def setUp(self): app = Flask(__name__) app.secret_key = "N4buDSXfaHx2oO8g" self.app = app auth = Auth(app) @login_required def needs_login(): return "needs_login" app.add_url_rule("/needs_login/", "needs_login", needs_login) @permission_required(resource="post", action="view") def post_view(): return "needs_post_view" app.add_url_rule("/post_view/", "post_view", post_view) @app.route("/login_view/") def login_view(): return "login_view" user = AuthUser(username="******") user.role = "testuser" testuser_role = Role("testuser", [Permission("post", "view")]) auth.load_role = lambda _: testuser_role self.user = user
def init_users(): g.users = {} for username in app.config["ADMINS"]: user = AuthUser(username=username) user.set_and_encrypt_password(app.config["ADMINS"][username]) user.role = "admin" g.users[username] = user
def setUp(self): app = Flask(__name__) app.secret_key = 'N4buDSXfaHx2oO8g' self.app = app auth = Auth(app) @login_required def needs_login(): return 'needs_login' app.add_url_rule('/needs_login/', 'needs_login', needs_login) @permission_required(resource='post', action='view') def post_view(): return 'needs_post_view' app.add_url_rule('/post_view/', 'post_view', post_view) @app.route('/login_view/') def login_view(): return 'login_view' user = AuthUser(username='******') user.role = 'testuser' testuser_role = Role('testuser', [Permission('post', 'view')]) auth.load_role = lambda _: testuser_role self.user = user
def init(): if session: security.csrfProtect() config = api.getConfig() g.users = {} for k, v in list(config["general_settings"]["users"].items()): addUser = AuthUser(username=k) addUser.set_and_encrypt_password(v) g.users[k] = addUser
def setUp(self): app = Flask(__name__) app.secret_key = 'N4buDSXfaHx2oO8g' auth = Auth(app) auth.hash_algorithm = hashlib.sha1 user = AuthUser(username='******') with app.test_request_context(): user.set_and_encrypt_password(self.PASSWORD) self.app = app self.user = user
def login(): user,company = getuser(flask.request.json['user']) if user==None: return '403' if not user.active: return '401' #must instantiate an AuthUser that is serializable to JSON, unlike the MongoAlchemy data object jsonuser=AuthUser(username=user.username,password=user.password,salt=user.salt) jsonuser.role=user.role return '302' if jsonuser.authenticate(flask.request.json['pass']) else '403'
def init_users(): """ Initializing users by hardcoding password. Another use case is to read usernames from an external file (like /etc/passwd). """ admin = AuthUser(username='******') # Setting and encrypting the hardcoded password. admin.set_and_encrypt_password('password', salt='123') # Persisting users for this request. g.users = {'admin': admin}
def setUp(self): app = Flask(__name__) app.secret_key = "N4buDSXfaHx2oO8g" auth = Auth(app) auth.hash_algorithm = hashlib.sha1 user = AuthUser(username="******") with app.test_request_context(): user.set_and_encrypt_password(self.PASSWORD) self.app = app self.user = user
def init_users(): g.control = {} g.dataOnly = {} for dict in creds: user = AuthUser(username=dict['username']) user.set_and_encrypt_password(dict['password'], salt=dict['salt']) if dict['level'] == 'control': g.control[dict['username']] = user if dict['level'] == 'dataOnly': g.dataOnly[dict['username']] = user
def setUp(self): app = Flask(__name__) auth = Auth(app) self.app = app def load_role(role_name): return self.ROLES.get(role_name) auth.load_role = load_role user = AuthUser(username='******') user.role = 'testuser' self.user = user
def setUp(self): app = Flask(__name__) auth = Auth(app) self.app = app def load_role(role_name): return self.ROLES.get(role_name) auth.load_role = load_role user = AuthUser(username="******") user.role = "testuser" self.user = user
def init_users(): """ Initializing users from hardcoded credentials from the settings.toml file. Looks for [users] with each username and password on a line underneath. Example: [users] admin = "password" If no users section is found in the settings file then admin/password will be used and auto signed in to create an unauthenticated experience. """ if "users" in settings.keys(): if settings['users'] is not None: settings_users = {} for username in settings['users']: new_user = AuthUser(username=username) # Setting and encrypting the hardcoded password. new_user.set_and_encrypt_password(str.encode( settings['users'][username]), salt=b'123') # Persisting users for this request. app.app_state['authentication_required'] = True settings_users[username] = new_user g.users = settings_users return else: admin = AuthUser(username='******') # Setting and encrypting the hardcoded password. admin.set_and_encrypt_password(b'password', salt=b'123') # Persisting users for this request. app.app_state['authentication_required'] = False g.users = {'admin': admin}
def setup(): username = request.form['username'] password = request.form['password'] auth = AuthUser(username=username) auth.set_and_encrypt_password(password, salt='1234567') myuser = User(username="******") myuser.password = "******" myuser.save() brand = Brand.query.first() pages = Page.query #return render_template('login.html', user=get_current_user_data(), brand=brand, pages=pages) return redirect(url_for('ulogin'))
def changepass(): if request.method == 'POST': if request.form['password'] == request.form['confirmpassword']: #userId = 0 username = get_current_user_data()["username"] password = request.form['password'] # query mongo for user myUser = User.query.filter(User.username == username).first() myAuth = AuthUser(username=username) myAuth.set_and_encrypt_password(password, salt='1234567') myUser.password = myAuth.password myUser.save() return redirect(url_for('admin'))
