def checkUser(cls):
if request.method == "POST":
email = request.form['emailaddress'].upper()
password = request.form['password']
conn = DataBaseManager.database_connection()
cur = conn.cursor()
try:
query = "SELECT * FROM users WHERE email=%s"
cur.execute(query, (email, ))
row = cur.fetchone()
if row:
if (sha256_crypt.verify(password, row[3])):
user = User(*row)
if user.roleid == "002":
session['userdatalist'] = user.getData()
return redirect(url_for('loadAssociateHome'))
if user.roleid == "003":
session['userdatalist'] = user.getData()
return redirect(url_for('loadAdminHome'))
if user.roleid == "001":
session['userdatalist'] = user.getData()
return redirect(url_for('loadManagerHome'))
else:
return render_template(
'login.html', message="Wrong email or password")
else:
return render_template('login.html',
message="Wrong email or password")
finally:
conn.close()
else:
return render_template('login.html')
def signin():
if request.method == "GET":
return render_template('signin.html')
elif request.method == "POST":
form = request.form
name = form['name']
email = form['email']
username = form['username']
password = form['password']
new_user = User(name=name,
email=email,
username=username,
password=password)
new_user.save()
return redirect(url_for('index'))
def post(self):
username = request.form.get('username')
email = request.form.get('email')
password = request.form.get('password')
existing_user = User.query.filter_by(email=email).first()
if not username or not email or not password:
flash("Tüm alanları doldurun!", "signup")
elif existing_user:
flash("Geçersiz email adresi!", "signup")
else:
user = User(username=username, email=email, password=password)
user.save()
login_user(user)
return redirect('/home')
return redirect('/')
def post(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not update another user's certificate."
}, 400
data = self.parser.parse_args()
if not data['csr']:
return {'message': "No certificate Signing Request in Body."}, 400
cert = CertModel.create(data['csr'], User.find_by_name(username).id)
if not cert:
return {
'message':
"Signature in CSR could not be verified or invalid CSR data!"
}, 400
cert.save_to_db()
return cert.json()
def get(self):
user = User.get_by_id(id=get_jwt_identity())
data = {
'id': user.id,
'username': user.username
'email': user.email,
}
def index():
return render_template('index.html')
if "loggedin" in session:
if request.method == "GET":
users = User.objects()
return redirect(url_for("service_page"))
else:
return redirect(url_for("login"))
def registerAdmin(username: str, password: str):
"""Registers a new admin, if the username isn't yet taken
Parameters
----------
name : username
The user login
name : password
The password set for that user
Raises
----------
ExistingUserException
If an already existing username is passed as the first argument.
"""
if (userExists(username)):
raise exceptions.ExistingUserException(
"{0} already exists in the database".format(username))
else:
newUser = User(username, password, True)
jsonUser = newUser.toJSON()
usersCollection.insert_one(jsonUser)
##link = Link (["Grumbarg"], "<0> es <1> del ejército de <2>", ["general", "Rahash"], "Grumbarg el grande", 1)
##addLink(link)
##newLink = getLink(link.getName())
##print(newLink.getFullText())
##print (existsLink("holaa"))
##print (getLinkByLinks("pájaro").getName())
##print (getLinksByField("alias", "hola"))
##for i in getLinksContainingWord("alias", "guerra"):
## print (i)
##print (getLink("Ruiseñor escarlata").getFormattedText())
##print (getLink("Ruiseñor escarlata").getFullText())
##print (getLinkByField("alias", "Muertos"))
##for link in getLinksByField("_id", "5fd2bcf54e318fc347906f78"):
# print (link)
# link = getLink("Mijail")
# print (link.id)
# link.alias.append("Mikhail")
# updateLinkById(link.id, link)
#print (userExists("joaquinollo"))
#registerUser("joaco", "esdla03")
def get(self, username):
user = User.find_by_name(username)
if not user:
return {
'message': "Username '{}' does not exist.".format(username)
}, 404
cert = CertModel.get_by_user(user=user)
if not cert:
return {'message': "No valid certificate for this user."}, 404
return cert.json()
def authenticateUser(username: str, password: str) -> bool:
"""Returns a bool value indicating whether the provided username and password match to a user registered, or not.
