def decorator(*args, **kwargs): #1 if (request.headers['hash'] is not None and request.headers['timestamp'] is not None and request.headers['username'] is not None): # Control timestamp usertimestamp = datetime.datetime.fromtimestamp(int(request.headers['timestamp'])/1000) maxtime = usertimestamp + datetime.timedelta(minutes=app.config["loginMaxTime"]) diftime = datetime.datetime.now() - maxtime if (diftime <= datetime.timedelta(seconds=0)): # Control credentials usermodel = UserModel() user = usermodel.getUserByUsername(request.headers['username']) if user is not None and user['admin']: password = usermodel.getPasswordByUsername(request.headers['username']) if(password != ''): suma = request.headers['username'] + password + request.headers['timestamp'] m = md5.new() m.update(suma) hashsum = m.hexdigest() if(hashsum != request.headers['hash']): abort(401) else: abort(401) else: abort(401) else: abort(401) else: abort(401) return func(*args, **kwargs)
def confirmUser(user,code): u = UserModel() user = u.confirmUser(user,code) if user is not None: return jsonify({'user': user['user'], 'password': user['password']}) else: abort(404)
def uploadHistory(): # Get user id u = UserModel() user = u.getUserByUsername(request.headers['username']) # Save history data h = HistoryModel() result = h.createHistory(request.form, user['id_user']) # Save images and link in DB imagelist = ast.literal_eval(request.form['images']) resizeImages(imagelist) i = ImageModel() i.addImages(imagelist, result['history_id']) # Send email to admins and author admins = u.getAllAdmins() data = {} data['title'] = request.form['title'] data['author'] = user['real_name'] data['id_history'] = result['history_id'] for admin in admins: sendNewHistoryNotification(admin, data) if not user['admin']: sendNewHistoryNotification(user, data) return jsonify({'admin':result['isAdmin'], 'history_id': result['history_id']})
def checkUsername(user): u = UserModel() result = None if u.checkUsername(user): result = jsonify({'result':True}) else: result = jsonify({'result': False}) return result
def post(): data = UserRegister.parser.parse_args() if UserModel.find_by_username(data['username']): return {"message": "A user with that username already exists"}, 400 user = UserModel(data['username'], data['password']) user.save_to_db() return {"message": "User created successfully."}, 201
def isLogged(): if 'id_user' in session: from model.usermodel import UserModel um = UserModel() import pprint if um.getUserLogin(idUser=session["id_user"]) == None: return False else: return True else: return False
def listHistories(): htype = request.args.get('type') fromid = request.args.get('id') isAdmin = False if 'username' in request.headers: u = UserModel() isAdmin = u.getUserByUsername(request.headers['username'])['admin'] h = HistoryModel() result = h.getHistoriesByType(htype,fromid,isAdmin) if isinstance(result, dict): return jsonify(result) else: return jsonify({'result': result})
def deleteHistory(id): h = HistoryModel() history = h.getHistoryById(id) h.deleteHistory(id) # Send email to admins and author u = UserModel() user = u.getUserByUsername(history['username']) admins = u.getAllAdmins() for admin in admins: sendDeletedHistoryNotification(admin, history) if not user['admin']: sendDeletedHistoryNotification(user, history) return jsonify({'result': 'true'})
def newUser(): """ Creates a new user. JSON: { "name": "Iliana", "surname": "Olivié", "password": "******", "email": "*****@*****.**", "admin": "true", "username": "******", "language": "es", "status": "1" } """ m = UserModel() return (jsonify(m.newUser(request.json)))
def newUser(): """ Creates a new user. JSON: { "name": "Iliana", "surname": "Olivié", "password": "******", "email": "*****@*****.**", "admin": "true", "username": "******", "language": "es", "status": "1" } """ m = UserModel() return(jsonify(m.newUser(request.json)))
def signin(): # User creation user = request.form.get('user') email = request.form.get('email') password = request.form.get('password') name = request.form.get('name') institution = request.form.get('institution') lang = request.form.get('lang') if (institution == ""): institution = None whySignup = request.form.get('whySignup') if (whySignup == ""): whySignup = None u = UserModel() code = u.createUser(user,name,email,password,institution,whySignup) if code is not None: # Send confirmation email sendAccountConfirmationEmail(user, name, code, email, lang) return jsonify({'result': 'true'}) else: return jsonify({'error': 'userexists'})
def login(): """ Logs in a user. The JSON is: { "email": "*****@*****.**", "password": "******" } Password is sent in plain. """ if not request.json or not "email" in request.json or not "password" in request.json: return jsonify({"Login": False}) if utils.isLogged(): return jsonify({"Login": True}) else: # login procedure # get user input email = request.json['email'] password = request.json['password'] # do password hash password = hashlib.md5(password).hexdigest() # compare password against database u = UserModel().getUserLogin(email=email) if u and u['password'] == password: session["id_user"] = u["id_wwwuser"] session['email'] = email session["username"] = u["username"] session["name"] = u["name"] session["surname"] = u["surname"] session["language"] = u["language"] return jsonify({"Login": True}) return jsonify({"Login": False})
def editHistory(id): data = json.loads(request.data) h = HistoryModel() old_history = h.getHistoryById(id) h.updateHistory(id, data) i = ImageModel() # Unlink deleted images if len(data['images']) > 0: old_imagelist = old_history['images'] new_imagelist = data['images'] if isinstance(new_imagelist[0], dict): new_imagelist = [el['href'] for el in new_imagelist] for image in old_imagelist: if image['href'] not in new_imagelist: i.deleteImageByFilename(image['href']) # Save new images and link in DB if 'newImages' in data: imagelist = data['newImages'] resizeImages(imagelist) i.addImages(imagelist, id) #Publish twitter if old_history['twitter'] != data['twitter'] and data['twitter']: auth = tweepy.OAuthHandler(app.config['consumer_key'], app.config['consumer_secret']) auth.set_access_token(app.config['access_token'], app.config['access_token_secret']) apiTwitter = tweepy.API(auth) maxLength = 117 if len(old_history["images"]) > 0: maxLength = 93 maxLength -= (len(app.config['hashtag']) + 1) tweet = data["text_history"] if(len(tweet) > maxLength): maxLength -= 3 tweet = tweet[0:maxLength] tweet += "..." tweet += app.config['baseURL'] + data["historyUrl"] + str(data["id_history"]) + " " + app.config['hashtag'] if len(old_history["images"]) > 0: imageTwitter = app.config['IMAGES_FOLDER'] + old_history["images"][0]["href"] apiTwitter.update_with_media(imageTwitter,status=tweet) else: status = apiTwitter.update_status(status=tweet) # Send email to admins and author u = UserModel() user = u.getUserByUsername(data['username']) admins = u.getAllAdmins() if old_history['status'] == data['status']: for admin in admins: sendEditedHistoryNotification(admin, data) if not user['admin']: sendEditedHistoryNotification(user, data) else: for admin in admins: sendPublishedHistoryNotification(admin, data) if not user['admin']: sendPublishedHistoryNotification(user, data) return jsonify({'result': 'true'})
def authenticate(username, password): user = UserModel.find_by_username(username) if user and safe_str_cmp(user.password, password): return user
def identity(payload): user_id = payload['identity'] return UserModel.find_by_id(user_id)
def login(): username = request.headers['username'] u = UserModel() user = u.getUserByUsername(username) return jsonify({'result':'true', 'admin': user['admin'] == 1})