def post_register():
first_name = request.form['first_name']
last_name = request.form['last_name']
email = request.form['email']
username = request.form['username']
password = sha256_crypt.hash((str(request.form['password'])))
user = User()
user.email = email
user.first_name = first_name
user.last_name = last_name
user.password = password
user.username = username
user.authenticated = True
user.active = True
acct = web3.eth.account.create(request.form['password'])
user.eth_address = acct.address
user.eth_prv_key = acct.privateKey.hex()
db.session.add(user)
db.session.commit()
response = jsonify({'message': 'User added', 'result': user.to_json()})
return response
def external_login_google():
gae_current_user = gae_users.get_current_user()
if gae_current_user:
# Google AppEngine Logged in user
# * check if there's a corresponding local user
auth_id = 'google_' + gae_current_user.user_id()
user = User.query(User.auth_ids == auth_id).get()
if not user:
# not present by social id. let's try by email
user = User.query(User.username == gae_current_user.email()).get()
if not user:
# not present - let's create it
# print "!!! CREATE USER !!!"
user = User()
user.username = gae_current_user.email()
user.name = gae_current_user.nickname()
user.auth_ids.append(auth_id)
if gae_users.is_current_user_admin():
user.role = 'ADMIN'
else:
user.role = 'USER'
user.active = True
user.put()
if login_user(user):
user.last_login = datetime.datetime.now()
user.put()
return redirect(g.lurl_for('home.index'))
flash('Login error')
return render_template('auth/loginpage.html', menuid="login")
def register():
if not request.method == 'POST':
return redirect(url_for('index'))
login_str = request.form['login']
email = request.form['email']
password = request.form['password']
exist_query = User.select().where((User.login == login_str)
| (User.email == email))
if exist_query:
flash('Такой пользователь уже существует')
return render_template('auth.html')
u = User()
u.login = login_str
u.email = email
u.set_password(password)
u.active = True
u.save()
# send_activation_email.delay(u.login, generate_confirmation_token(u.login, app))
flash('На вашу почту отправленна ссылка активации.')
return redirect(url_for('index'))
def init_db(self):
engine = self.session.get_bind(mapper=None, clause=None)
inspector = Inspector.from_engine(engine)
if 'ab_user' not in inspector.get_table_names():
print "Security DB not found Creating..."
Base.metadata.create_all(engine)
print "Security DB Created"
self.migrate_db()
if self.session.query(Role).filter_by(name = self.auth_role_admin).first() is None:
role = Role()
role.name = self.auth_role_admin
self.session.add(role)
self.session.commit()
print "Inserted Role for public access", self.auth_role_admin
if not self.session.query(Role).filter_by(name = self.auth_role_public).first():
role = Role()
role.name = self.auth_role_public
self.session.add(role)
self.session.commit()
print "Inserted Role for public access", self.auth_role_public
if not self.session.query(User).all():
user = User()
user.first_name = 'Admin'
user.last_name = 'User'
user.username = '******'
user.password = '******'
user.active = True
user.role = self.session.query(Role).filter_by(name = self.auth_role_admin).first()
self.session.add(user)
self.session.commit()
print "Inserted initial Admin user"
print "Login using Admin/general"
def register():
if current_user.is_authenticated:
return redirect(url_for('.dashboard'))
form = RegistrationForm(request.form)
if request.method == 'POST' and form.validate():
# check that email does not exist already
if not bool(User.query.filter_by(email=form.email.data).first()):
# create user
user = User()
form.populate_obj(user)
user.password = hash_password(form.password.data)
user.active = False
user.generate_verification_code()
db.session.add(user)
db.session.commit()
# todo send email with verification code
return redirect(
url_for('.verify',
email=user.email,
verification_code=user.verification_code))
else:
flash("Email address already exists", "error")
return render_template('frontend/register.html', form=form)
def add_user():
"""
添加用户
"""
if request.method == 'POST':
