def post(self):
"""
새로운 관리자 계정 생성
"""
id = request.form['id']
pw = request.form['pw']
name = request.form['name']
student = StudentModel.objects(id=id).first()
admin = AdminModel.objects(id=id).first()
if any((student, admin)):
return Response('', 204)
# --- Create new admin account_admin
pw = hexlify(pbkdf2_hmac(
hash_name='sha256',
password=pw.encode(),
salt=current_app.secret_key.encode(),
iterations=100000
)).decode('utf-8')
# pbkdf2_hmac hash with salt(secret key) and 100000 iteration
AdminModel(id=id, pw=pw, name=name, signup_time=datetime.now()).save()
return Response('', 201)
def post(self):
"""
관리자 로그인
"""
id = request.form['id']
pw = request.form['pw']
pw = hexlify(
pbkdf2_hmac(hash_name='sha256',
password=pw.encode(),
salt=current_app.secret_key.encode(),
iterations=100000)).decode('utf-8')
# pbkdf2_hmac hash with salt(secret key) and 100000 iteration
admin = AdminModel.objects(id=id, pw=pw).first()
if not admin:
abort(401)
# --- Auth success
user_agent = request.headers.get(
'USER-AGENT', 'Windows Application') or 'Windows Application'
return self.unicode_safe_json_response(
{
'access_token':
create_access_token(
TokenModel.generate_token(AccessTokenModel, admin,
user_agent)),
'refresh_token':
create_refresh_token(
TokenModel.generate_token(RefreshTokenModel, admin,
user_agent))
}, 200)
def post(self):
"""
새로운 관리자 계정 생성
"""
payload = request.json
id = payload['id']
if AdminModel.objects(id=id):
abort(409)
AdminModel(id=id,
pw=self.encrypt_password(payload['password']),
name=payload['name']).save()
return Response('', 201)
def wrapper(*args, **kwargs):
admin = AdminModel.objects(id=get_jwt_identity()).first()
student = StudentModel.objects(id=get_jwt_identity()).first()
if not any((admin, student)):
abort(403)
return fn(*args, **kwargs)
def _create_fake_account(self):
self.admin = AdminModel(id=self.admin_id,
pw=self.encrypted_pw,
name=self.admin_name).save()
self.student = StudentModel(id=self.student_id,
pw=self.encrypted_pw,
name=self.student_name,
number=self.student_number).save()
def testDeletionSuccess(self):
# (1) 관리자 계정 삭제
resp = self._request()
# (2) status code 200
self.assertEqual(resp.status_code, 200)
# (3) 데이터베이스 확인
new_admin = AdminModel.objects(id=self.new_admin_id)
self.assertFalse(new_admin)
def post(self):
payload = request.json
account = AdminModel.objects(username=payload['username']).first()
if not account:
return {}, 404
if account.password != payload['password']:
return {}, 401
return {'access': AccessTokenModel.create_access_token(account),
'refresh': RefreshTokenModel.create_refresh_token(account)}, 200
def delete(self):
"""
관리자 계정 삭제
"""
id = request.form['id']
admin = AdminModel.objects(id=id).first()
if not admin:
return Response('', 204)
admin.delete()
return Response('', 200)
def _create_fake_accounts(self):
AdminModel(
id=self.admin_id,
pw=self.hashed_pw,
name='fake'
).save()
StudentModel(
id=self.student_id,
pw=self.hashed_pw,
name='fake',
number=1111
).save()
def delete(self):
"""
관리자 계정 제거
"""
payload = request.json
admin = AdminModel.objects(id=payload['id']).first()
if not admin:
return Response('', 204)
else:
admin.delete()
return Response('', 200)
def post(self):
"""
관리자 로그인
"""
payload = request.json
admin = AdminModel.objects(id=payload['id'], pw=self.encrypt_password(payload['password'])).first()
user_agent = request.headers.get('USER-AGENT', 'Windows Application') or 'Windows Application'
return ({
'accessToken': AccessTokenModelV2.create_access_token(admin, user_agent),
'refreshToken': RefreshTokenModelV2.create_refresh_token(admin, user_agent)
}, 201) if admin else Response('', 401)
def _create_fake_account(self):
pw = hexlify(
pbkdf2_hmac('sha256', b'pw', app.secret_key.encode(),
100000)).decode()
AdminModel(signup_time=datetime.now,
id='admin',
pw=pw,
name='fake_admin').save()
StudentModel(signup_time=datetime.now,
id='student',
pw=pw,
name='fake_student',
number=1111).save()
def post(self):
payload = request.json
if AdminModel.objects.filter(
Q(username=payload['username'])
or Q(admin_id=payload['adminId'])).first():
return {}, 409
else:
try:
account = AdminModel(username=payload['username'],
password=payload['password'],
name=payload['name'],
admin_id=payload['adminId']).save()
return {
'access': AccessTokenModel.create_access_token(account),
'refresh': RefreshTokenModel.create_refresh_token(account)
}, 201
except NotUniqueError:
return {}, 409
def wrapper(*args, **kwargs):
admin = AdminModel.objects(id=get_jwt_identity()).first()
if not admin:
abort(403)
return fn(*args, **kwargs)
