def post(self):
data = request.form
print data
if len(set(['name', 'cost', 'payer', 'buyins']) &
set([x for x in data])) == 4:
# Validate that users involved have accounts
# Extract payer id
payer = User.objects(username=data['payer'])
payer_id = payer[0].id
# Extract ids of those who buy in
buyins = User.objects(username__in=data['buyins'])
buyin_ids = map(lambda x: x.id, buyins)
purchase = Purchase(name=data['name'],
cost=data['cost'],
payer=payer_id,
buyins=buyin_ids,
time=datetime.datetime.now())
purchase.save()
debt_up_to_date = self.updateDebt(purchase)
return jsonify({'res': True,
'messsage': 'Purchase added',
'debts': debt_up_to_date})
return jsonify({'res': False,
'message': 'default'})
def test_user_password(self, testapp):
""" Test password hashing and checking """
admin = User('admin', 'supersafepassword')
assert admin.username == 'admin'
assert admin.check_password('supersafepassword')
def qq_weibo_get_code():
code = request.args['code']
openid = request.args['openid']
openkey = request.args['openkey']
qqbot = db.session.query(Bot).filter(Bot.type == 1).one()
bot = qqbot.build_bot()
resp = bot.request_access_token(code)
resp.openid = openid
resp.openkey = openkey
logger.debug(resp)
u = db.session.query(User).filter(User.openid == openid)
if u.count():
u = u.one()
u.assign(resp)
else:
u = User()
u.assign(resp)
db.session.add(u)
logger.info('Created new user <%s %s>' % (u.name, u.openid))
db.session.commit()
if not u.token:
u.generate_token()
return 'your arm server token: %s' % (u.token)
def staff_group_add(cid, email, aid):
assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
if not assign or not Assignment.can(assign, current_user, 'grade'):
flash('Cannot access assignment', 'error')
return abort(404)
form = forms.StaffAddGroupFrom()
result_page = url_for('.student_assignment_detail', cid=cid,
email=email, aid=aid)
student = User.lookup(email)
if not student:
return abort(404)
if form.validate_on_submit():
target = User.lookup(form.email.data)
if not target or not target.is_enrolled(cid):
flash("This user is not enrolled", 'warning')
return redirect(result_page)
try:
Group.force_add(current_user, student, target, assign)
except BadRequest as e:
flash("Error: {}".format(str(e.description)), 'error')
return redirect(result_page)
return redirect(result_page)
def setUp(self):
t = Tool(id=1, name='test_tool', status=1, status_message='working ok')
t.save()
u = User(id=1, name='Test user', subscribed=True)
u.card_set.add(Card(card_id='12345678'))
u.save()
def test_is_staff(self):
self.setup_course()
random_user = User(name=self.studentA['name'], email=self.studentA['email'])
db.session.add(random_user)
db.session.commit()
self.assertTrue(self.staff1.is_staff())
self.assertTrue(self.admin.is_staff())
self.assertFalse(self.user1.is_staff())
self.assertFalse(random_user.is_staff())
def post(self):
try:
username = generate_username()
user = User(username=username)
user.save()
self.write(json.dumps(user.to_representation()))
except Chat.DoesNotExist:
self.clear()
self.set_status(404)
self.finish({'error': 'not found'})
def test_lookup(self):
email = '*****@*****.**'
user = User.lookup(email)
assert user is None
db.session.add(User(email=email))
db.session.commit()
user = User.lookup(email)
assert user.email == email
def setUp(self):
t = Tool(id=1, name='test_tool', status=1, status_message='working ok')
t.save()
u = User(id=1, name='Test user', subscribed=True)
u.card_set.add(Card(card_id='12345678'))
u.save()
# make user 1 a user for tool 1
p = Permission(user=User.objects.get(pk=1), permission=1, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
p.save()
def post(self):
if self.registration_form.validate_on_submit():
try:
user = User(self.registration_form.login.data, self.registration_form.password.data)
user.email = self.registration_form.email.data
db.session.add(user)
db.session.commit()
session['userId'] = user.id
flash('Willkommen Benutzer "%s".' % user.login, 'info')
return redirect(url_for('vote.home.inactive'))
except IntegrityError:
self.registration_form.login.errors.append("Eine Benutzer mit diesem Login existiert bereits")
return self.render()
return self.render()
def setUp(self):
t = Tool(id=1, name='test_tool', status=1, status_message='working ok')
t.save()
t = Tool(id=2, name='other test tool', status=0, status_message='Out of action')
t.save()
users = (
# user 1 has 2 cards, and is a maintainer
(1, 'user1a', '00112233445566', True),
