def add(): try: uid = int(request.headers['Uid']) data = request.json if data is None: return response_error(MESSAGE.INVALID_DATA, CODE.INVALID_DATA) response_json = [] for item in data: token = Token(symbol=item['symbol'], name=item['name'], decimal=int(item['decimal']), contract_address=item['contract_address'], created_user_id=uid) db.session.add(token) db.session.flush() task = Task(task_type=CONST.TASK_TYPE['ERC_20'], data=json.dumps(token.to_json()), action=CONST.TASK_ACTION['ADD_TOKEN'], status=-1, contract_address=g.ERC20_TOKEN_REGISTRY_SMART_CONTRACT, contract_json=g.ERC20_TOKEN_REGISTRY_JSON) db.session.add(task) db.session.flush() response_json.append(token.to_json()) db.session.commit() return response_ok(response_json) except Exception, ex: db.session.rollback() return response_error(ex.message)
def post(self): form = CreateTokenForm() tokens = Token.query.order_by(Token.id.desc()).all() if form.validate_on_submit(): try: # Generate UUID gen_uuid = str(uuid.uuid4()) # Create database entry t = Token() t.uuid = gen_uuid t.email = form.email.data or None t.active = True t.package = form.package.data db.session.add(t) db.session.commit() return redirect('/admin/tokens/') except: import traceback db.session.rollback() traceback.print_exc() return redirect('/admin/tokens/') return render_template('admin/tokens.html', form=form, tokens=tokens) return render_template('admin/tokens.html', form=form, tokens=tokens)
def create_user(): data = request.get_json() code = generate_code() if not data: return jsonify({ 'error': { 'message': 'Invalid Credentials' }, 'data': None }), 400 try: user = User(username=data['username'], email=data['email'], code=code, password_hash=data['password']) user.insert() token = Token(user_id=user.id, code=code) token.insert() except exc.IntegrityError: return jsonify({ 'error': { 'message': 'user already exists' }, 'data': None }), 400 send_mail('Email Verification', user.email, 'mail.html', code=code, username=user.username) return jsonify({'error': None, 'data': "success"}), 201
def signup(request): form = OrgSignUpForm() if request.method == 'POST': form = OrgSignUpForm(request.POST) if form.is_valid(): user = User() user.email = form.cleaned_data.get('email').lower() user.username = form.cleaned_data.get('email').lower()[:30] # TODO: fix it in #135 user.set_password(form.cleaned_data.get('password')) user.save() org = Organization(name=form.cleaned_data.get('organization_name')) org.save() _orgmem = OrganizationMember(user=user, is_owner=True, organization=org).save() token = Token(user=user, type='signup') token.save() link = request.build_absolute_uri(reverse('activate-account', args=[token.token])) send_mail('Account activation', settings.ACCOUNT_ACTIVATION_EMAIL % (org.name, link,), '*****@*****.**', [user.email, ]) # messages.add_message(request, messages.SUCCESS, # _('Please click the activation link which was sent to your email')) _user = authenticate(email=form.cleaned_data['email'], password=form.cleaned_data['password']) if _user is not None: # TODO: only sign in users which activated their account login(request, _user) messages.add_message(request, messages.SUCCESS, _('Please update your profile')) return redirect('settings') return redirect('/') return render(request, 'app/signup.html', locals())
def test_check_token(self): tk = Token.get_token(self.u1) db.session.commit() checked = Token.check(tk.token) self.assertIsNotNone(checked) checked.revoke() db.session.commit() self.assertIsNone(Token.check(tk.token))
def test_save(self) -> None: db.session.add = Mock() db.session.commit = Mock() token = Token(id=123) token.save() db.session.add.assert_called_once_with(token) db.session.commit.assert_called_once_with()
def test_new_token_is_created_if_expired(self): tk = Token.get_token(self.u1) db.session.commit() tk.revoke() db.session.commit() tk2 = Token.get_token(self.u1) self.assertNotEqual(tk.token, tk2.token) db.session.commit() tk3 = Token.get_token(self.u1) self.assertEqual(tk2.token, tk3.token)
def callback(self): """ Coinbase callback receiver. Generates token and sends the code via email to user. @return: """ # Gather information from callback response data = json.loads(request.data) order = data.get("order", None) customer = data.get("customer", None) email = customer["email"] id = order["id"] status = order["status"] custom = order["custom"] button = order["button"] button_name = button["name"] ## Generate Token and store in database gen_uuid = str(uuid.uuid4()) try: t = Token() t.uuid = gen_uuid t.email = email t.active = True t.package = custom db.session.add(t) db.session.commit() except: import traceback db.session.rollback() traceback.print_exc() ## Send email to user with unique link try: msg = Message( "Guildbit - Order Confirmation", sender=settings.DEFAULT_MAIL_SENDER, recipients=[email]) # msg.html = template msg.html = render_template("emails/payment_thankyou.html", package=button_name, uuid=gen_uuid) mail.send(msg) except: import traceback traceback.print_exc() return jsonify({ "status": "received" })
