def validate(self):
rv = Form.validate(self)
if not rv:
message = ''
for fieldName, errorMessages in self.errors.items():
for err in errorMessages:
message = message + fieldName + ': ' + err + '\n'
flash(message, 'error')
return False
# Query data from database
user = savvy_collection.find_one({EMAIL: self.email.data.rstrip()})
if user:
email = user.get(EMAIL, None)
hash_password = user.get(PASSWORD, None)
user_password = self.password.data.rstrip()
account_token = user.get(TOKEN, '')
if User.validate_login(hash_password, user_password):
userObj = User(email)
login_user(userObj)
return True
else:
flash('Incorrect login credentials', 'error')
else:
flash('Incorrect login credentials', 'error')
return False
def authenticate(email, password):
"""
用户登录,登录成功返回token,并且将登录时间写入数据库,登录失败返回失败原因
:param email:
:param password:
:return: json
"""
filters = {User.email == email}
user_info = User().get_one(filters)
user_info_password = User().get_one(filters,
order='id desc',
field=('password', ))
if user_info is None:
return BaseController().error('找不到用户')
else:
if User.check_password(user_info_password['password'], password):
updated_time = int(time.time())
User.update(email=email, updated_time=updated_time)
token = UserAuthJWT.encode_auth_token(user_info['id'],
updated_time)
return BaseController().successData(
{
'token': token.decode(),
'user': user_info
}, '登录成功')
else:
return BaseController().error('密码不正确')
def validate(self):
rv = Form.validate(self)
if not rv:
message = ''
for fieldName, errorMessages in self.errors.items():
for err in errorMessages:
message = message + fieldName + ': ' + err + '\n'
flash(message, 'error')
return False
# Query data from database
user = savvy_collection.find_one({ EMAIL: self.email.data.rstrip() })
if user:
email = user.get(EMAIL, None)
hash_password = user.get(PASSWORD, None)
user_password = self.password.data.rstrip()
account_token = user.get(TOKEN, '')
if User.validate_login(hash_password, user_password):
userObj = User(email)
login_user(userObj)
return True
else:
flash('Incorrect login credentials', 'error')
else:
flash('Incorrect login credentials', 'error')
return False
def identify(self, request):
"""
用户鉴权
:return: list
"""
auth_header = request.headers.get('Authorization')
if auth_header:
auth_tokenArr = auth_header.split(" ")
if (not auth_tokenArr or auth_tokenArr[0] != 'JWT'
or len(auth_tokenArr) != 2):
return '请传递正确的验证头信息'
else:
auth_token = auth_tokenArr[1]
payload = self.decode_auth_token(auth_token)
if not isinstance(payload, str):
user = User.get(payload['data']['id'])
if user is None:
return '找不到该用户信息'
else:
if user.updated_at == payload['data']['updated_at']:
result = payload
else:
return 'Token已更改,请重新登录获取'
else:
result = payload
else:
return '没有提供认证token'
return result
def identify(self, request):
"""
用户鉴权
:param request:
:return:
"""
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token_list = auth_header.split(' ')
if not auth_token_list or auth_token_list[0] != 'JWT' or len(
auth_token_list) != 2:
return '请传递正确的验证头信息'
else:
auth_token = auth_token_list[1]
payload = self.docode_auth_token(auth_token)
if not isinstance(payload, str):
user = User.get(payload['data']['id'])
if user is None:
return '找不到用户信息'
else:
if user.updated_time == payload['data']['update_time']:
result = payload
else:
return 'Token已更改,请重新登录获取Token'
else:
result = payload
else:
return '没有提供认证token'
return result
def posts(username):
mongo.db.posts.remove({})
user = User.get_from_username("critique")
for i in range(20):
post = Post.create_post(user, [username], "This is a Critique post!",
"Test post " + str(i))
print(post.send(user, notify=False))
return Reply().ok()
def search(requester):
query = mongo.db.users.find(
{"username": {
"$regex": request.json["search"],
"$options": "i"
}})
users = User.create_from_db_obj(query)
overviews = [user.get_overview(requester) for user in users]
return Reply(overviews).ok()
def validate(self):
rv = Form.validate(self)
if not rv:
message = ''
for fieldName, errorMessages in self.errors.items():
for err in errorMessages:
message = message + fieldName + ': ' + err + '\n'
flash(message, 'error')
return False
user = savvy_collection.find_one({EMAIL: self.email.data.rstrip()})
if user:
flash('Email has already been taken', 'warning')
return False
else:
raw_token = self.email.data + 'verification code'
token = md5(raw_token.encode('utf-8')).hexdigest()
user = {
PASSWORD:
md5(self.password.data.rstrip().encode('utf-8')).hexdigest(),
EMAIL:
self.email.data.rstrip(),
CATEGORY:
self.category.data,
TOKEN:
token
}
# insert into database
employerId = savvy_collection.insert_one(user).inserted_id
if self.category.data == EMPL:
jobs_collection.insert({EMPLID: employerId})
# url = os.getenv('SCRIPT_URI') <----------------get this to work when server is up
# url = '127.0.0.1:5000'
# message = """
# Hi {},
#
# You need to confirm your account by clicking this link:
# {}/confirmEmail/{}/{}
#
# Best,
# Team SavvyHire
# """.format(self.username.data.rstrip(),url, self.username.data.rstrip(), token)
#
# cmd="""echo '{}' | mail -s 'Confirm account' {}""".format(message, self.email.data.rstrip())
# p=subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
# p.communicate()
# log in
userObj = User(user[EMAIL])
login_user(userObj)
return True
def changepassword(email, password):
user = savvy_collection.find_one({ EMAIL: email })
form = changepasswordForm(request.form,user)
if user:
if User.validate_password(email, password):
print (user)
print('validated')
print(current_user.get_id())
return render('changepassword.html', form=form, extra=email)
return redirect(url_for('home'))
def changepassword(email, password):
user = savvy_collection.find_one({EMAIL: email})
form = changepasswordForm(request.form, user)
if user:
if User.validate_password(email, password):
print(user)
print('validated')
print(current_user.get_id())
return render('changepassword.html', form=form, extra=email)
return redirect(url_for('home'))
def login():
