Exemplo n.º 1
0
    def post(self):
        data = request.form
        print data
        if len(set(['name', 'cost', 'payer', 'buyins']) &
               set([x for x in data])) == 4:

            # Validate that users involved have accounts

                # Extract payer id
            payer = User.objects(username=data['payer'])
            payer_id = payer[0].id

                # Extract ids of those who buy in
            buyins = User.objects(username__in=data['buyins'])
            buyin_ids = map(lambda x: x.id, buyins)

            purchase = Purchase(name=data['name'],
                                cost=data['cost'],
                                payer=payer_id,
                                buyins=buyin_ids,
                                time=datetime.datetime.now())
            purchase.save()

            debt_up_to_date = self.updateDebt(purchase)

            return jsonify({'res': True,
                            'messsage': 'Purchase added',
                            'debts': debt_up_to_date})
        return jsonify({'res': False,
                        'message': 'default'})
Exemplo n.º 2
0
    def test_user_password(self, testapp):
        """ Test password hashing and checking """

        admin = User('admin', 'supersafepassword')

        assert admin.username == 'admin'
        assert admin.check_password('supersafepassword')
Exemplo n.º 3
0
def qq_weibo_get_code():
    code = request.args['code']
    openid = request.args['openid']
    openkey = request.args['openkey']

    qqbot = db.session.query(Bot).filter(Bot.type == 1).one()
    bot = qqbot.build_bot()
    resp = bot.request_access_token(code)
    resp.openid = openid
    resp.openkey = openkey
    logger.debug(resp)

    u = db.session.query(User).filter(User.openid == openid)
    if u.count():
        u = u.one()
        u.assign(resp)
    else:
        u = User()
        u.assign(resp)
        db.session.add(u)
        logger.info('Created new user <%s %s>' % (u.name, u.openid))
    db.session.commit()

    if not u.token:
        u.generate_token()

    return 'your arm server token: %s' % (u.token)
Exemplo n.º 4
0
Arquivo: admin.py Projeto: gratimax/ok
def staff_group_add(cid, email, aid):
    assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
    if not assign or not Assignment.can(assign, current_user, 'grade'):
        flash('Cannot access assignment', 'error')
        return abort(404)

    form = forms.StaffAddGroupFrom()
    result_page = url_for('.student_assignment_detail', cid=cid,
                          email=email, aid=aid)

    student = User.lookup(email)
    if not student:
        return abort(404)

    if form.validate_on_submit():
        target = User.lookup(form.email.data)
        if not target or not target.is_enrolled(cid):
            flash("This user is not enrolled", 'warning')
            return redirect(result_page)
        try:
            Group.force_add(current_user, student, target, assign)
        except BadRequest as e:
            flash("Error: {}".format(str(e.description)), 'error')
            return redirect(result_page)

    return redirect(result_page)
Exemplo n.º 5
0
  def setUp(self):
    t = Tool(id=1, name='test_tool', status=1, status_message='working ok')
    t.save()

    u = User(id=1, name='Test user', subscribed=True)
    u.card_set.add(Card(card_id='12345678'))
    u.save()
Exemplo n.º 6
0
    def test_is_staff(self):
        self.setup_course()
        random_user = User(name=self.studentA['name'], email=self.studentA['email'])
        db.session.add(random_user)
        db.session.commit()

        self.assertTrue(self.staff1.is_staff())
        self.assertTrue(self.admin.is_staff())
        self.assertFalse(self.user1.is_staff())
        self.assertFalse(random_user.is_staff())
Exemplo n.º 7
0
 def post(self):
     try:
         username = generate_username()
         user = User(username=username)
         user.save()
         self.write(json.dumps(user.to_representation()))
     except Chat.DoesNotExist:
         self.clear()
         self.set_status(404)
         self.finish({'error': 'not found'})
Exemplo n.º 8
0
    def test_lookup(self):
        email = '*****@*****.**'

        user = User.lookup(email)
        assert user is None

        db.session.add(User(email=email))
        db.session.commit()

        user = User.lookup(email)
        assert user.email == email
Exemplo n.º 9
0
  def setUp(self):
    t = Tool(id=1, name='test_tool', status=1, status_message='working ok')
    t.save()

    u = User(id=1, name='Test user', subscribed=True)
    u.card_set.add(Card(card_id='12345678'))
    u.save()

    # make user 1 a user for tool 1
    p = Permission(user=User.objects.get(pk=1), permission=1, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
    p.save()
Exemplo n.º 10
0
 def post(self):
     if self.registration_form.validate_on_submit():
         try:
             user = User(self.registration_form.login.data, self.registration_form.password.data)
             user.email = self.registration_form.email.data
             db.session.add(user)
             db.session.commit()
             session['userId'] = user.id
             flash('Willkommen Benutzer "%s".' % user.login, 'info')
             return redirect(url_for('vote.home.inactive'))
         except IntegrityError:
             self.registration_form.login.errors.append("Eine Benutzer mit diesem Login existiert bereits")
             return self.render()
     return self.render()
Exemplo n.º 11
0
  def setUp(self):
    t = Tool(id=1, name='test_tool', status=1, status_message='working ok')
    t.save()

    t = Tool(id=2, name='other test tool', status=0, status_message='Out of action')
    t.save()

    users = (
      # user 1 has 2 cards, and is a maintainer
      (1, 'user1a', '00112233445566', True),
      (1, 'user1b', 'aabbccdd', True),

