def _conf_security_mongo(app):
'''Flask-Security MongoDB'''
from flask_security import Security, MongoEngineUserDatastore
from flask_social_blueprint.core import SocialBlueprint
from shortener_url.backends.mongo import models
extensions.login.init_app(app)
extensions.login.login_view = "/login"
security = Security()
datastore = MongoEngineUserDatastore(app.db, models.User, models.Role)
security = security.init_app(app, datastore)
security.send_mail_task(_send_mail)
SocialBlueprint.init_bp(app, models.SocialConnection, url_prefix="/_social")
#@app.before_first_request
#def before_first_request():
# for m in [models.User, models.Role, models.SocialConnection]:
# m.drop_collection()
@extensions.login.user_loader
def load_user(user_id):
return models.User.objects(_id=user_id)
def create_app(test_config=None):
app = Flask(__name__)
if test_config is not None:
app.config.from_mapping(test_config)
app.config.from_pyfile('config.py')
if test_config is not None:
app.config.from_mapping(test_config)
cors = CORS(app, resources={r'/api/*': {'origins': '*'}})
from .core import db, security
db.init_app(app)
from .models import User, Role
user_datastore = MongoEngineUserDatastore(db, User, Role)
security.init_app(app, user_datastore)
from .controllers import auth_controller
app.register_blueprint(auth_controller, url_prefix='/api/auth')
from .controllers import test_controller
app.register_blueprint(test_controller, url_prefix='/api/test')
@app.route('/api/hello', methods=['GET'])
def home():
return jsonify({'message': 'Hello'})
@app.after_request
def apply_headers(response):
response.headers["Content-Type"] = "application/json"
return response
@app.cli.command()
@click.argument('adminPassword')
def initdb(adminpassword):
Role.objects(name='admin').update(name='admin', upsert=True)
superId = Role.objects.get(name='admin')
Role.objects(name='user').update(name='user', upsert=True)
userId = Role.objects.get(name='user')
User.objects(email='admin').update(email='admin', roles= [superId, \
userId], password=adminpassword, upsert=True)
@app.errorhandler(Exception)
def handle_error(e):
code = 500
if isinstance(e, HTTPException):
code = e.code
elif isinstance(e, NotUniqueError):
code = HTTPStatus.CONFLICT
else:
ex_type, ex, tb = sys.exc_info()
traceback.print_tb(tb)
print(e)
return jsonify(error=str(e)), code
return app
def register_extensions(app):
db.init_app(app)
mail.init_app(app)
resize.init_app(app)
assets.init_app(app)
sentry_dsn = app.config.get('SENTRY_DSN')
if sentry_dsn:
sentry.init_app(app, dsn=sentry_dsn)
from .users.models import Role, User
app.user_datastore = MongoEngineUserDatastore(db, User, Role)
security.init_app(app, datastore=app.user_datastore)
if app.debug:
try:
from flask_debugtoolbar import DebugToolbarExtension
DebugToolbarExtension(app)
except ImportError:
pass
if app.testing:
from .core.testing import ContainsResponse
app.response_class = ContainsResponse
def configure(app, db):
register_form = ExtendedRegisterForm
confirm_register_form = ExtendedRegisterForm
Security(app=app,
datastore=MongoEngineUserDatastore(db, User, Role),
register_form=register_form,
confirm_register_form=confirm_register_form)
def setup_user(app):
mail = Mail(app)
# Create database connection object
db_engine = MongoEngine(app)
class Role(db_engine.Document, RoleMixin):
name = db_engine.StringField(max_length=80, unique=True)
description = db_engine.StringField(max_length=255)
class User(db_engine.Document, UserMixin):
email = db_engine.StringField(max_length=255)
password = db_engine.StringField(max_length=255)
active = db_engine.BooleanField(default=True)
confirmed_at = db_engine.DateTimeField()
roles = db_engine.ListField(db_engine.ReferenceField(Role), default=[])
# Setup Flask-Security
user_datastore = MongoEngineUserDatastore(db_engine, User, Role)
security = Security(app, user_datastore)
app.config['SECURITY_POST_LOGIN_VIEW'] = '/user_datasets'
# Setup {{ user }} template variable
@app.context_processor
def inject_content():
return dict(user=current_user)
def setup():
# 不同種權限身份
class Role(_db.DB.Document, RoleMixin):
name = _db.DB.StringField(max_length=80, unique=True)
description = _db.DB.StringField(max_length=255)
# 使用者資訊
class User(_db.DB.Document, UserMixin):
name = _db.DB.StringField(max_length=255)
password = _db.DB.StringField(max_length=255)
phone = _db.DB.StringField(max_length=255)
user_id = _db.DB.StringField(max_length=255)
email = _db.DB.StringField(max_length=255)
role = _db.DB.StringField(max_length=255)
