def login(): form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): user, status = get_getaway().get_users(email=request.form['email']) if status == 200 and user is not None: password = request.form['password'] user = user[0] password_hash = user['password'] checked = check_password_hash(password_hash, password) if checked: usr = User(user['id'], user['is_operator'], user['is_admin'], user['is_health_authority'], password_hash, user['rest_id'], user['is_positive']) login_user(usr) return redirect('/') else: flash('Wrong password', 'error') return make_response( render_template('login.html', form=form), 401) flash('Wrong email', 'error') return make_response(render_template('login.html', form=form), 401) flash('Bad form', 'error') return make_response(render_template('login.html', form=form), 400) return make_response(render_template('login.html', form=form), 200)
def login(): if hasattr( current_user, 'is_authenticated' ) and current_user.is_authenticated is True: ## The connected user cannot create other users return make_response( index(), 403) ## They are redirect instantaneously to the main page form = LoginForm() if form.validate_on_submit(): email, password = form.data['email'], form.data['password'] q = db.session.query(User).filter(User.email == email and User.password == password) user = q.first() # print(user is None) # print(user.authenticate(password)) if user is not None and user.authenticate(password): login_user(user) return redirect('/') else: flash('Wrong email or password', category='error') return make_response(render_template('login.html', form=form), 401) return render_template('login.html', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): email, password = form.data["email"], form.data["password"] q = db.session.query(User).filter(User.email == email) user = q.first() if user is not None and user.authenticate(password): login_user(user) q = db.session.query(Role).filter(Role.id == user.role_id) role = q.first() if role is not None: session["ROLE"] = role.value # if is operator, load restaurant information and load in session if role.value == "OPERATOR": q = db.session.query(Restaurant).filter( Restaurant.owner_id == user.id ) restaurant = q.first() if restaurant is not None: session["RESTAURANT_ID"] = restaurant.id session["RESTAURANT_NAME"] = restaurant.name return redirect("/") else: return render_template( "login.html", form=form, _test="error_login", message="User not exist" ) return render_template("login.html", _test="first_visit_login", form=form)
def test_login_logout(self): # Test login with an unexisting email payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True) self.assert_template_used('login.html') self.assert_message_flashed('This email does not exist.', 'error') # Test login with wrong password payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True) self.assert_template_used('login.html') self.assert_message_flashed('Password is incorrect.', 'error') # Test successful login payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True) self.assert_template_used('index.html') all_stories = db.session.query(Story).all() self.assertEqual( self.get_context_variable('stories').all(), all_stories) # Test successful logout self.client.post('/users/logout', follow_redirects=True) self.assert_template_used('index.html') self.assertIsNone(self.get_context_variable('stories'))
def login(): ''' Performs the login of a user. It checks whether the input is the username or the e-mail address, the password and performs the authentication. Returns: 302 -> redirection to the user's homepage if the authentication is succesful 200 -> the login page with the corresponding error message ''' form = LoginForm() form.password.errors = [] if current_user.is_authenticated: return redirect('/') if form.validate_on_submit(): cred, password = form.data['usrn_eml'], form.data['password'] if '@' in cred: user = User.query.filter_by(email=cred).one_or_none() else: user = User.query.filter_by(username=cred).one_or_none() if user is not None and user.authenticate(password): login_user(user) return redirect(url_for('home.index')) form.password.errors.append('Wrong username or password.') return render_template('login.html', form=form)
def login(): form = LoginForm() if form.validate_on_submit(): email, password = form.data['email'], form.data['password'] q = db.session.query(User).filter(User.email == email) user = q.first() if user is not None and user.authenticate(password): login_user(user) return redirect('/') return render_template('login.html', form=form)