      # a user
      (2, 'user2', '22222222', True),

      # subscribed, but not a user
      (3, 'user3', '33333333', True),

      # exists, but not is not subscribed
      (4, 'user4', '44444444', False),
    )

    for id, name, card, subscribed in users:
      self.__dict__[name] = card
      try:
        u = User.objects.get(pk=id)
        u.card_set.add(Card(card_id=card))
        u.save()
      except ObjectDoesNotExist:
        u = User(id=id, name=name, subscribed=subscribed)
        u.card_set.add(Card(card_id=card))
        u.save()

    self.user_does_not_exist = '12345678'
    # user 2 is a user
    p = Permission(user=User.objects.get(pk=2), permission=1, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
    p.save()
    # user 1 is a maintainer
    p = Permission(user=User.objects.get(pk=1), permission=2, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
    p.save()
    # make the android tag a user
#    p = Permissions(user=User.objects.get(pk=8), permission=1, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
#    p.save()
    # make the temp card a maintainer
#    p = Permissions(user=User.objects.get(pk=5), permission=2, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
#    p.save()
    # make user 4 a maintainer
    p = Permission(user=User.objects.get(pk=4), permission=2, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
    p.save()
Exemplo n.º 12
0
    def test_enroll_from_form(self):
        self.setup_course()

        Enrollment.enroll_from_form(self.course.id, make_enrollment_form(self.studentB))

        user = User.lookup(self.studentB['email'])
        self.studentB['id'] = user.id

        self.enrollment_matches_info(user, self.studentB)

        Enrollment.enroll_from_form(self.course.id, make_enrollment_form(self.lab_assistantA))
        lab_assistant = User.lookup(self.lab_assistantA['email'])
        self.lab_assistantA['id'] = lab_assistant.id

        self.enrollment_matches_info(lab_assistant, self.lab_assistantA)
Exemplo n.º 13
0
def me(user: User):
    """
    User object representation ready for JSON serialization.

    :param user: User object
    :return: Dictionary with User representation fields
    """
    return {
        'id':         user.id,
        'nickname':   user.nickname,
        'university': University.query.get(user.university).name,
        'gender':     user.get_gender(),
        'boards':     [board(b) for b in user.get_boards()],
        'profilepic': user.profilepic
    }
Exemplo n.º 14
0
Arquivo: admin.py Projeto: gratimax/ok
def assignment_single_queue(cid, aid, uid):
    courses, current_course = get_courses(cid)
    assignment = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
    if not Assignment.can(assignment, current_user, 'grade'):
        flash('Insufficient permissions', 'error')
        return abort(401)

    assigned_grader = User.get_by_id(uid)
    if not Assignment.can(assignment, assigned_grader, 'grade'):
        return abort(404)

    page = request.args.get('page', 1, type=int)
    tasks_query = GradingTask.query.filter_by(assignment=assignment,
                                              grader_id=uid)
    queue = (tasks_query.options(db.joinedload('assignment'))
                        .order_by(GradingTask.score_id.asc())
                        .order_by(GradingTask.created.asc())
                        .paginate(page=page, per_page=20))

    remaining = tasks_query.filter_by(score_id=None).count()
    percent_left = (1-(remaining/max(1, queue.total))) * 100

    return render_template('staff/grading/queue.html', courses=courses,
                           current_course=current_course,
                           assignment=assignment, grader=assigned_grader,
                           queue=queue, remaining=remaining,
                           percent_left=percent_left)
Exemplo n.º 15
0
def board_routine(user: User, func, id: int, *args, **kwargs):
    """
    Basic board routine.
    Serves as a layer of abstraction to treat priority errors in board method resource routines.

    This fuction needs to be passed (and called) by session_oriented_request() (inherited from AuthEntity),
    with subroutine function (that has to be called from within this routine) and an ID (serves as Board ID).

    Function passed to this routine needs this signature:
        >>> def func(user: User, board: Board, *args, **kwargs)

    N.B. *args and **kwargs can be omitted.

    :param user:   User Object (got from session_oriented_request())
    :param func:   Subroutine function (needs to be called from within this routine)
    :param id:     Board ID
    :param args:   Name arguments
    :param kwargs: Positional arguments
    :return:
    """
    # Requesting board object
    board = BoardAPI.get_board(id)

    if board is None:
        # Board does not exists
        return responses.client_error(404, 'Board does not exist')
    elif not user.board_subscribed(id):
        # User not subscribed to this board
        return responses.client_error(401, 'User is not authorized to see this board')

    # Return the result got from closure function passed as argument
    return func(user, board, *args, **kwargs)
Exemplo n.º 16
0
        def routine(user: User, board: Board):
            """
            Create new Thread linked to specified board, from POST JSON data.

