Exemplo n.º 1
0
    def put(self):
        try:
            uuid.UUID(self.password_id)
        except ValueError:
            return invalid_password_id()

        password = self._get_password()
        if password is None:
            return password_not_found()

        else:
            cleaned_data, errors = validate_password(self.request.body,
                                                     self.request.charset)

            if errors:
                result = {'message': ','.join(errors)}
                return HTTPBadRequest(body=json.dumps(result),
                                      charset='utf8',
                                      content_type='application/json')

            password.secret = cleaned_data['secret']
            password.service = cleaned_data['service']
            password.account = cleaned_data['account']
            password.expiration = cleaned_data['expiration']
            password.notes = cleaned_data['notes']
            password.tags = cleaned_data['tags']

            Session.add(password)

            return {'password': password.as_dict()}
Exemplo n.º 2
0
    def test_password_collection_get_non_empty(self):
        password = Password(service='testing',
                            secret='s3cr3t',
                            user_id=self.user_id)

        with transaction.manager:
            Session.add(password)
            Session.flush()
            password_id = password.id

        res = self.testapp.get('/passwords', headers=self.auth_header)
        self.assertEqual(res.status, '200 OK')

        self.assertEqual(res.json, {
            "passwords": [{
                'account': '',
                'creation': '2014-02-23T08:00:00',
                'modification': '2014-02-23T08:00:00',
                'expiration': None,
                'id': password_id,
                'notes': u'',
                'owner': self.user_id,
                'user': self.user_id,
                'secret': 's3cr3t',
                'service': 'testing',
                'tags': [],
            }],
        })
Exemplo n.º 3
0
def preferences(request):
    schema = UserPreferencesSchema()
    button1 = Button('submit', _('Save changes'))
    button1.css_class = 'btn-primary'

    form = Form(schema, buttons=(button1, ))

    user = request.user

    if 'submit' in request.POST:
        controls = request.POST.items()
        try:
            appstruct = form.validate(controls)
        except ValidationFailure as e:
            return {'form': e.render()}

        user.update_preferences(appstruct)
        Session.add(user)

        request.session.flash(
            _('The changes were saved successfully'),
            'success',
        )
        return HTTPFound(location=request.route_path('user_preferences'))

    return {
        'form':
        form.render({
            'allow_google_analytics':
            user.allow_google_analytics,
            'send_passwords_periodically':
            user.send_passwords_periodically,
        })
    }
Exemplo n.º 4
0
 def test_get_accounts_multiple_providers(self):
     user = User(email='*****@*****.**', email_verified=True)
     identity1 = ExternalIdentity(user=user, provider='twitter',
                                  external_id='1234')
     identity2 = ExternalIdentity(user=user, provider='google',
                                  external_id='4321')
     password = Password(user=user, secret='secret')
     Session.add(user)
     Session.add(identity1)
     Session.add(identity2)
     Session.add(password)
     Session.flush()
     self.assertEqual(user.get_accounts('google'), [
         {'id': user.id,
          'is_current': True,
          'is_verified': True,
          'passwords': 1,
          'providers': [{
              'name': 'twitter',
              'is_current': False,
          }, {
              'name': 'google',
              'is_current': True,
          }]}
     ])
Exemplo n.º 5
0
 def delete(self):
     set_config(self.request.user)
     result = Session.query(self.model).get(int(self.request.matchdict['id']))
     if result and not result.is_readonly:
         Session.delete(result)
         return result
     raise HTTPNotFound()
Exemplo n.º 6
0
 def test_get_accounts_multiple_providers(self):
     user = User(email='*****@*****.**', email_verified=True)
     identity1 = ExternalIdentity(user=user,
                                  provider='twitter',
                                  external_id='1234')
     identity2 = ExternalIdentity(user=user,
                                  provider='google',
                                  external_id='4321')
     password = Password(user=user, secret='secret')
     Session.add(user)
     Session.add(identity1)
     Session.add(identity2)
     Session.add(password)
     Session.flush()
     self.assertEqual(user.get_accounts('google'), [{
         'id':
         user.id,
         'is_current':
         True,
         'is_verified':
         True,
         'passwords':
         1,
         'providers': [{
             'name': 'twitter',
             'is_current': False,
         }, {
             'name': 'google',
             'is_current': True,
         }]
     }])
Exemplo n.º 7
0
def verify_email(request):
    try:
        code = request.params['code']
    except KeyError:
        return HTTPBadRequest('Missing code parameter')

    try:
        email = request.params['email']
    except KeyError:
        return HTTPBadRequest('Missing email parameter')

    evc = EmailVerificationCode(code)
    user = evc.verify(email)
    if user is not None:
        request.session.flash(
            _('Congratulations, your email has been successfully verified'),
            'success',
        )
        user.verify_email()
        Session.add(user)
        return {
            'verified': True,
        }
    else:
        request.session.flash(
            _('Sorry, your verification code is not correct or has expired'),
            'error',
        )
        return {
            'verified': False,
        }
Exemplo n.º 8
0
def main(argv=sys.argv):
    # Usage and configuration
    if len(argv) != 2:
        usage(argv)
    config_uri = argv[1]
    setup_logging(config_uri)
    settings = get_appsettings(config_uri)
    config = Configurator(settings=settings)
    config.include('pyramid_sqlalchemy')