def test_find_by_jti(self, mock_query: Mock) -> None: expected = Token(id=123) filter_by = mock_query.return_value.filter_by first = filter_by.return_value.first first.return_value = expected result = Token.find_by_jti('name-xyz') filter_by.assert_called_once_with(jti='name-xyz') first.assert_called_once_with() assert result == expected
def post(self, request): organization = request.user.organization userpic = request.FILES.get('userpic') notify = json.loads(request.POST.get('notify')) is_owner = json.loads(request.POST.get('is_owner')) user_data = json.loads(request.POST.get('user')) user_id = user_data.get('id') if user_id is not None: user = User.objects.get(pk=user_id) if user not in [m.user for m in organization.members]: return json_response({'error': 'wrong_user', 'error_text': 'This user doesn\'t belong to your organization'}, status=400) else: email = user_data.get('email') try: _u = User.objects.get(email=email) return json_response({'error': 'email_taken', 'error_text': 'This email was already taken'}, status=400) except User.DoesNotExist: pass user = User() user.email = email if userpic is not None: user.userpic = userpic user.name = user_data.get('name', '') user.public_email = user_data.get('public_email', '') user.public_phone = user_data.get('public_phone', '') user.city = user_data.get('city', '') user.country = user_data.get('country', '') user.bio = user_data.get('bio', '') user.save() try: membership = OrganizationMember.objects.get(user=user, organization=organization) except OrganizationMember.DoesNotExist: membership = OrganizationMember(user=user, organization=organization) membership.is_owner = is_owner membership.save() if notify: token = Token() token.user = user token.save() link = request.build_absolute_uri(reverse('reset-password-step1', args=[token.token])) send_mail('Set password', settings.ORG_MEMBER_CREATED_EMAIL % (organization.name, link,), '*****@*****.**', [token.user.email, ]) return json_response(membership.to_dict())
def paypal_gateway(self): """ Paypal callback receiver. Generates token and sends the code via email to user. @return: """ # Gather information from callback response first_name = request.form.get("first_name", None) last_name = request.form.get("last_name", None) payer_id = request.form.get("payer_id", None) payer_email = request.form.get("payer_email", None) item_name = request.form.get("item_name", None) item_number = request.form.get("item_number", None) custom = request.form.get("custom", None) payment_gross = request.form.get("payment_gross", None) ## Generate Token and store in database gen_uuid = str(uuid.uuid4()) try: t = Token() t.uuid = gen_uuid t.email = payer_email t.active = True t.package = item_name db.session.add(t) db.session.commit() except: import traceback db.session.rollback() traceback.print_exc() ## Send email to user with unique link try: msg = Message( "Guildbit - Order Confirmation", sender=settings.DEFAULT_MAIL_SENDER, recipients=[payer_email]) msg.html = render_template("emails/payment_thankyou.html", package=item_name, uuid=gen_uuid) mail.send(msg) except: import traceback traceback.print_exc() return jsonify({ "status": "received" })
def reset_password_step0(request): form = ResetPasswordForm() if request.method == 'POST': form = ResetPasswordForm(request.POST) if form.is_valid(): token = Token() token.user = User.objects.get(email=form.cleaned_data.get('email')) token.save() link = request.build_absolute_uri(reverse('reset-password-step1', args=[token.token])) send_mail('Reset password', settings.RESET_PASSWORD_EMAIL % (link,), '*****@*****.**', [token.user.email, ]) messages.add_message(request, messages.SUCCESS, _('Please click the password reset link which was sent to your email')) return redirect('login_view') return render(request, 'app/reset-password/reset-password-step0.html', locals())
def send_otp(): data = request.get_json() token = random.randint(100001, 999999) msg = '{} is one time password. Use this within 3 minutes'.format(token) msisdn = data['msisdn'] sms = utils.send_sms(msg, msisdn) print(sms) res = { 'status': -1, 'message': "Successfully sent the OTP", 'smsResultCode': sms['statusCode'] } if sms['statusCode'] in [100, 101, 102]: m1 = Sms(message=msg, msisdn=msisdn, message_id=sms['messageId'], status=1) now = datetime.datetime.now() expiry_date = now + datetime.timedelta(minutes=3) m2 = Token(token=token, owner_id=msisdn, status=0, expiry_date=expiry_date) db.session.add(m1) db.session.add(m2) db.session.commit() res['status'] = 0 res['message'] = "Successfully sent the OTP" return jsonify(res) else: return jsonify(res)
