def kick(self, id):
try:
id = int(id)
except (ValueError, TypeError):
raise HTTPNotFound()
room = DBSession.query(Room).filter(Room.id == id).one_or_none()
if room is None:
raise HTTPNotFound()
member_id = context.form.get('memberId')
member = DBSession.query(Member) \
.filter(Member.reference_id == member_id).one_or_none()
if member is None:
raise HTTPStatus('611 Member Not Found')
is_member = DBSession.query(Member) \
.filter(
TargetMember.target_id == id,
TargetMember.member_id == member.id
) \
.count()
if not is_member:
raise HTTPStatus('617 Not A Member')
DBSession.query(TargetMember) \
.filter(
TargetMember.target_id == id,
TargetMember.member_id == member.id
) \
.delete()
return room
def mockup(cls):
god = God()
god.email = '*****@*****.**'
god.password = '******'
god.is_active = True
DBSession.add(god)
DBSession.commit()
def info(self):
from sharedlists import __version__ as appversion
users = DBSession.query(User).count()
lists = DBSession.query(Item.ownerid, Item.list) \
.group_by(Item.ownerid, Item.list).count()
result = [
f'Shared Lists v{appversion}',
f'Total Lists: {lists}',
f'Total Users: {users}',
]
me = context.identity.id
mylists = DBSession.query(Item.ownerid, Item.list) \
.filter(Item.ownerid == me) \
.group_by(Item.ownerid, Item.list) \
.count()
myitems = DBSession.query(Item.ownerid, Item.list) \
.filter(Item.ownerid == me) \
.count()
result.append(f'My Lists: {mylists}')
result.append(f'My Items: {myitems}')
result.append('')
return CR.join(result)
def send(self, target_id):
mimetype = context.form.get('mimetype')
sender = Member.current()
message = Message(body=context.form.get('body'))
message.target_id = int(target_id)
message.sender_id = sender.id
if 'attachment' in context.form:
message.attachment = context.form.get('attachment')
message.mimetype = message.attachment.content_type
if message.attachment.content_type in BLACKLIST_MIME_TYPES:
raise HTTPUnsupportedMediaType()
elif mimetype:
if mimetype not in SUPPORTED_TEXT_MIME_TYPES:
raise HTTPUnsupportedMediaType()
message.mimetype = context.form.get('mimetype')
else:
message.mimetype = 'text/plain'
DBSession.add(message)
DBSession.flush()
queues.push(settings.messaging.workers_queue, message.to_dict())
webhook = Webhook()
webhook.sent_message(target_id, sender.reference_id)
return message
def see(self, id):
id = int_or_notfound(id)
member = Member.current()
message = DBSession.query(Message).get(id)
if message is None:
raise HTTPNotFound()
if message.sender_id == member.id:
raise HTTPStatus('621 Can Not See Own Message')
member_message_seen = DBSession.query(MemberMessageSeen) \
.filter(MemberMessageSeen.member_id == member.id) \
.filter(MemberMessageSeen.message_id == message.id) \
.one_or_none()
if member_message_seen is not None:
raise HTTPStatus('619 Message Already Seen')
query = DBSession.query(Message) \
.filter(Message.target_id == message.target_id) \
.filter(Message.created_at <= message.created_at) \
.filter(Message.seen_at == None) \
.filter(Message.sender_id != member.id) \
query = Message.filter_by_request(query)
for m in query:
m.seen_by.append(member)
seen_message = message.to_dict()
seen_message.update({'type': 'seen'})
queues.push(settings.messaging.workers_queue, seen_message)
return message
def post(self):
email = context.form.get('email')
password = context.form.get('password')
otp = context.form.get('otp', None)
principal = context.application.__authenticator__.login((email, password))
token = principal.dump().decode()
try:
# TODO: Add this feature for admins
if principal.is_in_roles('client'):
client = Client.query.filter(Client.email == email).one()
if client.has_second_factor is True:
if otp is None:
raise HttpBadRequest('Otp needed', 'bad-otp')
oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email)
is_valid, _ = oath.verify_google_auth(otp)
if is_valid is False:
raise HttpBadRequest('Invalid otp', 'invalid-otp')
login_log = SecurityLog.generate_log(type='login')
DBSession.add(login_log)
DBSession.flush()
except Exception as e:
# FIXME: Fix the warning
context.application.__authenticator__.unregister_session(principal.session_id)
raise e
return dict(token=token)
def register(self):
email = context.form.get('email')
password = context.form.get('password')
name = context.form.get('name')
family = context.form.get('family')
description = context.form.get('description')
role = 'member'
member = DBSession.query(Member) \
.filter(Member.email == email) \
.one_or_none()
if DBSession.query(Member.email).filter(Member.email == email).count():
raise HTTPStatus('601 Email Address Is Already Registered')
member = Member(
email=email,
name=name,
password=password,
family=family,
description=description,
role=role,
)
DBSession.add(member)
return member
def verify_token(self, encoded_token):
principal = CASPrincipal.load(encoded_token)