user_name = request.form['username']
user_email = request.form['email']
if User.query.filter(
db.or_(User.username == user_name,
User.email == user_email)).first():
flash('User has been exisit!!!', 'warning')
user = User()
user_password = request.form['password']
user_display = request.form['nickname']
user_location = request.form['location']
user_role_id = 2
user.username = user_name
user.password_hash = user.pass_exchange(user_password)
user.member_since = datetime.now()
user.active = True
user.email = user_email
user.display_name = user_display
user.role_id = user_role_id
user.location = user_location
db.session.add(user)
db.session.commit()
flash('Add user successful', 'success')
return redirect(url_for('main.admin_home'))
return render_template('auth/regist.html')
def post(self):
openreg = RegisterStatus().get()
logging.warning('Register status: ' + str(openreg))
if openreg:
nick = self.request.get('nick')
email = self.request.get('email')
password = self.request.get('password')
password2 = self.request.get('password2')
fname = self.request.get('fname')
lname = self.request.get('lname')
if not nick or not email or not password or not password2:
self.redirect('/register?exception=UnfilledMandatoryFields')
elif password != password2:
self.redirect('/register?exception=PasswordInconsistency')
else:
exists = User.all()
nickexists = exists.filter("nick =", nick)
nickfound = False
for nicks in nickexists.run(limit=1):
nickfound = True
if nickfound:
self.redirect('/register?exception=NickExists')
else:
emailexists = exists.filter("email =", email)
emailfound = False
for emails in emailexists.run(limit=1):
emailfound = True
if emailfound:
self.redirect('register?exception=EmailExists')
else:
user = User()
user.nick = nick
user.email = email
user.password = password
if fname:
user.fname = fname
if lname:
user.lname = lname
user.active = False
user.status = RandomString(26)
user.put()
receipient = email
subject = "Tom - Registration confirmation"
body = """Hey !
Thanks for registering. Please follow the following link to complete it.
http://""" + APPID + """/register/confirm?email=""" + email + """&confirm=""" + user.status + """
Tom"""
message = sendmail(receipient, subject, body)
message.send()
self.redirect('/register/greetings')
else:
self.redirect('/?exception=RegistrationClosed')
def signup_active():
username = request.args.get('user')
token = request.args.get('token')
if not username or not token:
abort(403)
user = UserM()
if user.active(username, token):
flash(u'邮箱验证成功')
return redirect(url_for('user_page.login'))
else:
flash(user.mail_verify_error)
return redirect(url_for('user_page.login'))
def client():
db_fd, db_link = tempfile.mkstemp()
flask_template = create_app({
"SQLALCHEMY_DATABASE_URI":
'sqlite:///' + os.path.abspath(db_link),
"SQLALCHEMY_TRACK_MODIFICATIONS":
False,
"DATABASE_CONNECT_OPTIONS": {},
"THREADS_PER_PAGE":
2,
"CSRF_ENABLED":
True,
"CSRF_SESSION_KEY":
"session"
})
with flask_template.app_context():
admin = User('admin', 'admin', '*****@*****.**')
admin.admin = True
admin.active = True
user = User('user', 'user', '*****@*****.**')
user.active = True
inactive_user = User('inactiveuser', 'inactiveuser',
'*****@*****.**')
db.session.add(admin)
db.session.add(user)
db.session.add(inactive_user)
db.session.commit()
flask_template.config['TESTING'] = True
client = flask_template.test_client()
yield client
os.close(db_fd)
os.unlink(db_link)
def users(id=None):
if request.method == 'GET':
if id is not None:
user = User.query.get(id)
if user:
return jsonify(user.serialize()), 200
else:
return jsonify({"user":"******"}), 404
else:
users = User.query.all()
users = list(map(lambda user: user.serialize(),users))
return jsonify(users), 200
if request.method == 'POST':
password = request.json.get('password')
user = User()
user.username = request.json.get('username')
user.fullname = request.json.get('fullname')
user.password = bcrypt.generate_password_hash(password)
db.session.add(user)
db.session.commit()
#sendMail("Bienvenid@ "+user.fullname , user.username, "*****@*****.**", user.username, "Bienvenid@ "+user.fullname)
return jsonify(user.serialize()), 201
if request.method == 'PUT':
