def options(): """ General settings GET --> admin-options.html POST & xhr --> delete sended user POST & form --> add or edit user """ current_user = users.get_current_user() db_user = User.query(User.email == current_user.email()).get() if request.method == 'POST': if request.is_xhr: user = request.get_json() # Get the Key, and delete() the object using Key (mandatory) ndb.Key('User', int(user['objects'][0])).delete() return "true" if request.form["action"] == "user_save": db_user.name = request.form['user_name'] db_user.put() if request.form["action"] == "user_new": mail = request.form['user_mail'] if not User.query(User.email == mail).get(): new_user = User(name=mail, email=mail) new_user.put() sleep(1) admin = users.is_current_user_admin() all_users = User().query().fetch() return render_template('admin-options.html', user=db_user, all_users=all_users, admin=admin)
def decorated_view(*args, **kwargs): # Checks if the user is logged in if not users.get_current_user(): return redirect(users.create_login_url(request.url)) else: actual_user = users.get_current_user() # Security Layer if actual_user.email() in User.query_all( ) or users.is_current_user_admin(): # DB User model check user_in_db = User.query(User.user == actual_user).get() if user_in_db: return func(*args, **kwargs) else: db_user = User.query( User.email == actual_user.email()).get() db_user = User( email=actual_user.email()) if not db_user else db_user db_user.user = actual_user db_user.name = actual_user.nickname() db_user.admin = True if users.is_current_user_admin( ) else False db_user.put() return func(*args, **kwargs) # If not in permited users else: return 'Sorry but this user, is not in our system.'
def test_auth_token_generation(self): wrong_email_data = dict(email='*****@*****.**', password='******') wrong_pass_data = dict(email='*****@*****.**', password='******') correct_data = dict(email='*****@*****.**', password='******') with self.assertRaises(NotFound): User.generate_auth_token(**wrong_email_data) with self.assertRaises(BadRequest): User.generate_auth_token(**wrong_pass_data) self.assertTrue(User.generate_auth_token(**correct_data))
def create_superuser(): try: User.objects.get(email='*****@*****.**') print("superuser already exist") except DoesNotExist: new_user = User(email='*****@*****.**', password='******', first_name='John', last_name='Wambugu') new_user.save()
def change_pwd(): if request.method == 'POST': password1 = request.form['password1'] password2 = request.form['password2'] username = session.get('username') if password1 == '' or password2 == '': flash('password must be filled!', 'error') return render_template('change_pwd.html') # check password if password1 != password2: flash('password not match!', 'error') return render_template('change_pwd.html') # get user users = User.query.filter_by(username=username).all() if len(users) == 0: flash('user not found!', 'error') return render_template('change_pwd.html') try: user = users[0] user.password = User.generate_hash(password1) db.session.commit() flash('password changed successfully!') except Exception as e: flash(f'db error: {e}', 'error') return render_template('change_pwd.html')
def upgrade(): # Create blog posts table. op.create_table('posts', sa.Column('id', sa.Integer(), nullable=False), sa.Column('author', sa.Unicode(length=32), nullable=True), sa.Column('title', sa.Unicode(length=128), nullable=True), sa.Column('content', sa.UnicodeText(), nullable=True), sa.Column('time', sa.DateTime(timezone=True), nullable=True), sa.PrimaryKeyConstraint('id') ) # Create users table. op.create_table('users', sa.Column('id', sa.Integer(), nullable=False), sa.Column('name', sa.Unicode(length=32), nullable=True), sa.Column('hash', sa.String(length=130), nullable=True), sa.PrimaryKeyConstraint('id') ) op.create_index('ix_user_name', 'users', ['name'], unique=True) users = table('users', sa.Column('id', sa.Integer()), sa.Column('name', sa.Unicode(length=32)), sa.Column('hash', sa.String(length=130)) ) # Generate initial 'root' user. password = '******' % random.randrange(16**8) hash = User.hash_password(password) op.bulk_insert(users, [{'name': u'root', 'hash': hash}]) logging.getLogger('alembic.migration').info('Generated user "root" with password %s', password)
def login(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] print(username, password) # get user users = User.query.filter_by(username=username).all() if len(users) == 0: flash('username / password wrong!', 'error') return render_template('login.html') # check password if User.verify_hash(password, users[0].password) == False: flash('username / password wrong!', 'error') return render_template('login.html') # check is active if users[0].is_active == False: flash('user is not actived yet!', 'error') return render_template('login.html') # redirect to home session['username'] = username session['role'] = users[0].role return redirect('/') else: return render_template('login.html')