Parameters
----------
name : username
The user login
name : password
The password set for that user
"""
authenticated = False
query = {"username": username}
entity = usersCollection.find_one(query)
if (entity):
newUser = User(entity["username"], entity["password"], entity["admin"],
True)
authenticated = newUser.verify_password(password)
return authenticated
def get(self, username):
user = User.find_by_name(username)
if not user:
return {
'message': "Username '{}' does not exist.".format(username)
}, 404
# revocation list is always freshly created, when requested by client
certs = CertModel.get_all_invalid_by_user(user=user)
if not certs:
return {'message': "No revoked certificate for this user."}, 404
certs = list(certs)
return RevList(username, certs).json()
def post(self):
json_data = request.get_json()
username = json_data.get('username')
email = json_data.get('email')
non_hash_password = json_data.get('password')
if User.get_by_username(username):
return {'message': 'username already'}, HTTPStatus.BAD_REQUEST
if User.get_by_email(email):
return {'message': 'email already exists'}, HTTPStatus.BAD_REQUEST
password = hash_password(non_hash_password)
user = User(username=username, email=email, password=password)
user.save()
data = {
'id': user.id,
'username': user.username,
'email': user.email
}
return data, HTTPStatus.CREATED
def delete(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not access another user's notifications."
}, 400
data = self.parser.parse_args()
if not data['data']:
NotifModel.delete(user_id=session["user_id"])
else:
NotifModel.delete(user_id=session["user_id"], data=data['data'])
return {
'message': "Deleted notifications for user {}".format(username)
}
def post(self):
json_data = request.get_json()
email = json - data.get('email')
password = json_data.get('password')
user = User.get_by_email(email=email)
if not user or not check_password(password, user.password):
return {
'message': 'email or password is incorrect'
}, HTTPStatus.UNAUTHORIZED
access_token = create_access_token(identity=user.id)
return {'access_token': access_token}, HTTPStatus.OK
def login():
if request.method == "GET":
return render_template('login.html')
elif request.method == "POST":
form = request.form
username = form['username']
password = form['password']
all_user = User.objects()
if username == "username" and password == "password":
session['loggedin'] = True
return redirect(url_for('service_page'))
else:
return "Wrong"
def validate_request(self, initiator, replier, step, method):
if initiator == replier:
return {'message': "You may not use SMP to verify your own certificate."}, 400
if not step in self.steps:
return {'message': "Resource '{}' does not exist.".format(step)}, 404
init = User.find_by_name(initiator)
rep = User.find_by_name(replier)
if not init:
return {'message': "Username '{}' does not exist.".format(initiator)}, 404
if not rep:
return {'message': "Username '{}' does not exist.".format(replier)}, 404
username = User.get_username_by_id(session["user_id"])
if not username in [initiator, replier]:
return {'message': "You may not access other users' SMP data."}, 400
if username == initiator and step not in ['question', 'step2', 'step4'] and not method == 'get':
return {'message': "You may not access someone else's SMP data."}, 400
if username == replier and step not in ['step1', 'step3'] and not method == 'get':
return {'message': "You may not access someone else's SMP data."}, 400
if not init.active:
return {'message': "User '{}' is not logged in.".format(initiator)}, 404
if not rep.active:
return {'message': "User '{}' is not logged in.".format(replier)}, 404
return True, init, rep
def registerUser(username: str, password: str):
"""Registers a new user, if the username isn't yet taken
Parameters
----------
name : username
The user login
name : password
The password set for that user
Raises
----------
ExistingUserException
If an already existing username is passed as the first argument.
"""
if (userExists(username)):
raise exceptions.ExistingUserException(
"{0} already exists in the database".format(username))
else:
newUser = User(username, password)
jsonUser = newUser.toJSON()
usersCollection.insert_one(jsonUser)
def checkUserRegister ( cls, email ):
conn = DataBaseManager.database_connection()
cur = conn.cursor()
try:
email = email.upper()
query = "SELECT * FROM users WHERE email=%s"
cur.execute ( query, (email,) )
row = cur.fetchone()
if row:
return User ( *row )
else:
return None
finally:
conn.close()
def get(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not access another user's notifications."
}, 400
notif = NotifModel.get_all_by_user(session["user_id"])
if not notif or len(notif) < 1:
return {'message': "No notifications for this user."}, 404
result = {'username': username}
i = 0
for n in notif:
result.update(n.json(i))
i += 1
return result
def delete(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {
'message': "You may not delete another user's certificate."
}, 400
data = self.parser.parse_args()
certs = list(
CertModel.get_all_valid_by_user(user=User.find_by_name(username)))
if len(certs) < 1:
return {'message': "No valid certificate for user found."}, 404
if data['cert_serial']:
certs = list(
filter(lambda x: x.serial_number() == data['cert_serial'],
certs))
if len(certs) < 1:
return {
'message': "No valid certificate with the given id found."