major = _db.DB.ListField()
course_list = _db.DB.ListField()
personal_plan = _db.DB.ListField()
active = _db.DB.BooleanField(default=True)
confirmed_at = _db.DB.DateTimeField()
roles = _db.DB.ListField(_db.DB.ReferenceField(Role), default=[])
# meta = {'strict': False}
# Setup Flask-Security
global USER_DATASTORE
USER_DATASTORE = MongoEngineUserDatastore(_db.DB, User, Role)
def configureSecurityMongoDb(app, user_mongodb_uri=None):
with app.app_context():
print("Configuring security setup with mongodb")
app.config['DEBUG'] = True
app.config['SECRET_KEY'] = 'super-secret'
app.config['SECURITY_PASSWORD_HASH'] = 'bcrypt'
app.config['SECURITY_PASSWORD_SALT'] = 'saltit'
# Default views
app.config['SECURITY_SEND_REGISTER_EMAIL'] = False
app.config['SECURITY_SEND_PASSWORD_CHANGE_EMAIL'] = False
app.config['SECURITY_REGISTERABLE'] = True
app.config['SECURITY_CHANGEABLE'] = True
app.config['SECURITY_POST_LOGIN_VIEW'] = "/user/loginok"
app.config['SECURITY_POST_REGISTER_VIEW'] = "/user/registerok"
# app.config['WTF_CSRF_ENABLED'] = False
# app.config['SECURITY_LOGIN_URL'] = '/testlogin'
# MongoDB Config
# app.config['MONGODB_DB'] = 'csoh_db'
# app.config['MONGODB_HOST'] = 'localhost'
user_mongodb_uri = DEFAULT_MONGODB_URI if (
user_mongodb_uri is None) else user_mongodb_uri
print("Using '{}' as user mongo db".format(user_mongodb_uri))
app.config['MONGODB_HOST'] = user_mongodb_uri
db = MongoEngine(app)
class Role(db.Document, RoleMixin):
name = db.StringField(max_length=80, unique=True)
description = db.StringField(max_length=255)
class User(db.Document, UserMixin):
name = db.StringField(max_length=255)
email = db.StringField(max_length=255, unique=True)
password = db.StringField(max_length=255)
active = db.BooleanField(default=True)
confirmed_at = db.DateTimeField()
roles = db.ListField(db.ReferenceField(Role), default=[])
# Setup Flask-Security
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
_initAdminUser(user_datastore)
_setupRoleManagementEndpoints(app, user_datastore)
return db, user_datastore, security
# @app.route('/apchange', methods=['POST'])
# @http_auth_required
# @roles_required(ADMIN_ROLE)
# def adminChangePassword():
# new_pass = utils.encrypt_password(request.form.get("pass"))
# user = user_datastore.get_user(current_user.email)
# user.password = new_padss
# user_datastore.put(user)
# return "Password changed", 200
def mongoengine_setup(request, app, tmpdir, realdburl):
pytest.importorskip("flask_mongoengine")
from flask_mongoengine import MongoEngine
from mongoengine.fields import (
BooleanField,
DateTimeField,
IntField,
ListField,
ReferenceField,
StringField,
)
db_name = "flask_security_test_%s" % str(time.time()).replace(".", "_")
app.config["MONGODB_SETTINGS"] = {
"db": db_name,
"host": "mongomock://localhost",
"port": 27017,
"alias": db_name,
}
db = MongoEngine(app)
class Role(db.Document, RoleMixin):
name = StringField(required=True, unique=True, max_length=80)
description = StringField(max_length=255)
permissions = StringField(max_length=255)
meta = {"db_alias": db_name}
class User(db.Document, UserMixin):
email = StringField(unique=True, max_length=255)
fs_uniquifier = StringField(unique=True, max_length=64, required=True)
username = StringField(unique=True, required=False, sparse=True, max_length=255)
password = StringField(required=False, max_length=255)
security_number = IntField(unique=True, required=False, sparse=True)
last_login_at = DateTimeField()
current_login_at = DateTimeField()
tf_primary_method = StringField(max_length=255)
tf_totp_secret = StringField(max_length=255)
tf_phone_number = StringField(max_length=255)
us_totp_secrets = StringField()
us_phone_number = StringField(max_length=255)
last_login_ip = StringField(max_length=100)
current_login_ip = StringField(max_length=100)
login_count = IntField()
active = BooleanField(default=True)
confirmed_at = DateTimeField()
roles = ListField(ReferenceField(Role), default=[])
meta = {"db_alias": db_name}
def tear_down():
with app.app_context():
User.drop_collection()
Role.drop_collection()
db.connection.drop_database(db_name)
request.addfinalizer(tear_down)
return MongoEngineUserDatastore(db, User, Role)
def __init__(self, import_name):
super().__init__(import_name=import_name)
CORS(app=self)
self.csrf = CSRFProtect(self)
self.config.from_object('app.config.Config')
self.mongo_engine = MongoEngine(self)
self.jwt_manager = JWTManager(self)
self.user_data_store = MongoEngineUserDatastore(self.mongo_engine, Customer, Role)