(1, 'user1b', 'aabbccdd', True),
# a user
(2, 'user2', '22222222', True),
# subscribed, but not a user
(3, 'user3', '33333333', True),
# exists, but not is not subscribed
(4, 'user4', '44444444', False),
)
for id, name, card, subscribed in users:
self.__dict__[name] = card
try:
u = User.objects.get(pk=id)
u.card_set.add(Card(card_id=card))
u.save()
except ObjectDoesNotExist:
u = User(id=id, name=name, subscribed=subscribed)
u.card_set.add(Card(card_id=card))
u.save()
self.user_does_not_exist = '12345678'
# user 2 is a user
p = Permission(user=User.objects.get(pk=2), permission=1, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
p.save()
# user 1 is a maintainer
p = Permission(user=User.objects.get(pk=1), permission=2, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
p.save()
# make the android tag a user
# p = Permissions(user=User.objects.get(pk=8), permission=1, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
# p.save()
# make the temp card a maintainer
# p = Permissions(user=User.objects.get(pk=5), permission=2, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
# p.save()
# make user 4 a maintainer
p = Permission(user=User.objects.get(pk=4), permission=2, tool=Tool.objects.get(pk=1), addedby=User.objects.get(pk=1))
p.save()
def test_enroll_from_form(self):
self.setup_course()
Enrollment.enroll_from_form(self.course.id, make_enrollment_form(self.studentB))
user = User.lookup(self.studentB['email'])
self.studentB['id'] = user.id
self.enrollment_matches_info(user, self.studentB)
Enrollment.enroll_from_form(self.course.id, make_enrollment_form(self.lab_assistantA))
lab_assistant = User.lookup(self.lab_assistantA['email'])
self.lab_assistantA['id'] = lab_assistant.id
self.enrollment_matches_info(lab_assistant, self.lab_assistantA)
def me(user: User):
"""
User object representation ready for JSON serialization.
:param user: User object
:return: Dictionary with User representation fields
"""
return {
'id': user.id,
'nickname': user.nickname,
'university': University.query.get(user.university).name,
'gender': user.get_gender(),
'boards': [board(b) for b in user.get_boards()],
'profilepic': user.profilepic
}
def assignment_single_queue(cid, aid, uid):
courses, current_course = get_courses(cid)
assignment = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
if not Assignment.can(assignment, current_user, 'grade'):
flash('Insufficient permissions', 'error')
return abort(401)
assigned_grader = User.get_by_id(uid)
if not Assignment.can(assignment, assigned_grader, 'grade'):
return abort(404)
page = request.args.get('page', 1, type=int)
tasks_query = GradingTask.query.filter_by(assignment=assignment,
grader_id=uid)
queue = (tasks_query.options(db.joinedload('assignment'))
.order_by(GradingTask.score_id.asc())
.order_by(GradingTask.created.asc())
.paginate(page=page, per_page=20))
remaining = tasks_query.filter_by(score_id=None).count()
percent_left = (1-(remaining/max(1, queue.total))) * 100
return render_template('staff/grading/queue.html', courses=courses,
current_course=current_course,
assignment=assignment, grader=assigned_grader,
queue=queue, remaining=remaining,
percent_left=percent_left)
def board_routine(user: User, func, id: int, *args, **kwargs):
"""
Basic board routine.
Serves as a layer of abstraction to treat priority errors in board method resource routines.
This fuction needs to be passed (and called) by session_oriented_request() (inherited from AuthEntity),
with subroutine function (that has to be called from within this routine) and an ID (serves as Board ID).
Function passed to this routine needs this signature:
>>> def func(user: User, board: Board, *args, **kwargs)
N.B. *args and **kwargs can be omitted.
:param user: User Object (got from session_oriented_request())
:param func: Subroutine function (needs to be called from within this routine)
:param id: Board ID
:param args: Name arguments
:param kwargs: Positional arguments
:return:
"""
# Requesting board object
board = BoardAPI.get_board(id)
if board is None:
# Board does not exists
return responses.client_error(404, 'Board does not exist')
elif not user.board_subscribed(id):
# User not subscribed to this board
return responses.client_error(401, 'User is not authorized to see this board')
# Return the result got from closure function passed as argument
return func(user, board, *args, **kwargs)
def routine(user: User, board: Board):
"""
Create new Thread linked to specified board, from POST JSON data.