def setUp(self): self.app = create_app('testing') self.app_context = self.app.app_context() self.app_context.push() db.create_all() self.user = User(email='*****@*****.**', password='******') db.session.add(self.user) db.session.commit()
def home(): """ Home route :return: admin-home.html """ current_user = users.get_current_user() db_user = User.query(User.email == current_user.email()).get() return render_template('admin-home.html', user=db_user)
def load_fixtures(): """ Create the database and load the fixtures """ db_uri = current_app.config['SQLALCHEMY_DATABASE_URI'] if not database_exists(db_uri): create_database(db_uri) else: db.drop_all() db.create_all() # Fixtures user = User() user.email = '*****@*****.**' user.password = '******' user.active = True db.session.add(user) db.session.commit() print('Initialized the database.')
def setUp(self): """ Will be called before every test """ db.session.commit() db.drop_all() db.create_all() # create test admin user admin = User(name="Admin", email="*****@*****.**", password="******", is_admin=True) # create test non-admin user user = User(name="User1", email="*****@*****.**", password="******") # save users to database db.session.add(admin) db.session.add(user) db.session.commit()
def init_db(): """ Initialize db """ db_uri = current_app.config['SQLALCHEMY_DATABASE_URI'] if not database_exists(db_uri): create_database(db_uri) else: db.drop_all() db.create_all() # Fixtures user = User() user.email = '*****@*****.**' user.password = '******' user.active = True db.session.add(user) db.session.commit() print('Initialized the database.')
def verify_password(username_or_token, password): if User.verify_auth_token(username_or_token) is not None: return True try: user = Ctrl.get_user_with_name(username_or_token) except Ctrl.AdminControlException: return False return user.verify_password(password)
class UserTestCase(unittest.TestCase): def setUp(self): self.app = create_app('testing') self.app_context = self.app.app_context() self.app_context.push() db.create_all() self.user = User(email='*****@*****.**', password='******') db.session.add(self.user) db.session.commit() def test_password_getter(self): with self.assertRaises(AttributeError): self.user.password def test_password_setter(self): self.assertTrue(self.user.password_hash) def test_password_verification(self): self.assertTrue(self.user.verify_password('homm1994')) self.assertFalse(self.user.verify_password('homm1995')) def test_auth_token_generation(self): wrong_email_data = dict(email='*****@*****.**', password='******') wrong_pass_data = dict(email='*****@*****.**', password='******') correct_data = dict(email='*****@*****.**', password='******') with self.assertRaises(NotFound): User.generate_auth_token(**wrong_email_data) with self.assertRaises(BadRequest): User.generate_auth_token(**wrong_pass_data) self.assertTrue(User.generate_auth_token(**correct_data)) def test_verify_auth_token(self): correct_data = dict(email='*****@*****.**', password='******') token = User.generate_auth_token(**correct_data) self.assertEqual(self.user, User.verify_auth_token(token)) with self.assertRaises(BadSignature): User.verify_auth_token(token[:-5]) def tearDown(self): db.session.remove() db.drop_all() self.app_context.pop()
def init_database(): from app import db from app.admin.models import User, Image, Comment db.drop_all() db.create_all() for i in range(0, 100): db.session.add(User('User' + str(i), 'a' + str(i))) for j in range(0, 3): db.session.add(Image(get_image_url(), i + 1)) for k in range(0, 3): db.session.add( Comment('This a Commant' + str(k), 1 + 3 * i + j, i + 1)) db.session.commit() for i in range(50, 100, 2): user = User.query.get(i) user.username = '******' + user.username db.session.commit()
def decorated_view(*args, **kwargs): # Checks if the user is logged in if not users.get_current_user(): return redirect(users.create_login_url(request.url)) else: actual_user = users.get_current_user() # Security Layer if actual_user.email() in User.query_all() or users.is_current_user_admin(): # DB User model check user_in_db = User.query(User.user == actual_user).get() if user_in_db: return func(*args, **kwargs) else: db_user = User.query(User.email == actual_user.email()).get() db_user = User(email=actual_user.email()) if not db_user else db_user db_user.user = actual_user db_user.name = actual_user.nickname() db_user.admin = True if users.is_current_user_admin() else False db_user.put() return func(*args, **kwargs) # If not in permited users else: return 'Sorry but this user, is not in our system.'