user = User.query.get(id)
user.fullname = request.json.get('fullname')
user.isAdmin = request.json.get('isAdmin')
user.active = request.json.get('active')
db.session.commit()
#sendMail("Hola "+user.fullname , user.username, "*****@*****.**", user.username, "Modificación realizada con éxito, "+user.fullname)
return jsonify(user.serialize()), 200
if request.method == 'DELETE':
user = User.query.get(id)
db.session.delete(user)
db.session.commit()
#sendMail("Hasta pronto "+user.fullname , user.username, "*****@*****.**", user.username, "Usuario eliminado con éxito")
return jsonify({'user':'******'}), 200
def external_login_google():
gae_current_user = gae_users.get_current_user()
if gae_current_user:
# Google AppEngine Logged in user
# * check if there's a corresponding local user
auth_id = 'google_' + gae_current_user.user_id()
user = User.query(User.auth_ids == auth_id).get()
if not user:
print 'USER NOT PRESENT BY SOCIAL ID'
# not present by social id. let's try by email
user = User.query(User.email == gae_current_user.email()).get()
if not user:
# not present - let's create it
print "USER CREATED"
user = User()
user.name = gae_current_user.nickname()
user.username = user.email = gae_current_user.email()
user.auth_ids.append(auth_id)
user.put()
if gae_users.is_current_user_admin():
user.role = 'ADMIN'
user.active = True
user.put()
if login_user(user):
user.last_login = datetime.datetime.now()
user.put()
redirect_url = request.args.get('r', '')
if redirect_url:
return redirect(redirect_url)
return redirect(g.lurl_for('home.index'))
flash('Login error')
redirect_error_url = request.args.get('r_error', '')
if redirect_error_url:
return redirect(redirect_error_url)
return render_template('atuin/auth/loginpage.html', menuid="login")
def post_register():
first_name = request.form['first_name']
last_name = request.form['last_name']
username = request.form['username']
email = request.form['email']
password = sha256_crypt.verify(str(request.form['password']))
user = User()
user.email = email
user.firstName = first_name
user.lastName = last_name
user.username = username
user.password = password
user.authenticated = True
user.active = True
db.session.add(user)
db.session.commit()
response = jsonify({'message': 'User added', 'result': user.to_jason()})
return response
def user_save(user_key_us=None):
# form validation
form = UserFormAdmin()
if not form.validate_on_submit():
return "VALIDATION_ERROR", 400
if user_key_us:
# edit user
user = User.get_by_key(user_key_us)
if not user:
abort(404)
else:
# new user
user = User()
user.active = form.active.data
print 'print form.active.data'
print form.active.data
user.role = form.role.data
user.email = form.email.data
user.username = form.username.data
if form.password.data != '':
user.set_password(form.password.data)
user.prefix = form.prefix.data
user.name = form.name.data
user.surname = form.surname.data
user.gender = form.gender.data
user.notes = form.notes.data
# TODO what about insertion of repeated usernames?
user.put()
flash(u'User %s saved' % user.username)
return jsonify(result='ok')
def register():
email = request.json.get("email", None)
password = request.json.get("password", None)
if not email:
return jsonify({"msg": "Email is required"}), 400
if not password:
return jsonify({"msg": "Password is required"}), 400
user = User.query.filter_by(email=email).first()
if user:
return jsonify({"msg": "Email already exists"}), 400
user = User()
user.name = request.json.get("name", "")
user.email = email
user.password = bcrypt.generate_password_hash(password)
user.active = request.json.get("active", False)
user.save()
return jsonify({"success": "Register successfully!, please Log In"}), 200
def users_save(userkey=None):
# form validation
form = UserFormAdmin()
if not form.validate_on_submit():
return "VALIDATION_ERROR", 400
if userkey:
#edit user
user = User.get_by_key(userkey)
if not user:
abort(404)
else:
#new user
user = User()
user.ins_timestamp = datetime.datetime.now()
user.upd_timestamp = datetime.datetime.now()
user.email = form.email.data
user.username = form.username.data
if form.password.data != '':
user.set_password(form.password.data)