:param user: Requesting User object
:param board: Board object
:return: New thread inside specified board
"""
try:
# Check thread JSON arguments
self.check_args()
self.validate_args()
# Process anon, image and construct new entity
anon = str_to_bool(self.args['anon'])
image = self.media_processing()
thread = Thread(anon, self.args['title'], self.args['text'], image, board.id, user.id)
# Add new Thread table to database
uchan.add_to_db(thread)
# Add new ThreadUser link
thread = user.get_last_thread()
uchan.add_to_db(ThreadUser(thread.id, user.id))
return responses.successful(201, JSONRepresentation.thread(thread, user))
except ValueError as msg:
return responses.client_error(400, '{}'.format(msg))
except KeyError as key:
return responses.client_error(400, 'Invalid parameter: {}'.format(key))
def test_export_final(self):
self._test_backup(True)
student = User.lookup(self.user1.email)
backup = Backup.query.filter(Backup.submitter_id == student.id).first()
endpoint = '/api/v3/assignment/{0}/submissions/'.format(self.assignment.name)
response = self.client.get(endpoint)
self.assert_403(response)
self.login(self.staff1.email)
response = self.client.get(endpoint)
self.assert_200(response)
backups = response.json['data']['backups']
self.assertEqual(len(backups), 1)
self.assertEqual(backups[0]['is_late'], False)
self.assertEqual(len(backups[0]['group']), 1)
self.assertEqual(backups[0]['group'][0]['email'], self.user1.email)
self.assertEqual(len(backups[0]['messages']), 1)
self.assertEqual(response.json['data']['count'], 1)
self.assertEqual(response.json['data']['has_more'], False)
self.assertEqual(response.json['data']['offset'], 0)
response = self.client.get(endpoint + '?offset=1')
self.assert_200(response)
backups = response.json['data']['backups']
self.assertEqual(len(backups), 0)
self.assertEqual(response.json['data']['count'], 1)
self.assertEqual(response.json['data']['has_more'], False)
self.assertEqual(response.json['data']['offset'], 1)
def test_basic(self):
i = User(username='******', email='*****@*****.**')
j = User(username='******', email='*****@*****.**')
db.session.add(i)
db.session.add(j)
db.session.commit()
t = i.create_task(title='I want to test', abstract='a test', content='I want to test the test part.')
# db.session.add(t)
# db.session.commit()
assert len(i.watched_tasks) == 1
assert len(t.watcher.all()) == 1
j.watch_task(t)
assert len(i.watched_tasks) == 1
assert len(t.watcher.all()) == 2
assert j in t.watcher.all()
def test_assignment_api(self):
self._test_backup(True)
student = User.lookup(self.user1.email)
endpoint = '/api/v3/assignment/{0}'.format(self.assignment.name)
# View a public assignment
response = self.client.get(endpoint)
self.assert_200(response)
# Change assignment to be hidden
self.assignment.visible = False
db.session.commit()
response = self.client.get(endpoint)
self.assert_403(response)
self.assignment.visible = True
db.session.commit()
self.login(self.staff1.email)
response = self.client.get(endpoint)
self.assert_200(response)
self.assertEqual(response.json['data']['name'], self.assignment.name)
# Hidden assignment, but should be visible to staff
self.assignment.visible = False
db.session.commit()
response = self.client.get(endpoint)
self.assert_200(response)
self.login(self.user1.email)
self.assignment.visible = False
db.session.commit()
response = self.client.get(endpoint)
self.assert_403(response)
def test_score_staff(self):
self._test_backup(True)
user = User.lookup(self.user1.email)
self.login(self.staff1.email)
response = self.client.post('/api/v3/score/')
self.assert_400(response)
assert response.json['code'] == 400
backup = Backup.query.filter(Backup.submitter_id == user.id).first()
data = {'bid': encode_id(backup.id), 'kind': 'Total',
'score': 128.2, 'message': 'wow'}
response = self.client.post('/api/v3/score/', data=data)
self.assert_200(response)
assert response.json['code'] == 200
self.logout()
self.login(self.admin.email)
data = {'bid': encode_id(backup.id), 'kind': 'Total',
'score': 128.2, 'message': 'wow'}
response = self.client.post('/api/v3/score/', data=data)
self.assert_200(response)
assert response.json['code'] == 200
def thread_routine(user: User, func, id: int, *args, **kwargs):
"""
Basic thread routine.
Serves as a layer of abstraction to thread priority errors in thread method resource routines.
This function needs to be passed (and called) by session_oriented_request() (inherited from AuthEntity),
with subroutine function (that has to be called from within this routine) and an ID (serves as Thread ID).
Function passed to this routine needs this signature:
>>> def func(user: User, thread: Thread, *args, **kwargs)
N.B. *args and **kwargs can be omitted.