member = DBSession.query(Member) \
.filter(Member.reference_id == principal.reference_id) \
.one_or_none()
if not member and not 'HTTP_X_OAUTH2_ACCESS_TOKEN' in context.environ:
raise HTTPBadRequest()
access_token = context.environ['HTTP_X_OAUTH2_ACCESS_TOKEN'] \
if 'HTTP_X_OAUTH2_ACCESS_TOKEN' in context.environ \
else member.access_token
cas_member = CASClient().get_member(access_token)
if cas_member['email'] != principal.email:
raise HTTPBadRequest()
if member:
if member.title != cas_member['title']:
member.title = cas_member['title']
if member.first_name != cas_member['firstName']:
member.first_name = cas_member['firstName']
if member.avatar != cas_member['avatar']:
member.avatar = cas_member['avatar']
if member.last_name != cas_member['lastName']:
member.last_name = cas_member['lastName']
DBSession.commit()
return principal
def test_soft_delete_mixin(self):
# noinspection PyArgumentList
instance = SoftDeleteCheckingModel(title='test title')
DBSession.add(instance)
DBSession.commit()
instance.assert_is_not_deleted()
self.assertRaises(ValueError, instance.assert_is_deleted)
instance = SoftDeleteCheckingModel.query.one()
instance.soft_delete()
DBSession.commit()
instance.assert_is_deleted()
self.assertRaises(ValueError, instance.assert_is_not_deleted)
self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 1)
self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 0)
instance.soft_undelete()
DBSession.commit()
instance.assert_is_not_deleted()
self.assertRaises(ValueError, instance.assert_is_deleted)
self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 0)
self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 1)
DBSession.delete(instance)
self.assertRaises(HttpConflict, DBSession.commit)
def claim(self):
email = context.form.get('email')
email_pattern = r'(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)'
if not email:
raise HTTPBadRequest()
if not re.match(email_pattern, email):
raise HTTPStatus('701 Invalid email format.')
if DBSession.query(Member.email).filter(Member.email == email).count():
raise HTTPStatus(
'601 The requested email address is already registered.')
# FIXME: Token should be put in payload
serializer = \
itsdangerous.URLSafeTimedSerializer(settings.activation.secret)
token = serializer.dumps(email)
DBSession.add(
ActivationEmail(to=email,
subject='Activate your NueMD Coder account',
body={
'activation_token': token,
'activation_url': settings.activation.url
}))
return dict(email=email)
def update(self, id):
id = int_or_notfound(id)
user_name = context.form.get('userName')
email = context.form.get('email')
member = DBSession.query(Member) \
.filter(Member.id == id) \
.one_or_none()
if member is None:
raise HTTPNotFound()
username_exists = DBSession.query(Member) \
.filter(Member.user_name == user_name) \
.filter(Member.id != id) \
.one_or_none()
if username_exists:
raise StatusRepetitiveUsername()
email_exist = DBSession.query(Member) \
.filter(Member.email == email) \
.filter(Member.id != id) \
.one_or_none()
if email_exist:
raise StatusRepetitiveEmail()
member.update_from_request()
return member
def mockup():
with StoreManager(DBSession):
images = PlaceImageList([
PlaceImage.create_from(f'{IMAGE_PATH}/1.jpeg'),
PlaceImage.create_from(f'{IMAGE_PATH}/2.jpeg'),
])
categories = [
Category(name='جنگل', ),
Category(name='رودخونه', ),
Category(name='کوه', ),
Category(name='مذهبی', ),
]
for i in range(1000):
place = Place(
name=f'foo {i}',
description=description,
address=address,
latitude=random() * 20 + 30,
longitude=random() * 20 + 30,
images=images,
category=choice(categories),
)
DBSession.add(place)
DBSession.commit()
def register(self):
email = context.form.get('email')
password = context.form.get('password')
invitation_code = context.form.get('invitationCode', None)
client = Client()
if invitation_code is None and settings.membership.invitation_code_required is True:
raise HttpBadRequest('Bad invitation code', 'bad-invitation-code')
if invitation_code is not None:
invitation = Invitation.query.filter(Invitation.code == invitation_code).with_for_update().one_or_none()
if invitation is None or invitation.is_active is False:
raise HttpBadRequest('Bad invitation code', 'bad-invitation-code')
if invitation.unfilled_sits <= 0:
raise HttpBadRequest('Fully filled invitation code', 'fully-filled-invitation-code')
invitation.filled_sits += 1
client.invitation_code = invitation_code
client.email = email
client.password = password
client.is_active = True
DBSession.add(client)
return client
def insert_mockup(self, args=None): # pragma: no cover
from restfulpy.orm import DBSession
from .models import User
oscar = User(id='pylover',
email='*****@*****.**',
password='******')
DBSession.add(oscar)
DBSession.commit()
def unregister(self, id):
id = int_or_notfound(id)