def user(username): """ User profile page :param username: Username of the user. :return: Profile page of the user with given username. """ user = UserView(username=username, id=request.args.get('id')) action_arg = request.args.get('action') action = user.action(action=action_arg) token_db = Token() if action: if action_arg == "download": return send_file(action, as_attachment=True, attachment_filename=user.file.filename) elif action_arg == "delete": return redirect(action) return render_template('user.html', time=datetime, int=int, timeuser=user.timeuser, user=user.user, files=user.file_view, title='Profile - Synco', token=token_db)
def create_service(): service_from_request = get_json_from_request('service') validation_result, validation_errors = valid_service_submission( service_from_request) if not validation_result: return jsonify(error="Invalid JSON", error_details=validation_errors), 400 user = User.query.get(service_from_request['userId']) if not user: return jsonify(error="failed to create service - invalid user"), 400 try: token = Token(token=uuid4(), type='client') db.session.add(token) db.session.flush() service = Service(name=service_from_request['name'], created_at=datetime.utcnow(), token_id=token.id, active=True, restricted=True, limit=current_app.config['MAX_SERVICE_LIMIT']) service.users.append(user) db.session.add(service) db.session.commit() return jsonify(service=service.serialize()), 201 except IntegrityError as e: print(e.orig) db.session.rollback() abort(400, "failed to create service")
def __init__(self, username=None): """ Processes lost password form :param username: Username of the user """ self.username = username self.user = User.query.filter_by(username=username.lower()).first() or User.\ query.filter_by(email=username.lower()).first() if self.user is None: flash("No user or email found!") else: # Database updating token = Tokens() token = token.token token_db = Token(token=token, type="password", user_id=self.user.id) db = Database() db.add(token_db) # Email ip_list = [] for ip in range(len(public_ip_list)): ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('reset', token=token)) link = '\n'.join(ip_list) ip_list = [] email = Email(user=self.user) email.pass_reset(link=link) flash("Please follow the link in the recovery email!")
def get_token(self, update=False): if self.token: self.token = db.session.merge(self.token) if self.token is None or update or self.token.expires_in + self.token.timestamp <= int( time.time()) + 10: data = dict(grant_type='client_credential', appid=self.appid, secret=self.appsecret) res = requests.get('https://api.weixin.qq.com/cgi-bin/token', data).json() try: if self.token is None: token = Token(access_token=res["access_token"], expires_in=res["expires_in"], timestamp=int(time.time())) self.token = token db.session.add(token) else: # update self.token.access_token = res["access_token"] self.token.expires_in = res["expires_in"] self.token.timestamp = int(time.time()) db.session.commit() except KeyError: print(res)
def get(self, request): response_data = RESPONSE_DATA_OBJ.copy() try: _obj_list = [] for i in range(TOKEN_COUNT): _obj_list.append( Token( **{ "token": (jwt.encode( {"some": str(time.time())}, "secret", algorithm="HS256", )).decode("utf-8"), })) Token.objects.bulk_create(_obj_list) response_data.update({ "code": status.HTTP_200_OK, "message": TOKEN_GENERATE_SUCCESS_MSG }) response = Response(response_data, status=status.HTTP_200_OK) except Exception as e: print(e) response_data.update({ "code": status.HTTP_500_INTERNAL_SERVER_ERROR, "message": COMMON_SERVER_ERROR, }) response = Response(response_data, status=status.HTTP_500_INTERNAL_SERVER_ERROR) return response
def login(): json_data = json.loads(request.data) user = db.session.query(User).filter_by(email=json_data['email']).first() if user and user.password == bcrypt.hashpw( json_data.get('password').encode('utf-8'), user.password.decode().encode('utf-8')): token = Token(user.id) db.session.add(token) db.session.commit() json_data_response = jsonify({ "error": "null", "data": { 'id': user.id, 'username': json_data.get('username'), 'token': token.token }, "message": "logged" }) else: json_data_response = jsonify({ "error": "1", "data": {}, "message": 'not logged' }) return json_data_response