def create_new_user(kwargs): """Create a new user in the database. :param kwargs: attributes of the user. :type kwargs: dict """ if kwargs is None: raise AdminControlException('no arguments provided') user = User.new_user(**kwargs) db.session.add(user) try: db.session.commit() except IntegrityError as err: raise AdminControlException(err.message) return user
def register(): if request.method == 'POST': username = request.form['username'] password = request.form['password'] email = request.form['email'] is_form_valid = True if username.strip() == '': is_form_valid = False flash('username should be filled!', 'error') if password.strip() == '': is_form_valid = False flash('password should be filled!', 'error') if email.strip() == '': is_form_valid = False flash('email should be filled!', 'error') if not is_form_valid: return render_template('register.html') # check username if already register # get user users = User.query.filter_by(username=username).all() if is_form_valid and len(users) > 0: flash('username already registered!', 'error') print('username already registered') return render_template('register.html') user = User() user.username = username user.password = User.generate_hash(password) user.email = email user.role = 'user' user.is_active = False db.session.add(user) db.session.commit() flash( 'successfully registered, please wait for admin to activate your account!' ) return render_template('register.html')
def reg(): #request.args #request.form username = request.values.get('username').strip() password = request.values.get('password').strip() user = User.query.filter_by(username=username).first() if username == '' or password == '': return redirect_wich_msg('/regloginpage/', u'用户名或者密码不能为空', 'reglogin') if user != None: return redirect_wich_msg('/regloginpage/', u'用户名已经存在', 'reglogin') salt = '.'.join(random.sample('0123456789abcdefghABCDEFGHIJKLMN', 10)) m = hashlib.md5() m.update((password + salt).encode("utf8")) password = m.hexdigest() user = User(username, password, salt) db.session.add(user) db.session.commit() login_user(user) next = request.values.get('next') if next != None and next.startsith('/'): return redirect(next) return redirect('/')
def test_save(self): user = User(email='*****@*****.**', name='Foo Bar ß', password='******') user.save() self.assertEqual(user.slug, 'foo-bar-ss')
def test_verify_auth_token(self): correct_data = dict(email='*****@*****.**', password='******') token = User.generate_auth_token(**correct_data) self.assertEqual(self.user, User.verify_auth_token(token)) with self.assertRaises(BadSignature): User.verify_auth_token(token[:-5])
def createadmin(email, name, password): """ Creates an admin user. """ password = encrypt_password(password) user = User(email=email, name=name, password=password, active=True) user.save()
from app.admin.models import User from app import db import re print("Enter The Following Details To Create A Admin") name = input("Enter The Name Of The Admin") email_not_created = True while email_not_created: email = input("Enter The Email") if User.query.filter(User.email == email).count() > 0: print("The Email Entered By You Is Incorrect") else: email_not_created = False password_not_created = True while password_not_created: password = input("Enter The Password") if len(password) >= 6: password_not_created = False else: print("Password Should Be Atleast 6 Characters.") user = User(name=name, email=email, password=password, is_admin=True) db.session.add(user) db.session.commit() print("Admin Created Successfully.")