def options():
"""
General settings
GET --> admin-options.html
POST & xhr --> delete sended user
POST & form --> add or edit user
"""
current_user = users.get_current_user()
db_user = User.query(User.email == current_user.email()).get()
if request.method == 'POST':
if request.is_xhr:
user = request.get_json()
# Get the Key, and delete() the object using Key (mandatory)
ndb.Key('User', int(user['objects'][0])).delete()
return "true"
if request.form["action"] == "user_save":
db_user.name = request.form['user_name']
db_user.put()
if request.form["action"] == "user_new":
mail = request.form['user_mail']
if not User.query(User.email == mail).get():
new_user = User(name=mail, email=mail)
new_user.put()
sleep(1)
admin = users.is_current_user_admin()
all_users = User().query().fetch()
return render_template('admin-options.html', user=db_user, all_users=all_users, admin=admin)
def decorated_view(*args, **kwargs):
# Checks if the user is logged in
if not users.get_current_user():
return redirect(users.create_login_url(request.url))
else:
actual_user = users.get_current_user()
# Security Layer
if actual_user.email() in User.query_all(
) or users.is_current_user_admin():
# DB User model check
user_in_db = User.query(User.user == actual_user).get()
if user_in_db:
return func(*args, **kwargs)
else:
db_user = User.query(
User.email == actual_user.email()).get()
db_user = User(
email=actual_user.email()) if not db_user else db_user
db_user.user = actual_user
db_user.name = actual_user.nickname()
db_user.admin = True if users.is_current_user_admin(
) else False
db_user.put()
return func(*args, **kwargs)
# If not in permited users
else:
return 'Sorry but this user, is not in our system.'
def test_auth_token_generation(self):
wrong_email_data = dict(email='*****@*****.**', password='******')
wrong_pass_data = dict(email='*****@*****.**', password='******')
correct_data = dict(email='*****@*****.**', password='******')
with self.assertRaises(NotFound):
User.generate_auth_token(**wrong_email_data)
with self.assertRaises(BadRequest):
User.generate_auth_token(**wrong_pass_data)
self.assertTrue(User.generate_auth_token(**correct_data))
def create_superuser():
try:
User.objects.get(email='*****@*****.**')
print("superuser already exist")
except DoesNotExist:
new_user = User(email='*****@*****.**',
password='******',
first_name='John',
last_name='Wambugu')
new_user.save()
def change_pwd():
if request.method == 'POST':
password1 = request.form['password1']
password2 = request.form['password2']
username = session.get('username')
if password1 == '' or password2 == '':
flash('password must be filled!', 'error')
return render_template('change_pwd.html')
# check password
if password1 != password2:
flash('password not match!', 'error')
return render_template('change_pwd.html')
# get user
users = User.query.filter_by(username=username).all()
if len(users) == 0:
flash('user not found!', 'error')
return render_template('change_pwd.html')
try:
user = users[0]
user.password = User.generate_hash(password1)
db.session.commit()
flash('password changed successfully!')
except Exception as e:
flash(f'db error: {e}', 'error')
return render_template('change_pwd.html')
def upgrade():
# Create blog posts table.
op.create_table('posts',
sa.Column('id', sa.Integer(), nullable=False),
sa.Column('author', sa.Unicode(length=32), nullable=True),
sa.Column('title', sa.Unicode(length=128), nullable=True),
sa.Column('content', sa.UnicodeText(), nullable=True),
sa.Column('time', sa.DateTime(timezone=True), nullable=True),
sa.PrimaryKeyConstraint('id')
)
# Create users table.
op.create_table('users',
sa.Column('id', sa.Integer(), nullable=False),
sa.Column('name', sa.Unicode(length=32), nullable=True),
sa.Column('hash', sa.String(length=130), nullable=True),
sa.PrimaryKeyConstraint('id')
)
op.create_index('ix_user_name', 'users', ['name'], unique=True)
users = table('users',
sa.Column('id', sa.Integer()),
sa.Column('name', sa.Unicode(length=32)),
sa.Column('hash', sa.String(length=130))
)