member = DBSession.query(Member).get(id)
if member is None:
raise HTTPNotFound()
DBSession.delete(member)
return member
def insert_mockup(self):
for i in range(1, 11):
# noinspection PyArgumentList
DBSession.add(
Resource(id=i,
title='resource%s' % i,
password='******' % i))
DBSession.commit()
def __call__(self, args):
user = User(
id=args.name,
email=args.email,
password=getpass()
)
DBSession.add(user)
DBSession.commit()
def add(self):
bank_card = BankCard()
bank_card.client_id = context.identity.id
bank_card.fiat_symbol = context.form.get('fiatSymbol')
bank_card.holder = context.form.get('holder')
bank_card.pan = context.form.get('pan')
DBSession.add(bank_card)
return bank_card
def create(self):
title = context.form.get('title')
if DBSession.query(Person).filter(Person.title == title).count():
raise HTTPStatus('600 Already person has existed')
person = Person(title=context.form.get('title'))
DBSession.add(person)
return person
def add(self):
sheba_address = BankAccount()
sheba_address.client_id = context.identity.id
sheba_address.fiat_symbol = context.form.get('fiatSymbol')
sheba_address.iban = context.form.get('iban')
sheba_address.bic = context.form.get('bic', None)
sheba_address.owner = context.form.get('owner')
DBSession.add(sheba_address)
return sheba_address
def list(self):
current_user = DBSession.query(Member) \
.filter(Member.reference_id == context.identity.reference_id) \
.one()
query = DBSession.query(Room)
if not context.identity.is_in_roles('admin'):
query = query.filter(Room.owner_id == current_user.id)
return query
def create(self):
title = context.form.get('title')
if DBSession.query(Foo).filter(Foo.title == title).count():
raise HTTPStatus('604 Title Is Already Registered')
foo = Foo()
foo.update_from_request()
DBSession.add(foo)
return foo
def append(self, listtitle, itemtitle):
me = self._get_current_user()
item = Item(
ownerid=context.identity.id,
list=listtitle,
title=itemtitle
)
me.items.append(item)
DBSession.flush()
return ''.join((str(item), CR))
def list(self):
current_member = DBSession.query(Member) \
.filter(Member.reference_id == context.identity.reference_id) \
.one()
query = DBSession.query(Member) \
.filter(
MemberContact.member_id == current_member.id,
MemberContact.contact_member_id == Member.id
)
return query
def test_approve_required_mixin(self):
# noinspection PyArgumentList
object1 = ApproveRequiredObject(
title='object 1',
)
DBSession.add(object1)
DBSession.commit()
self.assertFalse(object1.is_approved)
self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 0)
object1.is_approved = True
self.assertTrue(object1.is_approved)
DBSession.commit()
object1 = DBSession.query(ApproveRequiredObject).one()
self.assertTrue(object1.is_approved)
json = object1.to_dict()
self.assertIn('isApproved', json)
self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 1)
self.assertEqual(ApproveRequiredObject.filter_approved().count(), 1)
self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'false'))
self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'FALSE'))
self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'False'))
self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'true'))
self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'TRUE'))
self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'True'))
self.assertEqual(ApproveRequiredObject.import_value(ApproveRequiredObject.title, 'title'), 'title')
def delete(self, id):
foo = DBSession.query(Foo) \
.filter(Foo.id == id) \
.one_or_none()
if foo is None:
raise HTTPNotFound(f'Foo with id: {id} is not registered')
DBSession.delete(foo)
return foo
def insert_basedata(self): # pragma: no cover
cell1 = Cell(x=0, y=0, is_alive=True)
DBSession.add(cell1)
cell2 = Cell(x=1, y=0, is_alive=True)
DBSession.add(cell2)
cell3 = Cell(x=0, y=1, is_alive=True)
DBSession.add(cell3)
cell4 = Cell(x=1, y=1)
DBSession.add(cell4)
DBSession.commit()
def test_auto_activation(self):
# noinspection PyArgumentList
object1 = AutoActiveObject(title='object 1', )
DBSession.add(object1)
DBSession.commit()
self.assertTrue(object1.is_active)
self.assertEqual(
1,
DBSession.query(AutoActiveObject).filter(
AutoActiveObject.is_active).count())
def test_orderable_mixin(self):
for i in range(3):
# noinspection PyArgumentList
instance = OrderableCheckingModel(title='test title %s' % i,
order=i)
DBSession.add(instance)
DBSession.commit()
instances = OrderableCheckingModel.apply_default_sort().all()
self.assertEqual(instances[0].order, 0)
self.assertEqual(instances[2].order, 2)
def delete(self, listtitle, itemtitle):
me = context.identity.id
item = DBSession.query(Item) \
.filter(Item.ownerid == me) \
.filter(Item.list == listtitle) \
.filter(Item.title == itemtitle) \
.one_or_none()
if item is None:
raise HTTPNotFound()
DBSession.delete(item)
return ''.join((str(item), CR))