            :param user:  Requesting User object
            :param board: Board object
            :return: New thread inside specified board
            """
            try:
                # Check thread JSON arguments
                self.check_args()
                self.validate_args()

                # Process anon, image and construct new entity
                anon   = str_to_bool(self.args['anon'])
                image  = self.media_processing()
                thread = Thread(anon, self.args['title'], self.args['text'], image, board.id, user.id)

                # Add new Thread table to database
                uchan.add_to_db(thread)

                # Add new ThreadUser link
                thread = user.get_last_thread()
                uchan.add_to_db(ThreadUser(thread.id, user.id))

                return responses.successful(201, JSONRepresentation.thread(thread, user))
            except ValueError as msg:
                return responses.client_error(400, '{}'.format(msg))
            except KeyError as key:
                return responses.client_error(400, 'Invalid parameter: {}'.format(key))
Exemplo n.º 17
0
    def test_export_final(self):
        self._test_backup(True)
        student = User.lookup(self.user1.email)

        backup = Backup.query.filter(Backup.submitter_id == student.id).first()
        endpoint = '/api/v3/assignment/{0}/submissions/'.format(self.assignment.name)

        response = self.client.get(endpoint)
        self.assert_403(response)

        self.login(self.staff1.email)
        response = self.client.get(endpoint)
        self.assert_200(response)
        backups = response.json['data']['backups']
        self.assertEqual(len(backups), 1)
        self.assertEqual(backups[0]['is_late'], False)
        self.assertEqual(len(backups[0]['group']), 1)
        self.assertEqual(backups[0]['group'][0]['email'], self.user1.email)
        self.assertEqual(len(backups[0]['messages']), 1)

        self.assertEqual(response.json['data']['count'], 1)
        self.assertEqual(response.json['data']['has_more'], False)
        self.assertEqual(response.json['data']['offset'], 0)

        response = self.client.get(endpoint + '?offset=1')
        self.assert_200(response)
        backups = response.json['data']['backups']
        self.assertEqual(len(backups), 0)
        self.assertEqual(response.json['data']['count'], 1)
        self.assertEqual(response.json['data']['has_more'], False)
        self.assertEqual(response.json['data']['offset'], 1)
Exemplo n.º 18
0
    def test_basic(self):
        i = User(username='******', email='*****@*****.**')
        j = User(username='******', email='*****@*****.**')
        db.session.add(i)
        db.session.add(j)
        db.session.commit()

        t = i.create_task(title='I want to test', abstract='a test', content='I want to test the test part.') 
#        db.session.add(t)
#        db.session.commit()
        assert len(i.watched_tasks) == 1
        assert len(t.watcher.all()) == 1
        j.watch_task(t)
        assert len(i.watched_tasks) == 1
        assert len(t.watcher.all()) == 2
        assert j in t.watcher.all()
Exemplo n.º 19
0
    def test_assignment_api(self):
        self._test_backup(True)
        student = User.lookup(self.user1.email)
        endpoint = '/api/v3/assignment/{0}'.format(self.assignment.name)
        # View a public assignment
        response = self.client.get(endpoint)
        self.assert_200(response)
        # Change assignment to be hidden
        self.assignment.visible = False
        db.session.commit()
        response = self.client.get(endpoint)
        self.assert_403(response)

        self.assignment.visible = True
        db.session.commit()

        self.login(self.staff1.email)
        response = self.client.get(endpoint)
        self.assert_200(response)
        self.assertEqual(response.json['data']['name'], self.assignment.name)

        # Hidden assignment, but should be visible to staff
        self.assignment.visible = False
        db.session.commit()
        response = self.client.get(endpoint)
        self.assert_200(response)

        self.login(self.user1.email)
        self.assignment.visible = False
        db.session.commit()
        response = self.client.get(endpoint)
        self.assert_403(response)
Exemplo n.º 20
0
    def test_score_staff(self):
        self._test_backup(True)

        user = User.lookup(self.user1.email)
        self.login(self.staff1.email)

        response = self.client.post('/api/v3/score/')
        self.assert_400(response)
        assert response.json['code'] == 400
        backup = Backup.query.filter(Backup.submitter_id == user.id).first()

        data = {'bid': encode_id(backup.id), 'kind': 'Total',
                'score': 128.2, 'message': 'wow'}
        response = self.client.post('/api/v3/score/', data=data)
        self.assert_200(response)
        assert response.json['code'] == 200

        self.logout()
        self.login(self.admin.email)

        data = {'bid': encode_id(backup.id), 'kind': 'Total',
                'score': 128.2, 'message': 'wow'}
        response = self.client.post('/api/v3/score/', data=data)
        self.assert_200(response)
        assert response.json['code'] == 200
Exemplo n.º 21
0
def thread_routine(user: User, func, id: int, *args, **kwargs):
    """
    Basic thread routine.
    Serves as a layer of abstraction to thread priority errors in thread method resource routines.

    This function needs to be passed (and called) by session_oriented_request() (inherited from AuthEntity),
    with subroutine function (that has to be called from within this routine) and an ID (serves as Thread ID).

    Function passed to this routine needs this signature:
        >>> def func(user: User, thread: Thread, *args, **kwargs)

    N.B. *args and **kwargs can be omitted.