self.security = Security(self, datastore=self.user_data_store)
def _configure_security(app):
from . import models
from flask_security import MongoEngineUserDatastore
datastore = MongoEngineUserDatastore(models.db, models.User, models.Role)
state = extensions.security.init_app(app,
datastore,
register_blueprint=True)
def add_flask_security(app):
with app.app_context():
app.config['SECURITY_UNAUTHORIZED_VIEW'] = '/'
app.config['SECRET_KEY'] = f3c_global_config.secret_key
app.config['SECURITY_PASSWORD_SALT'] = f3c_global_config.secret_key
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
create_default_user_and_roles(user_datastore)
_add_apikey_handler(security, user_datastore)
def extensions_load(app):
db.init_app(app)
user_data_store = MongoEngineUserDatastore(db, User, Role)
s = security.init_app(app, user_data_store, register_blueprint=False)
# TODO 无法分辨token过期/没有token/无效的token
def unauthorized_handler():
error(InterfaceTips.INVALID_TOKEN)
s.unauthorized_handler(unauthorized_handler)
def register_extensions(app):
cache.init_app(app)
db.init_app(app)
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app,
user_datastore,
confirm_register_form=ExtendedRegisterForm)
mail.init_app(app)
debug_toolbar.init_app(app)
return None
def configure(app, db):
register_form = ExtendedRegisterForm
confirm_register_form = ExtendedRegisterForm
if app.config.get('SECURITY_RECAPTCHA_ENABLED'):
register_form = RecaptchaForm
confirm_register_form = RecaptchaForm
app.security = Security(app=app,
datastore=MongoEngineUserDatastore(db, User, Role),
register_form=register_form,
confirm_register_form=confirm_register_form)
def init_app(self, app):
global current_app
current_app = self
self.app = app
if app.config['DEBUG']:
self.cors.init_app(
self.app,
resources={r'/api/*': {
'origins': '*'
}},
)
from api import api_v0, api
self.api = api
self.blueprint = Blueprint(
'onelove',
__name__,
template_folder='templates',
static_folder='static',
static_url_path='/static/onelove',
)
self.app.register_blueprint(self.blueprint)
self.app.register_blueprint(api_v0, url_prefix='/api/v0')
self.app.register_blueprint(apidoc.apidoc)
self.mail.init_app(self.app)
self.db.init_app(self.app)
self.user_datastore = MongoEngineUserDatastore(
self.db,
User,
Role,
)
self.security.init_app(
self.app,
self.user_datastore,
)
self.jwt.init_app(self.app)
self.collect.init_app(self.app)
if self.app.config.get('DEBUG_TB_PANELS', False):
from flask_debugtoolbar import DebugToolbarExtension
from flask_debug_api import DebugAPIExtension
self.toolbar = DebugToolbarExtension(self.app)
self.toolbar = DebugAPIExtension(self.app)
self.socketio = SocketIO(self.app, logger=True)
self.app.onelove = self
def create_app():
db = MongoEngine()
app = Flask(__name__)
app.config.from_object(Config)
# flask_security config
user_datastore = MongoEngineUserDatastore(db, Users, Roles)
security = Security(app, user_datastore)
# do some init
db.init_app(app)
create_user_role(user_datastore, db)
return app
def configure_extensions(app):
# flask-assets
assets.init_app(app)
# flask-mongoengine
db.init_app(app)
# flask-s3
s3.init_app(app)
# flask-security
user_datastore = MongoEngineUserDatastore(db, User, Role)
security.init_app(app, user_datastore)
def extensions_load(app):
db.init_app(app)
user_data_store = MongoEngineUserDatastore(db, User, Role)
s = security.init_app(app, user_data_store, register_blueprint=False)
cors = CORS(
app, resources={r"*": {
"origins": "*",
"expose_headers": "X-Total"
}})
# TODO 无法分辨token过期/没有token/无效的token
def unauthorized_handler():
error(InterfaceTips.INVALID_TOKEN)
s.unauthorized_handler(unauthorized_handler)
def register_auth(app):
def load_user(user_id):
return User.objects(_id=user_id)
login_manager.init_app(app)
login_manager.user_loader(load_user)
login_manager.login_view = '/login'
# Setup Flask-Security
security.init_app(app, MongoEngineUserDatastore(db, User, Role))
state = app.extensions['security']
state.send_mail_task(send_mail)
app.extensions['security'] = state
SocialBlueprint.init_bp(app, SocialConnection, url_prefix='/_social')
def create_app(config):
app = Flask(__name__, static_folder='static')
app.config.from_object(config)
app.url_map.strict_slashes = False
app.register_blueprint(landfile_site)
# app.register_blueprint(landfile_api)
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
mail = Mail(app)
db.init_app(app)
CORS(app)
return app
def extensions(app):
"""
Register 0 or more extensions (mutates the app passed in).
