def post_register(): first_name = request.form['first_name'] last_name = request.form['last_name'] email = request.form['email'] username = request.form['username'] password = sha256_crypt.hash((str(request.form['password']))) user = User() user.email = email user.first_name = first_name user.last_name = last_name user.password = password user.username = username user.authenticated = True user.active = True acct = web3.eth.account.create(request.form['password']) user.eth_address = acct.address user.eth_prv_key = acct.privateKey.hex() db.session.add(user) db.session.commit() response = jsonify({'message': 'User added', 'result': user.to_json()}) return response
def external_login_google(): gae_current_user = gae_users.get_current_user() if gae_current_user: # Google AppEngine Logged in user # * check if there's a corresponding local user auth_id = 'google_' + gae_current_user.user_id() user = User.query(User.auth_ids == auth_id).get() if not user: # not present by social id. let's try by email user = User.query(User.username == gae_current_user.email()).get() if not user: # not present - let's create it # print "!!! CREATE USER !!!" user = User() user.username = gae_current_user.email() user.name = gae_current_user.nickname() user.auth_ids.append(auth_id) if gae_users.is_current_user_admin(): user.role = 'ADMIN' else: user.role = 'USER' user.active = True user.put() if login_user(user): user.last_login = datetime.datetime.now() user.put() return redirect(g.lurl_for('home.index')) flash('Login error') return render_template('auth/loginpage.html', menuid="login")
def register(): if not request.method == 'POST': return redirect(url_for('index')) login_str = request.form['login'] email = request.form['email'] password = request.form['password'] exist_query = User.select().where((User.login == login_str) | (User.email == email)) if exist_query: flash('Такой пользователь уже существует') return render_template('auth.html') u = User() u.login = login_str u.email = email u.set_password(password) u.active = True u.save() # send_activation_email.delay(u.login, generate_confirmation_token(u.login, app)) flash('На вашу почту отправленна ссылка активации.') return redirect(url_for('index'))
def init_db(self): engine = self.session.get_bind(mapper=None, clause=None) inspector = Inspector.from_engine(engine) if 'ab_user' not in inspector.get_table_names(): print "Security DB not found Creating..." Base.metadata.create_all(engine) print "Security DB Created" self.migrate_db() if self.session.query(Role).filter_by(name = self.auth_role_admin).first() is None: role = Role() role.name = self.auth_role_admin self.session.add(role) self.session.commit() print "Inserted Role for public access", self.auth_role_admin if not self.session.query(Role).filter_by(name = self.auth_role_public).first(): role = Role() role.name = self.auth_role_public self.session.add(role) self.session.commit() print "Inserted Role for public access", self.auth_role_public if not self.session.query(User).all(): user = User() user.first_name = 'Admin' user.last_name = 'User' user.username = '******' user.password = '******' user.active = True user.role = self.session.query(Role).filter_by(name = self.auth_role_admin).first() self.session.add(user) self.session.commit() print "Inserted initial Admin user" print "Login using Admin/general"
def register(): if current_user.is_authenticated: return redirect(url_for('.dashboard')) form = RegistrationForm(request.form) if request.method == 'POST' and form.validate(): # check that email does not exist already if not bool(User.query.filter_by(email=form.email.data).first()): # create user user = User() form.populate_obj(user) user.password = hash_password(form.password.data) user.active = False user.generate_verification_code() db.session.add(user) db.session.commit() # todo send email with verification code return redirect( url_for('.verify', email=user.email, verification_code=user.verification_code)) else: flash("Email address already exists", "error") return render_template('frontend/register.html', form=form)