    :param user:   User Object (got from session_oriented_request())
    :param func:   Subroutine function (needs to be called from within this routine)
    :param id:     Thread ID
    :param args:   Name arguments
    :param kwargs: Positional arguments
    :return:
    """
    thread = ThreadAPI.get_thread(id)

    if thread is None:
        return responses.client_error(404, 'Thread does not exist')

    if not user.board_subscribed(thread.board):
        return responses.client_error(401, 'User is not authorized to see this thread')

    return func(user, thread, *args, **kwargs)
Exemplo n.º 22
0
    def test_export_user(self):
        self._test_backup(True)
        student = User.lookup(self.user1.email)
        self.login(self.staff1.email)

        backup = Backup.query.filter(Backup.submitter_id == student.id).first()

        endpoint = '/api/v3/assignment/{0}/export/{1}'.format(self.assignment.name,
                                                          student.email)
        response = self.client.get(endpoint)
        self.assert_200(response)
        backups = response.json['data']['backups']
        self.assertEqual(len(backups), 1)
        self.assertTrue('submission_time' in backups[0])
        self.assertEqual(backups[0]['submission_time'], backups[0]['created'])
        self.assertEqual(response.json['data']['count'], 1)
        self.assertEqual(response.json['data']['limit'], 150)
        self.assertEqual(response.json['data']['offset'], 0)
        self.assertEqual(response.json['data']['has_more'], False)

        response = self.client.get(endpoint + "?offset=20&limit=2")
        self.assert_200(response)
        backups = response.json['data']['backups']
        self.assertEqual(len(backups), 0)
        self.assertEqual(response.json['data']['count'], 1)
        self.assertEqual(response.json['data']['limit'], 2)
        self.assertEqual(response.json['data']['offset'], 20)
        self.assertEqual(response.json['data']['has_more'], False)
Exemplo n.º 23
0
Arquivo: admin.py Projeto: gratimax/ok
def staff_flag_backup(cid, email, aid):
    assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
    if not assign or not Assignment.can(assign, current_user, 'grade'):
        return abort(404)
    result_page = url_for('.student_assignment_detail', cid=cid,
                          email=email, aid=aid)

    student = User.lookup(email)
    if not student:
        abort(404)
    user_ids = assign.active_user_ids(student.id)

    bid = request.form.get('bid')

    form = forms.CSRFForm()
    if form.validate_on_submit():
        backup = Backup.query.filter_by(id=utils.decode_id(bid),
                                        assignment=assign).one_or_none()
        if not backup:
            flash('{} does not exist'.format(bid, 'error'))
            return redirect(result_page)

        if not backup.flagged:
            result = assign.flag(backup.id, user_ids)
            flash('Flagged backup {} for grading'.format(bid), 'success')
        else:
            result = assign.unflag(backup.id, user_ids)
            flash('Removed grading flag on {}'.format(bid), 'success')

    return redirect(result_page)
Exemplo n.º 24
0
 def authenticate(self, username=None, password=None):
     login_valid = (settings.ADMIN_LOGIN == username)
     pwd_valid = check_password(password, settings.ADMIN_PASSWORD)
     if login_valid and pwd_valid:
         try:
             user = User.objects.get(username=username)
         except User.DoesNotExist:
             # Create a new user. Note that we can set password
             # to anything, because it won't be checked; the password
             # from settings.py will.
             user = User(username=username, password='******')
             user.is_staff = True
             user.is_superuser = True
             user.save()
         return user
     return None
Exemplo n.º 25
0
    def test_enroll_from_csv(self):
        self.setup_course()

        template = "{email},{name},{sid},{class_account},{section}"
        form = BatchEnrollmentForm()
        form.csv.data = template.format(**self.studentA) + "\n" + template.format(**self.studentB)

        Enrollment.enroll_from_csv(self.course.id, form)

        user_a = User.lookup(self.studentA['email'])
        self.studentA['id'] = user_a.id
        self.enrollment_matches_info(user_a, self.studentA)

        user_b = User.lookup(self.studentB['email'])
        self.studentB['id'] = user_b.id
        self.enrollment_matches_info(user_b, self.studentB)
Exemplo n.º 26
0
    def post(self):
        try:
            data = json.loads(self.request.body)
            body = data['body']
            name = data['chat_id']
            username = data['username']
            chat = Chat.objects(slug_name=name).get()
            user = User.objects(username=username).get()
            self.set_status(201)

            message = Message(
                from_user=user,
                chat=chat,
                created_at=datetime.now(),
                body=body,
                is_private=self.is_private
            )

            users = [user for user in chat.users]
            if len(users) > 1:
                to_user = users[random.randrange(0, len(users))]
                while to_user.id == user.id:
                    to_user = users[random.randrange(0, len(users))]
                message.to_user = to_user

            message.save()

            self.write(message.to_representation())

        except (Chat.DoesNotExist, User.DoesNotExist):
            self.clear()
            self.set_status(404)
            self.finish({'error': 'not found'})
Exemplo n.º 27
0
def home():