def listusers(current=None): checkprivilege() if current==None: current=AuthUser.load_current_user() q=server.db.query(Company) q.raw_output() return json.dumps(q.filter({'users': {'$elemMatch': {'username': current.username}}}).first()['users'])
def setUp(self): app = Flask(__name__) auth = Auth(app) self.app = app auth.hash_algorithm = self.HASH_ALGORITHM user = AuthUser(username='******') self.user = user
def test_user_expiration_override(self): import time with self.app.test_request_context(): self.app.auth.user_timeout = 0.01 login(self.user) time.sleep(0.02) assert AuthUser.load_current_user(apply_timeout=False) == self.user
def test_user_expiration(self): import time with self.app.test_request_context(): self.app.auth.user_timeout = 0.01 login(self.user) time.sleep(0.02) assert get_current_user_data() is None assert AuthUser.load_current_user() is None
def init_users(): """ Initializing users by hardcoding password. Another use case is to read usernames from an external file (like /etc/passwd). """ user = AuthUser(username='******') # Setting and encrypting the hardcoded password. user.set_and_encrypt_password('password', salt='123') # Setting role of the user. user.role = 'userview' # Doing the same for the admin admin = AuthUser(username='******') admin.set_and_encrypt_password('admin') admin.role = 'admin' # Persisting users for this request. g.users = {'user': user, 'admin': admin, }
def usignup(): brand = Brand.query.first() pages = Page.query # IMPLEMENT SIGNUP CODE if request.method == 'POST': if request.form['password'] == request.form['confirmpassword']: #userId = 0 username = request.form['username'] password = request.form['password'] auth = AuthUser(username=username) auth.set_and_encrypt_password(password, salt='1234567') myuser = User(username=username, password=auth.password) myuser.save() return render_template('signup.html', user=get_current_user_data(), brand=brand, pages=pages)
def init(): if session: security.csrfProtect() config = api.getConfig() g.users = {} for k, v in config["general_settings"]["users"].iteritems(): addUser = AuthUser(username=k) addUser.set_and_encrypt_password(v) g.users[k] = addUser if config["general_settings"]["domoboard"]["autologon"] == "True": addUser = AuthUser(username='******') addUser.set_and_encrypt_password('auto') g.users['auto'] = addUser
def ulogin(): # required for all areas to show brand and pages in menu brand = Brand.query.first() pages = Page.query if request.method == 'POST': username = request.form['username'] password = request.form['password'] user = User.query.filter(User.username == username).first() if user is not None: authUser = AuthUser(username=username, salt='1234567') authUser.password = user.password #if authUser.authenticate(encrypt(password, salt='1234567')): if authUser.authenticate(request.form['password']): return redirect(url_for('index')) return 'Failure :(' return render_template('login.html', user=get_current_user_data(), brand=brand, pages=pages)
def getuser(username=None): if username==None: username=AuthUser.load_current_user() if username==None: flask.abort(403) username=username.username company=server.db.query(Company).filter({'users': {'$elemMatch': {'username': username}}}).first() if company==None: return None,None for user in company.users: if user.username==username: return user,company raise Exception('User found on DB but not on user array')
def profile(): # required for all areas to show brand and pages in menu brand = Brand.query.first() pages = Page.query #if get_current_user_data()["username"] != "admin": # return redirect(url_for('index')) if request.method == 'POST': if request.form['password'] == request.form['confirmpassword']: #userId = 0 username = get_current_user_data()["username"] password = request.form['password'] # query mongo for user myUser = User.query.filter(User.username == username).first() myAuth = AuthUser(username=username) myAuth.set_and_encrypt_password(password, salt='1234567') myUser.password = myAuth.password myUser.save() return render_template('profile.html', brand=brand, pages=pages, user=get_current_user_data())
def init_users(): user = None # first try to get admin user if null then procee to setup try: user = User.query.filter(User.username == 'admin').first() #user = User.query.filter(User.username==username).one() except: pass # TODO: find a way to not have this run all the time, SO SLOW! # if admin collection is empty need to create with default creds if user is None: #userId = 0 username = "******" password = "******" auth = AuthUser(username=username) auth.set_and_encrypt_password(password, salt='1234567') myuser = User(username=username, password=auth.password) myuser.save() brand = Brand.query.first() #return render_template('setup.html', brand=brand) return redirect(url_for('ulogin'))
def init_users(): admin = AuthUser(username='******') admin.set_and_encrypt_password('password') g.users = {'admin': admin}
def test_authenticate(self): with self.app.test_request_context(): assert self.user.authenticate(self.PASSWORD) is True assert self.user.is_logged_in() is True assert AuthUser.load_current_user() == self.user
def test_current_user(self): with self.app.test_request_context(): login(self.user) assert get_current_user_data() == self.user.__dict__ assert AuthUser.load_current_user() == self.user
def checkprivilege(): if AuthUser.load_current_user().role!='admin': flask.abort(403)