissions users = SQLAlchemyUserDatastore(db, User, Role) SEED_USERS = [ { "username": "******", "email": "*****@*****.**", "password": "******", "confirmed_at": date(2000, 1, 1), "_roles": {"regular"}, }, { "username": "******", "email": "*****@*****.**", "password": "******", "confirmed_at": date(2000, 1, 1), "_roles": {"admin"}, }, ] class FreeUser: """ FreeUser is free to do everything and has no limits.
def create_app(script_info=None): from logging.config import dictConfig # Set up logging at DEBUG level ... # From here: http://flask.pocoo.org/docs/dev/logging/ dictConfig({ 'version': 1, 'formatters': {'default': { 'format': '[%(asctime)s] %(levelname)s in %(module)s: %(message)s', }}, 'handlers': {'wsgi': { 'class': 'logging.StreamHandler', 'stream': 'ext://flask.logging.wsgi_errors_stream', 'formatter': 'default' }}, 'root': { 'level': 'DEBUG', 'handlers': ['wsgi'] } }) # instantiate the app app = Flask( __name__, template_folder="../client/templates", static_folder="../client/static", ) # set config app_settings = os.getenv( "APP_SETTINGS", "coffeeshop.server.config.DevelopmentConfig" ) app.config.from_object(app_settings) # set up extensions bcrypt.init_app(app) toolbar.init_app(app) bootstrap.init_app(app) db.init_app(app) migrate.init_app(app, db) # register blueprints from coffeeshop.server.user.views import user_blueprint from coffeeshop.server.main.views import main_blueprint from coffeeshop.server.shop.views import coffee_blueprint app.register_blueprint(user_blueprint) app.register_blueprint(main_blueprint) app.register_blueprint(coffee_blueprint) # flask security from coffeeshop.server.models import User, Role from coffeeshop.server.user.forms import ExtendedRegisterForm datastore = SQLAlchemyUserDatastore(db, User, Role) security_ctx = security.init_app( app, datastore, register_form=ExtendedRegisterForm # extend the register ) # jinja2 filters from .filters import env_override app.jinja_env.filters['env_override'] = env_override # error handlers @app.errorhandler(401) def unauthorized_page(error): return render_template("errors/401.html"), 401 @app.errorhandler(403) def forbidden_page(error): return render_template("errors/403.html"), 403 @app.errorhandler(404) def page_not_found(error): return render_template("errors/404.html"), 404 @app.errorhandler(500) def server_error_page(error): return render_template("errors/500.html"), 500 # shell context for flask cli @app.shell_context_processor def ctx(): return {"app": app, "db": db} # flask-uploads configure_uploads(app, (photos, )) patch_request_class(app, None) # GNU Terry Pratchett @app.after_request def gnu_terry_pratchett(resp): resp.headers.add("X-Clacks-Overhead", "GNU Terry Pratchett") return resp return app
def create_app(config_name): """An application factory, as explained here: http://flask.pocoo.org/docs/patterns/appfactories/ @param config_name: The configuration object to use. """ app = Flask(__name__) app.config.from_object(config[config_name] or config[os.getenv('BG_CONFIG')]) app.config.from_envvar('BG_SETTINGS', silent=True) config[config_name].init_app(app) db.init_app(app) # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) from app.users.forms import ExtendedRegisterForm security.init_app(app, user_datastore, register_form=ExtendedRegisterForm) bootstrap.init_app(app) mail.init_app(app) moment.init_app(app) migrate.init_app(app, db) md = Markdown(app, output_format='html5', extensions=['fenced_code', 'tables', 'abbr', 'footnotes']) pages.init_app(app) csrf.init_app(app) register_adminviews(app) app.jinja_env.filters['alert_class'] = alert_class_filter # WTForms helpers from .utils import add_helpers add_helpers(app) if not app.debug: import logging from logging.handlers import SMTPHandler mail_handler = SMTPHandler(mailhost=app.config['MAIL_SERVER'], fromaddr=app.config['ADMINS_FROM_EMAIL'], toaddrs=app.config['ADMINS_EMAIL'], subject='Application Error Occurred') mail_handler.setLevel(logging.ERROR) app.logger.addHandler(mail_handler) register_blueprints(app) register_commands(app) # Create the bg_interface directory if it does not exist directory = os.path.join(os.path.dirname(BASE_DIR), 'bg_interface') if not os.path.exists(directory): os.makedirs(directory) with app.app_context(): db.create_all() if not User.query.first(): # Create a default admin user if there is no user in the database user_datastore.create_role(name='admin') user_datastore.create_user(name='Administration Account', email='*****@*****.**', password=encrypt_password('password'), roles=['admin']) db.session.commit() app.logger.info('Created admin user [email protected]') return app
def upgrade(): # ### commands auto generated by Alembic - please adjust! ### if get_version() != -1: return email, password = user_info() op.create_table('version', sa.Column('name', sa.String(length=32), nullable=False), sa.Column('value', sa.Integer(), nullable=False), sa.PrimaryKeyConstraint('name')) op.create_table( 'user', sa.Column('id', sa.Integer(), nullable=False), sa.Column('email', sa.String(length=256), nullable=False), sa.Column('password', sa.String(length=256), nullable=True), sa.Column('active', sa.Boolean(), nullable=False), sa.Column('confirmed_at', sa.DateTime(), nullable=True), sa.PrimaryKeyConstraint('id'), sa.UniqueConstraint('email')) op.create_table( 'role', sa.Column('id', sa.Integer(), nullable=False), sa.Column('name', sa.String(length=128), nullable=False), sa.Column('description', sa.String(length=256), nullable=False), sa.PrimaryKeyConstraint('id'), sa.UniqueConstraint('name')) op.create_table( 'setting', sa.Column('user_id', sa.Integer(), nullable=False), sa.Column('setting', sa.String(length=256), nullable=False), sa.Column('value', sa.String(length=1024), nullable=True), sa.ForeignKeyConstraint( ['user_id'], ['user.id'], ), sa.PrimaryKeyConstraint('user_id', 'setting')) op.create_table('roles_users', sa.Column('user_id', sa.Integer(), nullable=True), sa.Column('role_id', sa.Integer(), nullable=True), sa.ForeignKeyConstraint( ['role_id'], ['role.id'], ), sa.ForeignKeyConstraint( ['user_id'], ['user.id'], )) op.create_table('servergroup', sa.Column('id', sa.Integer(), nullable=False), sa.Column('user_id', sa.Integer(), nullable=False), sa.Column('name', sa.String(length=128), nullable=False), sa.ForeignKeyConstraint( ['user_id'], ['user.id'], ), sa.PrimaryKeyConstraint('id'), sa.UniqueConstraint('user_id', 'name')) op.create_table( 'server', sa.Column('id', sa.Integer(), nullable=False), sa.Column('user_id', sa.Integer(), nullable=False), sa.Column('servergroup_id', sa.Integer(), nullable=False), sa.Column('name', sa.String(length=128), nullable=False), sa.Column('host', sa.String(length=128), nullable=False), sa.Column('port', sa.Integer(), nullable=False), sa.Column('maintenance_db', sa.String(length=64), nullable=False), sa.Column('username', sa.String(length=64), nullable=False), sa.Column('ssl_mode', sa.String(length=16), nullable=False), sa.ForeignKeyConstraint( ['servergroup_id'], ['servergroup.id'], ), sa.ForeignKeyConstraint( ['user_id'], ['user.id'], ), sa.PrimaryKeyConstraint('id')) db.engine.execute(""" INSERT INTO "role" VALUES(1, 'Administrators', 'pgAdmin Administrators Role') """) db.engine.execute(""" INSERT INTO "roles_users" VALUES(1, 1); """) db.engine.execute(""" INSERT INTO "servergroup" VALUES(1, 1, 'Servers') """) current_salt = getattr(config, 'SECURITY_PASSWORD_SALT', base64.urlsafe_b64encode(os.urandom(32)).decode()) if current_app.extensions.get('security') is None: current_app.config['SECURITY_PASSWORD_SALT'] = current_salt user_datastore = SQLAlchemyUserDatastore(db, User, Role) Security(current_app, user_datastore, register_blueprint=False) else: current_app.config['SECURITY_PASSWORD_SALT'] = current_salt setattr(config, 'SECURITY_PASSWORD_SALT', current_salt) password = encrypt_password(password) db.engine.execute(""" INSERT INTO "user" VALUES(1, '%s', '%s', 1, NULL) """ % (email, password)) db.engine.execute(""" INSERT INTO "version" VALUES('ConfigDB', 2); """)