:param user: User Object (got from session_oriented_request())
:param func: Subroutine function (needs to be called from within this routine)
:param id: Thread ID
:param args: Name arguments
:param kwargs: Positional arguments
:return:
"""
thread = ThreadAPI.get_thread(id)
if thread is None:
return responses.client_error(404, 'Thread does not exist')
if not user.board_subscribed(thread.board):
return responses.client_error(401, 'User is not authorized to see this thread')
return func(user, thread, *args, **kwargs)
def test_export_user(self):
self._test_backup(True)
student = User.lookup(self.user1.email)
self.login(self.staff1.email)
backup = Backup.query.filter(Backup.submitter_id == student.id).first()
endpoint = '/api/v3/assignment/{0}/export/{1}'.format(self.assignment.name,
student.email)
response = self.client.get(endpoint)
self.assert_200(response)
backups = response.json['data']['backups']
self.assertEqual(len(backups), 1)
self.assertTrue('submission_time' in backups[0])
self.assertEqual(backups[0]['submission_time'], backups[0]['created'])
self.assertEqual(response.json['data']['count'], 1)
self.assertEqual(response.json['data']['limit'], 150)
self.assertEqual(response.json['data']['offset'], 0)
self.assertEqual(response.json['data']['has_more'], False)
response = self.client.get(endpoint + "?offset=20&limit=2")
self.assert_200(response)
backups = response.json['data']['backups']
self.assertEqual(len(backups), 0)
self.assertEqual(response.json['data']['count'], 1)
self.assertEqual(response.json['data']['limit'], 2)
self.assertEqual(response.json['data']['offset'], 20)
self.assertEqual(response.json['data']['has_more'], False)
def staff_flag_backup(cid, email, aid):
assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
if not assign or not Assignment.can(assign, current_user, 'grade'):
return abort(404)
result_page = url_for('.student_assignment_detail', cid=cid,
email=email, aid=aid)
student = User.lookup(email)
if not student:
abort(404)
user_ids = assign.active_user_ids(student.id)
bid = request.form.get('bid')
form = forms.CSRFForm()
if form.validate_on_submit():
backup = Backup.query.filter_by(id=utils.decode_id(bid),
assignment=assign).one_or_none()
if not backup:
flash('{} does not exist'.format(bid, 'error'))
return redirect(result_page)
if not backup.flagged:
result = assign.flag(backup.id, user_ids)
flash('Flagged backup {} for grading'.format(bid), 'success')
else:
result = assign.unflag(backup.id, user_ids)
flash('Removed grading flag on {}'.format(bid), 'success')
return redirect(result_page)
def authenticate(self, username=None, password=None):
login_valid = (settings.ADMIN_LOGIN == username)
pwd_valid = check_password(password, settings.ADMIN_PASSWORD)
if login_valid and pwd_valid:
try:
user = User.objects.get(username=username)
except User.DoesNotExist:
# Create a new user. Note that we can set password
# to anything, because it won't be checked; the password
# from settings.py will.
user = User(username=username, password='******')
user.is_staff = True
user.is_superuser = True
user.save()
return user
return None
def test_enroll_from_csv(self):
self.setup_course()
template = "{email},{name},{sid},{class_account},{section}"
form = BatchEnrollmentForm()
form.csv.data = template.format(**self.studentA) + "\n" + template.format(**self.studentB)
Enrollment.enroll_from_csv(self.course.id, form)
user_a = User.lookup(self.studentA['email'])
self.studentA['id'] = user_a.id
self.enrollment_matches_info(user_a, self.studentA)
user_b = User.lookup(self.studentB['email'])
self.studentB['id'] = user_b.id
self.enrollment_matches_info(user_b, self.studentB)
def post(self):
try:
data = json.loads(self.request.body)
body = data['body']
name = data['chat_id']
username = data['username']
chat = Chat.objects(slug_name=name).get()
user = User.objects(username=username).get()
self.set_status(201)
message = Message(
from_user=user,
chat=chat,
created_at=datetime.now(),
body=body,
is_private=self.is_private
)
users = [user for user in chat.users]
if len(users) > 1:
to_user = users[random.randrange(0, len(users))]
while to_user.id == user.id:
to_user = users[random.randrange(0, len(users))]
message.to_user = to_user
message.save()
self.write(message.to_representation())
except (Chat.DoesNotExist, User.DoesNotExist):
self.clear()
self.set_status(404)
self.finish({'error': 'not found'})
def home():
user = User.get_user_by_name(session['nickname'])
user = {'nickname': user.nickname} # fake user
if g.user is not None:
return render_template("index.html",
title='Home',
user=user)
def user_from_email(email):
"""Get a User with the given email, or create one."""
