def seed_db():
db.session.add(
Admin(first_name="John",
last_name="Smith",
email='*****@*****.**',
username='******',
password=encrypt_credentials('apples'),
role='admin',
recovery_link=None,
last_logged_in=None))
db.session.add(
Admin(first_name="Jane",
last_name="Doe",
email='*****@*****.**',
username='******',
password=encrypt_credentials('apples'),
role='curator',
recovery_link=None,
last_logged_in=None))
db.session.add(
Admin(first_name="Bruce",
last_name="Wayne",
email='*****@*****.**',
username='******',
password=encrypt_credentials('batman'),
role='manager',
recovery_link=None,
last_logged_in=None))
db.session.add_all(seed)
db.session.commit()
def handle_recovery(recovery_link):
found_user = Admin.query.filter_by(recovery_link=recovery_link).first()
if request.method == 'GET' and found_user is not None:
return render_template('recovery.html', title="Account Recovery", url=f"/admin/users/recovery/{recovery_link}")
elif request.method == 'POST' and found_user is not None:
data = request.form
found_user.password = encrypt_credentials(data["password"])
found_user.recovery_link = None
db.session.add(found_user)
db.session.commit()
return redirect(url_for('auth.login', message=json.dumps({"message": "Password updated!"})))
else:
return redirect(url_for('auth.login', message=json.dumps({"message": "Double-check your credentials and try again."})))
def change_settings():
if 'username' not in session:
return redirect(url_for('auth.login'))
current_user = Admin.query.filter_by(username=session['username']).first()
updates = request.get_json()
current_user.first_name = updates["first_name"] if updates[
"first_name"] != '' else current_user.first_name
current_user.last_name = updates[
"last_name"] if updates['last_name'] != '' else current_user.last_name
current_user.password = encrypt_credentials(
updates["password"]
) if updates['password'] != '' else current_user.password
new_username = None
if "first_name" in updates and updates["first_name"] != '':
new_username = updates["first_name"][0].lower()
else:
new_username = current_user.username[0]
if "last_name" in updates and updates['last_name'] != '':
new_username = new_username + updates["last_name"].lower()
else:
new_username = new_username + current_user.username[1:]
# current_user.role = updates["role"] if updates['role'] != '' else current_user.role
current_user.username = new_username
db.session.add(current_user)
db.session.commit()
session['username'] = current_user.username
updated_user = {
"first_name": current_user.first_name,
"last_name": current_user.last_name,
"username": current_user.username,
"role": current_user.role,
}
return json.dumps(updated_user)
def create_user():
if 'username' not in session:
return redirect(url_for('auth.login'))
if session["role"] != 'admin':
return json.dumps({"message": "Unauthorized"})
data = request.get_json()
temp_password = uuid.uuid4().hex
new_user = Admin(
first_name=data["first_name"],
last_name=data["last_name"],
email=data["email"],
recovery_link=None,
username=f"{data['first_name'][0].lower()}{data['last_name'].lower()}",
password=encrypt_credentials(temp_password),
role=data["role"],
last_logged_in=None)
db.session.add(new_user)
db.session.commit()
port = os.environ["EMAIL_PORT"]
smtp_server = os.environ["EMAIL_SERVER"]
sender = os.environ["EMAIL_SENDER"]
receiver = os.environ["EMAIL_RECEIVER"]
password = os.environ["EMAIL_PASSWORD"]
message = MIMEMultipart("alternative")
receiver = new_user.email
message["Subject"] = "Managem Portal Credentials"
message["From"] = sender
message["To"] = receiver
text = f'Hi {data["first_name"]},\n\n \
An admin in charge of the managem portal for mimspainting.com has created an account for you.\n\n\
Here are your login credentials:\n\n\
Your name: {new_user.first_name} {new_user.last_name}\n\
Username: {new_user.username}\n\
Password: {temp_password}\n\n\
Visit mfpfinishes.com/admin to login for the first time. Once you log in, you may change your password\
to one of your choosing.\n\n\
Best regards,\n \
Mims Family Painting'
html = """\
<html>
<head>
</head>
<body
style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif;
border: 20px solid black;
box-sizing: border-box;
max-width: 680px;
margin: 0 auto;
color: black;
">
<div style="padding: 2.5rem; background: #faf8f4; box-sizing: border-box;">
<img
style="
width: 80%;
background: rgba(141, 141, 141, 0.5);
border: black solid 4px;
margin: 0 auto 2rem auto;
display: block;
box-sizing: border-box;
padding: 8px;
"
src="cid:image1"
alt="Mims Family Painting"
/>
<p style="margin: 0 0 1.25rem 0;">Hi {name},</p>
<p style="margin: 0 0 1.25rem 0;">An admin in charge of the managem portal for mimspainting.com has created an account for you.