def create_app(): app = Flask(__name__, instance_relative_config=True, template_folder="templates", static_url_path="") app.config.from_pyfile("default.py") app.config.from_envvar("APP_CONFIG_FILE", silent=True) heroku = Heroku() heroku.init_app(app) db.init_app(app) migrate = Migrate(compare_type=True) migrate.init_app(app, db) admin = Admin(app) admin.add_view(AdminModelView(Event, db.session)) admin.add_link(MenuLink(name="Website", endpoint="index")) admin.add_link(MenuLink(name="Login", url="/login")) admin.add_link(MenuLink(name="Logout", url='/logout')) user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(app, user_datastore) @app.context_processor def inject_now(): return {'now': datetime.utcnow()} @security.context_processor def security_context_processor(): return dict(admin_base_template=admin.base_template, admin_view=admin.index_view, get_url=url_for, h=helpers) @app.before_first_request def create_user(): role = user_datastore.find_or_create_role("admin") # password = os.environ.get('ADMIN_PASSWORD') if not User.query.filter_by(email=ADMIN_EMAIL).first(): user = user_datastore.create_user(email=ADMIN_EMAIL, password=ADMIN_PASSWORD) user_datastore.add_role_to_user(user, role) db.session.commit() @app.route('/') @app.route('/index') def index(): events = Event.query.filter(Event.date > datetime.utcnow()).order_by( Event.date) return render_template('index.html', events=events) @app.route('/our_work') def our_work(): current = "our_work" return render_template('our_work.html', current=current) @app.route('/signup', methods=['POST']) def signup(): email = request.form.get('email') api_key = os.environ.get('MAILCHIMP_API_KEY') if not api_key or not email: flash( 'Sorry, there was an error during signup. Please come back later and try again!' ) return redirect(url_for('index')) server_number = api_key[-4:] url = f"https://{server_number}.api.mailchimp.com/3.0/lists/{LIST_ID}/members" headers = { 'content-type': 'application/json', 'Authorization': f"Basic {api_key}" } data = {'email_address': email, 'status': 'subscribed'} response = requests.post(url, headers=headers, data=json.dumps(data)) if response.ok or response.json().get('title') == 'Member Exists': flash('Thanks for signing up to our newsletter!') else: flash( 'Sorry, there was an error during signup. Please come back later and try again!' ) return redirect(url_for('index')) return app
email = DB.Column(DB.String(255), unique=True) password = DB.Column(DB.String(255)) name = DB.Column(DB.String(255)) age = DB.Column(DB.Integer) active = DB.Column(DB.Boolean()) confirmed_at = DB.Column(DB.DateTime()) roles = DB.relationship('Role', secondary=roles_users, backref=DB.backref('users', lazy='dynamic')) class ExtendedConfirmRegisterForm(ConfirmRegisterForm): name = StringField('Name') age = IntegerField('Age') USER_DATASTORE = SQLAlchemyUserDatastore(DB, User, Role) SECURITY = Security(APP, USER_DATASTORE, confirm_register_form=ExtendedConfirmRegisterForm) @APP.route('/') def index(): return 'This is an unprotected page' @APP.route('/protected') @login_required def protected(): return f'This is a <b>protected</b> page and your email is {current_user.email}' @APP.route('/roleprotected')
# Create an admin profile. Useful for setting up the first admin when deployed # on Heroku. from flask_security.utils import encrypt_password from flask_security import SQLAlchemyUserDatastore from app import app from app import db from app.models import Role, User user_datastore = SQLAlchemyUserDatastore(db, User, Role) with app.app_context(): super_user_role = Role(name='superuser') user_role = Role(name='user') db.session.add(super_user_role) db.session.add(user_role) db.session.commit() first_admin = user_datastore.create_user( email='admin', password=encrypt_password('admin'), roles=[user_role, super_user_role] ) db.session.add(first_admin) db.session.commit()
def create_app(app_name=None): # Configuration settings import config if not app_name: app_name = config.APP_NAME # Check if app is created for CLI operations or Web cli_mode = False if app_name.endswith('-cli'): cli_mode = True # Only enable password related functionality in server mode. if config.SERVER_MODE is True: # Some times we need to access these config params where application # context is not available (we can't use current_app.config in those # cases even with current_app.app_context()) # So update these params in config itself. # And also these updated config values will picked up by application # since we are updating config before the application instance is # created. config.SECURITY_RECOVERABLE = True config.SECURITY_CHANGEABLE = True # Now we'll open change password page in alertify dialog # we don't want it to redirect to main page after password # change operation so we will open the same password change page again. config.SECURITY_POST_CHANGE_VIEW = 'browser.change_password' """Create the Flask application, startup logging and dynamically load additional modules (blueprints) that are found in this directory.""" app = PgAdmin(__name__, static_url_path='/static') # Removes unwanted whitespace from render_template function app.jinja_env.trim_blocks = True app.config.from_object(config) app.config.update(dict(PROPAGATE_EXCEPTIONS=True)) ########################################################################## # Setup logging and log the application startup ########################################################################## # We won't care about errors in the logging system, we are more # interested in application errors. logging.raiseExceptions = False # Add SQL level logging, and set the base logging level logging.addLevelName(25, 'SQL') app.logger.setLevel(logging.DEBUG) app.logger.handlers = [] # We also need to update the handler on the webserver in order to see # request. Setting the level prevents werkzeug from setting up it's own # stream handler thus ensuring all the logging goes through the pgAdmin # logger. logger = logging.getLogger('werkzeug') logger.setLevel(config.CONSOLE_LOG_LEVEL) # Set SQLITE_PATH to TEST_SQLITE_PATH while running test cases if ( 'PGADMIN_TESTING_MODE' in os.environ and os.environ['PGADMIN_TESTING_MODE'] == '1' ): config.SQLITE_PATH = config.TEST_SQLITE_PATH config.MASTER_PASSWORD_REQUIRED = False config.UPGRADE_CHECK_ENABLED = False if not cli_mode: # Ensure the various working directories exist from pgadmin.setup import create_app_data_directory create_app_data_directory(config) # File logging fh = logging.FileHandler(config.LOG_FILE, encoding='utf-8') fh.setLevel(config.FILE_LOG_LEVEL) fh.setFormatter(logging.Formatter(config.FILE_LOG_FORMAT)) app.logger.addHandler(fh) logger.addHandler(fh) # Console logging ch = logging.StreamHandler() ch.setLevel(config.CONSOLE_LOG_LEVEL) ch.setFormatter(logging.Formatter(config.CONSOLE_LOG_FORMAT)) app.logger.addHandler(ch) logger.addHandler(ch) # Log the startup app.logger.info('########################################################') app.logger.info('Starting %s v%s...', config.APP_NAME, config.APP_VERSION) app.logger.info('########################################################') app.logger.debug("Python