user = User.lookup(email)
if not user:
user = User(email=email)
db.session.add(user)
db.session.commit()
return user
def chatuser(user: User):
return {
'id': user.id,
'nickname': user.nickname,
'university': University.query.get(user.university).name,
'gender': user.get_gender(),
'profilepic': user.profilepic
}
def register(request):
if request.method == 'POST':
username = request.POST.get('username')
email = request.POST.get('email')
password = request.POST.get('password')
if isEmpty(username) or isEmpty(email) or isEmpty(password):
string = '参数错误'
if isEmpty(username):
string = '用户名不能为空'
if isEmpty(email):
string = '邮箱不能为空'
if isEmpty(password):
string = '密码不能为空'
json = {}
json[code_name] = 0
json[msg_name] = string
return JsonResponse(json)
else:
users = User.objects.filter(username=username)
if len(users) > 0:
return JsonResponse({code_name:0,msg_name:'用户已经存在'})
else:
info = User()
info.username = username
info.nickname = request.POST.get('nickname')
info.email = request.POST.get('email')
info.password = request.POST.get('password')
info.save()
return JsonResponse({code_name:1,msg_name:'注册成功'})
else:
return render(request,"register.html")
def setUp(self):
super().setUp()
self.user_id = 1
user = User(id=self.user_id, name="User", email="*****@*****.**")
with self.app.app_context():
db.session.add(user)
transaction = Transaction(user=user,
ticket_amount=1000,
activity="Coinflip Test Initial Balance")
db.session.add(transaction)
db.session.commit()
def get_one_user(current_user):
"""This function GETs one user.
Keyword-Arguments:
email -- Unique user email, it is necessary to login
"""
result = json.loads(
User.objects(user_email=request.args.get("email")).exclude(
"id").to_json()) # FIXME: EMAIL SHOULD BE USER_EMAIL
if not result:
return jsonify({'message': 'No user found!'})
return jsonify({'user': result[0]})
def gen_user():
real_name = names.get_full_name()
first_name, last_name = real_name.lower().split(' ')
return User(
name=gen_maybe(real_name, 0.5),
email='{0}{1}{2}{3}@{4}'.format(
random.choice([first_name, first_name[0]]),
random.choice(string.ascii_lowercase) if gen_bool() else '',
random.choice([last_name, last_name[0]]),
random.randrange(10) if gen_bool() else '',
random.choice(['berkeley.edu', 'gmail.com'])),
is_admin=gen_bool(0.05))
def test_multiple_user(client, app):
fake = Faker()
for _ in range(2):
u = User(email=fake.company_email(),
password=fake.password(),
username=fake.name(),
activated=True)
u.save()
for _ in range(randrange(1, 10)):
p = Program(name=fake.name(), code=fake.text(), language="python")
u.programs.append(p)
u.save()
for user in User.objects:
with app.app_context():
token = user.create_token()
res = client.get('/api/users/1.0/programs',
headers={'Authorization': 'Bearer {}'.format(token)})
assert res.status_code == 200
assert len(user.programs) == len(res.json)
user1 = User.objects[0]
user2 = User.objects[1]
with app.app_context():
token = user1.create_token()
res = client.get('/api/users/1.0/programs/{}'.format(user2.programs[0].id),
headers={'Authorization': 'Bearer {}'.format(token)})
assert res.status_code == 404
def student_assignment_detail(cid, email, aid):
courses, current_course = get_courses(cid)
page = request.args.get('page', 1, type=int)
assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
if not assign or not Assignment.can(assign, current_user, 'grade'):
flash('Cannot access assignment', 'error')
return abort(404)
student = User.lookup(email)
if not student.is_enrolled(cid):
flash("This user is not enrolled", 'warning')
assignment_stats = assign.user_status(student, staff_view=True)
user_ids = assign.active_user_ids(student.id)
latest = assignment_stats.final_subm or assign.backups(user_ids).first()
stats = {
'num_backups': assign.backups(user_ids).count(),
'num_submissions': assign.submissions(user_ids).count(),
'current_q': None,
'attempts': None,
'latest': latest,
'analytics': latest and latest.analytics()
}
backups = (Backup.query.options(
db.joinedload('scores'), db.joinedload('submitter')).filter(
