def create(): form = CreateUserForm() if form.validate_on_submit(): User.create(first_name=form.data.get("first_name", ""), last_name=form.data.get("last_name", ""), username=form.data.get("username", ""), password=form.data.get("password", "")) flash("New user created") return redirect("users/create") return render_template("users/create.html", form=form)
def test_modify_user_to_duplicated_name(self): with self.ctx: User.create(id='testid', password='******', name='testname') user = User.create(id='testid_', password='******', name='testname_') self.login_as_su() payload_json = dict(name='testname') resp = self.client.patch(self.api_url_base + '/user/' + user.id, content_type='application/json', data=json_dumps(payload_json)) self.assertResponseRestful(resp) self.assertResponseErrorInField(resp, 'name')
def index(): if request.method == 'POST': result = [] info = { 'email': request.form['email'], 'password': request.form['password'], 'remember_me': request.form['remember_me'] } if info['password'] == "123456": result = [info, info, info, info, info, info] if not User.query.filter_by(email=info['email']).all(): User.create(email=info['email'], password=info['password']) return render_template('/admin/dashboard.html', users=result, count=len(result)) return render_template("/admin/login.html")
def reset_database(self): from core.models import User, tables from core.models.permission import (preset_for_author, preset_for_superuser) with self.ctx: db.database.drop_tables(tables, safe=True) db.database.create_tables(tables) User.create(id='su', permission=preset_for_superuser, password='******', name='超级管理员') User.create(id='author', permission=preset_for_author, password='******', name='作者')
def test_login_using_wrong_password(self): with self.ctx: password = '******' user = User.create(id='su_', password=password, name='testuser') with self.client: resp = self.login(user.id, password + 'fake') self.assertResponseErrorInField(resp, 'password')
def test_login_timeout(self): with self.ctx: password = '******' user = User.create(id='su_', password=password, name='testuser') with self.client: fake_timestamp = self.get_timestamp() - self.login_timeout - 100000 resp = self.login(user.id, password, fake_timestamp) self.assertResponseErrorInField(resp, 'timestamp')
def test_login(self): with self.ctx: password = '******' user = User.create(id='su_', password=password, name='testuser') with self.client: resp = self.login(user.id, password) self.assertResponseRestfulAndSuccess(resp) self.assertEqual(current_user.name, user.name)
def test_delete_user(self): with self.ctx: user = User.create(id='testid', password='******', name='testname') resp = self.client.delete(self.api_url_base + '/user/' + user.id) self.assertResponseRestfulAndSuccess(resp) resp = self.get_user(user.id) self.assertResponseErrorInField(resp, 'id')
def test_modify_user_with_nothing_changed(self): with self.ctx: user = User.create(id='testid', password='******', name='testname') self.login_as_su() resp = self.client.patch(self.api_url_base + '/user/' + user.id, content_type='application/json', data=json_dumps({})) self.assertResponseRestfulAndSuccess(resp)
def test_modify_user_using_illegal_password(self): with self.ctx: user = User.create(id='testid', password='******', name='testname') self.login_as_su() payload_json = dict(password='******') resp = self.client.patch(self.api_url_base + '/user/' + user.id, content_type='application/json', data=json_dumps(payload_json)) self.assertResponseErrorInField(resp, 'password')
def test_logout(self): with self.ctx: password = '******' user = User.create(id='su_', password=password, name='testuser') with self.client: resp = self.login(user.id, password) self.assertResponseRestfulAndSuccess(resp) self.client.get(self.api_url_base + '/logout/') self.assertFalse(current_user.is_authenticated) # logout without authentication self.client.get(self.api_url_base + '/logout/') self.assertFalse(current_user.is_authenticated)
async def register(request): if request.method == 'POST': username = request.json.get('username') password = request.json.get('password') user = User.select().where(User.username == username) if user.exists(): return json({'error': 'Username exists in database'}) instance = User.create(username=username, password=md5( password.encode('utf-8')).hexdigest()) data = {'token': instance.auth_token.get().token} return json(data) return redirect(request.app.url_for('auth_app.login'))
def test_login_remember(self): with self.ctx: password = '******' user = User.create(id='su_', password=password, name='testuser') with self.client: resp = self.login(user.id, password, remember=True) self.assertResponseRestfulAndSuccess(resp) self.assertEqual(current_user.name, user.name) cookies = { cookie.name: cookie.value for cookie in self.client.cookie_jar } remember_token = cookies.get('remember_token', '') self.assertNotEqual(remember_token, '')
def test_modify_user(self): with self.ctx: user = User.create(id='testid', password='******', name='testname') payload_json = { 'name': 'testname_', 'password': '******', 'expired': True } self.login_as_su() resp = self.client.patch(self.api_url_base + '/user/' + user.id, content_type='application/json', data=json_dumps(payload_json)) self.assertResponseRestfulAndSuccess(resp) user = User.get(User.id == user.id) password_cipher = self.encode_password(payload_json['password']) self.assertEqual(user.password, password_cipher) self.assertEqual(user.name, payload_json['name']) self.assertEqual(user.expired, payload_json['expired'])
def create_new(username: str, password: str) -> User: password_hash = hash_password(password) return User.create(name=username, password_hash=password_hash)
def add_user(): """``POST`` |API_URL_BASE|/user/ Add a new user. :param id: **JSON Param** user id :param name: **JSON Param** user name :param array permission: **JSON Param** :param password: **JSON Param** plain password, without encoding :param expired: **JSON Param** true or false, default: false Response JSON: .. code-block:: javascript // success { $errors: null, user: { id: string, name: string, expired: boolean, last_login: integer } } // failed { $errors: { id: 'this id is invalid'. name: 'this name is invalid.', password: '******', permission 'this permission identity is not defined.', id: 'this id is duplicated.', name: 'this name is duplicated.' } } Permission require: ``CREATE_USER`` """ config = app_config json = request.get_json() user_id = json.get('id', '').strip() if not re_match(config['USER_USERID_PATTERN'], user_id): return {'id': config['USER_USERID_DESCRIPTION']} name = json.get('name', '').strip() if not re_match(config['USER_NAME_PATTERN'], name): return {'name': config['USER_NAME_DESCRIPTION']} permission_list = json.get('permission', []) permission_value = Permission.parse_permission(permission_list) password = json.get('password', '') if not re_match(config['USER_PASSWORD_PATTERN'], password): return {'password': config['USER_PASSWORD_DESCRIPTION']} expired = bool(json.get('expired', False)) if User.select().where(User.id == user_id).count() != 0: return {'id': '该用户ID %s 已经存在' % user_id} if User.select().where(User.name == name).count() != 0: return {'name': '该昵称 %s 已经存在' % name} new_user = User.create(id=user_id, name=name, permission=permission_value, expired=expired, password=password) signals.event_emitted.send(current_app._get_current_object(), type='User: Create', description='create user(%s).' % (user_id)) return None, {'user': new_user.to_dict()}