def register():
form = RegisterForm(request.form, csrf_enabled=False)
if form.validate_on_submit():
new_user = User.create(username=form.username.data,
email=form.email.data,
institution=form.institution.data,
country=form.country.data,
interest=form.interest.data,
updated_at=dt.utcnow(),
password=form.password.data,
active=True )
flash("Thank you for registering. You can now log in.", 'success')
return redirect(url_for('public.home'))
else:
flash_errors(form)
return render_template('users/new.html', form=form)
def admin():
if not current_user.is_admin:
return redirect(url_for('public.home'))
email = ""
user = None
searchForm = SearchForm(request.form)
adminForm = None
copy_request_form = request.form
if request.method == "POST":
email = request.form['email']
user = User.query.filter_by(email=email).first()
if user:
# adjust admin status
if 'is_admin' in request.form:
is_admin = request.form['is_admin']
checked = False
if is_admin and is_admin=='y':
checked = True
User.update(user,
updated_at = dt.utcnow(),
is_admin = checked)
user = User.query.filter_by(email=email).first()
elif user.id != current_user.id:
# does not allow current admin user to "un-admin" themselves
User.update(user,
updated_at = dt.utcnow(),
is_admin = False)
else:
flash("An administrator cannot withdraw their own administrator " +
"privilages", 'warning')
# delete user
if 'delete_user' in request.form:
# does not allow current user to delete themselves
if user.id != current_user.id:
User.delete(user)
flash(user.username + " has been deleted", 'warning')
user = None
copy_request_form = request.form.copy()
copy_request_form['email'] = ""
else:
flash("An administrator cannot delete thier own account", 'warning')
searchForm = SearchForm(copy_request_form, obj=user)
adminForm = AdminForm(request.form)
return render_template("users/admin.html", user=user,
form=searchForm,
adminForm=adminForm)
def __set_data_for_user(user, form):
try:
if form.username.data:
User.update(user,
username = form.username.data,
updated_at = dt.utcnow() )
if form.email.data:
User.update(user,
email = form.email.data,
updated_at = dt.utcnow() )
if form.institution.data:
User.update(user,
institution = form.institution.data,
updated_at = dt.utcnow() )
if form.country.data:
User.update(user,
country = form.country.data,
updated_at = dt.utcnow() )
if form.interest.data:
User.update(user,
interest = form.interest.data,
updated_at = dt.utcnow() )
if form.password.data:
User.update(user,
password = bcrypt.generate_password_hash(form.password.data),
updated_at = dt.utcnow() )
except (IntegrityError, InvalidRequestError):
db.session.rollback()
flash("The email %s is already taken." % form.email.data, 'warning')
return None
return User.query.filter_by(email=form.email.data).first()
def load_user(id):
return User.get_by_id(int(id))
def test_check_password(self):
user = User.create(username="******",
email="*****@*****.**",
password="******")
assert user.check_password('foobarbaz123') is True
assert user.check_password("barfoobaz") is False
def test_password_is_nullable(self):
user = User(username='******', email='*****@*****.**')
user.save()
assert user.password is None
def test_created_at_defaults_to_datetime(self):
user = User(username='******', email='*****@*****.**')
user.save()
assert bool(user.created_at)
assert isinstance(user.created_at, dt.datetime)
def test_get_by_id(self):
user = User('foo', '*****@*****.**')
user.save()
retrieved = User.get_by_id(user.id)
assert retrieved == user