Backup.submitter_id.in_(user_ids),
Backup.assignment_id == assign.id).order_by(
Backup.flagged.desc(), Backup.submit.desc(),
Backup.created.desc()))
paginate = backups.paginate(page=page, per_page=15)
if stats['analytics']:
stats['current_q'] = stats['analytics'].get('question')
stats['attempts'] = (stats['analytics'].get('history',
{}).get('all_attempts'))
return render_template('staff/student/assignment.html',
courses=courses,
current_course=current_course,
student=student,
assignment=assign,
add_member_form=forms.StaffAddGroupFrom(),
paginate=paginate,
csrf_form=forms.CSRFForm(),
stats=stats,
assign_status=assignment_stats)
def test_group_api(self):
self._test_backup(True)
self.logout()
student = User.lookup(self.user1.email)
Group.invite(self.user1, self.user2, self.assignment)
group = Group.lookup(self.user1, self.assignment)
group.accept(self.user2)
base_api = '/api/v3/assignment/{0}/group/{1}'
endpoint = base_api.format(self.assignment.name, self.user1.email)
response = self.client.get(endpoint)
self.assert_401(response)
self.login(self.user1.email)
response = self.client.get(endpoint)
self.assert_200(response)
members = response.json['data']['members']
self.assertEquals(len(members), 2)
assert 'email' in members[0]['user']
# Make sure user2 can access user1's endpoint
self.login(self.user2.email)
response = self.client.get(endpoint)
self.assert_200(response)
members = response.json['data']['members']
self.assertEquals(len(members), 2)
assert 'email' in members[1]['user']
self.login(self.staff1.email)
response = self.client.get(endpoint)
self.assert_200(response)
members = response.json['data']['members']
self.assertEquals(len(members), 2)
assert 'email' in members[0]['user']
# Login as some random user
self.login(self.user3.email)
response = self.client.get(endpoint)
self.assert_403(response)
# Check for existence of email
response = self.client.get(
base_api.format(self.assignment.name, '*****@*****.**'))
self.assert_403(response)
self.login(self.admin.email)
response = self.client.get(
base_api.format(self.assignment.name, '*****@*****.**'))
self.assert_404(response)
def register():
form = RegisterForm(request.form)
if form.validate_on_submit():
user = User(email=form.email.data, password=form.password.data)
db.session.add(user)
db.session.commit()
login_user(user)
flash('Thank you for registering.', 'success')
return redirect(url_for("user.members"))
return render_template('user/register.html', form=form)
def reset_password(token):
if current_user.is_authenticated:
return redirect(url_for('index'))
user = User.verify_reset_password_token(token)
if not user:
return redirect(url_for('index'))
form = ResetPasswordForm()
if form.validate_on_submit():
user.set_password(form.password.data)
db.session.commit()
flash('reset successful')
return redirect(url_for('login'))
return render_template('reset_password.html', form=form)
def db_get_user_by_id(id):
''' Queries the db for the user with the specified id'''
query = '''
SELECT id, email, password
FROM users
WHERE id = ?;
'''
with app.app_context():
cur = get_db().cursor()
cur.execute(query, [id])
user = User.fromDict(dict_from_row(cur.fetchone()))
return user
def create_user():
"""This function POSTs a user into the user collection
Keyword-Arguments:
username -- This is the users name, it does not have to be unique
user_email -- Unique user email, it is necessary to login
user_password -- Users Password, which is hashed with sha256 in the database
"""
data = request.get_json()
try:
email = json.loads(
User.objects(user_email=data["user_email"]).exclude("id").only(
"user_email").to_json())
if email:
return make_response({'msg': 'the user already exists'}), 400
else:
hashed_password = generate_password_hash(data['user_password'],
method='sha256')
user = User(
user_id=str(uuid.uuid4()),
username=data["username"],
user_email=data["user_email"],
user_password=hashed_password,
user_account_created=datetime.datetime.utcnow().strftime(
'%d.%m.%Y %H:%M:%S'), # TODO: Turn into datetimefield!