    user = User.get_user_by_name(session['nickname'])
    user = {'nickname': user.nickname}  # fake user
    if g.user is not None:
        return render_template("index.html",
            title='Home',
            user=user)
Exemplo n.º 28
0
Arquivo: auth.py Projeto: gratimax/ok
def user_from_email(email):
    """Get a User with the given email, or create one."""
    user = User.lookup(email)
    if not user:
        user = User(email=email)
        db.session.add(user)
        db.session.commit()
    return user
Exemplo n.º 29
0
def chatuser(user: User):
    return {
        'id':         user.id,
        'nickname':   user.nickname,
        'university': University.query.get(user.university).name,
        'gender':     user.get_gender(),
        'profilepic': user.profilepic
    }
Exemplo n.º 30
0
def register(request):
    if request.method == 'POST':
         username = request.POST.get('username')
         email = request.POST.get('email')
         password = request.POST.get('password')
         if  isEmpty(username) or isEmpty(email) or isEmpty(password):
             string = '参数错误'
             if isEmpty(username):
                 string = '用户名不能为空'
             if isEmpty(email):
                 string = '邮箱不能为空'
             if isEmpty(password):
                 string = '密码不能为空'
                 json = {}
                 json[code_name] = 0
                 json[msg_name] = string
             return JsonResponse(json)
         else:
             users = User.objects.filter(username=username)
             if len(users) > 0:
                 return JsonResponse({code_name:0,msg_name:'用户已经存在'})
             else:
                 info = User()
                 info.username = username
                 info.nickname = request.POST.get('nickname')
                 info.email = request.POST.get('email')
                 info.password = request.POST.get('password')
                 info.save()
                 return  JsonResponse({code_name:1,msg_name:'注册成功'})
    else:
        return render(request,"register.html")
Exemplo n.º 31
0
    def setUp(self):
        super().setUp()
        self.user_id = 1
        user = User(id=self.user_id, name="User", email="*****@*****.**")

        with self.app.app_context():
            db.session.add(user)
            transaction = Transaction(user=user,
                                      ticket_amount=1000,
                                      activity="Coinflip Test Initial Balance")
            db.session.add(transaction)
            db.session.commit()
Exemplo n.º 32
0
def get_one_user(current_user):
    """This function GETs one user.

    Keyword-Arguments:
    email -- Unique user email, it is necessary to login
    """
    result = json.loads(
        User.objects(user_email=request.args.get("email")).exclude(
            "id").to_json())  # FIXME: EMAIL SHOULD BE USER_EMAIL
    if not result:
        return jsonify({'message': 'No user found!'})
    return jsonify({'user': result[0]})
Exemplo n.º 33
0
def gen_user():
    real_name = names.get_full_name()
    first_name, last_name = real_name.lower().split(' ')
    return User(
        name=gen_maybe(real_name, 0.5),
        email='{0}{1}{2}{3}@{4}'.format(
            random.choice([first_name, first_name[0]]),
            random.choice(string.ascii_lowercase) if gen_bool() else '',
            random.choice([last_name, last_name[0]]),
            random.randrange(10) if gen_bool() else '',
            random.choice(['berkeley.edu', 'gmail.com'])),
        is_admin=gen_bool(0.05))
Exemplo n.º 34
0
def test_multiple_user(client, app):
    fake = Faker()

    for _ in range(2):
        u = User(email=fake.company_email(),
                 password=fake.password(),
                 username=fake.name(),
                 activated=True)
        u.save()

        for _ in range(randrange(1, 10)):
            p = Program(name=fake.name(), code=fake.text(), language="python")
            u.programs.append(p)

        u.save()

    for user in User.objects:
        with app.app_context():
            token = user.create_token()
        res = client.get('/api/users/1.0/programs',
                         headers={'Authorization': 'Bearer {}'.format(token)})
        assert res.status_code == 200
        assert len(user.programs) == len(res.json)

    user1 = User.objects[0]
    user2 = User.objects[1]

    with app.app_context():
        token = user1.create_token()

    res = client.get('/api/users/1.0/programs/{}'.format(user2.programs[0].id),
                     headers={'Authorization': 'Bearer {}'.format(token)})
    assert res.status_code == 404
Exemplo n.º 35
0
def student_assignment_detail(cid, email, aid):
    courses, current_course = get_courses(cid)
    page = request.args.get('page', 1, type=int)

    assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
    if not assign or not Assignment.can(assign, current_user, 'grade'):
        flash('Cannot access assignment', 'error')
        return abort(404)

    student = User.lookup(email)
    if not student.is_enrolled(cid):
        flash("This user is not enrolled", 'warning')

    assignment_stats = assign.user_status(student, staff_view=True)

    user_ids = assign.active_user_ids(student.id)

    latest = assignment_stats.final_subm or assign.backups(user_ids).first()

    stats = {
        'num_backups': assign.backups(user_ids).count(),
        'num_submissions': assign.submissions(user_ids).count(),
        'current_q': None,
        'attempts': None,
        'latest': latest,
        'analytics': latest and latest.analytics()
    }

    backups = (Backup.query.options(
        db.joinedload('scores'), db.joinedload('submitter')).filter(
            Backup.submitter_id.in_(user_ids),
            Backup.assignment_id == assign.id).order_by(
                Backup.flagged.desc(), Backup.submit.desc(),
                Backup.created.desc()))

    paginate = backups.paginate(page=page, per_page=15)

    if stats['analytics']:
        stats['current_q'] = stats['analytics'].get('question')
        stats['attempts'] = (stats['analytics'].get('history',
                                                    {}).get('all_attempts'))

    return render_template('staff/student/assignment.html',
                           courses=courses,
                           current_course=current_course,
                           student=student,
                           assignment=assign,
                           add_member_form=forms.StaffAddGroupFrom(),
                           paginate=paginate,
                           csrf_form=forms.CSRFForm(),
                           stats=stats,
                           assign_status=assignment_stats)
Exemplo n.º 36
0
    def test_group_api(self):
        self._test_backup(True)
        self.logout()

        student = User.lookup(self.user1.email)