:param app: Flask application instance
:return: None
"""
debug_toolbar.init_app(app)
db.init_app(app)
app.session_interface = mongoInterface
# init login
init_login(app)
# Setup Flask-Security
user_datastore = MongoEngineUserDatastore(db, User, Role)
security = Security(app, user_datastore)
# add admin view
admin.init_app(app, index_view=HomeView())
# admin.index_view =
admin.add_view(CourseView(Course))
admin.add_view(RequirementView(Requirement))
admin.add_view(MajorView(Major))
admin.add_view(QuarterView(Quarter))
admin.add_view(UserView(User))
admin.add_view(RoleView(Role))
admin.add_view(FileUploadView(name='util', endpoint='util'))
# define a context processor for merging flask-admin's template context into the
# flask-security views.
@security.context_processor
def security_context_processor():
return dict(admin_base_template=admin.base_template,
admin_view=admin.index_view,
h=admin_helpers,
get_url=url_for)
# Create a user to test with
@app.before_first_request
def create_user():
user_datastore.find_or_create_role(name='superuser',
description='Administrator')
user_datastore.find_or_create_role(name='user', description='User')
if not user_datastore.get_user('admin'):
user_datastore.create_user(email='admin', password='******')
user_datastore.add_role_to_user('admin', 'superuser')
return None
def initdb():
'''Init/reset database.'''
if not os.environ.get('PRODUCTION'):
db.connection.drop_database(app.config['MONGODB_SETTINGS']['db'])
user_datastore = MongoEngineUserDatastore(db, User, Role)
admin = user_datastore.create_role(name='admin', description='Admin User')
user = user_datastore.create_user(
email='*****@*****.**',
password=encrypt_password('password')
)
user_datastore.add_role_to_user(user, admin)
def init_app(app):
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.user_loader(load_user)
login_manager.login_view = '/login'
# Setup Flask-Security
security = Security()
security = security.init_app(app, MongoEngineUserDatastore(db, User, Role))
security.send_mail_task(send_mail)
from flask_social_blueprint.core import SocialBlueprint
SocialBlueprint.init_bp(app, SocialConnection, url_prefix='/_social')
state = app.extensions['security']
state.render_template = render_template
app.extensions['security'] = state
def init_app(app):
admin = flask_admin.Admin(app=app,
name='ProxyPool Admin',
base_template="admin/master_base.html",
index_view=ProxyPoolAdminIndexView(),
template_mode='bootstrap3')
admin.add_view(ProxyView(ProxyModel))
admin.add_view(SettingView(SettingModel))
# admin.add_view(ProxyPoolView(ProxyPoolModel))
admin.add_view(FetcherView(FetcherModel))
db = MongoEngine()
db.init_app(app)
user_datastore = MongoEngineUserDatastore(db, User, Role)
init_security(user_datastore, app, admin)
init_base_data(user_datastore, app)
def create_app(modo='dev'):
instance_path = path.join(path.abspath('.'), 'instancias', modo)
# App e blueprints
app = Flask('wikizera',
instance_path=instance_path,
instance_relative_config=True)
app.register_blueprint(index_blueprint)
# Configurações
app.config.from_pyfile('config.py')
# UTF-8 por padrão xD
app.response_class = Utf8Response
# Plugins
CORS(app, origins=[app.config['WIKIZERA_REACT_ORIGIN']])
db.init_app(app)
Bootstrap(app)
admin.configura(app)
create_api(app)
# Segurança
user_datastore = MongoEngineUserDatastore(db, User, Role)
Security(app=app, datastore=user_datastore)
return app
def mongoengine_setup(request, app, tmpdir, realdburl):
from flask_mongoengine import MongoEngine
db_name = 'flask_security_test_%s' % str(time.time()).replace('.', '_')
app.config['MONGODB_SETTINGS'] = {
'db': db_name,
'host': 'mongomock://localhost',
'port': 27017,
'alias': db_name
}
db = MongoEngine(app)
class Role(db.Document, RoleMixin):
name = db.StringField(required=True, unique=True, max_length=80)
description = db.StringField(max_length=255)