</p>
<p style="margin: 0 0 1.25rem 0;">Here are your login credentials:</p>
<p style="margin: 0 0 1.25rem 0;">Your name: {first_name} {last_name}<br/>Username: {username}<br/>\
Password: {password}</p>
<p style="margin: 0 0 1.25rem 0;">Visit <a href="mfpfinishes.com/admin">mfpfinishes.com/admin</a> to login for the first time. Once you log in, you may change your password\
to one of your choosing.</p>
<p style="margin: 0 0 1.25rem 0;">Best regards,</p>
<p style="margin: 0;">Mims Family Painting</p>
</div>
</body>
</html>
""".format(name=new_user.first_name,
first_name=new_user.first_name,
last_name=new_user.last_name,
username=new_user.username,
password=temp_password)
context = ssl.create_default_context()
fp = open(os.getcwd() + '/client/public/assets/img/NEWNEWLOGO.png', 'rb')
msgImage = MIMEImage(fp.read())
fp.close()
msgImage.add_header('Content-ID', '<image1>')
part1 = MIMEText(text, "plain")
part2 = MIMEText(html, "html")
message.attach(part1)
message.attach(part2)
message.attach(msgImage)
with smtplib.SMTP_SSL(smtp_server, port, context=context) as responder:
responder.login(sender, password)
responder.sendmail(sender, receiver, message.as_string())
responder.close()
return fetch_users()
def register_recovery():
data = request.get_json()
found_user = Admin.query.filter_by(email=data["email"]).filter_by(
first_name=data["first_name"]).filter_by(
last_name=data["last_name"]).filter_by(
username=data["username"]).first()
if found_user is not None:
found_user.recovery_link = encrypt_credentials(data["email"])
db.session.add(found_user)
db.session.commit()
href_link = f"http://0.0.0.0:4001/admin/users/recovery/{found_user.recovery_link}"
port = os.environ["EMAIL_PORT"]
smtp_server = os.environ["EMAIL_SERVER"]
sender = os.environ["EMAIL_SENDER"]
receiver = os.environ["EMAIL_RECEIVER"]
password = os.environ["EMAIL_PASSWORD"]
message = MIMEMultipart("alternative")
receiver = data["email"]
message["Subject"] = "Recover Managem Account"
message["From"] = sender
message["To"] = receiver
text = f'Hi {data["first_name"]},\n\n \
Visit the link below to reset your login credentials for the Managem portal associated with mimspainting.com:\n\n \
{href_link}\n\n\
Best regards,\n \
Mims Family Painting'
html = """\
<html>
<head>
</head>
<body
style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen-Sans, Ubuntu, Cantarell, 'Helvetica Neue', sans-serif;
border: 20px solid black;
box-sizing: border-box;
max-width: 680px;
margin: 0 auto;
color: black;
">
<div style="padding: 2.5rem; background: #faf8f4; box-sizing: border-box;">
<img
style="
width: 80%;
background: rgba(141, 141, 141, 0.5);
border: black solid 4px;
margin: 0 auto 2rem auto;
display: block;
box-sizing: border-box;
padding: 8px;
"
src="cid:image1"
alt="Mims Family Painting"
/>
<p style="margin: 0 0 1.25rem 0;">Hi {name},</p>
<p style="margin: 0 0 1.25rem 0;">Visit the link below to reset your login credentials for the Managem portal associated with mimspainting.com:
</p>
<p style="margin: 0 0 1.25rem 0;"><a href="{href_link}">Recover account</a></p>
<p style="margin: 0 0 1.25rem 0;">Best regards,</p>
<p style="margin: 0;">Mims Family Painting</p>
</div>
</body>
</html>
""".format(name=data["first_name"], href_link=href_link)
context = ssl.create_default_context()
fp = open(os.getcwd() + '/client/public/assets/img/NEWNEWLOGO.png',
'rb')
msgImage = MIMEImage(fp.read())
fp.close()
msgImage.add_header('Content-ID', '<image1>')
part1 = MIMEText(text, "plain")
part2 = MIMEText(html, "html")
message.attach(part1)
message.attach(part2)
message.attach(msgImage)
with smtplib.SMTP_SSL(smtp_server, port, context=context) as responder:
responder.login(sender, password)
responder.sendmail(sender, receiver, message.as_string())
responder.close()
return json.dumps({
"message":
"A recovery link has been sent to your email. Open it and click the link to recover your account."
})
else:
return json.dumps(
{"message": "Double-check your credentials and try again."})