        Group.invite(self.user1, self.user2, self.assignment)
        group = Group.lookup(self.user1, self.assignment)
        group.accept(self.user2)
        base_api = '/api/v3/assignment/{0}/group/{1}'
        endpoint = base_api.format(self.assignment.name, self.user1.email)

        response = self.client.get(endpoint)
        self.assert_401(response)

        self.login(self.user1.email)
        response = self.client.get(endpoint)
        self.assert_200(response)
        members = response.json['data']['members']
        self.assertEquals(len(members), 2)
        assert 'email' in members[0]['user']

        # Make sure user2 can access user1's endpoint
        self.login(self.user2.email)
        response = self.client.get(endpoint)
        self.assert_200(response)
        members = response.json['data']['members']
        self.assertEquals(len(members), 2)
        assert 'email' in members[1]['user']

        self.login(self.staff1.email)
        response = self.client.get(endpoint)

        self.assert_200(response)
        members = response.json['data']['members']
        self.assertEquals(len(members), 2)
        assert 'email' in members[0]['user']

        # Login as some random user
        self.login(self.user3.email)
        response = self.client.get(endpoint)
        self.assert_403(response)

        # Check for existence of email
        response = self.client.get(
            base_api.format(self.assignment.name, '*****@*****.**'))
        self.assert_403(response)

        self.login(self.admin.email)
        response = self.client.get(
            base_api.format(self.assignment.name, '*****@*****.**'))
        self.assert_404(response)
Exemplo n.º 37
0
def register():
    form = RegisterForm(request.form)
    if form.validate_on_submit():
        user = User(email=form.email.data, password=form.password.data)
        db.session.add(user)
        db.session.commit()

        login_user(user)

        flash('Thank you for registering.', 'success')
        return redirect(url_for("user.members"))

    return render_template('user/register.html', form=form)
Exemplo n.º 38
0
def reset_password(token):
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    user = User.verify_reset_password_token(token)
    if not user:
        return redirect(url_for('index'))
    form = ResetPasswordForm()
    if form.validate_on_submit():
        user.set_password(form.password.data)
        db.session.commit()
        flash('reset successful')
        return redirect(url_for('login'))
    return render_template('reset_password.html', form=form)
Exemplo n.º 39
0
def db_get_user_by_id(id):
    ''' Queries the db for the user with the specified id'''
    query = '''
        SELECT id, email, password
        FROM users
        WHERE id = ?;
    '''

    with app.app_context():
        cur = get_db().cursor()
        cur.execute(query, [id])
        user = User.fromDict(dict_from_row(cur.fetchone()))
        return user
Exemplo n.º 40
0
def create_user():
    """This function POSTs a user into the user collection

    Keyword-Arguments:
    username -- This is the users name, it does not have to be unique
    user_email -- Unique user email, it is necessary to login
    user_password -- Users Password, which is hashed with sha256 in the database
    """
    data = request.get_json()
    try:
        email = json.loads(
            User.objects(user_email=data["user_email"]).exclude("id").only(
                "user_email").to_json())
        if email:
            return make_response({'msg': 'the user already exists'}), 400
        else:
            hashed_password = generate_password_hash(data['user_password'],
                                                     method='sha256')
            user = User(
                user_id=str(uuid.uuid4()),
                username=data["username"],
                user_email=data["user_email"],
                user_password=hashed_password,
                user_account_created=datetime.datetime.utcnow().strftime(
                    '%d.%m.%Y %H:%M:%S'),  # TODO: Turn into datetimefield!
                user_last_login=datetime.datetime.utcnow().strftime(
                    '%d.%m.%Y %H:%M:%S'),
                client_id=data['client_id'])
            user.save()
            token = jwt.encode(
                {
                    'user_id':
                    user['user_id'],
                    'exp':
                    datetime.datetime.utcnow() + datetime.timedelta(minutes=60)
                }, app.config['SECRET_KEY'])
            return jsonify({'token': token.decode('UTF-8')})
    except:
        return ('Server error'), 500
Exemplo n.º 41
0
    def test_decode_auth_token(self):
        user = User(
            email='*****@*****.**',
            password='******'
        )
        db.session.add(user)
        db.session.commit()
        auth_token = encode_auth_token(user.id, user.admin)
        self.assertTrue(isinstance(auth_token, bytes))