    # Make the database with schema and default data
    with transaction.manager:
        metadata.create_all()
        root = RootFolder(name='',
                      title='Moonbase Demo',
                      __acl__=[
                          ['Allow', ['paul'], 'view']
                      ]
                      )
        Session.add(root)
        f1 = root['f1'] = Folder(
            title='Folder 1',
            __acl__=[
                ['Allow', ['shane'], 'view']
            ]
        )
        f1['da'] = Document(title='Document 1A')
Exemplo n.º 9
0
def handle_refresh_token(request, client):
    if 'refresh_token' not in request.POST:
        log.info('refresh_token field missing')
        return HTTPBadRequest(InvalidRequest(error_description='refresh_token '
            'field required'))

    if 'user_id' not in request.POST:
        log.info('user_id field missing')
        return HTTPBadRequest(InvalidRequest(error_description='user_id '
            'field required'))

    auth_token = db.query(Oauth2Token).filter_by(
        refresh_token=request.POST.get('refresh_token')).first()

    if not auth_token:
        log.info('invalid refresh_token')
        return HTTPUnauthorized(InvalidToken(error_description='Provided '
            'refresh_token is not valid.'))

    if auth_token.client.client_id != client.client_id:
        log.info('invalid client_id')
        return HTTPBadRequest(InvalidClient(error_description='Client does '
            'not own this refresh_token.'))

    if str(auth_token.user_id) != request.POST.get('user_id'):
        log.info('invalid user_id')
        return HTTPBadRequest(InvalidClient(error_description='The given '
            'user_id does not match the given refresh_token.'))

    new_token = auth_token.refresh()
    db.add(new_token)
    db.flush()
    return new_token.asJSON(token_type='bearer')
Exemplo n.º 10
0
    def test_application_edit_unauthorized(self):
        create_and_login_user(self.testapp)

        app = Application(name='Test Application',
                          main_url='http://example.com',
                          callback_url='http://example.com/callback',
                          authorized_origins=['http://example.com',
                                              'https://example.com'],
                          production_ready=False,
                          image_url='http://example.com/image.png',
                          description='example description')

        other_user = User(screen_name='Alice doe',
                          first_name='Alice',
                          last_name='Doe',
                          email='*****@*****.**')

        other_user.applications.append(app)

        with transaction.manager:
            Session.add(other_user)
            Session.flush()
            app_id = app.id

        res = self.testapp.get('/oauth2/applications/%s/edit' % str(app_id),
                               status=401)
        self.assertEqual(res.status, '401 Unauthorized')
Exemplo n.º 11
0
    def test_application_edit_cancel(self):
        user = User(screen_name='John Doe',
                    first_name='John',
                    last_name='Doe',
                    email='*****@*****.**')

        app = Application(name='Test Application',
                          main_url='http://example.com',
                          callback_url='http://example.com/callback',
                          authorized_origins=['http://example.com',
                                              'https://example.com'],
                          production_ready=False,
                          image_url='http://example.com/image.png',
                          description='example description')
        user.applications.append(app)

        with transaction.manager:
            Session.add(user)
            Session.flush()
            app_id = app.id
            user_id = user.id

        self.testapp.get('/__login/' + str(user_id))

        res = self.testapp.post('/oauth2/applications/%s/edit' % str(app_id), {
            'cancel': 'Cancel',
        })
        self.assertEqual(res.status, '302 Found')
        self.assertEqual(res.location, 'http://localhost/oauth2/applications')
Exemplo n.º 12
0
    def test_register_new_user_email_not_verified(self):
        self.testapp.post('/__session', {
            'next_url': 'http://localhost/foo/bar',
            'user_info__provider': 'twitter',
            'user_info__external_id': '1234',
            'user_info__screen_name': 'John Doe',
            'user_info__first_name': 'John',
            'user_info__last_name': 'Doe',
            'user_info__email': '*****@*****.**',
        }, status=302)

        # if no email is provided at registration, the email is
        # not verified
        res = self.testapp.post('/register', {
            'first_name': 'John2',
            'last_name': 'Doe2',
            'email': '',
            'submit': 'Register into Yith Library',
        }, status=302)
        self.assertEqual(res.status, '302 Found')
        self.assertEqual(res.location, 'http://localhost/foo/bar')
        self.assertEqual(Session.query(User).count(), 1)
        user = Session.query(User).filter(User.first_name == 'John2').one()
        self.assertEqual(user.first_name, 'John2')
        self.assertEqual(user.last_name, 'Doe2')
        self.assertEqual(user.email, '')
        self.assertEqual(user.email_verified, False)
        self.assertEqual(user.send_passwords_periodically, False)
        identity = Session.query(ExternalIdentity).filter(
            ExternalIdentity.external_id == '1234',
            ExternalIdentity.provider == 'twitter',
        ).one()
        self.assertEqual(identity.user, user)
Exemplo n.º 13
0
    def collection_timestamp(self, collection_id, parent_id, auth=None):
        """Get the highest timestamp of every objects in this `collection_id` for
        this `parent_id`.

        .. note::

            This should take deleted objects into account.

        :param str collection_id: the collection id.
        :param str parent_id: the collection parent.

        :returns: the latest timestamp of the collection.
        :rtype: int
        """
        tb = Timestamps.__table__
        qry = select([label('last_modified', func.max(tb.c.last_modified))]).where(and_(
                                                                                   tb.c.parent_id == parent_id,
                                                                                   tb.c.collection_id == collection_id))
        last_modified,  = Session.execute(qry).fetchone()
        if last_modified is None:
            last_modified = datetime.datetime.utcnow()
            with transaction.manager:
                Session.add(Timestamps(parent_id=parent_id, collection_id=collection_id,
                                       last_modified=last_modified))
        return last_modified.replace(tzinfo=datetime.timezone.utc).timestamp()
Exemplo n.º 14
0
    def collection_timestamp(self, collection_id, parent_id, auth=None):
        """Get the highest timestamp of every objects in this `collection_id` for
        this `parent_id`.

        .. note::

            This should take deleted objects into account.

        :param str collection_id: the collection id.
        :param str parent_id: the collection parent.