user_last_login=datetime.datetime.utcnow().strftime(
'%d.%m.%Y %H:%M:%S'),
client_id=data['client_id'])
user.save()
token = jwt.encode(
{
'user_id':
user['user_id'],
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=60)
}, app.config['SECRET_KEY'])
return jsonify({'token': token.decode('UTF-8')})
except:
return ('Server error'), 500
def test_decode_auth_token(self):
user = User(
email='*****@*****.**',
password='******'
)
db.session.add(user)
db.session.commit()
auth_token = encode_auth_token(user.id, user.admin)
self.assertTrue(isinstance(auth_token, bytes))
# second user
self.assertTrue(decode_auth_token(
auth_token.decode("utf-8")).get('sub') == user.id)
def setUp(self):
BaseTestCase.setUp(self)
self.server = Server(server_token="my-server-token",
server_id='my-server-id',
server_name='My Server Name')
self.user = User(user_name='My name',
user_id='my-server-id/old-name',
user_email='*****@*****.**')
self.server.users.append(self.user)
db.session.add(self.server)
db.session.commit()
def register():
if current_user.is_authenticated:
return redirect(url_for('main.index'))
form = RegisterForm()
if form.validate_on_submit():
#name = form.name.data
name = ''.join(random.sample(string.ascii_letters + string.digits, 8))
email = form.email.data.lower()
# username = form.username.data
username = name # register, random init username and name;
password = form.password.data
user = User(name=name, email=email, username=username)
user.set_password(password)
db.session.add(user)
db.session.commit()
#token = generate_token(user=user, operation='confirm')
#send_confirm_email(user=user, token=token)
#flash('Confirm email sent, check your inbox.', 'info')
return redirect(url_for('.login'))
return render_template('auth/register.html', form=form)
def new_session():
""" The user only gets a UUID, if he or she submits the survey """
form = DemographyForm()
if form.validate_on_submit():
user = User.create_user()
form.populate_user(user)
user.save()
user.set_identifier(ip_addr=get_ip(request),
user_agent=get_user_agent(request))
return jsonify(user.to_dict()), 201
# send errors
errors = form.get_errors()
return jsonify(dict(errors=errors)), 400
def test_user(self):
user = User(username="******", email="*****@*****.**")
user.set_password("fake1")
db.session.add(user)
db.session.commit()
user = User.query.get(1)
self.assertTrue(user.check_password("fake1"))
self.assertFalse(user.set_password("fake2"))
def submit():
body = request.get_json()
user = User.query.filter_by(phone_number=body["phone_number"]).first()
new = False
if not user:
user = User()
new = True
# Build response object
response = {"success": False, "msg": ""}
# Modify places
new_places = process_places(body["places"])
print(new_places)
if not new_places:
response["msg"] = "Could not find County of one of your addresses!"
return jsonify(response), 400
new_body = {}
new_body["places"] = new_places[0]
new_body["locations"] = new_places[1]
new_body["settings"] = process_settings(body["settings"])
new_body["phone_number"] = body["phone_number"]
try:
user.populate(new_body)
db.session.add(user)
db.session.commit()
response["success"] = True
except Exception as e:
raise e #print(e)
response["msg"] = str(e)
return jsonify(response), 400
if new:
msg = alert.build_starter_msg(user)
alert.send_msg(user, msg)
return jsonify(response)
def staff_group_remove(cid, email, aid):
assign = Assignment.query.filter_by(id=aid, course_id=cid).one_or_none()
if not assign or not Assignment.can(assign, current_user, 'grade'):
return abort(404)
student = User.lookup(email)
if not student:
abort(404)
result_page = url_for('.student_assignment_detail', cid=cid,
email=email, aid=aid)
form = forms.CSRFForm()
if form.validate_on_submit():
target = User.lookup(request.form['target'])
if not target:
flash('{} does not exist'.format(request.form['target']), 'error')
return redirect(result_page)
try:
Group.force_remove(current_user, student, target, assign)
except BadRequest as e:
flash("Error: {}".format(str(e.description)), 'error')
return redirect(result_page)
def user_tickets():
login_user(User(username='******', password='******'))
user = User.query.filter_by(username=current_user.username).first()
data = []
for ticket in user.tickets:
data.append(
dict(
ticket={
'subject': ticket.subject,
'status': ticket.status,
'message': ticket.message,
'date': ticket.created_on.strftime("%Y/%m/%d, %H:%M:%S")
}))
return jsonify(data)
def test_no_jwt_max_age(self):
self.app.config['JWT_MAX_AGE'] = None
user = User(
email='*****@*****.**',
password='******'
)
db.session.add(user)
db.session.commit()
ret_val = encode_auth_token(user.id, user.admin)
self.assertTrue(isinstance(ret_val, str))
self.assertTrue(
ret_val ==
'unsupported type for timedelta seconds component: NoneType'
)
async def get_users(*, name: str = None) -> List[User]:
"""
Gets all the users in the system.
:param name: An optional name to filter by.
