def ensure_admin_exists():
""" Ensure at least 1 administrator account exists. """
logger.debug("Checking to make sure the administrator exists.")
admin_group = Group.objects(name='admin').first()
if not admin_group:
logger.debug("creating admin group...")
admin_group = Group(name='admin')
admin_group.save()
admin_user = User.objects(groups__in=[
admin_group,
]).first()
logger.debug(admin_user)
if not admin_user:
logger.info("The administrator account is being created.")
logger.info(" - the email will be `[email protected]`")
logger.info("Please enter a password to use for adminstrator")
admin_pw = _create_password()
admin_user = User(email='*****@*****.**',
password=admin_pw,
groups=[
admin_group,
],
is_active=True)
admin_user.save()
logger.info('Administrator created: {}'.format(admin_user))
logger.debug('Done!')
def register():
""" Register a user. """
form = RegisterForm()
title = 'Register'
template = 'register.html'
if request.method == 'POST':
logger.debug('method is post')
form = RegisterForm(request.form)
existing = User.objects(email=form.data['email']).first()
if not form.validate():
logger.debug('form did not validate')
return render_template(template, title=title, form=form)
if existing:
logger.debug('user already exists')
errors = [
'User with email {} already exists'.format(existing.email),
]
return render_template(template,
errors=errors,
title=title,
form=form)
user = User(email=form.data['email'],
password=hashpass(form.data['password']))
user.save()
u = '/validate?key={}'.format(user.verification)
# TODO: send email to user
logger.info('Verification URL: http://localhost:5000{}'.format(u))
return render_template(template, email=form.email, title=title)
return render_template(template, title=title, form=form)
def _get_test_user(group=admin_group):
""" Get a test user. """
u = User(email=fake.safe_email(),
password=fake.password(),
groups=[
group,
])
u.save()
return u
def setUp(self):
e = fake.safe_email()
group = Group.objects(name='admin').first()
if group is None:
group = Group(name='admin')
group.save()
self.admin = User.objects(email=e).first()
if self.admin is None:
self.admin = User(email=e,
groups=[group, ],
password=fake.password(length=16))
self.admin.save()
def validate():
""" Validate a user based on the key sent. """
key = request.args.get('key')
user = User.objects(verification=key).first()
template = 'validate.html'
title = 'User Account Verification'
if user is None:
errors = [
'Verification key invalid.',
]
return render_template(template, errors=errors, title=title)
user.is_active = True
user.save()
return render_template(template, title=title, email=user.email)
def login():
""" Perform user login.
Snippet taken from flask-login.
"""
# Here we use a class of some kind to represent and validate our
# client-side form data. For example, WTForms is a library that will
# handle this for us, and we use a custom LoginForm to validate.
title = 'Log In'
template = 'login.html'
form = LoginForm()
if request.method == 'POST':
form = LoginForm(formdata=request.form)
pw = hashpass(form.data['password'])
user = User.objects(email=form.data['email'], password=pw).first()
# Login and validate the user.
# user should be an instance of your `User` class
if not login_user(user):
errors = [
'Invalid Username or Password',
]
return render_template(template,
form=form,
errors=errors,
title=title)
next = request.args.get('next')
# is_safe_url should check if the url is safe for redirects.
# See http://flask.pocoo.org/snippets/62/ for an example.
if not is_safe_url(next):
return abort(400)
return redirect(next or url_for('index'))
return render_template(template, form=form, title=title)
def test_add_user(self):
""" User can be added to a group; can be listed from Group.users. """
user = User(email=fake.safe_email(), password=fake.password())
user.save()
group_a = Group(name='group_a', permissions=[
'create_post',
])
group_a.save()
group_b = Group(name='group_b', permissions=[
'delete_post',
])
group_b.save()
user.groups.append(group_a)
user.save()
self.assertTrue(group_a in user.groups)
group_a_users = group_a.users
self.assertIn(user, group_a_users)
self.assertNotIn(user, group_b.users)
logger.info('User: {}'.format(user))
logger.info('Group: {}'.format(group_a))
def test_permissions(self):
""" Permission configured correctly. """
group_admin = Group(name='admin')
group_desktop = Group(name='desktop', permissions=[
'p1',
])
group_other = Group(name='another', permissions=[
'p2',
])
# group_under = Group(name='underprivileged')
admin = User(email=fake.safe_email(),
password=fake.password(),
groups=[
group_admin,
])
admin.save()
desktop = User(email=fake.safe_email(),
password=fake.password(),
groups=[
group_desktop,
group_other,
])
desktop.save()
user = User(email=fake.safe_email(), password=fake.password())
user.save()
self.assertTrue(admin.is_admin)
self.assertFalse(desktop.is_admin)
self.assertFalse(user.is_admin)
self.assertListEqual(desktop.all_permissions, ['p1', 'p2'])
self.assertTrue(admin.can_any('something', 'another_thing'))
self.assertTrue(admin.can_all('something', 'another_thing'))
self.assertTrue(desktop.can_all('p1', 'p2'))
self.assertTrue(desktop.can_any('p1', 'run_marathon'))
self.assertFalse(desktop.can_any('save_the_world', 'run_marathon'))
self.assertFalse(user.can_any('p1', 'p2', 'p3'))
self.assertFalse(user.can_any())
def test_user_create(self):
""" User can be created. """
user = User(email=fake.safe_email(), password=fake.password())
user.save()
self.assertGreater(len(User.objects), 0)
def load_user(user_id):
""" Load the user based on the user_id. """
return User.objects(id=user_id).first()