syspath: %s", sys.path) ########################################################################## # Setup i18n ########################################################################## # Initialise i18n babel = Babel(app) app.logger.debug('Available translations: %s' % babel.list_translations()) @babel.localeselector def get_locale(): """Get the language for the user.""" language = 'en' if config.SERVER_MODE is False: # Get the user language preference from the miscellaneous module if current_user.is_authenticated: user_id = current_user.id else: user = user_datastore.get_user(config.DESKTOP_USER) if user is not None: user_id = user.id user_language = Preferences.raw_value( 'misc', 'user_language', 'user_language', user_id ) if user_language is not None: language = user_language else: # If language is available in get request then return the same # otherwise check the session or cookie data = request.form if 'language' in data: language = data['language'] or language setattr(session, 'PGADMIN_LANGUAGE', language) elif hasattr(session, 'PGADMIN_LANGUAGE'): language = getattr(session, 'PGADMIN_LANGUAGE', language) elif hasattr(request.cookies, 'PGADMIN_LANGUAGE'): language = getattr( request.cookies, 'PGADMIN_LANGUAGE', language ) return language ########################################################################## # Setup authentication ########################################################################## app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///{0}?timeout={1}' \ .format(config.SQLITE_PATH.replace('\\', '/'), getattr(config, 'SQLITE_TIMEOUT', 500) ) # Override USER_DOES_NOT_EXIST and INVALID_PASSWORD messages from flask. app.config['SECURITY_MSG_USER_DOES_NOT_EXIST'] = \ app.config['SECURITY_MSG_INVALID_PASSWORD'] = \ (gettext("Incorrect username or password."), "error") # Create database connection object and mailer db.init_app(app) ########################################################################## # Upgrade the schema (if required) ########################################################################## with app.app_context(): # Run migration for the first time i.e. create database from config import SQLITE_PATH from pgadmin.setup import db_upgrade # If version not available, user must have aborted. Tables are not # created and so its an empty db if not os.path.exists(SQLITE_PATH) or get_version() == -1: # If running in cli mode then don't try to upgrade, just raise # the exception if not cli_mode: db_upgrade(app) else: if not os.path.exists(SQLITE_PATH): raise FileNotFoundError( 'SQLite database file "' + SQLITE_PATH + '" does not exists.') raise RuntimeError('Specified SQLite database file ' 'is not valid.') else: schema_version = get_version() # Run migration if current schema version is greater than the # schema version stored in version table if CURRENT_SCHEMA_VERSION >= schema_version: db_upgrade(app) # Update schema version to the latest if CURRENT_SCHEMA_VERSION > schema_version: set_version(CURRENT_SCHEMA_VERSION) db.session.commit() if os.name != 'nt': os.chmod(config.SQLITE_PATH, 0o600) Mail(app) # Don't bother paths when running in cli mode if not cli_mode: import pgadmin.utils.paths as paths paths.init_app(app) # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(None, user_datastore) ########################################################################## # Setup security ########################################################################## with app.app_context(): config.CSRF_SESSION_KEY = Keys.query.filter_by( name='CSRF_SESSION_KEY').first().value config.SECRET_KEY = Keys.query.filter_by( name='SECRET_KEY').first().value config.SECURITY_PASSWORD_SALT = Keys.query.filter_by( name='SECURITY_PASSWORD_SALT').first().value # Update the app.config with proper security keyes for signing CSRF data, # signing cookies, and the SALT for hashing the passwords. app.config.update(dict({ 'CSRF_SESSION_KEY': config.CSRF_SESSION_KEY, 'SECRET_KEY': config.SECRET_KEY, 'SECURITY_PASSWORD_SALT': config.SECURITY_PASSWORD_SALT, 'SESSION_COOKIE_DOMAIN': config.SESSION_COOKIE_DOMAIN, # CSRF Token expiration till session expires 'WTF_CSRF_TIME_LIMIT': getattr(config, 'CSRF_TIME_LIMIT', None), 'WTF_CSRF_METHODS': ['GET', 'POST', 'PUT', 'DELETE'], })) security.init_app(app, user_datastore) # register custom unauthorised handler. app.login_manager.unauthorized_handler(pga_unauthorised) # Set the permanent session lifetime to the specified value in config file. app.permanent_session_lifetime = timedelta( days=config.SESSION_EXPIRATION_TIME) if not cli_mode: app.session_interface = create_session_interface( app, config.SESSION_SKIP_PATHS ) # Make the Session more secure against XSS & CSRF when running in web mode if config.SERVER_MODE and config.ENHANCED_COOKIE_PROTECTION: paranoid = Paranoid(app) paranoid.redirect_view = 'browser.index' ########################################################################## # Load all available server drivers ########################################################################## driver.init_app(app) authenticate.init_app(app) ########################################################################## # Register language to the preferences after login ########################################################################## @user_logged_in.connect_via(app) def register_language(sender, user): # After logged in, set the language in the preferences if we get from # the login page data = request.form if 'language' in data: language = data['language'] # Set the user language preference misc_preference = Preferences.module('misc') user_languages = misc_preference.preference( 'user_language' ) if user_languages and language: language = user_languages.set(language) ########################################################################## # Register any local servers we can discover ########################################################################## @user_logged_in.connect_via(app) def on_user_logged_in(sender, user): # Keep hold of the user ID user_id = user.id # Get the first server group for the user servergroup_id = 1 servergroups = ServerGroup.query.filter_by( user_id=user_id ).order_by("id") if servergroups.count() > 0: servergroup = servergroups.first() servergroup_id = servergroup.id '''Add a server to the config database''' def add_server(user_id, servergroup_id, name, superuser, port, discovery_id, comment): # Create a server object if needed, and store it. servers = Server.query.filter_by( user_id=user_id, discovery_id=svr_discovery_id ).order_by("id") if servers.count() > 0: return svr = Server(user_id=user_id, servergroup_id=servergroup_id, name=name, host='localhost', port=port, maintenance_db='postgres', username=superuser, ssl_mode='prefer', comment=svr_comment, discovery_id=discovery_id) db.session.add(svr) db.session.commit() # Figure out what servers are present if winreg is not None: arch_keys = set() proc_arch = os.environ['PROCESSOR_ARCHITECTURE'].lower() try: proc_arch64 = os.environ['PROCESSOR_ARCHITEW6432'].lower() except Exception: proc_arch64 = None if proc_arch == 'x86' and not proc_arch64: arch_keys.add(0) elif proc_arch == 'x86' or proc_arch == 'amd64': arch_keys.add(winreg.KEY_WOW64_32KEY) arch_keys.add(winreg.KEY_WOW64_64KEY) for arch_key in arch_keys: for server_type in ('PostgreSQL', 'EnterpriseDB'): try: root_key = winreg.OpenKey( winreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\" + server_type + "\\Services", 0, winreg.KEY_READ | arch_key ) for i in range(0, winreg.QueryInfoKey(root_key)[0]): inst_id = winreg.EnumKey(root_key, i) inst_key = winreg.OpenKey(root_key, inst_id) svr_name = winreg.QueryValueEx( inst_key, 'Display Name' )[0] svr_superuser = winreg.QueryValueEx( inst_key, 'Database Superuser' )[0] svr_port = winreg.QueryValueEx(inst_key, 'Port')[0] svr_discovery_id = inst_id svr_comment = gettext( "Auto-detected {0} installation with the data " "directory at {1}").format( winreg.QueryValueEx( inst_key, 'Display Name' )[0], winreg.QueryValueEx( inst_key, 'Data Directory' )[0]) add_server( user_id, servergroup_id, svr_name, svr_superuser, svr_port, svr_discovery_id, svr_comment ) inst_key.Close() except Exception: pass else: # We use the postgres-winreg.ini file on non-Windows from configparser import ConfigParser registry = ConfigParser() try: registry.read('/etc/postgres-reg.ini') sections = registry.sections() # Loop the sections, and get the data from any that are PG or PPAS for section in sections: if ( section.startswith('PostgreSQL/') or section.startswith('EnterpriseDB/') ): svr_name = registry.get(section, 'Description') svr_superuser = registry.get(section, 'Superuser') # getint function throws exception if value is blank. # Ex: Port= # In such case we should handle the exception and continue # to read the next section of the config file. try: svr_port = registry.getint(section, 'Port') except ValueError: continue svr_discovery_id = section description = registry.get(section, 'Description') data_directory = registry.get(section, 'DataDirectory') svr_comment = gettext("Auto-detected {0} installation " "with the data directory at {1}" ).format(description, data_directory) add_server(user_id, servergroup_id, svr_name, svr_superuser, svr_port, svr_discovery_id, svr_comment) except Exception: pass @user_logged_in.connect_via(app) @user_logged_out.connect_via(app) def force_session_write(app, user): session.force_write = True @user_logged_in.connect_via(app) def store_crypt_key(app, user): # in desktop mode, master password is used to encrypt/decrypt # and is stored in the keyManager memory if config.SERVER_MODE and 'password' in request.form: current_app.keyManager.set(request.form['password']) @user_logged_out.connect_via(app) def current_user_cleanup(app, user): from config import PG_DEFAULT_DRIVER from pgadmin.utils.driver import get_driver from flask import current_app # remove key current_app.keyManager.reset() for mdl in current_app.logout_hooks: try: mdl.on_logout(user) except Exception as e: current_app.logger.exception(e) _driver = get_driver(PG_DEFAULT_DRIVER) _driver.gc_own() ########################################################################## # Load plugin modules ########################################################################## for module in app.find_submodules('pgadmin'): app.logger.info('Registering blueprint module: %s' % module) app.register_blueprint(module) app.register_logout_hook(module) @app.before_request def limit_host_addr(): """ This function validate the hosts from ALLOWED_HOSTS before allowing HTTP request to avoid Host Header Injection attack :return: None/JSON response with 403 HTTP status code """ client_host = str(request.host).split(':')[0] valid = True allowed_hosts = config.ALLOWED_HOSTS if len(allowed_hosts) != 0: regex = re.compile( r'\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?:/\d{1,2}|)') # Create separate list for ip addresses and host names ip_set = list(filter(lambda ip: regex.match(ip), allowed_hosts)) host_set = list(filter(lambda ip: not regex.match(ip), allowed_hosts)) is_ip = regex.match(client_host) if is_ip: ip_address = [] for ip in ip_set: ip_address.extend(list(ipaddress.ip_network(ip))) valid = ip_address.__contains__( ipaddress.ip_address(client_host) ) else: valid = host_set.__contains__(client_host) if not valid: return make_json_response( status=403, success=0, errormsg=_("403 FORBIDDEN") ) ########################################################################## # Handle the desktop login ########################################################################## @app.before_request def before_request(): """Login the default user if running in desktop mode""" # Check the auth key is valid, if it's set, and we're not in server # mode, and it's not a help file request. if not config.SERVER_MODE and app.PGADMIN_INT_KEY != '' and (( 'key' not in request.args or request.args['key'] != app.PGADMIN_INT_KEY) and request.cookies.get('PGADMIN_INT_KEY') != app.PGADMIN_INT_KEY and request.endpoint != 'help.static' ): abort(401) if not config.SERVER_MODE and not current_user.is_authenticated: user = user_datastore.get_user(config.DESKTOP_USER) # Throw an error if we failed to find the desktop user, to give # the sysadmin a hint. We'll continue to try to login anyway as # that'll through a nice 500 error for us. if user is None: app.logger.error( 'The desktop user %s was not found in the configuration ' 'database.' % config.DESKTOP_USER ) abort(401) login_user(user) elif config.SERVER_MODE and\ app.PGADMIN_EXTERNAL_AUTH_SOURCE ==\ KERBEROS and \ not current_user.is_authenticated and \ request.endpoint in ('redirects.index', 'security.login'): return authenticate.login() # if the server is restarted the in memory key will be lost # but the user session may still be active. Logout the user # to get the key again when login if config.SERVER_MODE and current_user.is_authenticated and \ app.PGADMIN_EXTERNAL_AUTH_SOURCE != \ KERBEROS and \ current_app.keyManager.get() is None and \ request.endpoint not in ('security.login', 'security.logout'): logout_user() @app.after_request def after_request(response): if 'key' in request.args: domain = dict() if config.COOKIE_DEFAULT_DOMAIN and \ config.COOKIE_DEFAULT_DOMAIN != 'localhost': domain['domain'] = config.COOKIE_DEFAULT_DOMAIN response.set_cookie('PGADMIN_INT_KEY', value=request.args['key'], path=config.COOKIE_DEFAULT_PATH, secure=config.SESSION_COOKIE_SECURE, httponly=config.SESSION_COOKIE_HTTPONLY, samesite=config.SESSION_COOKIE_SAMESITE, **domain) SecurityHeaders.set_response_headers(response) return response ########################################################################## # Cache busting ########################################################################## # Version number to be added to all static file url requests # This is used by url_for function when generating urls # This will solve caching issues when application is upgrading # This is called - Cache Busting @app.url_defaults def add_internal_version(endpoint, values): extensions = config.APP_VERSION_EXTN # Add the internal version only if it is set if config.APP_VERSION_PARAM is not None and \ config.APP_VERSION_PARAM != '': # If there is a filename, add the version if 'filename' in values \ and values['filename'].endswith(extensions): values[config.APP_VERSION_PARAM] = config.APP_VERSION_INT else: # Sometimes there may be direct endpoint for some files # There will be only one rule for such endpoints urls = [url for url in app.url_map.iter_rules(endpoint)] if len(urls) == 1 and urls[0].rule.endswith(extensions): values[config.APP_VERSION_PARAM] = \ config.APP_VERSION_INT # Strip away internal version param before sending further to app as it was # required for cache busting only @app.url_value_preprocessor def strip_version_number(endpoint, values): if values and config.APP_VERSION_PARAM in values: values.pop(config.APP_VERSION_PARAM) ########################################################################## # Minify output. Not required in desktop mode ########################################################################## if