        # second user
        self.assertTrue(decode_auth_token(
            auth_token.decode("utf-8")).get('sub') == user.id)
Exemplo n.º 42
0
    def setUp(self):
        BaseTestCase.setUp(self)
        self.server = Server(server_token="my-server-token",
                             server_id='my-server-id',
                             server_name='My Server Name')

        self.user = User(user_name='My name',
                         user_id='my-server-id/old-name',
                         user_email='*****@*****.**')

        self.server.users.append(self.user)
        db.session.add(self.server)
        db.session.commit()
Exemplo n.º 43
0
def register():
    if current_user.is_authenticated:
        return redirect(url_for('main.index'))

    form = RegisterForm()
    if form.validate_on_submit():
        #name = form.name.data
        name = ''.join(random.sample(string.ascii_letters + string.digits, 8))
        email = form.email.data.lower()
        # username = form.username.data
        username = name  # register, random init username and name;
        password = form.password.data
        user = User(name=name, email=email, username=username)

        user.set_password(password)
        db.session.add(user)
        db.session.commit()
        #token = generate_token(user=user, operation='confirm')
        #send_confirm_email(user=user, token=token)
        #flash('Confirm email sent, check your inbox.', 'info')
        return redirect(url_for('.login'))
    return render_template('auth/register.html', form=form)
Exemplo n.º 44
0
def new_session():
    """ The user only gets a UUID, if he or she submits the survey """
    form = DemographyForm()
    if form.validate_on_submit():
        user = User.create_user()
        form.populate_user(user)
        user.save()
        user.set_identifier(ip_addr=get_ip(request),
                            user_agent=get_user_agent(request))
        return jsonify(user.to_dict()), 201
    # send errors
    errors = form.get_errors()
    return jsonify(dict(errors=errors)), 400
Exemplo n.º 45
0
 def test_user(self):
     user = User(username="******", email="*****@*****.**")
     user.set_password("fake1")
     db.session.add(user)
     db.session.commit()
     user = User.query.get(1)
     self.assertTrue(user.check_password("fake1"))
     self.assertFalse(user.set_password("fake2"))
Exemplo n.º 46
0
def submit():
    body = request.get_json()
    user = User.query.filter_by(phone_number=body["phone_number"]).first()
    new = False
    if not user:
        user = User()
        new = True

    # Build response object
    response = {"success": False, "msg": ""}

    # Modify places
    new_places = process_places(body["places"])
    print(new_places)
    if not new_places:
        response["msg"] = "Could not find County of one of your addresses!"
        return jsonify(response), 400

    new_body = {}
    new_body["places"] = new_places[0]
    new_body["locations"] = new_places[1]
    new_body["settings"] = process_settings(body["settings"])
    new_body["phone_number"] = body["phone_number"]

    try:
        user.populate(new_body)
        db.session.add(user)
        db.session.commit()
        response["success"] = True
    except Exception as e:
        raise e  #print(e)
        response["msg"] = str(e)
        return jsonify(response), 400

    if new:
        msg = alert.build_starter_msg(user)
        alert.send_msg(user, msg)
    return jsonify(response)
Exemplo n.º 47
0
def staff_group_remove(cid, email, aid):
    assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
    if not assign or not Assignment.can(assign, current_user, 'grade'):
        return abort(404)

    student = User.lookup(email)
    if not student:
        abort(404)

    result_page = url_for('.student_assignment_detail', cid=cid,
                          email=email, aid=aid)

    form = forms.CSRFForm()
    if form.validate_on_submit():
        target = User.lookup(request.form['target'])
        if not target:
            flash('{} does not exist'.format(request.form['target']), 'error')
            return redirect(result_page)
        try:
            Group.force_remove(current_user, student, target, assign)
        except BadRequest as e:
            flash("Error: {}".format(str(e.description)), 'error')
    return redirect(result_page)
Exemplo n.º 48
0
def user_tickets():
    login_user(User(username='******', password='******'))
    user = User.query.filter_by(username=current_user.username).first()
    data = []
    for ticket in user.tickets:
        data.append(
            dict(
                ticket={
                    'subject': ticket.subject,
                    'status': ticket.status,
                    'message': ticket.message,
                    'date': ticket.created_on.strftime("%Y/%m/%d, %H:%M:%S")
                }))
    return jsonify(data)
Exemplo n.º 49
0
 def test_no_jwt_max_age(self):
     self.app.config['JWT_MAX_AGE'] = None
     user = User(
         email='*****@*****.**',
         password='******'
     )
     db.session.add(user)
     db.session.commit()
     ret_val = encode_auth_token(user.id, user.admin)
     self.assertTrue(isinstance(ret_val, str))
     self.assertTrue(
         ret_val ==
         'unsupported type for timedelta seconds component: NoneType'
     )
Exemplo n.º 50
0
async def get_users(*, name: str = None) -> List[User]:
    """
    Gets all the users in the system.