def login(message=''): if not current_user.is_anonymous: return redirect("/", code=302) form = LoginForm() form.message = message if form.validate_on_submit(): email, password = form.data['email'], form.data['password'] q = db.session.query(User).filter(User.email == email) user = q.first() if user is not None and user.authenticate(password): login_user(user) return redirect('/') else: form.message = "User or Password not correct!" return render_template('login.html', form=form, notlogged=True)
def setUp(self) -> None: print("SET UP") with app.app_context(): example = User() example.firstname = 'Admin' example.lastname = 'Admin' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 5) example.is_admin = True example.set_password('admin') db.session.add(example) example2 = User() example2.firstname = 'Admin' example2.lastname = 'Admin' example2.email = '*****@*****.**' example2.dateofbirth = datetime.datetime(2020, 10, 5) example2.is_admin = True example2.set_password('admin') db.session.add(example2) db.session.commit() payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True)
def setUp(self) -> None: with app.app_context(): # user for login example = User() example.firstname = 'Admin' example.lastname = 'Admin' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 5) example.is_admin = True example.set_password('admin') db.session.add(example) db.session.commit() # reacted story test_story = Story() test_story.text = "Test story from admin user" test_story.author_id = 1 test_story.is_draft = 0 test_story.figures = "#Test#admin#" db.session.add(test_story) db.session.commit() # login payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True)
def test_random_recent_story(self): # Random recent story as anonymous user self.client.get('/stories/random', follow_redirects=True) self.assert_template_used('story.html') self.assertEqual(self.get_context_variable('story').text, 'Just another story') # Login as Admin payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True) # No recent stories self.client.get('/stories/random', follow_redirects=True) self.assert_template_used('stories.html') self.assert_message_flashed('Oops, there are no recent stories by other users!') # Create a new recent story by Admin2 example = Story() example.text = 'This is a valid recent story' example.date = datetime.datetime.now() example.author_id = 2 example.figures = 'story#recent' example.is_draft = False db.session.add(example) db.session.commit() # Get the only recent story not written by Admin response = self.client.get('/stories/random', follow_redirects=True) self.assert_template_used('story.html') self.assertEqual(self.get_context_variable('story').text, 'This is a valid recent story')
def login(): form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): email, password = form.data['email'], form.data['password'] q = db.session.query(User).filter(User.email == email) user = q.first() if user is None: flash('This email does not exist.', 'error') elif user is not None and not user.authenticate(password): flash('Password is incorrect.', 'error') else: login_user(user) return redirect('/') return render_template('login.html', form=form, home_url=HOME_URL)
def login(): form = LoginForm() message = "" error = False if form.validate_on_submit(): email, password = form.data['email'], form.data['password'] q = db.session.query(User).filter(User.email == email) user = q.first() if user is not None and user.authenticate(password): login_user(user) return redirect('/') else: message = "User not found" error = True return render_template('login.html', form=form, error=error, message=message)
def setUp(self) -> None: with app.app_context(): # user for login example = User() example.firstname = 'Admin' example.lastname = 'Admin' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 5) example.is_admin = True example.set_password('admin') db.session.add(example) # dummy user dummy_user = User() dummy_user.firstname = 'Dummy' dummy_user.lastname = 'Dummy' dummy_user.email = '*****@*****.**' dummy_user.dateofbirth = datetime.datetime(2020, 10, 5) dummy_user.is_admin = True dummy_user.set_password('admin') db.session.add(dummy_user) db.session.commit() dummy_id = User.query.filter( User.email == '*****@*****.**').first().id test_story = Story() test_story.text = "Test story from admin user" test_story.author_id = 1 test_story.is_draft = 0 test_story.figures = "#Test#admin#" dummy_story = Story() dummy_story.text = "Test story from dummy user" dummy_story.author_id = dummy_id dummy_story.is_draft = 0 dummy_story.figures = "#Test#dummy#" db.session.add(test_story) db.session.add(dummy_story) db.session.commit() payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True)