        :returns: the latest timestamp of the collection.
        :rtype: int
        """
        tb = Timestamps.__table__
        qry = select([label('last_modified', func.max(tb.c.last_modified))]).where(and_(
                                                                                   tb.c.parent_id == parent_id,
                                                                                   tb.c.collection_id == collection_id))
        last_modified,  = Session.execute(qry).fetchone()
        if last_modified is None:
            last_modified = datetime.datetime.utcnow()
            with transaction.manager:
                Session.add(Timestamps(parent_id=parent_id, collection_id=collection_id,
                                       last_modified=last_modified))
        return last_modified.replace(tzinfo=datetime.timezone.utc).timestamp()
Exemplo n.º 15
0
    def put(self):
        try:
            uuid.UUID(self.password_id)
        except ValueError:
            return invalid_password_id()

        password = self._get_password()
        if password is None:
            return password_not_found()

        else:
            cleaned_data, errors = validate_password(self.request.body,
                                                     self.request.charset)

            if errors:
                result = {'message': ','.join(errors)}
                return HTTPBadRequest(body=json.dumps(result),
                                      charset='utf8',
                                      content_type='application/json')

            password.secret = cleaned_data['secret']
            password.service = cleaned_data['service']
            password.account = cleaned_data['account']
            password.expiration = cleaned_data['expiration']
            password.notes = cleaned_data['notes']
            password.tags = cleaned_data['tags']

            Session.add(password)

            return {'password': password.as_dict()}
def main(argv=sys.argv):
    # Usage and configuration
    if len(argv) != 2:
        usage(argv)
    config_uri = argv[1]
    setup_logging(config_uri)
    settings = get_appsettings(config_uri)
    config = Configurator(settings=settings)
    config.include('pyramid_sqlalchemy')

    # Make the database with schema and default data
    with transaction.manager:
        metadata.create_all()
        for todo in sample_todos:
            t = ToDo(title=todo['title'], acl=todo.get('acl'))
            Session.add(t)

        for user in sample_users:
            u = User(id=user['id'],
                     username=user['username'],
                     password=user['password'],
                     first_name=user['first_name'],
                     last_name=user['last_name'],
                     groups=user['groups'])
            Session.add(u)
Exemplo n.º 17
0
def developer_application_delete(request):
    app_id = request.matchdict['app']

    try:
        uuid.UUID(app_id)
    except ValueError:
        return HTTPBadRequest()

    try:
        app = Session.query(Application).filter(Application.id == app_id).one()
    except NoResultFound:
        return HTTPNotFound()

    assert_authenticated_user_is_registered(request)
    if app.user != request.user:
        return HTTPUnauthorized()

    if 'submit' in request.POST:
        Session.delete(app)
        request.session.flash(
            _('The application ${app} was deleted successfully',
              mapping={'app': app.name}),
            'success',
        )
        return HTTPFound(
            location=request.route_path('oauth2_developer_applications'))

    return {'app': app}
Exemplo n.º 18
0
    def filter_objects(cls, objects, first=False, **params):
        """ Perform query with :params: on instances sequence :objects:

        :param object: Sequence of :cls: instances on which query should be run.
        :param params: Query parameters to filter :objects:.
        """
        id_name = cls.pk_field()
        ids = [getattr(obj, id_name, None) for obj in objects]
        ids = [str(id_) for id_ in ids if id_ is not None]
        field_obj = getattr(cls, id_name)

        query_set = Session().query(cls).filter(field_obj.in_(ids))

        if params:
            params['query_set'] = query_set.from_self()
            query_set = cls.get_collection(**params)

        if first:
            first_obj = query_set.first()
            if not first_obj:
                msg = "'{}({})' resource not found".format(
                    cls.__name__, params)
                raise JHTTPNotFound(msg)
            return first_obj

        return query_set
Exemplo n.º 19
0
    def _delete_many(cls, items, request=None,
                     synchronize_session=False):
        """ Delete :items: queryset or objects list.

        When queryset passed, Query.delete() is used to delete it but
        first queryset is re-queried to clean it from explicit
        limit/offset/etc.

        If some of the methods listed above were called, or :items: is not
        a Query instance, one-by-one items update is performed.

        `on_bulk_delete` function is called to delete objects from index
        and to reindex relationships. This is done explicitly because it is
        impossible to get access to deleted objects in signal handler for
        'after_bulk_delete' ORM event.
        """
        if isinstance(items, Query):
            del_queryset = cls._clean_queryset(items)
            del_items = del_queryset.all()
            del_count = del_queryset.delete(
                synchronize_session=synchronize_session)
            on_bulk_delete(cls, del_items, request)
            return del_count
        items_count = len(items)
        session = Session()
        for item in items:
            item._request = request
            session.delete(item)
        session.flush()
        return items_count
Exemplo n.º 20
0
    def list(cls, empresa_id, offset, limit, sort, order, cliente):
        """
        Método para retorno com paginação e ordenação remotas
        :param empresa_id: identificação da empresa
        :param offset: ponteiro inicial da consulta
        :param limit: limite de registros
        :param sort: coluna de ordenação
        :param order: tipo de ordenação
        :param cliente: filtro para a coluna cliente_id (hash_id)
        :return:
        """

        s = asc('pedidos_' + sort)  # joinedload obriga concatenação
        if order == 'desc':
            s = desc(sort)