# Generate initial 'root' user.
password = '******' % random.randrange(16**8)
hash = User.hash_password(password)
op.bulk_insert(users, [{'name': u'root', 'hash': hash}])
logging.getLogger('alembic.migration').info('Generated user "root" with password %s', password)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
print(username, password)
# get user
users = User.query.filter_by(username=username).all()
if len(users) == 0:
flash('username / password wrong!', 'error')
return render_template('login.html')
# check password
if User.verify_hash(password, users[0].password) == False:
flash('username / password wrong!', 'error')
return render_template('login.html')
# check is active
if users[0].is_active == False:
flash('user is not actived yet!', 'error')
return render_template('login.html')
# redirect to home
session['username'] = username
session['role'] = users[0].role
return redirect('/')
else:
return render_template('login.html')
def setUp(self):
self.app = create_app('testing')
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
self.user = User(email='*****@*****.**', password='******')
db.session.add(self.user)
db.session.commit()
def home():
"""
Home route
:return: admin-home.html
"""
current_user = users.get_current_user()
db_user = User.query(User.email == current_user.email()).get()
return render_template('admin-home.html', user=db_user)
def home():
"""
Home route
:return: admin-home.html
"""
current_user = users.get_current_user()
db_user = User.query(User.email == current_user.email()).get()
return render_template('admin-home.html', user=db_user)
def options():
"""
General settings
GET --> admin-options.html
POST & xhr --> delete sended user
POST & form --> add or edit user
"""
current_user = users.get_current_user()
db_user = User.query(User.email == current_user.email()).get()
if request.method == 'POST':
if request.is_xhr:
user = request.get_json()
# Get the Key, and delete() the object using Key (mandatory)
ndb.Key('User', int(user['objects'][0])).delete()
return "true"
if request.form["action"] == "user_save":
db_user.name = request.form['user_name']
db_user.put()
if request.form["action"] == "user_new":
mail = request.form['user_mail']
if not User.query(User.email == mail).get():
new_user = User(name=mail, email=mail)
new_user.put()
sleep(1)
admin = users.is_current_user_admin()
all_users = User().query().fetch()
return render_template('admin-options.html',
user=db_user,
all_users=all_users,
admin=admin)
def load_fixtures():
""" Create the database and load the fixtures """
db_uri = current_app.config['SQLALCHEMY_DATABASE_URI']
if not database_exists(db_uri):
create_database(db_uri)
else:
db.drop_all()
db.create_all()
# Fixtures
user = User()
user.email = '*****@*****.**'
user.password = '******'
user.active = True
db.session.add(user)
db.session.commit()
print('Initialized the database.')
def setUp(self):
"""
Will be called before every test
"""
db.session.commit()
db.drop_all()
db.create_all()
# create test admin user
admin = User(name="Admin", email="*****@*****.**", password="******", is_admin=True)
# create test non-admin user
user = User(name="User1", email="*****@*****.**", password="******")
# save users to database
db.session.add(admin)
db.session.add(user)
db.session.commit()
def init_db():
""" Initialize db """
db_uri = current_app.config['SQLALCHEMY_DATABASE_URI']
if not database_exists(db_uri):
create_database(db_uri)
else:
db.drop_all()
db.create_all()
# Fixtures
user = User()
user.email = '*****@*****.**'
user.password = '******'
user.active = True
db.session.add(user)
db.session.commit()
print('Initialized the database.')
def verify_password(username_or_token, password):
if User.verify_auth_token(username_or_token) is not None:
return True
try:
user = Ctrl.get_user_with_name(username_or_token)
except Ctrl.AdminControlException:
return False
return user.verify_password(password)
class UserTestCase(unittest.TestCase):
def setUp(self):
self.app = create_app('testing')
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
self.user = User(email='*****@*****.**', password='******')
db.session.add(self.user)
db.session.commit()
def test_password_getter(self):
with self.assertRaises(AttributeError):
self.user.password
def test_password_setter(self):
self.assertTrue(self.user.password_hash)
def test_password_verification(self):
self.assertTrue(self.user.verify_password('homm1994'))
self.assertFalse(self.user.verify_password('homm1995'))
def test_auth_token_generation(self):
wrong_email_data = dict(email='*****@*****.**', password='******')
wrong_pass_data = dict(email='*****@*****.**', password='******')
correct_data = dict(email='*****@*****.**', password='******')
with self.assertRaises(NotFound):
User.generate_auth_token(**wrong_email_data)
with self.assertRaises(BadRequest):
User.generate_auth_token(**wrong_pass_data)
self.assertTrue(User.generate_auth_token(**correct_data))
def test_verify_auth_token(self):
correct_data = dict(email='*****@*****.**', password='******')
token = User.generate_auth_token(**correct_data)
self.assertEqual(self.user, User.verify_auth_token(token))
with self.assertRaises(BadSignature):
User.verify_auth_token(token[:-5])
def tearDown(self):
db.session.remove()
db.drop_all()
self.app_context.pop()
def init_database():
from app import db
from app.admin.models import User, Image, Comment
db.drop_all()
db.create_all()
for i in range(0, 100):
db.session.add(User('User' + str(i), 'a' + str(i)))
for j in range(0, 3):
db.session.add(Image(get_image_url(), i + 1))
for k in range(0, 3):
db.session.add(
Comment('This a Commant' + str(k), 1 + 3 * i + j, i + 1))
db.session.commit()
for i in range(50, 100, 2):
user = User.query.get(i)
user.username = '******' + user.username
db.session.commit()
def decorated_view(*args, **kwargs):
# Checks if the user is logged in
if not users.get_current_user():
return redirect(users.create_login_url(request.url))
else:
actual_user = users.get_current_user()
# Security Layer
if actual_user.email() in User.query_all() or users.is_current_user_admin():
# DB User model check
user_in_db = User.query(User.user == actual_user).get()
if user_in_db:
return func(*args, **kwargs)
else:
db_user = User.query(User.email == actual_user.email()).get()
db_user = User(email=actual_user.email()) if not db_user else db_user
db_user.user = actual_user
db_user.name = actual_user.nickname()
db_user.admin = True if users.is_current_user_admin() else False
db_user.put()
return func(*args, **kwargs)
# If not in permited users
else:
return 'Sorry but this user, is not in our system.'