# print(request.)
salt = bcrypt.gensalt()
#print(bcrypt.hashpw(request.json['password'].encode(), salt))
user = User.login(request.json['username'], request.json['password'])
if user is not None:
return Reply(user).ok()
else:
return Reply("Invalid username or password!").error()
def authenticate(oa_account, password):
"""
用户登录,登录成功返回token,写将登录时间写入数据库;登录失败返回失败原因
:param oa_account:
:param password:
:return: json
"""
filters = {
User.oa_account == oa_account
}
userInfo = User().getOne(filters)
userInfoPas = User().getOne(filters, order='id desc', field=('password',))
if userInfo is None:
return BaseController().error('找不到用户')
else:
if User.check_password(userInfoPas['password'], password):
updated_at = int(time.time())
token = UsersAuthJWT.encode_auth_token(userInfo['id'], updated_at)
User.update(userInfo['id'], remember_token=token.decode(), last_login_time=updated_at)
return BaseController().successData({'token': token.decode()}, '登陆成功')
else:
return BaseController().error('密码不正确')
def get_user():
"""
获取用户信息
:return:
"""
result = UserAuthJWT().identify(request)
if isinstance(result, str):
return BaseView().error(result)
if result['data']:
user = User.get(result['data']['id'])
user_dict = {
'id': user.id,
'name': user.name,
'email': user.email,
'login_time': user.updated_time,
}
return BaseView().success_data(user_dict)
return BaseView().error('为找到用户')
def hard_reset():
mongo.db.users.remove({})
mongo.db.posts.remove({})
User.create_new_user("marc",
"nohash",
validating=False,
following=["adam", "john"])
User.create_new_user("adam",
"password",
validating=False,
patch="adam.png",
following=["marc", "noah"])
User.create_new_user("john",
"password",
validating=False,
patch="john.png",
following=["adam", "critique"])
User.create_new_user("critique",
"critique",
validating=False,
patch="critique.png",
following=["adam", "john", "marc", "noah"])
return Reply().ok()
def register(params):
"""
注册
:param params:
:return:
"""
filters = {User.email == params['email']}
user = User().get_one(filters)
if not user:
user = User(email=params['email'],
password=User.set_password(params['password']),
status=1)
status = user.add(user)
if status == True:
return BaseView().success_data(msg='注册成功')
return BaseView().error('注册失败')
return BaseView().error('帐号已注册')
def notify(self, users, requester):
from app.Models.User import User
user_keys = [
user.get_info("notificationKey")
for user in User.get_from_username(users)
]
url = 'https://fcm.googleapis.com/fcm/send'
key = 'AAAAxe-zm-c:APA91bFo5NK_jcUydvxbwbp1wWD3KCND2ul9xRLvZvi14aNjbAeQi6eJkbdU9wiFwawo7b6Af3rPuqoUH8q0vOfGYA40nRpIC436_SxBx2wbC1pl_CXTkA2Q_ev_yb-RUXQF66hS1YZq'
body = {
"registration_ids": user_keys,
"priority": "high",
"data": {
"title": "Critique",
"body": "from " + requester.username,
}
}
headers = {
"Content-Type": "application/json",
"Authorization": "key=" + key
}
r = requests.post(url, data=json.dumps(body), headers=headers)
return Reply(str(r.reason)).ok()
def get_patch(username):
user = User.get_from_username(username)
print(user)
path = user.get_patch_path()
return send_file(path, mimetype='image/png')
def activate(username, token):
if User.validate_rego_token(username, token):
login_user(User(username))
return redirect(url_for("account"))
return redirect(url_for("home"))
def activate(username, token):
if User.validate_rego_token(username, token):
login_user(User(username))
return redirect(url_for('account'))
return redirect(url_for('home'))