        # todo: parametro 'q' para lista completa ou lista para select (novo ClienteSelectSchema)
        # todo: é necessário um método para filtros dinâmicos de acordo com modelo

        if cliente:
            decoded_id = get_decoded_id('clientes', cliente, empresa_id)
            return Session.query(cls) \
                .filter(and_(cls.empresa_id == empresa_id, cls.cliente_id == decoded_id)) \
                .options(joinedload(cls.cliente)) \
                .order_by(s).limit(limit).offset(offset).all()
        else:
            return Session.query(cls) \
                .filter(cls.empresa_id == empresa_id).order_by(s) \
                .options(joinedload(cls.cliente).load_only('nome')) \
                .limit(limit).offset(offset).all()
Exemplo n.º 21
0
    def test_user_get(self):
        expiration = datetime.datetime(2014, 2, 23, 9, 0)

        access_code = AccessCode(code=self.access_code,
                                 code_type='Bearer',
                                 expiration=expiration,
                                 scope=['read-userinfo'],
                                 user_id=self.user_id,
                                 application_id=self.application_id)
        with transaction.manager:
            Session.add(access_code)
            Session.flush()

        auth_header = {'Authorization': 'Bearer %s' % self.access_code}

        res = self.testapp.get('/user', headers=auth_header)
        self.assertEqual(res.status, '200 OK')
        self.assertEqual(res.json, {
            'id': self.user_id,
            'screen_name': 'John Doe',
            'first_name': 'John',
            'last_name': 'Doe',
            'email': '*****@*****.**',
            'email_verified': True,
            'allow_google_analytics': True,
            'send_passwords_periodically': False,
            'creation': '2012-12-12T12:12:00',
            'last_login': '******',
        })
Exemplo n.º 22
0
    def test_register_new_user_wants_analytics_cookie(self):
        self.testapp.post('/__session', {
            'next_url': 'http://localhost/foo/bar',
            'user_info__provider': 'google',
            'user_info__external_id': '1234',
            'user_info__screen_name': 'John Doe',
            'user_info__first_name': 'John',
            'user_info__last_name': 'Doe',
            'user_info__email': '',
            USER_ATTR: True,
        }, status=302)

        # The user want the Google Analytics cookie
        res = self.testapp.post('/register', {
            'first_name': 'John3',
            'last_name': 'Doe3',
            'email': '*****@*****.**',
            'submit': 'Register into Yith Library',
        }, status=302)
        self.assertEqual(res.status, '302 Found')
        self.assertEqual(res.location, 'http://localhost/foo/bar')
        self.assertEqual(Session.query(User).count(), 1)
        user = Session.query(User).filter(User.first_name == 'John3').one()
        self.assertFalse(user is None)
        self.assertEqual(user.first_name, 'John3')
        self.assertEqual(user.last_name, 'Doe3')
        self.assertEqual(user.email, '*****@*****.**')
        self.assertEqual(user.email_verified, False)
        self.assertEqual(user.allow_google_analytics, True)
        self.assertEqual(user.send_passwords_periodically, False)
        identity = Session.query(ExternalIdentity).filter(
            ExternalIdentity.external_id == '1234',
            ExternalIdentity.provider == 'google',
        ).one()
        self.assertEqual(identity.user, user)
Exemplo n.º 23
0
    def test_save_bearer_token(self):
        rv, request = self._create_request_validator()
        token = {
            'expires_in': 3600,  # seconds
            'access_token': 'fghijk',
            'token_type': 'Bearer',
            'refresh_token': 'lmnopq',
        }
        request.user = Session.query(User).filter(
            User.id == self.user_id).one()
        request.scopes = ['read-passwords', 'write-passwords']
        request.client = rv.get_client(self.app_id)
        rv.save_bearer_token(token, request)

        access_code = Session.query(AccessCode).filter(
            AccessCode.code == 'fghijk').one()
        self.assertEquals(access_code.code, 'fghijk')
        self.assertEquals(access_code.code_type, 'Bearer')
        self.assertEquals(access_code.scope,
                          ['read-passwords', 'write-passwords'])
        self.assertEquals(access_code.refresh_code, 'lmnopq')
        expected_expiration = datetime.datetime(2012, 1, 10, 16, 31, 11)
        self.assertEquals(access_code.expiration, expected_expiration)
        self.assertEquals(access_code.user_id, self.user_id)
        self.assertEquals(access_code.application_id, self.app_id)
Exemplo n.º 24
0
def revoke_application(request):
    app_id = request.matchdict['app']

    try:
        uuid.UUID(app_id)
    except ValueError:
        return HTTPBadRequest()

    try:
        app = Session.query(Application).filter(Application.id == app_id).one()
    except NoResultFound:
        return HTTPNotFound()

    assert_authenticated_user_is_registered(request)

    if 'submit' in request.POST:

        authorized_apps = Session.query(AuthorizedApplication).filter(
            AuthorizedApplication.application == app,
            AuthorizedApplication.user == request.user).all()
        for authorized_app in authorized_apps:
            Session.delete(authorized_app)

        request.session.flash(
            _('The access to application ${app} has been revoked',
              mapping={'app': app.name}),
            'success',
        )
        return HTTPFound(
            location=request.route_path('oauth2_authorized_applications'))

    return {'app': app}
Exemplo n.º 25
0
 def delete(self):
     """
     Delete an item from a collection; typically occurs with requests like DELETE /users/1
     """
     Session.delete(self.context.entity)
     Session.flush()
     return Response(status=204)
Exemplo n.º 26
0
 def empty(self):
     """
     Empty the collection (delete all items)
     """
     entity_class = self.context.model
     Session.query(entity_class).delete()
     return Response(status=204)
Exemplo n.º 27
0
def preferences(request):
    schema = UserPreferencesSchema()
    button1 = Button('submit', _('Save changes'))
    button1.css_class = 'btn-primary'

    form = Form(schema, buttons=(button1, ))

    user = request.user

    if 'submit' in request.POST:
        controls = request.POST.items()
        try:
            appstruct = form.validate(controls)
        except ValidationFailure as e:
            return {'form': e.render()}

        user.update_preferences(appstruct)
        Session.add(user)

        request.session.flash(
            _('The changes were saved successfully'),
            'success',
        )
        return HTTPFound(location=request.route_path('user_preferences'))

    return {
        'form': form.render({
            'allow_google_analytics': user.allow_google_analytics,
            'send_passwords_periodically': user.send_passwords_periodically,
        })
    }
Exemplo n.º 28
0
def import_via_hro_view_via_post(request):
    from datetime import datetime
    from pyramid.httpexceptions import HTTPFound
    from pyramid_sqlalchemy import Session
    from ..forms import UploadForm
    from ..models import NewStudentModel