def login(): if current_user is not None and hasattr(current_user, 'id'): return redirect('/') form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): email, password = form.data['email'], form.data['password'] q = db.session.query(User).filter(User.email == email) user = q.first() if user is not None and user.authenticate( password) and user.is_active: login_user(user) return redirect('/') else: form.password.errors.append("Invalid credentials.") return make_response(render_template('login.html', form=form), 401) else: return make_response(render_template('login.html', form=form), 400) return render_template('login.html', form=form)
def setUp(self) -> None: with app.app_context(): # Create admin user example = User() example.firstname = 'Admin' example.lastname = 'Admin' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 5) example.is_admin = True example.set_password('admin') db.session.add(example) db.session.commit() # Create non admin user example = User() example.firstname = 'Abc' example.lastname = 'Abc' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2010, 10, 5) example.is_admin = False example.set_password('abc') db.session.add(example) db.session.commit() # Create another non admin user example = User() example.firstname = 'Nini' example.lastname = 'Nini' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2010, 10, 7) example.is_admin = False example.set_password('nini') db.session.add(example) db.session.commit() # Create an account that will have 0 stories example = User() example.firstname = 'No' example.lastname = 'Stories' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2010, 10, 5) example.is_admin = False example.set_password('no') db.session.add(example) db.session.commit() # Create the first story, default from teacher's code example = Story() example.text = 'Trial story of example admin user :)' example.author_id = 1 example.figures = '#example#admin#' example.is_draft = False example.date = datetime.datetime.strptime('2019-10-20', '%Y-%m-%d') db.session.add(example) db.session.commit() # Create a story that shouldn't be seen in /latest example = Story() example.text = 'Old story (dont see this in /latest)' example.date = datetime.datetime.strptime('2019-10-10', '%Y-%m-%d') example.likes = 420 example.author_id = 2 example.is_draft = False example.figures = '#example#abc#' db.session.add(example) db.session.commit() # Create a story that should be seen in /latest example = Story() example.text = 'You should see this one in /latest' example.date = datetime.datetime.strptime('2019-10-13', '%Y-%m-%d') example.likes = 3 example.author_id = 2 example.is_draft = False example.figures = '#example#abc#' db.session.add(example) db.session.commit() # Random draft from a non-admin user example = Story() example.text = 'DRAFT from not admin' example.date = datetime.datetime.strptime('2018-12-30', '%Y-%m-%d') example.likes = 100 example.author_id = 3 example.is_draft = True example.figures = '#example#nini#' db.session.add(example) db.session.commit() # Create a very old story for range searches purpose example = Story() example.text = 'very old story (11 11 2011)' example.date = datetime.datetime.strptime('2011-11-11', '%Y-%m-%d') example.likes = 2 example.author_id = 3 example.is_draft = False example.figures = '#example#nini#' example.date = datetime.datetime(2011, 11, 11) db.session.add(example) db.session.commit() # Add third reaction (love) love = ReactionCatalogue() love.reaction_id = 3 love.reaction_caption = "love" db.session.add(love) db.session.commit() # login payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True)
def delete_user(): """ Delete the current user profile and log out The user must confirm the request by entering email and password. The request is approved only if the user is not positive. If the user is an operator, the restaurant is also deleted. In that case, a notification is sent to all users who had active bookings, and bookings are canceled. The functionality is not active for the health authority or for the admin. Error status codes: 400 -- The request is not valid, the form is filled out incorrectly or a generic error has occurred 401 -- The current user is not a customer or operator Success codes: 200 -- The form is sent 302 -- The elimination was carried out """ if current_user.is_admin or current_user.is_health_authority: return make_response(render_template('error.html', error='401'), 401) form = LoginForm() if request.method == 'POST': if form.validate_on_submit(): users, status_code = get_getaway().get_users( email=form.data['email']) if status_code != 200: flash('Wrong password or mail', 'success') return make_response( render_template('error.html', title="Unregister"), 