user.name = form.name.data
user.surname = form.surname.data
user.notes = form.notes.data
user.role = form.role.data
user.active = form.active.data
# TODO what about insertion of repeated usernames?
user.put()
flash(u'User %s saved' % user.username)
user_d = user.to_dict(exclude=['password', 'logo_image'])
return jsonify(user_d)
def init_db(self):
try:
engine = self.session.get_bind(mapper=None, clause=None)
inspector = Inspector.from_engine(engine)
if 'ab_user' not in inspector.get_table_names():
log.info("Security DB not found Creating")
Base.metadata.create_all(engine)
log.info("Security DB Created")
self.migrate_db()
if self.session.query(Role).filter_by(name=self.auth_role_admin).first() is None:
role = Role()
role.name = self.auth_role_admin
self.session.add(role)
self.session.commit()
log.info("Inserted Role for public access %s" % (self.auth_role_admin))
if not self.session.query(Role).filter_by(name=self.auth_role_public).first():
role = Role()
role.name = self.auth_role_public
self.session.add(role)
self.session.commit()
log.info("Inserted Role for public access %s" % (self.auth_role_public))
if not self.session.query(User).all():
user = User()
user.first_name = 'Admin'
user.last_name = 'User'
user.username = '******'
user.password = generate_password_hash('general')
user.email = '*****@*****.**'
user.active = True
user.role = self.session.query(Role).filter_by(name=self.auth_role_admin).first()
self.session.add(user)
self.session.commit()
log.info("Inserted initial Admin user")
log.info("Login using Admin/general")
except Exception as e:
log.error("DB Creation and initialization failed, if just upgraded to 0.7.X you must migrate the DB. {0}".format(str(e)))
def post_register():
logging.debug('post_register()')
first_name = escape(request.form['first_name'])
last_name = escape(request.form['last_name'])
email = request.form['email']
username = escape(request.form['username'])
password = sha256_crypt.hash((str(request.form['password'])))
user = User()
user.email = email
user.first_name = first_name
user.last_name = last_name
user.password = password
user.username = username
user.authenticated = True
user.active = True
db.session.add(user)
db.session.commit()
response = jsonify({'message': 'User added', 'result': user.to_json()})
return response
from flask_security import utils
sys.path.append(os.path.join(os.path.dirname(__file__), '..'))
from app import create_app
from models import Page, db, Role, User
app = create_app()
with app.app_context():
admin_role = Role()
admin_role.name = 'admin'
db.session.add(admin_role)
db.session.commit()
root = User()
root.email = '*****@*****.**'
root.password = utils.hash_password("123456")
root.active = True
root.roles.append(admin_role)
db.session.add(root)
db.session.commit()
page = Page()
page.title = "Home Page"
page.content = "<h1><b>Hello from flask - docker!<b></h1>"
page.is_homepage = True
db.session.add(page)
db.session.commit()
user_manager.init_app(app) mail = Mail(app) # Debug toolbar # ------------- from flask_debugtoolbar import DebugToolbarExtension toolbar = DebugToolbarExtension(app) # Admin # ----- import admin # Init admin user # --------------- try: if db.session.query(User).filter(User.username==app.config['USERNAME']).count() == 0: admin = User() admin.username = app.config['USERNAME'] admin.email = app.config['ADMIN_EMAIL'] admin.password = user_manager.hash_password(app.config['PASSWORD']) admin.roles.append(Role(name='admin')) admin.active = True db.session.add(admin) db.session.commit() except Exception: pass
def post(self):
### Session verification code ###
session = get_current_session()
try:
if not session['key'] or session['key'] == '':
self.redirect('/?exception=NoSession')
else:
mainuser = User.get(session['key'])
template_values = {
'pagename': 'friendsinvite',
}
try:
emails = self.request.get('emails').lower().replace(' ','').split(',')
if len(emails) > 30:
self.redirect('/friends?exception=TooManyArguments')
else:
users = User.all().filter("email IN", emails)
alreadyuser = []
for user in users:
alreadyuser.append(str(user.key()))
emails.remove(user.email)
friendships = Friendship.all().filter("user ="******"friend =", str(user.key()))
for friendship in friendships:
alreadyuser.remove(str(friendship.friend))
for email in emails:
confirmcode = RandomString(64)
subject = mainuser.nick + ' invites you to Animo!'
body = """Hey!