    form = UploadForm(request.POST)
    if form.validate():
        # 取得資料庫裡面已有的學生資料,藉此資料來實作 "已存在的學生不更動,只新增不存在的學生" 的功能
        existed_new_students = { i.signup_number for i in Session.query(NewStudentModel.signup_number) }
        file_content = form.file.data.file.read().decode('cp950')
        content_lines = file_content.split('\r\n')
        for each_line in content_lines:
            splitted_line = each_line.split(',')
            if not splitted_line[0].isdigit(): continue
            if len(splitted_line) != 15: continue
            new_student = NewStudentModel()
            new_student.signup_number    = int(splitted_line[0])
            new_student.name             = splitted_line[1]
            new_student.parent_name      = splitted_line[2]
            new_student.id_number        = splitted_line[3]
            new_student.parent_id_number = splitted_line[4]
            new_student.birthday         = datetime.strptime(splitted_line[5], '%Y/%m/%d')
            new_student.move_in_date     = datetime.strptime(splitted_line[6], '%Y/%m/%d')
            new_student.gender           = splitted_line[7]
            new_student.village          = splitted_line[9]
            new_student.neighborhood     = splitted_line[10]
            new_student.address          = splitted_line[11]
            new_student.note             = splitted_line[14].strip()
            if new_student.signup_number not in existed_new_students:
                Session.add(new_student)
        return HTTPFound(location=request.route_path('home'))
    else:
        return {'form': form}
Exemplo n.º 29
0
def add_view_via_post(request):
    import os, shutil
    from pkg_resources import resource_filename
    from pyramid_sqlalchemy import Session
    from pyramid.httpexceptions import HTTPFound
    from ..forms import NewStudentForm
    from ..models import NewStudentModel

    form = NewStudentForm(request.POST)
    # 該欄位是文字欄位,可省略不輸入,但我們希望在這情況下塞到資料庫是 NULL,所以這邊強制改成 None
    if form.signup_number.data == '': form.signup_number.data = None
    if form.validate():
        new_student = NewStudentModel()
        form.populate_obj(new_student)
        if form.picture.data:
            # 有上傳大頭照,要存檔,並將資料庫對應的欄位設定
            picture_name = form.id_number.data + os.path.splitext(form.picture.data.filename)[-1]
            with open(resource_filename('tp_enroll', 'static/pictures/{}'.format(picture_name)), 'wb') as output:
                shutil.copyfileobj(form.picture.data.file, output)
            new_student.picture_name = picture_name
        # 觸發 auto increment
        new_student.id = None
        # 鄰的欄位,應該要純數字。如果使用者誤填了鄰,要刪掉多餘的文字
        if new_student.neighborhood.endswith('鄰'):
            new_student.neighborhood = new_student.neighborhood[:-1]
        Session.add(new_student)
        return HTTPFound(location=request.route_path('home'))
    return {'form': form}
Exemplo n.º 30
0
 def test_add_feature(self):
     _group11 = FeatureGroup.get(11)
     NAME_FEATURE = 'NAME_FEATURE'
     _feature = Feature(n=1, name=NAME_FEATURE, feature_group=[_group11])
     Session.add(_feature)
     assert _feature.n is not None
     assert len(_feature.feature_group) == 1
Exemplo n.º 31
0
    def delete_all(self, collection_id, parent_id, filters=None,
                   with_deleted=True, id_field=DEFAULT_ID_FIELD,
                   modified_field=DEFAULT_MODIFIED_FIELD,
                   deleted_field=DEFAULT_DELETED_FIELD,
                   auth=None):
        """Delete all objects in this `collection_id` for this `parent_id`.

        :param str collection_id: the collection id.
        :param str parent_id: the collection parent.

        :param filters: Optionnally filter the objects to delete.
        :type filters: list of :class:`cliquet.storage.Filter`
        :param bool with_deleted: track deleted records with a tombstone

        :returns: the list of deleted objects, with minimal set of attributes.
        :rtype: list of dict
        """
        qry = Session.query(self.collection).options(load_only('id'))\
                     .filter(and_(self.collection.parent_id == parent_id,
                                  getattr(self.collection, deleted_field) == False))
        for every in filters:
            qry = qry.filter(SQLAFilter(self.collection, every)())
        rows = [{"id": every.id, "parent_id": parent_id, "collection_id": collection_id,
                 modified_field: datetime.datetime.utcnow()} for every in qry.all()]
        Session.bulk_update_mappings(self.collection,
                                     [{"id": every['id'], deleted_field: True,
                                       modified_field: every[modified_field]} for every in rows])
        if with_deleted:
            Session.bulk_insert_mappings(Deleted, rows)
        return rows
Exemplo n.º 32
0
 def test_model_sets_n_automatically(self):
     _group = FeatureGroup(name='NAME_FEATURE_GROUP')
     Session.add(_group)
     Session.flush()
     assert _group.n is not None
     assert _group.parent_n is None
     assert _group.name == 'NAME_FEATURE_GROUP'
Exemplo n.º 33
0
    def test_applications_list_apps_one_app(self):
        user = User(screen_name='John Doe',
                    first_name='John',
                    last_name='Doe',
                    email='*****@*****.**')

        app = Application(name='Test Application',
                          main_url='https://example.com',
                          callback_url='https://example.com/callback',
                          production_ready=False)
        user.applications.append(app)

        with transaction.manager:
            Session.add(user)
            Session.flush()
            app_id = app.id
            user_id = user.id

        self.testapp.get('/__login/' + str(user_id))

        res = self.testapp.get('/oauth2/applications')
        self.assertEqual(res.status, '200 OK')
        res.mustcontain('John')
        res.mustcontain('Log out')
        res.mustcontain('Developer Applications')
        res.mustcontain('Register new application')
        res.mustcontain(app_id)
        res.mustcontain('Test Application')
        res.mustcontain('https://example.com')
Exemplo n.º 34
0
    def filter_objects(cls, objects, first=False, **params):
        """ Perform query with :params: on instances sequence :objects:

        :param object: Sequence of :cls: instances on which query should be run.
        :param params: Query parameters to filter :objects:.
        """
        id_name = cls.pk_field()
        ids = [getattr(obj, id_name, None) for obj in objects]
        ids = [str(id_) for id_ in ids if id_ is not None]
        field_obj = getattr(cls, id_name)

        query_set = Session().query(cls).filter(field_obj.in_(ids))

        if params:
            params['query_set'] = query_set.from_self()
            query_set = cls.get_collection(**params)

        if first:
            first_obj = query_set.first()
            if not first_obj:
                msg = "'{}({})' resource not found".format(
                    cls.__name__, params)
                raise JHTTPNotFound(msg)
            return first_obj

        return query_set
Exemplo n.º 35
0
    def test_application_edit_invalid_change(self):
        user = User(screen_name='John Doe',
                    first_name='John',
                    last_name='Doe',
                    email='*****@*****.**')

        app = Application(name='Test Application',
                          main_url='http://example.com',
                          callback_url='http://example.com/callback',
                          authorized_origins=['http://example.com',
                                              'https://example.com'],
                          production_ready=False,
                          image_url='http://example.com/image.png',
                          description='example description')
        user.applications.append(app)

        with transaction.manager:
            Session.add(user)
            Session.flush()
            app_id = app.id
            user_id = user.id

        self.testapp.get('/__login/' + str(user_id))

        res = self.testapp.post('/oauth2/applications/%s/edit' % str(app_id), {
            'submit': 'Save changes',
        })
        self.assertEqual(res.status, '200 OK')
        res.mustcontain('There was a problem with your submission')
        res.mustcontain('Required')
Exemplo n.º 36
0
    def test_register_new_user_email_not_verified(self):
        self.testapp.post('/__session', {
            'next_url': 'http://localhost/foo/bar',
            'user_info__provider': 'twitter',
            'user_info__external_id': '1234',
            'user_info__screen_name': 'John Doe',
            'user_info__first_name': 'John',
            'user_info__last_name': 'Doe',
            'user_info__email': '*****@*****.**',
        },
                          status=302)

        # if no email is provided at registration, the email is
        # not verified
        res = self.testapp.post('/register', {
            'first_name': 'John2',
            'last_name': 'Doe2',
            'email': '',
            'submit': 'Register into Yith Library',
        },
                                status=302)
        self.assertEqual(res.status, '302 Found')
        self.assertEqual(res.location, 'http://localhost/foo/bar')
        self.assertEqual(Session.query(User).count(), 1)
        user = Session.query(User).filter(User.first_name == 'John2').one()
        self.assertEqual(user.first_name, 'John2')
        self.assertEqual(user.last_name, 'Doe2')
        self.assertEqual(user.email, '')
        self.assertEqual(user.email_verified, False)
        self.assertEqual(user.send_passwords_periodically, False)
        identity = Session.query(ExternalIdentity).filter(
            ExternalIdentity.external_id == '1234',
            ExternalIdentity.provider == 'twitter',
        ).one()
        self.assertEqual(identity.user, user)
Exemplo n.º 37
0
 def generate_question(employee_name):
     """
 Получение след.вопроса в зависимости от плана и уже отвеченных вопросов
 """
     null_question = Question(n=0)
     today = date.today()
     year = today.year
     month = today.month
     employee = EmployeeCtrl.find_by_name(employee_name)
     plan = PlanCtrl.get_current_plan(employee_name, year, month)
     qty_answered = ResultCtrl.count_answered(employee, year,
                                              month)  # уже отвечено
     if plan.qty_question > qty_answered:
         qty_day = plan.qty_question // plan.qty_work + 1  # к-во вопросов в день
         # print('qty_day = %s' % (qty_day,))
         # print(plan)
         params = {'employee_n': employee.n, 'date': today}
         results = ResultCtrl.find(params)  # отвечено сегодня
         # print('results = %s' % (results,))
         if len(results) < qty_day:  # если план на день еще не выполнен
             subquery = Session.query(
                 Result.question_n).filter(Result.employee_n == employee.n)
             q = Session.query(Question).filter(
                 not_(Question.n.in_(subquery)))
             questions = q.all()
             # print(questions)
             if len(questions) == 0 or questions is None:
                 return QuestionCtrl.get_repeat(employee)
             return questions[0]
         else:
             return null_question
     else:
         # План по вопросам сделан
         return null_question
Exemplo n.º 38
0
    def test_user_get(self):
        expiration = datetime.datetime(2014, 2, 23, 9, 0)

        access_code = AccessCode(code=self.access_code,
                                 code_type='Bearer',
                                 expiration=expiration,
                                 scope=['read-userinfo'],
                                 user_id=self.user_id,
                                 application_id=self.application_id)
        with transaction.manager:
            Session.add(access_code)
            Session.flush()

        auth_header = {'Authorization': 'Bearer %s' % self.access_code}

        res = self.testapp.get('/user', headers=auth_header)
        self.assertEqual(res.status, '200 OK')
        self.assertEqual(
            res.json, {
                'id': self.user_id,
                'screen_name': 'John Doe',
                'first_name': 'John',
                'last_name': 'Doe',
                'email': '*****@*****.**',
                'email_verified': True,
                'allow_google_analytics': True,
                'send_passwords_periodically': False,
                'creation': '2012-12-12T12:12:00',
                'last_login': '******',
            })
def clean_access_codes():
    result = setup_simple_command(
        "clean_access_codes",
        "Deletes expired access codes"
    )
    if isinstance(result, int):
        return result
    else:
        settings, closer, env, args = result

    try:
        now = datetime.datetime.utcnow()