    :param name: An optional name to filter by.
    :return:
    """

    query = User.all()

    if name is not None:
        query = query.filter(first__icontains=name)

    return await query
 def post(self):
     # Create one user
     name, password = api.payload["name"], api.payload["password"]
     try:
         new_user = User(public_id=str(uuid.uuid4()),
                         name=name,
                         password_hash=generate_password_hash(password),
                         admin=False)
         db.session.add(new_user)
         db.session.commit()
     except IntegrityError:
         db.session.rollback()
         api.abort(400, "A user with this name already exists")
     return new_user
    def test_encode_auth_token(self):
        user = User(
            username='******',
            password="******",
            name='Marek Kordy',
            email="*****@*****.**"
        )
        db.session.add(user)
        db.session.commit()
        auth_token = encode_auth_token(user.user_id)
        self.assertTrue(isinstance(auth_token, bytes))

        decoded_id = jwt.decode(auth_token.decode('utf-8'), app.config.get('SECRET_KEY'))['sub']
        self.assertEqual(user.user_id, decoded_id)
Exemplo n.º 53
0
    def setUp(self):

        self.app = server.create_app(TestConfig)

        self.app_context = self.app.app_context()
        self.app_context.push()

        db.create_all()

        self.test_user = User('test', '*****@*****.**', 'password')
        db.session.add(self.test_user)
        db.session.commit()

        self.client = self.app.test_client()
Exemplo n.º 54
0
def password():
    init_data = request.get_json(silent=True)
    token = init_data.get('token')
    password = init_data.get('password')
    user = User.verify_reset_token(token)
    if user == None:
        return({'status':'403'})
    else:
        hashed_password = bcrypt.generate_password_hash(password).decode('utf-8')
        user.password = hashed_password
        db.session.commit()
        return jsonify({'status': '200'})

    return jsonify({'status': '403'})    
Exemplo n.º 55
0
def signup():
    form = RegisterForm()

    if form.validate_on_submit():
        hashed_password = generate_password_hash(form.password.data,
                                                 method='sha256')
        new_user = User(username=form.username.data,
                        email=form.email.data,
                        password=hashed_password)
        db.session.add(new_user)
        db.session.commit()
        flash('Welcome to your new account!', 'success')
        return redirect(url_for('users.login'))
    return render_template('signup.html', title='Sign-Up', form=form)
Exemplo n.º 56
0
 def test_course_enrollment(self):
     self._test_backup(True)
     student = User.lookup(self.user1.email)
     courses = student.enrollments()
     course = courses[0]
     student_endpoint = '/api/v3/course/cal/cs61a/sp16/enrollment'
     self.login(self.staff1.email)
     response = self.client.get(student_endpoint)
     self.assert_200(response)
     student_emails = [s['email'] for s in response.json['data']['student']]
     self.assertEquals(self.user1.email in student_emails, True)
     self.login(self.user1.email)
     response = self.client.get(student_endpoint)
     self.assert_403(response)
Exemplo n.º 57
0
def initdata():
    fake = Faker('zh_CN')
    #  插入用户信息
    for _ in range(10):
        new_user = User(username=fake.name(),
                        password=convert_to_md5('adminadmin'))
        db.session.add(new_user)

    for i in range(10):
        new_article = Article(title='title{}'.format(i),
                              content='content{}'.format(i),
                              author_id=1)
        db.session.add(new_article)
    db.session.commit()
Exemplo n.º 58
0
Arquivo: student.py Projeto: kvakil/ok
def group_invite(name):
    assignment = get_assignment(name)
    email = request.form['email']
    invitee = User.lookup(email)
    if not invitee:
        flash("{0} is not enrolled".format(email), 'warning')
    else:
        try:
            Group.invite(current_user, invitee, assignment)
            success = "{0} has been invited. They can accept the invite by logging into okpy.org".format(email)
            invite_email(current_user, invitee, assignment)
            flash(success, "success")
        except BadRequest as e:
            flash(e.description, 'danger')
    return redirect(url_for('.assignment', name=assignment.name))
Exemplo n.º 59
0
def register():
    if current_user.is_authenticated:
        return redirect(url_for('blog'))
    form = RegistrationForm()
    if form.validate_on_submit():
        hashed_password = bcrypt.generate_password_hash(
            form.password.data).decode('utf-8')
        user = User(username=form.username.data,
                    email=form.email.data,
                    password=hashed_password)
        db.session.add(user)
        db.session.commit()
        flash(f'Account created for {form.username.data}!', 'success')
        return redirect(url_for('login'))
    return render_template('register.html', title="Register", form=form)
Exemplo n.º 60
0
    def decorated(*args, **kwargs):
        token = None

        if 'x-access-token' in request.headers:
            token = request.headers['x-access-token']
            print("THIS IS THE TOKEN: ", token)
            text_file = open(
                "token.txt", "wt"
            )  # YOU CAN USE THE FOLLOWING CODE FOR GETTING THE TOKEN IN THE TOKEN.TXT
            n = text_file.write(token)
            text_file.close()
        if not token:
            return jsonify({'msg': 'Token is missing'})
        try:
            data = jwt.decode(token, app.config['SECRET_KEY'])
            User.objects(user_id=data["user_id"]).update_one(
                set__user_last_login=datetime.datetime.utcnow().strftime(
                    '%d.%m.%Y %H:%M:%S'))
            current_user = json.loads(
                User.objects(user_id=data["user_id"]).to_json())
            current_user = current_user[0]
        except:
            return jsonify({'msg': 'Token is invalid'})
        return f(current_user, *args, **kwargs)