def create_new_user(kwargs):
"""Create a new user in the database.
:param kwargs: attributes of the user.
:type kwargs: dict
"""
if kwargs is None:
raise AdminControlException('no arguments provided')
user = User.new_user(**kwargs)
db.session.add(user)
try:
db.session.commit()
except IntegrityError as err:
raise AdminControlException(err.message)
return user
def register():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
email = request.form['email']
is_form_valid = True
if username.strip() == '':
is_form_valid = False
flash('username should be filled!', 'error')
if password.strip() == '':
is_form_valid = False
flash('password should be filled!', 'error')
if email.strip() == '':
is_form_valid = False
flash('email should be filled!', 'error')
if not is_form_valid:
return render_template('register.html')
# check username if already register
# get user
users = User.query.filter_by(username=username).all()
if is_form_valid and len(users) > 0:
flash('username already registered!', 'error')
print('username already registered')
return render_template('register.html')
user = User()
user.username = username
user.password = User.generate_hash(password)
user.email = email
user.role = 'user'
user.is_active = False
db.session.add(user)
db.session.commit()
flash(
'successfully registered, please wait for admin to activate your account!'
)
return render_template('register.html')
def reg():
#request.args
#request.form
username = request.values.get('username').strip()
password = request.values.get('password').strip()
user = User.query.filter_by(username=username).first()
if username == '' or password == '':
return redirect_wich_msg('/regloginpage/', u'用户名或者密码不能为空', 'reglogin')
if user != None:
return redirect_wich_msg('/regloginpage/', u'用户名已经存在', 'reglogin')
salt = '.'.join(random.sample('0123456789abcdefghABCDEFGHIJKLMN', 10))
m = hashlib.md5()
m.update((password + salt).encode("utf8"))
password = m.hexdigest()
user = User(username, password, salt)
db.session.add(user)
db.session.commit()
login_user(user)
next = request.values.get('next')
if next != None and next.startsith('/'):
return redirect(next)
return redirect('/')
def test_save(self):
user = User(email='*****@*****.**', name='Foo Bar ß', password='******')
user.save()
self.assertEqual(user.slug, 'foo-bar-ss')
def test_verify_auth_token(self):
correct_data = dict(email='*****@*****.**', password='******')
token = User.generate_auth_token(**correct_data)
self.assertEqual(self.user, User.verify_auth_token(token))
with self.assertRaises(BadSignature):
User.verify_auth_token(token[:-5])
def createadmin(email, name, password):
""" Creates an admin user. """
password = encrypt_password(password)
user = User(email=email, name=name, password=password, active=True)
user.save()
from app.admin.models import User
from app import db
import re
print("Enter The Following Details To Create A Admin")
name = input("Enter The Name Of The Admin")
email_not_created = True
while email_not_created:
email = input("Enter The Email")
if User.query.filter(User.email == email).count() > 0:
print("The Email Entered By You Is Incorrect")
else:
email_not_created = False
password_not_created = True
while password_not_created:
password = input("Enter The Password")
if len(password) >= 6:
password_not_created = False
else:
print("Password Should Be Atleast 6 Characters.")
user = User(name=name, email=email, password=password, is_admin=True)
db.session.add(user)
db.session.commit()
print("Admin Created Successfully.")