        with transaction.manager:
            counter = 0
            for access_code in Session.query(AccessCode).filter(
                AccessCode.expiration < now
            ):
                Session.delete(access_code)
                counter += 1

            if counter > 0:
                safe_print('%d access codes were cleaned' % counter)

    finally:
        closer()
Exemplo n.º 40
0
def developer_application_delete(request):
    app_id = request.matchdict['app']

    try:
        uuid.UUID(app_id)
    except ValueError:
        return HTTPBadRequest()

    try:
        app = Session.query(Application).filter(Application.id == app_id).one()
    except NoResultFound:
        return HTTPNotFound()

    assert_authenticated_user_is_registered(request)
    if app.user != request.user:
        return HTTPUnauthorized()

    if 'submit' in request.POST:
        Session.delete(app)
        request.session.flash(
            _('The application ${app} was deleted successfully',
              mapping={'app': app.name}),
            'success',
        )
        return HTTPFound(
            location=request.route_path('oauth2_developer_applications'))

    return {'app': app}
Exemplo n.º 41
0
def fix_many_feature_groups(request, sql_session):
  Session.add(FeatureGroup(n=1, name='group1'))
  Session.add(FeatureGroup(n=11, name='group11', parent_n=1))
  Session.add(FeatureGroup(n=12, name='group12', parent_n=1))

  Session.add(FeatureGroup(n=2, name='group2'))
  Session.add(FeatureGroup(n=21, name='group21', parent_n=2))
Exemplo n.º 42
0
def revoke_application(request):
    app_id = request.matchdict['app']

    try:
        uuid.UUID(app_id)
    except ValueError:
        return HTTPBadRequest()

    try:
        app = Session.query(Application).filter(Application.id == app_id).one()
    except NoResultFound:
        return HTTPNotFound()

    assert_authenticated_user_is_registered(request)

    if 'submit' in request.POST:

        authorized_apps = Session.query(AuthorizedApplication).filter(
            AuthorizedApplication.application == app,
            AuthorizedApplication.user == request.user
        ).all()
        for authorized_app in authorized_apps:
            Session.delete(authorized_app)

        request.session.flash(
            _('The access to application ${app} has been revoked',
              mapping={'app': app.name}),
            'success',
        )
        return HTTPFound(
            location=request.route_path('oauth2_authorized_applications'))

    return {'app': app}
Exemplo n.º 43
0
    def delete_all(self, collection_id, parent_id, filters=None,
                   with_deleted=True, id_field=DEFAULT_ID_FIELD,
                   modified_field=DEFAULT_MODIFIED_FIELD,
                   deleted_field=DEFAULT_DELETED_FIELD,
                   auth=None):
        """Delete all objects in this `collection_id` for this `parent_id`.

        :param str collection_id: the collection id.
        :param str parent_id: the collection parent.

        :param filters: Optionnally filter the objects to delete.
        :type filters: list of :class:`cliquet.storage.Filter`
        :param bool with_deleted: track deleted records with a tombstone

        :returns: the list of deleted objects, with minimal set of attributes.
        :rtype: list of dict
        """
        qry = Session.query(self.collection).options(load_only('id'))\
                     .filter(and_(self.collection.parent_id == parent_id,
                                  getattr(self.collection, deleted_field) == False))
        for every in filters:
            qry = qry.filter(SQLAFilter(self.collection, every)())
        rows = [{"id": every.id, "parent_id": parent_id, "collection_id": collection_id,
                 modified_field: datetime.datetime.utcnow()} for every in qry.all()]
        Session.bulk_update_mappings(self.collection,
                                     [{"id": every['id'], deleted_field: True,
                                       modified_field: every[modified_field]} for every in rows])
        if with_deleted:
            Session.bulk_insert_mappings(Deleted, rows)
        return rows
Exemplo n.º 44
0
def add_order(request):
    """
    Форма заказа
    """
    if 'form.submitted' in request.params:
        date = request.params['date']
        date = date.split("-")
        time = request.params['time']
        time = time.split(":")
        order = Order(name=request.params['name'],
                      phone=request.params['phone'],
                      email=request.params['email'],
                      contact_face=request.params['contact_face'],
                      event=int(request.params['event']),
                      date=datetime.date(year=int(date[0]),
                                         month=int(date[1]),
                                         day=int(date[2])),
                      time=datetime.time(hour=int(time[0]),
                                         minute=int(time[1])),
                      address=request.params['address'],
                      count_participants=int(
                          request.params['count_participants']),
                      note=request.params['note'])
        Session.add(order)
        current_order_id = Order.get_last_order().id
        next_url = request.route_url('order', id=current_order_id)
        return HTTPFound(location=next_url)
    return {
        "title": "Добавление новой записи",
        "save_url": request.route_url('new_order'),
        "events": Event.get_events()
    }
Exemplo n.º 45
0
    def create(self, collection_id, parent_id, record, id_generator=None,
               unique_fields=None, id_field=DEFAULT_ID_FIELD,
               modified_field=DEFAULT_MODIFIED_FIELD,
               auth=None):
        """Create the specified `object` in this `collection_id` for this `parent_id`.
        Assign the id to the object, using the attribute
        :attr:`cliquet.resource.Model.id_field`.

        .. note::

            This will update the collection timestamp.

        :raises: :exc:`cliquet.storage.exceptions.UnicityError`

        :param str collection_id: the collection id.
        :param str parent_id: the collection parent.

        :param dict record: the object to create.