def add_user(): """ 添加用户 """ if request.method == 'POST': user_name = request.form['username'] user_email = request.form['email'] if User.query.filter( db.or_(User.username == user_name, User.email == user_email)).first(): flash('User has been exisit!!!', 'warning') user = User() user_password = request.form['password'] user_display = request.form['nickname'] user_location = request.form['location'] user_role_id = 2 user.username = user_name user.password_hash = user.pass_exchange(user_password) user.member_since = datetime.now() user.active = True user.email = user_email user.display_name = user_display user.role_id = user_role_id user.location = user_location db.session.add(user) db.session.commit() flash('Add user successful', 'success') return redirect(url_for('main.admin_home')) return render_template('auth/regist.html')
def post(self): openreg = RegisterStatus().get() logging.warning('Register status: ' + str(openreg)) if openreg: nick = self.request.get('nick') email = self.request.get('email') password = self.request.get('password') password2 = self.request.get('password2') fname = self.request.get('fname') lname = self.request.get('lname') if not nick or not email or not password or not password2: self.redirect('/register?exception=UnfilledMandatoryFields') elif password != password2: self.redirect('/register?exception=PasswordInconsistency') else: exists = User.all() nickexists = exists.filter("nick =", nick) nickfound = False for nicks in nickexists.run(limit=1): nickfound = True if nickfound: self.redirect('/register?exception=NickExists') else: emailexists = exists.filter("email =", email) emailfound = False for emails in emailexists.run(limit=1): emailfound = True if emailfound: self.redirect('register?exception=EmailExists') else: user = User() user.nick = nick user.email = email user.password = password if fname: user.fname = fname if lname: user.lname = lname user.active = False user.status = RandomString(26) user.put() receipient = email subject = "Tom - Registration confirmation" body = """Hey ! Thanks for registering. Please follow the following link to complete it. http://""" + APPID + """/register/confirm?email=""" + email + """&confirm=""" + user.status + """ Tom""" message = sendmail(receipient, subject, body) message.send() self.redirect('/register/greetings') else: self.redirect('/?exception=RegistrationClosed')
def signup_active(): username = request.args.get('user') token = request.args.get('token') if not username or not token: abort(403) user = UserM() if user.active(username, token): flash(u'邮箱验证成功') return redirect(url_for('user_page.login')) else: flash(user.mail_verify_error) return redirect(url_for('user_page.login'))
def client(): db_fd, db_link = tempfile.mkstemp() flask_template = create_app({ "SQLALCHEMY_DATABASE_URI": 'sqlite:///' + os.path.abspath(db_link), "SQLALCHEMY_TRACK_MODIFICATIONS": False, "DATABASE_CONNECT_OPTIONS": {}, "THREADS_PER_PAGE": 2, "CSRF_ENABLED": True, "CSRF_SESSION_KEY": "session" }) with flask_template.app_context(): admin = User('admin', 'admin', '*****@*****.**') admin.admin = True admin.active = True user = User('user', 'user', '*****@*****.**') user.active = True inactive_user = User('inactiveuser', 'inactiveuser', '*****@*****.**') db.session.add(admin) db.session.add(user) db.session.add(inactive_user) db.session.commit() flask_template.config['TESTING'] = True client = flask_template.test_client() yield client os.close(db_fd) os.unlink(db_link)
def users(id=None): if request.method == 'GET': if id is not None: user = User.query.get(id) if user: return jsonify(user.serialize()), 200 else: return jsonify({"user":"******"}), 404 else: users = User.query.all() users = list(map(lambda user: user.serialize(),users)) return jsonify(users), 200 if request.method == 'POST': password = request.json.get('password') user = User() user.username = request.json.get('username') user.fullname = request.json.get('fullname') user.password = bcrypt.generate_password_hash(password) db.session.add(user) db.session.commit() #sendMail("Bienvenid@ "+user.fullname , user.username, "*****@*****.**", user.username, "Bienvenid@ "+user.fullname) return jsonify(user.serialize()), 201 if request.method == 'PUT': user = User.query.get(id) user.fullname = request.json.get('fullname') user.isAdmin = request.json.get('isAdmin') user.active = request.json.get('active') db.session.commit() #sendMail("Hola "+user.fullname , user.username, "*****@*****.**", user.username, "Modificación realizada con éxito, "+user.fullname) return jsonify(user.serialize()), 200 if request.method == 'DELETE': user = User.query.get(id) db.session.delete(user) db.session.commit() #sendMail("Hasta pronto "+user.fullname , user.username, "*****@*****.**", user.username, "Usuario eliminado con éxito") return jsonify({'user':'******'}), 200