def create_token(): request_name = request.json.get('name') if not request_name: return {'message': 'Name not provided'}, 400 if not Token.query.filter_by(name=request_name).all(): new_dir = str(uuid.uuid4()) token = str(uuid.uuid4()) token_hash = hashlib.md5((token + SALT).encode()).hexdigest() new_token = Token(name=request_name, token_hash=token_hash, root_dir=new_dir) db.session.add(new_token) path = f'{ROOT_PATH}{new_dir}' os.makedirs(path) db.session.commit() return { 'message': 'Created', 'access_token': token, 'name': request_name }, 201 else: return {'message': 'Name is not unique'}, 409
def get_leases_by_user(token: str, res: Response, with_closed: bool = False): token_user, error, code = get_user_by_token(token) if error: res.status_code = code return error l = [ x.to_dict() for x in select( u for u in Lease if u.user_id.id == token_user.id and u.is_returned in (with_closed, False) )[:] ] res = [] for lease in l: t = Token.get(lease_id=lease["id"]) if t is None: res.status_code = status.HTTP_400_BAD_REQUEST return {"err": f"Lease without token with id {lease['id']}"} try: c = Cell[lease["cell_id"]] except RowNotFound: c = None if c is None: res.status_code = status.HTTP_400_BAD_REQUEST return {"err": f"Lease without cell with id {lease['id']}"} current = lease current["token"] = t.value current["cell_type"] = c.cell_type_id res.append(current) return res
def __init__(self, form=None): """ Processes register form :param form: Register form """ # User user = User(username=form.username.data.lower(), email=form.email.data.lower()) user.set_password(form.password.data) db = Database() db.add(user) # Token token = Tokens() token = token.token token_db = Token(token=token, type="confirmation", user_id=user.id) # Avatar avatar = Avatar(user=user) # Commits to Database db.add(token_db, avatar) # Email ip_list = [] for ip in range(len(public_ip_list)): ip_list.append('http://' + public_ip_list[ip] + ':5000' + url_for('confirmation', token=token)) link = '\n'.join(ip_list) ip_list = [] email = Email(user=user) email.confirmation(link=link) # Flash flash('A confirmation has been sent to your mail. Please verify!')
def user_approve_new_token(): """ " Add token that approved by user. It's used for ERC20 function. """ try: data = request.json if data is None or \ 'token_id' not in data: return response_error(MESSAGE.INVALID_DATA, CODE.INVALID_DATA) uid = int(request.headers['Uid']) token_id = data['token_id'] token = Token.find_token_by_id(token_id) if token is None or \ token.tid is None or \ token.status == -1: return response_error(MESSAGE.TOKEN_NOT_FOUND, CODE.TOKEN_NOT_FOUND) user = User.find_user_with_id(uid) if token not in user.tokens: user.tokens.append(token) else: return response_error(MESSAGE.TOKEN_APPROVED_ALREADY, CODE.TOKEN_APPROVED_ALREADY) db.session.commit() return response_ok(user.to_json()) except Exception, ex: db.session.rollback() return response_error(ex.message)
def get_token(): try: mail = request.json["mail"] g.token = genernate(mail) """ 在这里添加保存至数据库的函数 """ if global_config.engine == 'sqlite': try: t = Token(mail=mail,token=g.token) db.session.add(t) db.session.commit() return jsonify({"token": g.token}) except: db.session.rollback() return jsonify({"token": ''}) else: #mongo try: mongo.db.token.insert_one({"mail": mail,"token": g.token,"check": ""}) return jsonify({"token": g.token}) except: return jsonify({"token": ''}) except: return jsonify({"token": ''})
def _get_user_from_x_api_auth_token(): if "X-Api-Auth-Token" in request.headers: from app.models import Token token = Token.find_one({ "token": request.headers["X-Api-Auth-Token"] }) if token is not None and not token.expired: return token.user else: return None
def test_get_token(self): """Ensure token is present""" token = self.token_dao.insert_user_token(self.user) token_gen = token.generate_auth_token() valid_token = Token.get_auth_token(token_gen) self.assertEqual(valid_token.to_json(), token.to_json())
def prepare_db(): client1 = Client( name='dev', client_id='dev', client_secret='dev', _redirect_uris=( 'http://localhost:8000/authorized ' 'http://localhost/authorized ' 'http://127.0.0.1:8000/authorized' ), ) client2 = Client( name='confidential', client_id='confidential', client_secret='confidential', client_type='confidential', _redirect_uris=( 'http://localhost:8000/authorized ' 'http://localhost/authorized ' 'http://127.0.0.1:8000/authorized' ), ) user = User(username='******', password='******') temp_grant = Grant( user_id=1, client_id='confidential', code='12345', scope='email', expires=datetime.utcnow() + timedelta(seconds=100) ) access_token = Token( user_id=1, client_id='dev', access_token='expired', expires_in=5 ) access_token2 = Token( user_id=1, client_id='dev', access_token='expired', expires_in=1 ) try: db.session.add(client1) db.session.add(client2) db.session.add(user) db.session.add(temp_grant) db.session.add(access_token) db.session.add(access_token2) db.session.commit() except: db.session.rollback()