        :returns: the newly created object.
        :rtype: dict
        """
        obj = self.collection.serialize(record)
        obj.parent_id = parent_id
        setattr(obj, modified_field, datetime.datetime.utcnow())
        try:
            Session.add(obj)
            Session.flush()
        except IntegrityError as e:
            logger.exception('Object %s for collection %s raised %s', record, self.collection, e)
            process_unicity_error(e, Session, self.collection, record)
        # TODO: store new timestamps date
        return self.collection.deserialize(obj)
Exemplo n.º 46
0
    def adicional_delete(self):
        t = self.context
        Session.delete(t)

        msg = 'Registro deletado'
        res = dumps(dict(data=dict(code=200, message=msg)), ensure_ascii=False)
        return HTTPOk(body=res, content_type='application/json; charset=UTF-8')
Exemplo n.º 47
0
def verify_email(request):
    try:
        code = request.params['code']
    except KeyError:
        return HTTPBadRequest('Missing code parameter')

    try:
        email = request.params['email']
    except KeyError:
        return HTTPBadRequest('Missing email parameter')

    evc = EmailVerificationCode(code)
    user = evc.verify(email)
    if user is not None:
        request.session.flash(
            _('Congratulations, your email has been successfully verified'),
            'success',
        )
        user.verify_email()
        Session.add(user)
        return {
            'verified': True,
        }
    else:
        request.session.flash(
            _('Sorry, your verification code is not correct or has expired'),
            'error',
        )
        return {
            'verified': False,
        }
Exemplo n.º 48
0
    def create(self, collection_id, parent_id, record, id_generator=None,
               unique_fields=None, id_field=DEFAULT_ID_FIELD,
               modified_field=DEFAULT_MODIFIED_FIELD,
               auth=None):
        """Create the specified `object` in this `collection_id` for this `parent_id`.
        Assign the id to the object, using the attribute
        :attr:`cliquet.resource.Model.id_field`.

        .. note::

            This will update the collection timestamp.

        :raises: :exc:`cliquet.storage.exceptions.UnicityError`

        :param str collection_id: the collection id.
        :param str parent_id: the collection parent.

        :param dict record: the object to create.

        :returns: the newly created object.
        :rtype: dict
        """
        obj = self.collection.serialize(record)
        obj.parent_id = parent_id
        setattr(obj, modified_field, datetime.datetime.utcnow())
        try:
            Session.add(obj)
            Session.flush()
        except IntegrityError as e:
            logger.exception('Object %s for collection %s raised %s', record, self.collection, e)
            process_unicity_error(e, Session, self.collection, record)
        # TODO: store new timestamps date
        return self.collection.deserialize(obj)
Exemplo n.º 49
0
    def test_valid_request(self):
        _, user_id = create_and_login_user(self.testapp)
        _, application_id, application_secret = create_client()

        # First authorize the app
        res = self.testapp.get(
            '/oauth2/endpoints/authorization', {
                'response_type': 'code',
                'client_id': application_id,
                'redirect_uri': 'https://example.com/callback',
            })
        self.assertEqual(res.status, '200 OK')

        res = self.testapp.post(
            '/oauth2/endpoints/authorization', {
                'submit': 'Authorize',
                'response_type': 'code',
                'client_id': application_id,
                'redirect_uri': 'https://example.com/callback',
                'scope': 'read-passwords',
            })
        self.assertEqual(res.status, '302 Found')
        grant = Session.query(AuthorizationCode).filter(
            AuthorizationCode.application_id == application_id,
            AuthorizationCode.user_id == user_id,
        ).one()
        code = grant.code

        # now send the token request
        headers = {
            'Authorization': auth_basic_encode(application_id,
                                               application_secret),
        }
        res = self.testapp.post('/oauth2/endpoints/token', {
            'grant_type': 'authorization_code',
            'code': code,
        },
                                headers=headers)
        self.assertEqual(res.status, '200 OK')
        self.assertEqual(res.headers['Cache-Control'], 'no-store')
        self.assertEqual(res.headers['Pragma'], 'no-cache')

        # the grant code should be removed
        try:
            grant = Session.query(AuthorizationCode).filter(
                AuthorizationCode.application_id == application_id,
                AuthorizationCode.user_id == user_id,
            ).one()
        except NoResultFound:
            grant = None
        self.assertEqual(grant, None)

        # and an access token should be created
        self.assertEqual(res.json['token_type'], 'Bearer')
        self.assertEqual(res.json['expires_in'], 3600)

        access_code = Session.query(AccessCode).filter(
            AccessCode.code == res.json['access_token'], ).one()
        self.assertNotEqual(access_code, None)
Exemplo n.º 50
0
 def collection_post(self):
     set_config(self.request.user)
     if self.model.is_readonly:
         raise HTTPBadRequest()
     validate_colander_schema(self._schema, self.request)
     obj = self.model(**self.request.json_body)
     Session.add(obj)
     return obj
Exemplo n.º 51
0
def sqlalchemy_teardown(context):
    transaction.abort()
    Session.remove()
    metadata.drop_all()
    Session.configure(bind=None)
    metadata.bind = None
    context.engine.dispose()
    context.sqlalchemy_patcher.stop()
Exemplo n.º 52
0
def test_update_instance():
    balloon = BalloonModel(figure=u'Giraffe')
    Session.add(balloon)
    Session.flush()
    request = DummyRequest(matchdict={'id': balloon.id})
    resource = BalloonResource(request)
    resource.update_from_dict({'figure': u'Elephant'})
    assert balloon.figure == u'Elephant'
Exemplo n.º 53
0
 def create_answer(question, params):
     if 'txt' in params and params['txt'] != '':
         answer = Answer()
         answer.txt = params['txt']
         answer.question_n = question.n
         Session.add(answer)
         Session.flush()
         return answer
Exemplo n.º 54
0
def sqlalchemy_teardown(context):
    transaction.abort()
    Session.remove()
    metadata.drop_all()
    Session.configure(bind=None)
    metadata.bind = None
    context.engine.dispose()
    context.sqlalchemy_patcher.stop()
Exemplo n.º 55
0
 def addEvent(self):
     request = self.request
     if 'form.submitted' in request.params:
         name = request.params['name']
         date = request.params['date']
         DBSession.add(Event(EventName=name, EventTime=date))
     events = DBSession.query(Event).order_by(Event.id)
     return {'events': events}