def decorator(*args, **kwargs): #1 if (request.headers['hash'] is not None and request.headers['timestamp'] is not None and request.headers['username'] is not None): # Control timestamp usertimestamp = datetime.datetime.fromtimestamp(int(request.headers['timestamp'])/1000) maxtime = usertimestamp + datetime.timedelta(minutes=app.config["loginMaxTime"]) diftime = datetime.datetime.now() - maxtime if (diftime <= datetime.timedelta(seconds=0)): # Control credentials usermodel = UserModel() user = usermodel.getUserByUsername(request.headers['username']) if user is not None and user['admin']: password = usermodel.getPasswordByUsername(request.headers['username']) if(password != ''): suma = request.headers['username'] + password + request.headers['timestamp'] m = md5.new() m.update(suma) hashsum = m.hexdigest() if(hashsum != request.headers['hash']): abort(401) else: abort(401) else: abort(401) else: abort(401) else: abort(401) return func(*args, **kwargs)
def confirmUser(user,code):
u = UserModel()
user = u.confirmUser(user,code)
if user is not None:
return jsonify({'user': user['user'], 'password': user['password']})
else:
abort(404)
def uploadHistory():
# Get user id
u = UserModel()
user = u.getUserByUsername(request.headers['username'])
# Save history data
h = HistoryModel()
result = h.createHistory(request.form, user['id_user'])
# Save images and link in DB
imagelist = ast.literal_eval(request.form['images'])
resizeImages(imagelist)
i = ImageModel()
i.addImages(imagelist, result['history_id'])
# Send email to admins and author
admins = u.getAllAdmins()
data = {}
data['title'] = request.form['title']
data['author'] = user['real_name']
data['id_history'] = result['history_id']
for admin in admins:
sendNewHistoryNotification(admin, data)
if not user['admin']:
sendNewHistoryNotification(user, data)
return jsonify({'admin':result['isAdmin'], 'history_id': result['history_id']})
def checkUsername(user):
u = UserModel()
result = None
if u.checkUsername(user):
result = jsonify({'result':True})
else:
result = jsonify({'result': False})
return result
def post():
data = UserRegister.parser.parse_args()
if UserModel.find_by_username(data['username']):
return {"message": "A user with that username already exists"}, 400
user = UserModel(data['username'], data['password'])
user.save_to_db()
return {"message": "User created successfully."}, 201
def isLogged():
if 'id_user' in session:
from model.usermodel import UserModel
um = UserModel()
import pprint
if um.getUserLogin(idUser=session["id_user"]) == None:
return False
else:
return True
else:
return False
def isLogged():
if 'id_user' in session:
from model.usermodel import UserModel
um = UserModel()
import pprint
if um.getUserLogin(idUser=session["id_user"]) == None:
return False
else:
return True
else:
return False
def listHistories():
htype = request.args.get('type')
fromid = request.args.get('id')
isAdmin = False
if 'username' in request.headers:
u = UserModel()
isAdmin = u.getUserByUsername(request.headers['username'])['admin']
h = HistoryModel()
result = h.getHistoriesByType(htype,fromid,isAdmin)
if isinstance(result, dict):
return jsonify(result)
else:
return jsonify({'result': result})
def deleteHistory(id):
h = HistoryModel()
history = h.getHistoryById(id)
h.deleteHistory(id)
# Send email to admins and author
u = UserModel()
user = u.getUserByUsername(history['username'])
admins = u.getAllAdmins()
for admin in admins:
sendDeletedHistoryNotification(admin, history)
if not user['admin']:
sendDeletedHistoryNotification(user, history)
return jsonify({'result': 'true'})
def newUser():
"""
Creates a new user. JSON:
{
"name": "Iliana",
"surname": "Olivié",
"password": "******",
"email": "*****@*****.**",
"admin": "true",
"username": "******",
"language": "es",
"status": "1"
}
"""
m = UserModel()
return (jsonify(m.newUser(request.json)))
def newUser():
"""
Creates a new user. JSON:
{
"name": "Iliana",
"surname": "Olivié",
"password": "******",
"email": "*****@*****.**",
"admin": "true",
"username": "******",
"language": "es",
"status": "1"
}
"""
m = UserModel()
return(jsonify(m.newUser(request.json)))
def signin():
# User creation
user = request.form.get('user')
email = request.form.get('email')
password = request.form.get('password')
name = request.form.get('name')
institution = request.form.get('institution')
lang = request.form.get('lang')
if (institution == ""):
institution = None
whySignup = request.form.get('whySignup')
if (whySignup == ""):
whySignup = None
u = UserModel()
code = u.createUser(user,name,email,password,institution,whySignup)
if code is not None:
# Send confirmation email
sendAccountConfirmationEmail(user, name, code, email, lang)
return jsonify({'result': 'true'})
else:
return jsonify({'error': 'userexists'})
def login():
"""
Logs in a user. The JSON is:
{
"email": "*****@*****.**",
"password": "******"
}
Password is sent in plain.