not config.DEBUG and config.SERVER_MODE: from flask_compress import Compress Compress(app) from pgadmin.misc.themes import themes themes(app) @app.context_processor def inject_blueprint(): """ Inject a reference to the current blueprint, if any. """ return { 'current_app': current_app, 'current_blueprint': current_blueprint, } @app.errorhandler(Exception) def all_exception_handler(e): current_app.logger.error(e, exc_info=True) return internal_server_error(errormsg=str(e)) # Exclude HTTPexception from above handler (all_exception_handler) # HTTPException are user defined exceptions and those should be returned # as is @app.errorhandler(HTTPException) def http_exception_handler(e): current_app.logger.error(e, exc_info=True) return e # Intialize the key manager app.keyManager = KeyManager() ########################################################################## # Protection against CSRF attacks ########################################################################## with app.app_context(): pgCSRFProtect.init_app(app) ########################################################################## # All done! ########################################################################## return app
default='retro', force_default=False, force_lower=False, use_ssl=False, base_url=None) # SQLAlchemy, searchable and migration setup db = SQLAlchemy(app) make_searchable() configure_mappers() migrate = Migrate(app, db) # imported after app and db creation because of dependencies from app import database, forms # Security setup user_datastore = SQLAlchemyUserDatastore(db, database.User, database.Role) sec_options = { 'login_form': forms.CustomLoginForm, 'confirm_register_form': forms.CustomRegisterForm, 'forgot_password_form': forms.CustomForgotPasswordForm, 'reset_password_form': forms.CustomResetPasswordForm, 'send_confirmation_form': forms.CustomSendConfirmationForm } security = Security(app, user_datastore, **sec_options) # imported after app, db and user_datastore creation because of dependencies from app import views # Admin setup admin = Admin(app, name='Tingsmen', template_mode='bootstrap3') admin.add_view(views.AdminModelView(database.Globals, db.session))
def create_app(db_connection_string=None, testing=None): app = Flask(__name__) try: app.config['SECRET_KEY'] = server.config.faraday_server.secret_key except Exception: save_new_secret_key(app) app.config['SECURITY_PASSWORD_SINGLE_HASH'] = True app.config['WTF_CSRF_ENABLED'] = False app.config['SECURITY_USER_IDENTITY_ATTRIBUTES'] = ['username'] app.config['SECURITY_POST_LOGIN_VIEW'] = '/_api/session' app.config['SECURITY_POST_LOGOUT_VIEW'] = '/_api/login' app.config['SECURITY_POST_CHANGE_VIEW'] = '/_api/change' app.config['SECURITY_CHANGEABLE'] = True app.config['SECURITY_SEND_PASSWORD_CHANGE_EMAIL'] = False app.config['SESSION_TYPE'] = 'filesystem' app.config['SESSION_FILE_DIR'] = server.config.FARADAY_SERVER_SESSIONS_DIR app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False app.config['SQLALCHEMY_RECORD_QUERIES'] = True # app.config['SQLALCHEMY_ECHO'] = True app.config['SECURITY_PASSWORD_SCHEMES'] = [ 'bcrypt', # This should be the default value # 'des_crypt', 'pbkdf2_sha1', # Used by CouchDB passwords # 'pbkdf2_sha256', # 'pbkdf2_sha512', # 'sha256_crypt', # 'sha512_crypt', 'plaintext', # TODO: remove it ] app.config['PERMANENT_SESSION_LIFETIME'] = datetime.timedelta(hours=12) try: storage_path = server.config.storage.path except AttributeError: logger.warn( 'No storage section or path in the .faraday/server.ini. Setting the default value to .faraday/storage' ) storage_path = setup_storage_path() if not DepotManager.get('default'): if testing: DepotManager.configure('default', {'depot.storage_path': '/tmp'}) else: DepotManager.configure('default', {'depot.storage_path': storage_path}) check_testing_configuration(testing, app) try: app.config[ 'SQLALCHEMY_DATABASE_URI'] = db_connection_string or server.config.database.connection_string.strip( "'") except AttributeError: logger.info( 'Missing [database] section on server.ini. Please configure the database before running the server.' ) except NoOptionError: logger.info( 'Missing connection_string on [database] section on server.ini. Please configure the database before running the server.' ) from server.models import db db.init_app(app) #Session(app) # Setup Flask-Security app.user_datastore = SQLAlchemyUserDatastore( db, user_model=server.models.User, role_model=None) # We won't use flask security roles feature Security(app, app.user_datastore) # Make API endpoints require a login user by default. Based on # https://stackoverflow.com/questions/13428708/best-way-to-make-flask-logins-login-required-the-default app.view_functions['security.login'].is_public = True app.view_functions['security.logout'].is_public = True app.debug = server.config.is_debug_mode() minify_json_output(app) for handler in LOGGING_HANDLERS: app.logger.addHandler(handler) register_blueprints(app) register_handlers(app) return app
forbidden_account_validator = NoneOf( AppConfig.FORBIDDEN_ACCOUNTS, message=i8n.FORBIDDEN_ACCOUNT) # noinspection PyClassHasNoInit class RegisterForm(_RegisterForm): email = SuffixedStringField( suffix='@{}'.format(AppConfig.CLIENT_EMAIL_HOST), validators=[email_character_validator, forbidden_account_validator, email_required, email_validator, unique_user_email]) timezone_offset_minutes = IntegerField(default=0) user_datastore = SQLAlchemyUserDatastore(_db, User, Role) try: _db.create_all() except OperationalError: pass Migrate(app, _db) Security(app, user_datastore, register_form=RegisterForm, login_form=LoginForm) admin_role = 'admin' user_datastore.find_or_create_role(name=admin_role) try: user_datastore.commit() except IntegrityError:
app.config.from_object(Config) db = SQLAlchemy(app) migrate = Migrate(app, db) login = LoginManager(app) login.login_view = 'login' bootstrap = Bootstrap(app) from app import routers, models user_datastore = SQLAlchemyUserDatastore(db, models.User, models.Role) security = Security(app, user_datastore) admin = Admin(app, index_view=models.MyAdminIndexView()) admin.add_view(models.MyModelView(models.User, db.session)) admin.add_view(models.MyModelView(models.Role, db.session)) admin.add_view(models.MyModelView(models.Post, db.session)) @app.before_first_request def create_user(): admin_user = models.User.query.filter_by(email='*****@*****.**').first()
from flask_admin import Admin from flask_admin.base import MenuLink # initialize the application, import config, setup database, setup CSRF protection app = Flask(__name__) app.config.from_object('config') db = SQLAlchemy(app) CSRFProtect(app) # set up the database model if not already set up from app import models db.create_all() db.session.commit() # setup the User/Role tables with flask-security, create base users/groups if neccessary userstore = SQLAlchemyUserDatastore(db, models.User, models.Role) sec = Security(app, userstore) try: with app.app_context(): userstore.find_or_create_role(name='admin', description='Administrator') userstore.find_or_create_role(name='user', description='General user') userstore.create_user(email=FIRST_USER_NAME, password=utils.encrypt_password(FIRST_USER_PASS)) userstore.add_role_to_user(FIRST_USER_NAME, 'admin') db.session.commit() except: db.session.rollback() # get the view controllers for the app from app.views import main, admin, common # set up main as a blueprint, add as many blueprints as necessary