def external_login_google(): gae_current_user = gae_users.get_current_user() if gae_current_user: # Google AppEngine Logged in user # * check if there's a corresponding local user auth_id = 'google_' + gae_current_user.user_id() user = User.query(User.auth_ids == auth_id).get() if not user: print 'USER NOT PRESENT BY SOCIAL ID' # not present by social id. let's try by email user = User.query(User.email == gae_current_user.email()).get() if not user: # not present - let's create it print "USER CREATED" user = User() user.name = gae_current_user.nickname() user.username = user.email = gae_current_user.email() user.auth_ids.append(auth_id) user.put() if gae_users.is_current_user_admin(): user.role = 'ADMIN' user.active = True user.put() if login_user(user): user.last_login = datetime.datetime.now() user.put() redirect_url = request.args.get('r', '') if redirect_url: return redirect(redirect_url) return redirect(g.lurl_for('home.index')) flash('Login error') redirect_error_url = request.args.get('r_error', '') if redirect_error_url: return redirect(redirect_error_url) return render_template('atuin/auth/loginpage.html', menuid="login")
def post_register(): first_name = request.form['first_name'] last_name = request.form['last_name'] username = request.form['username'] email = request.form['email'] password = sha256_crypt.verify(str(request.form['password'])) user = User() user.email = email user.firstName = first_name user.lastName = last_name user.username = username user.password = password user.authenticated = True user.active = True db.session.add(user) db.session.commit() response = jsonify({'message': 'User added', 'result': user.to_jason()}) return response
def user_save(user_key_us=None): # form validation form = UserFormAdmin() if not form.validate_on_submit(): return "VALIDATION_ERROR", 400 if user_key_us: # edit user user = User.get_by_key(user_key_us) if not user: abort(404) else: # new user user = User() user.active = form.active.data print 'print form.active.data' print form.active.data user.role = form.role.data user.email = form.email.data user.username = form.username.data if form.password.data != '': user.set_password(form.password.data) user.prefix = form.prefix.data user.name = form.name.data user.surname = form.surname.data user.gender = form.gender.data user.notes = form.notes.data # TODO what about insertion of repeated usernames? user.put() flash(u'User %s saved' % user.username) return jsonify(result='ok')
def register(): email = request.json.get("email", None) password = request.json.get("password", None) if not email: return jsonify({"msg": "Email is required"}), 400 if not password: return jsonify({"msg": "Password is required"}), 400 user = User.query.filter_by(email=email).first() if user: return jsonify({"msg": "Email already exists"}), 400 user = User() user.name = request.json.get("name", "") user.email = email user.password = bcrypt.generate_password_hash(password) user.active = request.json.get("active", False) user.save() return jsonify({"success": "Register successfully!, please Log In"}), 200
def users_save(userkey=None): # form validation form = UserFormAdmin() if not form.validate_on_submit(): return "VALIDATION_ERROR", 400 if userkey: #edit user user = User.get_by_key(userkey) if not user: abort(404) else: #new user user = User() user.ins_timestamp = datetime.datetime.now() user.upd_timestamp = datetime.datetime.now() user.email = form.email.data user.username = form.username.data if form.password.data != '': user.set_password(form.password.data) user.name = form.name.data user.surname = form.surname.data user.notes = form.notes.data user.role = form.role.data user.active = form.active.data # TODO what about insertion of repeated usernames? user.put() flash(u'User %s saved' % user.username) user_d = user.to_dict(exclude=['password', 'logo_image']) return jsonify(user_d)