You've been invited to subscribe and play Animo by your friend """ + mainuser.nick + """(""" + mainuser.fname + """ """ + mainuser.lname + """). Please follow the following link to register and play:
http://""" + APPID + """/register/invitation?referer=""" + session['key'] + """&email=""" + email + """&code=""" + confirmcode + """
Tom"""
message = sendmail(email, subject, body)
message.send()
newuser = User()
newuser.email = email
newuser.active = False
newuser.status = confirmcode
newuser.put()
friendship = Friendship()
friendship.user = session['key']
friendship.friend = str(newuser.key())
friendship.status = 0
friendship.put()
for key in alreadyuser:
user = User.get(key)
securitycode = SecurityCode()
url = 'https://' + APPID + '/notifications/add'
form_fields = {"key": key, "message": user.nick + " wants to be friends with you. Click to accept.", "url": "/friends/invite/confirm?key=" + key + "&friend=" + str(user.key()), "code": securitycode.get()}
form_data = urllib.urlencode(form_fields)
result = urlfetch.fetch(url=url,payload=form_data,method=urlfetch.POST,headers={'Content-Type': 'application/x-www-form-urlencoded'})
friendship = Friendship()
friendship.user = session['key']
friendship.friend = key
friendship.status = 0
friendship.put()
self.redirect('/friends')
except ValueError:
self.redirect('/?exception=WrongParameter')
except KeyError:
self.redirect('/?exception=NoSession')
def get(self):
username = self.request.get('username')
self.response.headers['Content-Type'] = 'application/json'
try:
user = User.get_by_username(username)
#logging.warning('DEBUG: %s %s' % (str(dir(user)), str(type(user))))
returndict = {}
newuser = False
if user is None:
newuser = True
user = User()
user.username = username
user.active = False
url = 'https://tom-schneider.appspot.com/api/randstring?case=all&length=128'
result = urlfetch.fetch(url)
if result.status_code == 200:
user.notes = json.loads(result.content)['randstring']
if not mail.is_email_valid(self.request.get('email')):
raise urllib2.URLError('El email del usuario no es valido.')
else:
sender_address = 'Organization Management Tool Team <*****@*****.**>'
subject = 'Organization Management Tool - Confirm your registration'
body = """
Gracias por registrerse!
De click en la URL siguiente para confirmar su direccion de correo:
%s%s/api/user/confirm?email=%s&cc=%s
""" % (config,PROTOCOL, config.APP_HOSTNAME, self.request.get('email'), user.notes)
logging.warning('DEBUG UserSet - Registration confirmation email: sender=%s, to=%s, subject=%s, body=%s' % (sender_address, self.request.get('email'), subject, body))
mail.send_mail(sender=sender_address, to=self.request.get('email'), subject=subject, body=body)
else:
raise urllib2.URLError('Un error ocurrio. No se pudo generar codigo de seguridad.')
returndict['message'] = 'Usuario creado.'
else:
returndict['message'] = 'Usuario modificado.'
try:
if not newuser and user.active is False:
raise ValueError('Los datos de un usuario no verificado no pueden ser modificados.')
if newuser and len(self.request.get('email')) == 0:
raise ValueError('Campo email faltando para nuevo usuario.')
elif len(self.request.get('email')) > 0:
user.email = self.request.get('email')
if newuser and len(self.request.get('first_name')) == 0:
raise ValueError('Campo first_name faltando para nuevo usuario.')
elif len(self.request.get('first_name')) > 0:
user.first_name = self.request.get('first_name')
if newuser and len(self.request.get('last_name')) == 0:
raise ValueError('Campo last_name faltando para nuevo usuario.')
elif len(self.request.get('last_name')) > 0:
user.last_name = self.request.get('last_name')
if len(self.request.get('active')) > 0:
if self.request.get('active') == 'false':
user.active = False
elif self.request.get('active') == 'true':
user.active = True
# {'reader': 0, 'professor': 0, 'administrator': 0}
permissions_type = ['reader', 'professor', 'administrator']
if user.permissions is None:
permissions = {'reader': False, 'professor': False, 'administrator': False}
else:
permissions = json.loads(user.permissions)
for permission in permissions_type:
if self.request.get('permissions_' + permission) == 'true':
permissions[permission] = True
elif self.request.get('permissions_' + permission) == 'false':
permissions[permission] = False
user.permissions = json.dumps(permissions)
user.put()
returndict['status'] = 0
returndict ['user'] = {'username': username, 'email': user.email, 'first_name': user.first_name, 'last_name': user.last_name, 'permissions': user.permissions, 'active': str(user.active)}
logging.warning('DEBUG: %s' % str(returndict))
self.response.write(json.dumps(returndict))
except ValueError, e:
self.response.write(json.dumps(str(e)))
except urllib2.URLError, e:
self.response.write(json.dumps(str(e)))