def create_app(config_object=ProductionConfig): app = Flask(__name__) # Sentry(app, dsn='https://*****:*****@sentry.io/300199') # noqa # CORS(app) app.config.from_object(config_object) db.init_app(app) migrate.init_app(app, db) csrf.init_app(app) from Mandark.project import models userstore = SQLAlchemyUserDatastore(db, models.User, models.Role) Security(app, userstore) @app.before_request def before_request(): g.user = current_user @app.errorhandler(404) def not_found_error(e): print(e) return render_template('404.html', title='FourOhFour') @app.errorhandler(500) def internal_error(): return render_template('500.html', title='A server oops happened') try: with app.app_context(): userstore.find_or_create_role(name='admin', description='Administrator') userstore.find_or_create_role(name='moderator', description='Moderator') userstore.find_or_create_role(name='projectmgr', description='Project Manager') userstore.find_or_create_role(name='user', description='General User') userstore.create_user(email='*****@*****.**', password=hash_password('admin')) userstore.create_user(email='*****@*****.**', password=hash_password('user')) userstore.create_user(email='*****@*****.**', password=hash_password('Allanice-001')) userstore.add_role_to_user('*****@*****.**', 'admin') userstore.add_role_to_user('*****@*****.**', 'user') userstore.add_role_to_user('*****@*****.**', 'admin') db.session.commit() print('IGETHEE') except OperationalError: if app.debug: print(OperationalError) else: pass except Exception as e: with app.app_context(): print(e) db.session.rollback() from Mandark.project.views import main, admin app.register_blueprint(main.main) app_admin = Admin(app, 'Administration Section', template_mode='bootstrap3', index_view=admin.MyAdminIndexView()) app_admin.add_view(admin.UserModelView(models.User, db.session)) app_admin.add_view(admin.RoleModelView(models.Role, db.session)) app_admin.add_view(admin.ProjectModelView(models.Project, db.session)) app_admin.add_view(admin.ProjectMgrModelView(models.Projectmgr, db.session)) app_admin.add_view( admin.OrganisationModelView(models.Organisation, db.session)) app_admin.add_view( admin.ChangeRequestTypeView(models.ChangeRequestType, db.session)) app_admin.add_view( admin.ChangeRequestSubmitterView(models.ChangeRequestSubmitter, db.session)) app_admin.add_link(MenuLink(name='Back to Site', url='/')) return app
id = db.Column(db.Integer) amount = db.Column(db.Numeric()) ticker = db.Column(db.String(255)) market = db.Column(db.String(255)) priceInBTC = db.Column(db.Numeric()) priceInUSD = db.Column(db.Numeric()) priceInEUR = db.Column(db.Numeric()) priceInCHY = db.Column(db.Numeric()) last = db.Column(db.String(255)) timestamp = db.Column(db.DateTime()) index = index_property('id', 'index') # Setup user_datastore and sqlalchemy for flask_security to use user_datastore = SQLAlchemyUserDatastore(db, User, Currency) security = Security(app, user_datastore) # Create a user to test with @app.before_first_request def create_user(): # Possible implementation # Query db for users by email # if dummy user does not exist, create him and attempt to fill the database # if not perhaps check the db and if no currencies are there fill that up too. if db is None or User.query.first() is None: print("No Users found, creating test user") db.create_all() user_datastore.create_user(email='*****@*****.**', password='******',
def create_app(config_object): from application.static_site import static_site_blueprint from application.cms import cms_blueprint from application.admin import admin_blueprint from application.register import register_blueprint from application.auth import auth_blueprint from application.dashboard import dashboard_blueprint from application.review import review_blueprint from application.redirects import redirects_blueprint if isinstance(config_object, str): from application.config import DevConfig, Config, TestConfig if config_object.lower().startswith("production"): config_object = Config elif config_object.lower().startswith("dev"): config_object = DevConfig elif config_object.lower().startswith("test"): config_object = TestConfig else: raise ValueError(f"Invalid config name passed into create_app: {config_object}") app = Flask(__name__) app.config.from_object(config_object) app.file_service = FileService() app.file_service.init_app(app) csrf.init_app(app) page_service.init_app(app) upload_service.init_app(app) scanner_service.init_app(app) dimension_service.init_app(app) trello_service.init_app(app) trello_service.set_credentials(config_object.TRELLO_API_KEY, config_object.TRELLO_API_TOKEN) db.init_app(app) app.url_map.strict_slashes = False app.classification_finder = ethnicity_classification_finder_from_file( config_object.ETHNICITY_CLASSIFICATION_FINDER_LOOKUP, config_object.ETHNICITY_CLASSIFICATION_FINDER_CLASSIFICATIONS, ) # Note not using Flask-Security role model user_datastore = SQLAlchemyUserDatastore(db, User, None) Security(app, user_datastore, login_form=LoginForm) if os.environ.get("SENTRY_DSN") is not None: Sentry(app, dsn=os.environ["SENTRY_DSN"]) app.register_blueprint(cms_blueprint) app.register_blueprint(static_site_blueprint) app.register_blueprint(admin_blueprint) app.register_blueprint(register_blueprint) app.register_blueprint(auth_blueprint) app.register_blueprint(dashboard_blueprint) app.register_blueprint(review_blueprint) app.register_blueprint(redirects_blueprint) # To stop url clash between this and the measure page url (which is made of four variables. # See: https://stackoverflow.com/questions/17135006/url-routing-conflicts-for-static-files-in-flask-dev-server @app.route("/static/<path:subdir1>/<subdir2>/<file_name>") def static_subdir(subdir1, subdir2, file_name): file_path = "%s/%s/%s" % (subdir1, subdir2, file_name) return send_from_directory("static", file_path) register_errorhandlers(app) app.after_request(harden_app) # Make sure all variables referenced in templates are explicitly defined app.jinja_env.undefined = StrictUndefined # Render jinja templates with less whitespace; applies to both CMS and static build app.jinja_env.trim_blocks = True app.jinja_env.lstrip_blocks = True app.jinja_env.add_extension(jinja_do) app.add_template_filter(format_approve_button) app.add_template_filter(render_markdown) app.add_template_filter(filesize) app.add_template_filter(format_friendly_date) app.add_template_filter(format_friendly_short_date) app.add_template_filter(format_friendly_short_date_with_year) app.add_template_filter(format_status) app.add_template_filter(value_filter) app.add_template_filter(flatten) app.add_template_filter(flatten_chart) app.add_template_filter(version_filter) app.add_template_filter(strip_trailing_slash) app.add_template_filter(join_enum_display_names) app.add_template_filter(slugify_value) app.add_template_filter(format_iso8601_date) app.add_template_filter(index_of_last_initial_zero) app.add_template_filter(html_params) app.add_template_filter(yesno) app.add_template_filter(models_to_dicts) app.add_template_filter(html_line_breaks) app.add_template_filter(url_with_line_breaks) # There is a CSS caching problem in chrome app.config["SEND_FILE_MAX_AGE_DEFAULT"] = 10 setup_app_logging(app, config_object) if os.environ.get("SQREEN_TOKEN") is not None: setup_sqreen_audit(app) from werkzeug.contrib.fixers import ProxyFix app.wsgi_app = ProxyFix(app.wsgi_app) from flask_sslify import SSLify SSLify(app) mail.init_app(app) def jinja_raise_exception(message): raise RuntimeError(message) @app.context_processor def inject_globals(): from application.auth.models import ( COPY_MEASURE, CREATE_MEASURE, CREATE_VERSION, DELETE_MEASURE, MANAGE_SYSTEM, MANAGE_USERS, MANAGE_DATA_SOURCES, ORDER_MEASURES, PUBLISH, READ, UPDATE_MEASURE, VIEW_DASHBOARDS, ) return dict( COPY_MEASURE=COPY_MEASURE, CREATE_MEASURE=CREATE_MEASURE, CREATE_VERSION=CREATE_VERSION, DELETE_MEASURE=DELETE_MEASURE, MANAGE_SYSTEM=MANAGE_SYSTEM, MANAGE_USERS=MANAGE_USERS, MANAGE_DATA_SOURCES=MANAGE_DATA_SOURCES, ORDER_MEASURES=ORDER_MEASURES, PUBLISH=PUBLISH, READ=READ, UPDATE_MEASURE=UPDATE_MEASURE, VIEW_DASHBOARDS=VIEW_DASHBOARDS, TESTING_SPACE_SLUG=TESTING_SPACE_SLUG, get_content_security_policy=get_content_security_policy, current_timestamp=datetime.datetime.now().isoformat(), get_form_errors=get_form_errors, static_mode=get_bool(request.args.get("static_mode", app.config["STATIC_MODE"])), raise_exception=jinja_raise_exception, ) return app