}, 404
#revoke all of the user's certificates
certs = list(map(lambda x: x.revoke(), certs))
#returns the revocation list, which only includes the certificates revoked by this request
#previously revoked certificates are not includede in the returned list!
return RevocationList(username, certs).json()
def post(self):
data = Register.parser.parse_args()
if User.find_by_username(data.username):
return ResponseHandler.error('user exists', 400)
user = User(**data)
user.save()
if user.id:
return ResponseHandler.success('User Added', 200, data=user.json())
return ResponseHandler.error('user not added', 400)
def registerUser(self, userID, password):
for user in USERS_COLLECTION.find():
if user["userID"] == userID:
return "Username already exists, try another."
new_user = User()
new_user.setUserID(userID)
new_user.setPassword(password)
cur_user = {"userID": new_user.getUserID(),
"password": new_user.getHashedPassword(),
"loggedIn": False
}
USERS_COLLECTION.insert(cur_user)
return "User %s registered" % userID
def login():
conn = db_connection()
cursor = conn.cursor()
user = None
if request.method == 'POST':
data = request.get_json()
pseudo = data['pseudo']
password = data['password']
sql = """SELECT id, pseudo, mail, password FROM user WHERE pseudo =? and password =?"""
cursor.execute(sql, (pseudo, password))
row = cursor.fetchone()
if row is not None:
user = User(row[0], row[1], row[2], row[3])
token = JwtService().create(user)
return token, 200
cursor.close()
conn.close()
return "Can't authenticate", 401
def get(self, username):
if not username == User.get_username_by_id(session["user_id"]):
return {'message': "You may not access another user's data."}, 400
owner = {}
d = Data.get_all_by_user(user_id=session["user_id"])
if d:
for item in d:
owner.update(
{str(item.id): "/data/{}/{}".format(username, item.name)})
shared = {}
d = Data_Access.get(user_id=session["user_id"])
if d:
for item in d:
shared.update({
str(item.data.id):
"/data/{}/{}".format(item.data.user.username,
item.data.name)
})
return {'owner': owner, 'shared': shared}
def get(self, username):
user = User.get_by_username(username=username)
if user is None:
return {'message': 'user not found'}, HTTPStatus.NOT_FOUND
current_user = get_jwt_identity()
if current_user == user.id:
data = {
'id': user.id,
'username': user.username,
'email': user.email,
}
else:
data = {
'id': user.id,
'username': user.username
}
return data, HTTPStatus.OK
def getUserInfo(self):
try:
tables = self.getPdfTables(True, False)
except PdfReadError as error:
print(str(error) + ", Please check your password!")
return None # if password is incorrect function will return None
userInfo = list() # list of tables object
userInfoStr = list() # list of strings in tables objects
userInfo = tables[0].df[0]
for info in userInfo:
if info == "":
continue
else:
userInfoStr.append(str(info).replace(";", ""))
Len = userInfoStr.__len__() # length of userInfoStr
# Email
email = re.search("\w+@+\w+\.+\w+", userInfoStr[0])
# print(email.group(0))
# Name
name = re.search("[a-zA-Z\s]+", userInfoStr[1])
# print(name.group(0))
# address
address = ""
for i in range(2, Len - 1):
address = "".join([address, userInfoStr[i], " "])
# print(address)
# phone
if re.search("\+", userInfoStr[Len - 1]):
phone = re.search("\+\d{12}", userInfoStr[Len - 1])
else:
phone = re.search("\d{10}", userInfoStr[Len - 1])
# print(phone.group(0))
user = User(name.group(0), "", email.group(0), phone.group(0), address)
self.user = user
def post(cls):
data = cls.parser.parse_args()
# no duplicate users with user names
if User.find_by_username(data["username"]):
return {
"message": "A user with that username already exists..."
}, 400
connection = sqlite3.connect(db_name)
cursor = connection.cursor()
insert_query = "INSERT INTO Users VALUES (NULL, ?, ?)"
cursor.execute(insert_query, (data["username"], data["password"]))
connection.commit()
connection.close()
return {
"message": "User Created Succesfully"
}, 201 # create response Code
if not 200 < response.status_code < 300:
response.raise_for_status()
data = json.loads(response.text)
return data
def example_get_chat_messages(user):
response = get_user_chat_id(user.email)
data = json.loads(response.text)
chat_id = data['Id']
response = get_chat_messages(user.id, chat_id, size=10)
if not 200 < response.status_code < 300:
response.raise_for_status()
data = json.loads(response.text)
return data
user_email = '*****@*****.**'
print(example_get_user_by_email(user_email))
user = User(example_get_user_by_email(user_email))
group_id = example_get_groups_of_user(user)
group = Group(example_get_group(user.id, group_id))
print(group)
result = example_send_push_notification(user)
print result
#result = example_post_new_card_with_impersonation(user, user.id)
#print(result)
def usersignout():
return User().signout()
def get(self,id):
user = User.find_user(id)
User.delete(user)
print("Kullanici silindi")
return redirect(url_for("routes.admin_users"))
def usersignup():
return User().signup()
def userlogin():
return User().login()