"""
if not request.json or not "email" in request.json or not "password" in request.json:
return jsonify({"Login": False})
if utils.isLogged():
return jsonify({"Login": True})
else:
# login procedure
# get user input
email = request.json['email']
password = request.json['password']
# do password hash
password = hashlib.md5(password).hexdigest()
# compare password against database
u = UserModel().getUserLogin(email=email)
if u and u['password'] == password:
session["id_user"] = u["id_wwwuser"]
session['email'] = email
session["username"] = u["username"]
session["name"] = u["name"]
session["surname"] = u["surname"]
session["language"] = u["language"]
return jsonify({"Login": True})
return jsonify({"Login": False})
def editHistory(id):
data = json.loads(request.data)
h = HistoryModel()
old_history = h.getHistoryById(id)
h.updateHistory(id, data)
i = ImageModel()
# Unlink deleted images
if len(data['images']) > 0:
old_imagelist = old_history['images']
new_imagelist = data['images']
if isinstance(new_imagelist[0], dict):
new_imagelist = [el['href'] for el in new_imagelist]
for image in old_imagelist:
if image['href'] not in new_imagelist:
i.deleteImageByFilename(image['href'])
# Save new images and link in DB
if 'newImages' in data:
imagelist = data['newImages']
resizeImages(imagelist)
i.addImages(imagelist, id)
#Publish twitter
if old_history['twitter'] != data['twitter'] and data['twitter']:
auth = tweepy.OAuthHandler(app.config['consumer_key'], app.config['consumer_secret'])
auth.set_access_token(app.config['access_token'], app.config['access_token_secret'])
apiTwitter = tweepy.API(auth)
maxLength = 117
if len(old_history["images"]) > 0:
maxLength = 93
maxLength -= (len(app.config['hashtag']) + 1)
tweet = data["text_history"]
if(len(tweet) > maxLength):
maxLength -= 3
tweet = tweet[0:maxLength]
tweet += "..."
tweet += app.config['baseURL'] + data["historyUrl"] + str(data["id_history"]) + " " + app.config['hashtag']
if len(old_history["images"]) > 0:
imageTwitter = app.config['IMAGES_FOLDER'] + old_history["images"][0]["href"]
apiTwitter.update_with_media(imageTwitter,status=tweet)
else:
status = apiTwitter.update_status(status=tweet)
# Send email to admins and author
u = UserModel()
user = u.getUserByUsername(data['username'])
admins = u.getAllAdmins()
if old_history['status'] == data['status']:
for admin in admins:
sendEditedHistoryNotification(admin, data)
if not user['admin']:
sendEditedHistoryNotification(user, data)
else:
for admin in admins:
sendPublishedHistoryNotification(admin, data)
if not user['admin']:
sendPublishedHistoryNotification(user, data)
return jsonify({'result': 'true'})
def authenticate(username, password):
user = UserModel.find_by_username(username)
if user and safe_str_cmp(user.password, password):
return user
def identity(payload):
user_id = payload['identity']
return UserModel.find_by_id(user_id)
def login():
username = request.headers['username']
u = UserModel()
user = u.getUserByUsername(username)
return jsonify({'result':'true', 'admin': user['admin'] == 1})