api.create(SQLALCHEMY_MIGRATE_REPO, 'database repository') api.version_control(SQLALCHEMY_DATABASE_URI, SQLALCHEMY_MIGRATE_REPO) else: # print api api.version_control(SQLALCHEMY_DATABASE_URI, SQLALCHEMY_MIGRATE_REPO, api.version(SQLALCHEMY_MIGRATE_REPO)) db.create_all() import sys sys.path.append("..") from manager import db, app from admin.admin_models import Role from admin.admin_models import Manager from flask_security import SQLAlchemyUserDatastore from flask_security.utils import encrypt_password import key with app.app_context(): user_role = Role(name='user') super_user_role = Role(name='superuser') db.session.add(user_role) db.session.add(super_user_role) db.session.commit() user_datastore = SQLAlchemyUserDatastore(db, Manager, Role) test_user = user_datastore.create_user(\ first_name=key.MANAGER_NAME,\ email=key.MAIL_USERNAME,\ password=encrypt_password(key.MANAGER_PASSWORD),\ roles=[user_role, super_user_role]) db.session.commit()
def create_app(app_name=None): # Configuration settings import config if not app_name: app_name = config.APP_NAME # Only enable password related functionality in server mode. if config.SERVER_MODE is True: # Some times we need to access these config params where application # context is not available (we can't use current_app.config in those # cases even with current_app.app_context()) # So update these params in config itself. # And also these updated config values will picked up by application # since we are updating config before the application instance is # created. config.SECURITY_RECOVERABLE = True config.SECURITY_CHANGEABLE = True # Now we'll open change password page in alertify dialog # we don't want it to redirect to main page after password # change operation so we will open the same password change page again. config.SECURITY_POST_CHANGE_VIEW = 'browser.change_password' """Create the Flask application, startup logging and dynamically load additional modules (blueprints) that are found in this directory.""" app = PgAdmin(__name__, static_url_path='/static') # Removes unwanted whitespace from render_template function app.jinja_env.trim_blocks = True app.config.from_object(config) app.config.update(dict(PROPAGATE_EXCEPTIONS=True)) ########################################################################## # Setup logging and log the application startup ########################################################################## # Add SQL level logging, and set the base logging level logging.addLevelName(25, 'SQL') app.logger.setLevel(logging.DEBUG) app.logger.handlers = [] # We also need to update the handler on the webserver in order to see # request. Setting the level prevents werkzeug from setting up it's own # stream handler thus ensuring all the logging goes through the pgAdmin # logger. logger = logging.getLogger('werkzeug') logger.setLevel(logging.INFO) # Set SQLITE_PATH to TEST_SQLITE_PATH while running test cases if ('PGADMIN_TESTING_MODE' in os.environ and os.environ['PGADMIN_TESTING_MODE'] == '1'): config.SQLITE_PATH = config.TEST_SQLITE_PATH # Ensure the various working directories exist from pgadmin.setup import create_app_data_directory, db_upgrade create_app_data_directory(config) # File logging fh = logging.FileHandler(config.LOG_FILE, encoding='utf-8') fh.setLevel(config.FILE_LOG_LEVEL) fh.setFormatter(logging.Formatter(config.FILE_LOG_FORMAT)) app.logger.addHandler(fh) logger.addHandler(fh) # Console logging ch = logging.StreamHandler() ch.setLevel(config.CONSOLE_LOG_LEVEL) ch.setFormatter(logging.Formatter(config.CONSOLE_LOG_FORMAT)) app.logger.addHandler(ch) logger.addHandler(ch) # Log the startup app.logger.info('########################################################') app.logger.info('Starting %s v%s...', config.APP_NAME, config.APP_VERSION) app.logger.info('########################################################') app.logger.debug("Python syspath: %s", sys.path) ########################################################################## # Setup i18n ########################################################################## # Initialise i18n babel = Babel(app) app.logger.debug('Available translations: %s' % babel.list_translations()) @babel.localeselector def get_locale(): """Get the language for the user.""" language = 'en' if config.SERVER_MODE is False: # Get the user language preference from the miscellaneous module if current_user.is_authenticated: user_id = current_user.id else: user = user_datastore.get_user(config.DESKTOP_USER) if user is not None: user_id = user.id user_language = Preferences.raw_value('miscellaneous', 'user_language', None, user_id) if user_language is not None: language = user_language else: # If language is available in get request then return the same # otherwise check the session or cookie data = request.form if 'language' in data: language = data['language'] or language setattr(session, 'PGADMIN_LANGUAGE', language) elif hasattr(session, 'PGADMIN_LANGUAGE'): language = getattr(session, 'PGADMIN_LANGUAGE', language) elif hasattr(request.cookies, 'PGADMIN_LANGUAGE'): language = getattr(request.cookies, 'PGADMIN_LANGUAGE', language) return language ########################################################################## # Setup authentication ########################################################################## app.config['SQLALCHEMY_DATABASE_URI'] = u'sqlite:///{0}?timeout={1}' \ .format(config.SQLITE_PATH.replace(u'\\', u'/'), getattr(config, 'SQLITE_TIMEOUT', 500) ) # Create database connection object and mailer db.init_app(app) ########################################################################## # Upgrade the schema (if required) ########################################################################## with app.app_context(): # Run migration for the first time i.e. create database from config import SQLITE_PATH if not os.path.exists(SQLITE_PATH): db_upgrade(app) else: version = Version.query.filter_by(name='ConfigDB').first() schema_version = version.value # Run migration if current schema version is greater than the # schema version stored in version table if CURRENT_SCHEMA_VERSION >= schema_version: db_upgrade(app) # Update schema version to the latest if CURRENT_SCHEMA_VERSION > schema_version: version = Version.query.filter_by(name='ConfigDB').first() version.value = CURRENT_SCHEMA_VERSION db.session.commit() Mail(app) import pgadmin.utils.paths as paths paths.init_app(app) # Setup Flask-Security user_datastore = SQLAlchemyUserDatastore(db, User, Role) security = Security(None, user_datastore) ########################################################################## # Setup security ########################################################################## with app.app_context(): config.CSRF_SESSION_KEY = Keys.query.filter_by( name='CSRF_SESSION_KEY').first().value config.SECRET_KEY = Keys.query.filter_by( name='SECRET_KEY').first().value config.SECURITY_PASSWORD_SALT = Keys.query.filter_by( name='SECURITY_PASSWORD_SALT').first().value # Update the app.config with proper security keyes for signing CSRF data, # signing cookies, and the SALT for hashing the passwords. app.config.update( dict({ 'CSRF_SESSION_KEY': config.CSRF_SESSION_KEY, 'SECRET_KEY': config.SECRET_KEY, 'SECURITY_PASSWORD_SALT': config.SECURITY_PASSWORD_SALT })) security.init_app(app, user_datastore) # register custom unauthorised handler. app.login_manager.unauthorized_handler(pga_unauthorised) app.session_interface = create_session_interface(app) # Make the Session more secure against XSS & CSRF when running in web mode if config.SERVER_MODE: paranoid = Paranoid(app) paranoid.redirect_view = 'browser.index' ########################################################################## # Load all available server drivers ########################################################################## driver.init_app(app) ########################################################################## # Register language to the preferences after login ########################################################################## @user_logged_in.connect_via(app) def register_language(sender, user): # After logged in, set the language in the preferences if we get from # the login page data = request.form if 'language' in data: language = data['language'] # Set the user language preference misc_preference = Preferences.module('miscellaneous') user_languages = misc_preference.preference('user_language') if user_languages and language: language = user_languages.set(language) ########################################################################## # Register any local servers we can discover ########################################################################## @user_logged_in.connect_via(app) def on_user_logged_in(sender, user): # Keep hold of the user ID user_id = user.id # Get the first server group for the user servergroup_id = 1 servergroups = ServerGroup.query.filter_by( user_id=user_id).order_by("id") if servergroups.count() > 0: servergroup = servergroups.first() servergroup_id = servergroup.id '''Add a server to the config database''' def add_server(user_id, servergroup_id, name, superuser, port, discovery_id, comment): # Create a server object if needed, and store it. servers = Server.query.filter_by( user_id=user_id, discovery_id=svr_discovery_id).order_by("id") if servers.count() > 0: return svr = Server(user_id=user_id, servergroup_id=servergroup_id, name=name, host='localhost', port=port, maintenance_db='postgres', username=superuser, ssl_mode='prefer', comment=svr_comment, discovery_id=discovery_id) db.session.add(svr) db.session.commit() # Figure out what servers are present if winreg is not None: arch_keys = set() proc_arch = os.environ['PROCESSOR_ARCHITECTURE'].lower() try: proc_arch64 = os.environ['PROCESSOR_ARCHITEW6432'].lower() except Exception as e: proc_arch64 = None if proc_arch == 'x86' and not proc_arch64: arch_keys.add(0) elif proc_arch == 'x86' or proc_arch == 'amd64': arch_keys.add(winreg.KEY_WOW64_32KEY) arch_keys.add(winreg.KEY_WOW64_64KEY) for arch_key in arch_keys: for server_type in ('PostgreSQL', 'EnterpriseDB'): try: root_key = winreg.OpenKey( winreg.HKEY_LOCAL_MACHINE, "SOFTWARE\\" + server_type + "\Services", 0, winreg.KEY_READ | arch_key) for i in xrange(0, winreg.QueryInfoKey(root_key)[0]): inst_id = winreg.EnumKey(root_key, i) inst_key = winreg.OpenKey(root_key, inst_id) svr_name = winreg.QueryValueEx( inst_key, 'Display Name')[0] svr_superuser = winreg.QueryValueEx( inst_key, 'Database Superuser')[0] svr_port = winreg.QueryValueEx(inst_key, 'Port')[0] svr_discovery_id = inst_id svr_comment = gettext( "Auto-detected %s installation with the data " "directory at %s" % (winreg.QueryValueEx(inst_key, 'Display Name')[0], winreg.QueryValueEx(inst_key, 'Data Directory')[0])) add_server(user_id, servergroup_id, svr_name, svr_superuser, svr_port, svr_discovery_id, svr_comment) inst_key.Close() except Exception as e: pass else: # We use the postgres-winreg.ini file on non-Windows try: from configparser import ConfigParser except ImportError: from ConfigParser import ConfigParser # Python 2 registry = ConfigParser() try: registry.read('/etc/postgres-reg.ini') sections = registry.sections() # Loop the sections, and get the data from any that are PG or PPAS for section in sections: if (section.startswith('PostgreSQL/') or section.startswith('EnterpriseDB/')): svr_name = registry.get(section, 'Description') svr_superuser = registry.get(section, 'Superuser') svr_port = registry.getint(section, 'Port') svr_discovery_id = section description = registry.get(section, 'Description') data_directory = registry.get(section, 'DataDirectory') if hasattr(str, 'decode'): description = description.decode('utf-8') data_directory = data_directory.decode('utf-8') svr_comment = gettext(u"Auto-detected %s installation " u"with the data directory at %s" % (description, data_directory)) add_server(user_id, servergroup_id, svr_name, svr_superuser, svr_port, svr_discovery_id, svr_comment) except Exception as e: pass @user_logged_in.connect_via(app) @user_logged_out.connect_via(app) def force_session_write(app, user): session.force_write = True ########################################################################## # Load plugin modules ########################################################################## for module in app.find_submodules('pgadmin'): app.logger.info('Registering blueprint module: %s' % module) app.register_blueprint(module) ########################################################################## # Handle the desktop login ########################################################################## @app.before_request def before_request(): """Login the default user if running in desktop mode""" # Check the auth key is valid, if it's set, and we're not in server # mode, and it's not a help file request. if not config.SERVER_MODE and app.PGADMIN_KEY != '': if (('key' not in request.args or request.args['key'] != app.PGADMIN_KEY) and request.cookies.get('PGADMIN_KEY') != app.PGADMIN_KEY and request.endpoint != 'help.static'): abort(401) if not config.SERVER_MODE and not current_user.is_authenticated: user = user_datastore.get_user(config.DESKTOP_USER) # Throw an error if we failed to find the desktop user, to give # the sysadmin a hint. We'll continue to try to login anyway as # that'll through a nice 500 error for us. if user is None: app.logger.error( 'The desktop user %s was not found in the configuration ' 'database.' % config.DESKTOP_USER) abort(401) login_user(user) @app.after_request def after_request(response): if 'key' in request.args: response.set_cookie('PGADMIN_KEY', value=request.args['key']) return response ########################################################################## # Minify output ########################################################################## # HTMLMIN doesn't work with Python 2.6. if not config.DEBUG and sys.version_info >= (2, 7): from flask_htmlmin import HTMLMIN HTMLMIN(app) @app.context_processor def inject_blueprint(): """Inject a reference to the current blueprint, if any.""" return { 'current_app': current_app, 'current_blueprint': current_blueprint } ########################################################################## # All done! ########################################################################## return app