:return:
"""
query = User.all()
if name is not None:
query = query.filter(first__icontains=name)
return await query
def post(self):
# Create one user
name, password = api.payload["name"], api.payload["password"]
try:
new_user = User(public_id=str(uuid.uuid4()),
name=name,
password_hash=generate_password_hash(password),
admin=False)
db.session.add(new_user)
db.session.commit()
except IntegrityError:
db.session.rollback()
api.abort(400, "A user with this name already exists")
return new_user
def test_encode_auth_token(self):
user = User(
username='******',
password="******",
name='Marek Kordy',
email="*****@*****.**"
)
db.session.add(user)
db.session.commit()
auth_token = encode_auth_token(user.user_id)
self.assertTrue(isinstance(auth_token, bytes))
decoded_id = jwt.decode(auth_token.decode('utf-8'), app.config.get('SECRET_KEY'))['sub']
self.assertEqual(user.user_id, decoded_id)
def setUp(self):
self.app = server.create_app(TestConfig)
self.app_context = self.app.app_context()
self.app_context.push()
db.create_all()
self.test_user = User('test', '*****@*****.**', 'password')
db.session.add(self.test_user)
db.session.commit()
self.client = self.app.test_client()
def password():
init_data = request.get_json(silent=True)
token = init_data.get('token')
password = init_data.get('password')
user = User.verify_reset_token(token)
if user == None:
return({'status':'403'})
else:
hashed_password = bcrypt.generate_password_hash(password).decode('utf-8')
user.password = hashed_password
db.session.commit()
return jsonify({'status': '200'})
return jsonify({'status': '403'})
def signup():
form = RegisterForm()
if form.validate_on_submit():
hashed_password = generate_password_hash(form.password.data,
method='sha256')
new_user = User(username=form.username.data,
email=form.email.data,
password=hashed_password)
db.session.add(new_user)
db.session.commit()
flash('Welcome to your new account!', 'success')
return redirect(url_for('users.login'))
return render_template('signup.html', title='Sign-Up', form=form)
def test_course_enrollment(self):
self._test_backup(True)
student = User.lookup(self.user1.email)
courses = student.enrollments()
course = courses[0]
student_endpoint = '/api/v3/course/cal/cs61a/sp16/enrollment'
self.login(self.staff1.email)
response = self.client.get(student_endpoint)
self.assert_200(response)
student_emails = [s['email'] for s in response.json['data']['student']]
self.assertEquals(self.user1.email in student_emails, True)
self.login(self.user1.email)
response = self.client.get(student_endpoint)
self.assert_403(response)
def initdata():
fake = Faker('zh_CN')
# 插入用户信息
for _ in range(10):
new_user = User(username=fake.name(),
password=convert_to_md5('adminadmin'))
db.session.add(new_user)
for i in range(10):
new_article = Article(title='title{}'.format(i),
content='content{}'.format(i),
author_id=1)
db.session.add(new_article)
db.session.commit()
def group_invite(name):
assignment = get_assignment(name)
email = request.form['email']
invitee = User.lookup(email)
if not invitee:
flash("{0} is not enrolled".format(email), 'warning')
else:
try:
Group.invite(current_user, invitee, assignment)
success = "{0} has been invited. They can accept the invite by logging into okpy.org".format(email)
invite_email(current_user, invitee, assignment)
flash(success, "success")
except BadRequest as e:
flash(e.description, 'danger')
return redirect(url_for('.assignment', name=assignment.name))
def register():
if current_user.is_authenticated:
return redirect(url_for('blog'))
form = RegistrationForm()
if form.validate_on_submit():
hashed_password = bcrypt.generate_password_hash(
form.password.data).decode('utf-8')
user = User(username=form.username.data,
email=form.email.data,
password=hashed_password)
db.session.add(user)
db.session.commit()
flash(f'Account created for {form.username.data}!', 'success')
return redirect(url_for('login'))
return render_template('register.html', title="Register", form=form)
def decorated(*args, **kwargs):
token = None
if 'x-access-token' in request.headers:
token = request.headers['x-access-token']
print("THIS IS THE TOKEN: ", token)
text_file = open(
"token.txt", "wt"
) # YOU CAN USE THE FOLLOWING CODE FOR GETTING THE TOKEN IN THE TOKEN.TXT
n = text_file.write(token)
text_file.close()
if not token:
return jsonify({'msg': 'Token is missing'})
try:
data = jwt.decode(token, app.config['SECRET_KEY'])
User.objects(user_id=data["user_id"]).update_one(
set__user_last_login=datetime.datetime.utcnow().strftime(
'%d.%m.%Y %H:%M:%S'))
current_user = json.loads(
User.objects(user_id=data["user_id"]).to_json())
current_user = current_user[0]
except:
return jsonify({'msg': 'Token is invalid'})
return f(current_user, *args, **kwargs)