def init_db(self): try: engine = self.session.get_bind(mapper=None, clause=None) inspector = Inspector.from_engine(engine) if 'ab_user' not in inspector.get_table_names(): log.info("Security DB not found Creating") Base.metadata.create_all(engine) log.info("Security DB Created") self.migrate_db() if self.session.query(Role).filter_by(name=self.auth_role_admin).first() is None: role = Role() role.name = self.auth_role_admin self.session.add(role) self.session.commit() log.info("Inserted Role for public access %s" % (self.auth_role_admin)) if not self.session.query(Role).filter_by(name=self.auth_role_public).first(): role = Role() role.name = self.auth_role_public self.session.add(role) self.session.commit() log.info("Inserted Role for public access %s" % (self.auth_role_public)) if not self.session.query(User).all(): user = User() user.first_name = 'Admin' user.last_name = 'User' user.username = '******' user.password = generate_password_hash('general') user.email = '*****@*****.**' user.active = True user.role = self.session.query(Role).filter_by(name=self.auth_role_admin).first() self.session.add(user) self.session.commit() log.info("Inserted initial Admin user") log.info("Login using Admin/general") except Exception as e: log.error("DB Creation and initialization failed, if just upgraded to 0.7.X you must migrate the DB. {0}".format(str(e)))
def post_register(): logging.debug('post_register()') first_name = escape(request.form['first_name']) last_name = escape(request.form['last_name']) email = request.form['email'] username = escape(request.form['username']) password = sha256_crypt.hash((str(request.form['password']))) user = User() user.email = email user.first_name = first_name user.last_name = last_name user.password = password user.username = username user.authenticated = True user.active = True db.session.add(user) db.session.commit() response = jsonify({'message': 'User added', 'result': user.to_json()}) return response
from flask_security import utils sys.path.append(os.path.join(os.path.dirname(__file__), '..')) from app import create_app from models import Page, db, Role, User app = create_app() with app.app_context(): admin_role = Role() admin_role.name = 'admin' db.session.add(admin_role) db.session.commit() root = User() root.email = '*****@*****.**' root.password = utils.hash_password("123456") root.active = True root.roles.append(admin_role) db.session.add(root) db.session.commit() page = Page() page.title = "Home Page" page.content = "<h1><b>Hello from flask - docker!<b></h1>" page.is_homepage = True db.session.add(page) db.session.commit()
user_manager.init_app(app) mail = Mail(app) # Debug toolbar # ------------- from flask_debugtoolbar import DebugToolbarExtension toolbar = DebugToolbarExtension(app) # Admin # ----- import admin # Init admin user # --------------- try: if db.session.query(User).filter(User.username==app.config['USERNAME']).count() == 0: admin = User() admin.username = app.config['USERNAME'] admin.email = app.config['ADMIN_EMAIL'] admin.password = user_manager.hash_password(app.config['PASSWORD']) admin.roles.append(Role(name='admin')) admin.active = True db.session.add(admin) db.session.commit() except Exception: pass
def post(self): ### Session verification code ### session = get_current_session() try: if not session['key'] or session['key'] == '': self.redirect('/?exception=NoSession') else: mainuser = User.get(session['key']) template_values = { 'pagename': 'friendsinvite', } try: emails = self.request.get('emails').lower().replace(' ','').split(',') if len(emails) > 30: self.redirect('/friends?exception=TooManyArguments') else: users = User.all().filter("email IN", emails) alreadyuser = [] for user in users: alreadyuser.append(str(user.key())) emails.remove(user.email) friendships = Friendship.all().filter("user ="******"friend =", str(user.key())) for friendship in friendships: alreadyuser.remove(str(friendship.friend)) for email in emails: confirmcode = RandomString(64) subject = mainuser.nick + ' invites you to Animo!' body = """Hey! You've been invited to subscribe and play Animo by your friend """ + mainuser.nick + """(""" + mainuser.fname + """ """ + mainuser.lname + """). Please follow the following link to register and play: http://""" + APPID + """/register/invitation?referer=""" + session['key'] + """&email=""" + email + """&code=""" + confirmcode + """ Tom""" message = sendmail(email, subject, body) message.send() newuser = User() newuser.email = email newuser.active = False newuser.status = confirmcode newuser.put() friendship = Friendship() friendship.user = session['key'] friendship.friend = str(newuser.key()) friendship.status = 0 friendship.put() for key in alreadyuser: user = User.get(key) securitycode = SecurityCode() url = 'https://' + APPID + '/notifications/add' form_fields = {"key": key, "message": user.nick + " wants to be friends with you. Click to accept.", "url": "/friends/invite/confirm?key=" + key + "&friend=" + str(user.key()), "code": securitycode.get()} form_data = urllib.urlencode(form_fields) result = urlfetch.fetch(url=url,payload=form_data,method=urlfetch.POST,headers={'Content-Type': 'application/x-www-form-urlencoded'}) friendship = Friendship() friendship.user = session['key'] friendship.friend = key friendship.status = 0 friendship.put() self.redirect('/friends') except ValueError: self.redirect('/?exception=WrongParameter') except KeyError: self.redirect('/?exception=NoSession')
def get(self): username = self.request.get('username') self.response.headers['Content-Type'] = 'application/json' try: user = User.get_by_username(username) #logging.warning('DEBUG: %s %s' % (str(dir(user)), str(type(user)))) returndict = {} newuser = False if user is None: newuser = True user = User() user.username = username user.active = False url = 'https://tom-schneider.appspot.com/api/randstring?case=all&length=128' result = urlfetch.fetch(url) if result.status_code == 200: user.notes = json.loads(result.content)['randstring'] if not mail.is_email_valid(self.request.get('email')): raise urllib2.URLError('El email del usuario no es valido.') else: sender_address = 'Organization Management Tool Team <*****@*****.**>' subject = 'Organization Management Tool - Confirm your registration' body = """ Gracias por registrerse! De click en la URL siguiente para confirmar su direccion de correo: %s%s/api/user/confirm?email=%s&cc=%s """ % (config,PROTOCOL, config.APP_HOSTNAME, self.request.get('email'), user.notes) logging.warning('DEBUG UserSet - Registration confirmation email: sender=%s, to=%s, subject=%s, body=%s' % (sender_address, self.request.get('email'), subject, body)) mail.send_mail(sender=sender_address, to=self.request.get('email'), subject=subject, body=body) else: raise urllib2.URLError('Un error ocurrio. No se pudo generar codigo de seguridad.') returndict['message'] = 'Usuario creado.' else: returndict['message'] = 'Usuario modificado.' try: if not newuser and user.active is False: raise ValueError('Los datos de un usuario no verificado no pueden ser modificados.') if newuser and len(self.request.get('email')) == 0: raise ValueError('Campo email faltando para nuevo usuario.') elif len(self.request.get('email')) > 0: user.email = self.request.get('email') if newuser and len(self.request.get('first_name')) == 0: raise ValueError('Campo first_name faltando para nuevo usuario.') elif len(self.request.get('first_name')) > 0: user.first_name = self.request.get('first_name') if newuser and len(self.request.get('last_name')) == 0: raise ValueError('Campo last_name faltando para nuevo usuario.') elif len(self.request.get('last_name')) > 0: user.last_name = self.request.get('last_name') if len(self.request.get('active')) > 0: if self.request.get('active') == 'false': user.active = False elif self.request.get('active') == 'true': user.active = True # {'reader': 0, 'professor': 0, 'administrator': 0} permissions_type = ['reader', 'professor', 'administrator'] if user.permissions is None: permissions = {'reader': False, 'professor': False, 'administrator': False} else: permissions = json.loads(user.permissions) for permission in permissions_type: if self.request.get('permissions_' + permission) == 'true': permissions[permission] = True elif self.request.get('permissions_' + permission) == 'false': permissions[permission] = False user.permissions = json.dumps(permissions) user.put() returndict['status'] = 0 returndict ['user'] = {'username': username, 'email': user.email, 'first_name': user.first_name, 'last_name': user.last_name, 'permissions': user.permissions, 'active': str(user.active)} logging.warning('DEBUG: %s' % str(returndict)) self.response.write(json.dumps(returndict)) except ValueError, e: self.response.write(json.dumps(str(e))) except urllib2.URLError, e: self.response.write(json.dumps(str(e)))