400) if users is not None: email, password = form.data['email'], form.data['password'] user = users[0].toDict() else: flash('Wrong email', 'error') return make_response( render_template('delete_profile.html', form=form, title="Unregister"), 400) checked = check_password_hash(user['password'], password) if checked: usr, status = get_getaway().delete_user(user['id']) if status == 204: flash('Account deleted', 'success') logout_user() return redirect("/") if status == 400: flash(usr.detail, 'warning') return make_response( render_template('error.html', title="Unregister"), 400) if status == 500: flash('Please try again', 'error') return make_response( render_template('error.html', title="Unregister"), 500) else: flash('Wrong password', 'error') return make_response( render_template('delete_profile.html', form=form, title="Unregister"), 400) else: flash('Bad form', 'error') return make_response( render_template('delete_profile.html', form=form, title="Unregister"), 400) return render_template('delete_profile.html', form=form, title="Unregister")
def setUp(self) -> None: print("SET UP") with app.app_context(): # Add Admin user example = User() example.firstname = 'Admin' example.lastname = 'Admin' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 5) example.is_admin = True example.set_password('admin') db.session.add(example) # Add another user for testing example = User() example.firstname = 'Test' example.lastname = 'Man' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 6) example.is_admin = False example.set_password('test') db.session.add(example) # Add some stories for user 1 example = Story() example.text = 'Trial story of example admin user :)' example.author_id = 1 example.figures = '#example#admin#' example.is_draft = False db.session.add(example) db.session.commit() example = Story() example.text = 'Another story!' example.author_id = 1 example.is_draft = True example.figures = '#another#story#' db.session.add(example) db.session.commit() # Add reactions for user 1 like = Counter() like.reaction_type_id = 1 like.story_id = 1 like.counter = 23 dislike = Counter() dislike.reaction_type_id = 2 dislike.story_id = 1 dislike.counter = 5 db.session.add(like) db.session.add(dislike) db.session.commit() # login payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True)
def setUp(self) -> None: with app.app_context(): # Create admin user (if not present) q = db.session.query(User).filter(User.email == '*****@*****.**') user = q.first() if user is None: example = User() example.firstname = 'Admin' example.lastname = 'Admin' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2020, 10, 5) example.is_admin = True example.set_password('admin') db.session.add(example) db.session.commit() # Create non admin user (if not present) q = db.session.query(User).filter(User.email == '*****@*****.**') user = q.first() if user is None: example = User() example.firstname = 'Abc' example.lastname = 'Abc' example.email = '*****@*****.**' example.dateofbirth = datetime.datetime(2010, 10, 5) example.is_admin = False example.set_password('abc') db.session.add(example) db.session.commit() # Create the first story, default from teacher's code q = db.session.query(Story).filter(Story.id == 1) story = q.first() if story is None: example = Story() example.text = 'Trial story of example admin user :)' example.author_id = 1 example.figures = '#example#admin#' example.is_draft = False db.session.add(example) db.session.commit() # Create a story of a different user q = db.session.query(Story).filter(Story.id == 2) story = q.first() if story is None: example = Story() example.text = 'You won\'t modify this story' example.author_id = 2 example.figures = '#modify#story#' example.is_draft = False db.session.add(example) db.session.commit() # Create a draft for the logged user q = db.session.query(Story).filter(Story.id == 3) story = q.first() if story is None: example = Story() example.text = 'This is an example of draft' example.author_id = 1 example.figures = '#example#draft#' example.is_draft = True db.session.add(example) db.session.commit() # Create a draft of a different user q = db.session.query(Story).filter(Story.id == 4) story = q.first() if story is None: example = Story() example.text = 'This is an example of draft that you can\'t modify' example.date = datetime.datetime.strptime('2018-12-30', '%Y-%m-%d') example.author_id = 2 example.figures = '#example#draft#' example.is_draft = True db.session.add(example) db.session.commit() payload = {'email': '*****@*****.**', 'password': '******'} form = LoginForm(data=payload) self.client.post('/users/login', data=form.data, follow_redirects=True)