meta = {"db_alias": db_name}
class User(db.Document, UserMixin):
email = db.StringField(unique=True, max_length=255)
username = db.StringField(max_length=255)
password = db.StringField(required=False, max_length=255)
security_number = db.IntField(unique=True)
last_login_at = db.DateTimeField()
current_login_at = db.DateTimeField()
last_login_ip = db.StringField(max_length=100)
current_login_ip = db.StringField(max_length=100)
login_count = db.IntField()
active = db.BooleanField(default=True)
confirmed_at = db.DateTimeField()
roles = db.ListField(db.ReferenceField(Role), default=[])
meta = {"db_alias": db_name}
def tear_down():
with app.app_context():
db.connection.drop_database(db_name)
request.addfinalizer(tear_down)
return MongoEngineUserDatastore(db, User, Role)
def init_app(app):
# Flask-Login
# https://flask-login.readthedocs.org/en/latest/
from flask_login import LoginManager
login_manager = LoginManager()
login_manager.init_app(app)
login_manager.user_loader(load_user)
login_manager.login_view = "/login"
# Setup Flask-Security
security = Security()
security = security.init_app(app, MongoEngineUserDatastore(db, User, Role))
security.send_mail_task(send_mail)
from flask_social_blueprint.core import SocialBlueprint
SocialBlueprint.init_bp(app, SocialConnection, url_prefix="/_social")
@app.before_first_request
def before_first_request():
for m in [User, Role, SocialConnection]:
m.drop_collection()
def create_admin_console(app):
# Admin Panel
user_datastore = MongoEngineUserDatastore(db, models.User, models.Role)
security = Security(app, user_datastore)
admin_console = flask_admin.Admin(
app,
'Jumiabot System Dashboard',
base_template='my_master.html',
template_mode='bootstrap3',
)
admin_console.add_view(views.RolesView(models.Role))
admin_console.add_view(views.UsersView(models.User))
@security.context_processor
def security_context_processor():
return dict(admin_base_template=admin_console.base_template,
admin_view=admin_console.index_view,
h=admin_helpers,
get_url=url_for)
from flask import Blueprint, render_template, redirect, url_for, request, flash
from flask_security import login_required, MongoEngineUserDatastore
from flask_security.utils import login_user, logout_user
from flask_security.utils import verify_and_update_password, encrypt_password
from honeyswarm.models import db, User, Role
auth = Blueprint('auth', __name__)
user_datastore = MongoEngineUserDatastore(db, User, Role)
@auth.route('/login')
def login():
return render_template("login.html")
@auth.route('/login', methods=['POST'])
# @csrf_exempt
def login_post():
email = request.form.get('email')
password = request.form.get('password')
remember = True if request.form.get('remember') else False
user = User.objects(email=email).first()
# ToDo: There is username enumeration here.
# Check if enabled account
if not user or not user.active:
flash('This account has been disabled')
return redirect(url_for('auth.login'))
# 不同種權限身份
class Role(security_db.Document, RoleMixin):
name = security_db.StringField(max_length=80, unique=True)
description = security_db.StringField(max_length=255)
# 使用者資訊
class User(security_db.Document, UserMixin):
email = security_db.StringField(max_length=255)
password = security_db.StringField(max_length=255)
active = security_db.BooleanField(default=True)
confirmed_at = security_db.DateTimeField()
roles = security_db.ListField(security_db.ReferenceField(Role), default=[])
user_datastore = MongoEngineUserDatastore(security_db, Role, User)
security = Security(app, user_datastore)
def create_user():
print(user_datastore)
student_role = user_datastore.find_or_create_role('student')
print(student_role)
if user_datastore.get_user('Liao') == None:
print('345')
user_datastore.create_user(email='Liao',
password=hashPassword('871029'),
roles=[student_role])
#密碼加密