def do_login():
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
user = fswww().login(g.form)
if not user:
flash('Invalid Login')
return render_template('login.html')
exp = int(time.time()) + 3600
ck = Auth().encrypt_auth_cookie(user, exp)
response = make_response(redirect('/'))
response.set_cookie(Auth().AUTH_COOKIE_NAME, ck, 3600, exp, '/', None)
return response
def login_as_admin():
LOG.info("login_as_admin")
response = Auth().login(APP_URL, ADMIN_USER, ADMIN_PASSWORD)
assert response.ok
access_token = response.json()["access_token"]
yield access_token
def login(self, form):
u, p = form.get('username'), form.get('password')
user = Users().get_by_username(u)
print repr(user)
if not user or not Auth().authorize_user(user, p):
return False
return user
def check_authorization():
if request.path[0:7] == '/static':
return
# FIXME -- api basic auth?
if request.endpoint == 'do_login':
return
ck = request.cookies.get(Auth().AUTH_COOKIE_NAME)
if ck is None:
return redirect('/login')
g.current_user = Auth().decrypt_auth_cookie(ck)
if not g.current_user:
return redirect('/login')
def edit_user(id):
data = data_defaults['user']['edit']
data['action']['url'] = data['action']['url'] % id
if request.method == 'GET':
data['user'] = Users().get_user(id)
return render_template('user_form.html', data=data)
if request.method == 'POST':
_input = g.form.copy()
_input['id'] = id
_input['modified_by'] = g.current_user['id']
u = Users().get_user(id)
if 'password' in _input and _input['password']:
_input['password'] = Auth().password_hash(
_input['confirm_password'])
else:
_input['password'] = u['password']
ok, messages = fswww().validate_user_properties(_input)
if not ok:
for m in messages:
flash(m)
return render_template('user_form.html', data={'user': _input})
id = Users().update_user(_input)
if id is not False:
url = '/users/edit/%d' % id
flash('user updated')
return redirect(url)
flash('unable to update user')
return render_template('user_form.html', data={'role': _input})
def verify():
email = request.args.get('email')
verification_token = request.args.get('token')
if not email or not verification_token:
return 'No email or token'
auth = Auth()
response = auth.verify(email=email, verification_token=verification_token)
return response['response_text']
def aquireAuthToken(authObj, http):
token = ""
try:
token = authObj.readResponse(authObj.authorizationRequest(http))
except AuthException as e:
print("Login mit Zugang {} nicht möglich.".format(e.login))
print("Zugangsdaten erneut eingeben: ")
login = input("Login: "******"Passwort: ")
aquireAuthToken(Auth(login, password), http)
else:
http.setToken(token)
def test_user_permissions(login_as_admin):
LOG.info("test_user_permissions")
# Create new user and assign "user" role
new_username = "******"
new_password = "******"
new_user_roles = "user"
response = Users().create_user(APP_URL, login_as_admin, new_username,
new_password)
assert response.ok
response_data = response.json()
new_user_id = response_data["id"]
assert response_data["username"] == new_username
assert response_data["roles"] == "user"
# Login as the newly created user
response = Auth().login(APP_URL, new_username, new_password)
assert response.ok
response_data = response.json()
access_token = response_data["access_token"]
# Check the new user can get his own info
response = Users().get_current_user(APP_URL, access_token)
assert response.ok
assert response.json()["username"] == new_username
assert response.json()["roles"] == new_user_roles
# Check that the newly created user CAN NOT create other users because
# it doesn't have admin privileges
response = Users().create_user(APP_URL, access_token, "tony", "montana")
assert not response.ok
# Check that the newly created user CAN NOT delete other users because
# it doesn't have admin privileges
response = Users().delete_user(APP_URL, access_token, new_user_id)
assert not response.ok
# Finally, delete the newly created user but this time use the admin account
response = Users().delete_user(APP_URL, login_as_admin, new_user_id)
assert response.ok
#!/env/bin/python
from flask import Flask, session, escape, render_template, request, url_for, redirect
from lib.auth import Auth
auth = Auth()
app = application = Flask(__name__)
#add the secret key from the config
#to allow Flask sessions to work
app.secret_key = auth.config['app']['secret_key']
@app.route('/')
def index():
logged_in = session.get('logged_in')
if logged_in:
return 'logged in!'
else:
return '''not logged in.
<p><a href="/login">Click here</a> to login.</p>
<p><a href="/createaccount">Click here</a> to sign up.</p>'''
@app.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'GET':
return render_template('login.html')
if request.method == 'POST':
password = request.form.get('password')
email = request.form.get('email')
response = auth.login(email, password)
def __init__(self, access_key=None, secret_key=None):
if access_key and secret_key:
self.auth = Auth(access_key, secret_key)
else:
from conf import ACCESS_KEY, SECRET_KEY
self.auth = Auth(ACCESS_KEY, SECRET_KEY)
from json import dumps
from lib.config import Config
from lib.auth import Auth
from lib.model.room import Room
from lib.model.message import Message
app = Flask(__name__)
cfg = Config('config.db')
app.debug = (__name__ == '__main__')
app.config['SECRET'] = cfg.get('socket-key')
socketio = SocketIO(app)
config = Config('config.db')
auth = Auth(config)
@app.before_request
def log_request():
current_app.logger.debug(request.url)
@app.route('/', methods=['GET'])
def route_index():
return render_template('index.html')
@app.route('/app', methods=['GET'])
def route_chat():
return render_template('app.html')
response_placement = http.getRequest('placement',
params).json()['response']
if 'placement' in response_placement:
return response_placement['placement']
else:
return None
proxies = {
"http": "http://proxy.t-online.net:3128",
"https": "http://proxy.t-online.net:3128",
}
http = HttpHandler("http://api.appnexus.com")
a = Auth()
aquireAuthToken(a, http)
filename = "all_site_ALL_categories.csv"
worker = AbstractGenericWorker(http)
#sites = worker.getAllEntitiesByType('site')
sites = worker.getAllEntitiesByRange('site', 300, 400)
writer_content = list()
count = len(sites)
i = 1
all_categories = set()
def do_logout():
response = make_response(redirect('/'))
response.set_cookie(Auth().AUTH_COOKIE_NAME, '', -1, -1, '/', None)
return response
def test_login():
LOG.info("test_login")
response = Auth().login(APP_URL, ADMIN_USER, ADMIN_PASSWORD)
LOG.debug(response.json())
assert response.ok