def post(self): form = CreateTokenForm() form.package.choices = build_packages_list() tokens = Token.query.order_by(Token.id.desc()).all() if form.validate_on_submit(): try: # Generate UUID gen_uuid = str(uuid.uuid4()) # Create database entry t = Token() t.uuid = gen_uuid t.email = form.email.data or None t.active = True t.package = form.package.data t.package_id = form.package.data db.session.add(t) db.session.commit() return redirect('/admin/tokens/') except: import traceback db.session.rollback() traceback.print_exc() return redirect('/admin/tokens/') return render_template('admin/tokens.html', form=form, tokens=tokens) return render_template('admin/tokens.html', form=form, tokens=tokens)
def test_allow_a_valid_token(notify_api, notify_db, notify_db_session): token = Token(id=123, token="token", type='admin') db.session.add(token) db.session.commit() notify_api.config['AUTH_REQUIRED'] = True response = notify_api.test_client().get( '/', headers={'Authorization': 'Bearer token'}) assert 200 == response.status_code
def _get_user_from_authorization_header(): if "Authorization" in request.headers: auth = request.headers["Authorization"].split() if len(auth) == 2 and auth[0] == "Token": from app.models import Token token = Token.find_one({"token": auth[1]}) if token is not None and not token.expired: return token.user return None
def notify_db_session(request): meta = MetaData(bind=db.engine, reflect=True) # Set up dummy org, with a service and a job org = Organisation(id=1234, name="org test") token = Token(id=1234, token="1234", type='admin') service = Service( id=1234, name="service test", created_at=datetime.utcnow(), token=token, active=True, restricted=False, limit=100 ) job = Job(id=1234, name="job test", created_at=datetime.utcnow(), service=service) notification = Notification( id=1234, to="phone-number", message="this is a message", job=job, status="created", method="sms", created_at=datetime.utcnow() ) # Setup a dummy user for tests user = User( id=1234, email_address="*****@*****.**", mobile_number="+449999234234", password=generate_password_hash('valid-password'), active=True, created_at=datetime.utcnow(), updated_at=datetime.utcnow(), password_changed_at=datetime.utcnow(), role='admin' ) service.users.append(user) db.session.add(token) db.session.add(org) db.session.add(service) db.session.add(notification) db.session.add(job) db.session.add(user) db.session.commit() def teardown(): db.session.remove() for tbl in reversed(meta.sorted_tables): db.engine.execute(tbl.delete()) request.addfinalizer(teardown)
def test_verify_token(self): """Ensure token is verified""" token = self.token_dao.insert_user_token(self.user) user = Token.verify_auth_token(token.generate_auth_token()) expected_user = self.mock_user_response expected_user['id'] = self.user.id self.assertEqual(user.to_json(), expected_user)
def test_invalid_token(self): """Ensure token is invalid""" token = self.token_dao.insert_user_token(self.user) user = Token.verify_auth_token("fake token") expected_user = self.mock_user_response expected_user['id'] = self.user.id self.assertIsNone(user)
def insert_user_token(self, user): """Insert oauthToken against a user :param user: user object :return: generated token object """ token = Token(user.id) self.db.session.add(token) self.db.session.commit() return token
def save_token(*, user_id: int, token: str) -> bool: session = db.get_session() user = session.query(User).filter(User.id == user_id).one_or_none() # If user does not exist, do not save token and return False as error if not user: return False session.add(Token(token_str=token, user=user)) session.commit() return True
def validate(self): """ Uploads the file :return: "upload.html" """ file_path = FilesPath() # Set file model attributes file = self.form.file.data filename = self.form.filename.data or file.filename repo = self.form.repo.data ext = file_path.get_ext(filename=filename.lower()) # Create dir if not file_path.isdir(): file_path.newdir() user = User.query.filter_by(username=current_user.username).first() file_db = File(filename=filename, repo=repo, uploader=user) db = Database() db.add(file_db) type = None ext_list = [Extensions.document_list, Extensions.image_list, Extensions.audio_list, Extensions.video_list] if any(ext in ext_check for ext_check in ext_list): token = Tokens(length=7) filename_save = str(file_db.id) + ext if ext in ext_list[0]: type = "document" elif ext in ext_list[1]: type = "image" elif ext in ext_list[2]: type = "audio" elif ext in ext_list[3]: type = "video" file_db.type = type token_db = Token(token=token.token, type=type, auth=user, file=file_db) db.add(file_db, token_db) else: type = "misc" filename_save = str(file_db.id) if file_db.repo == "public": file_db.path = file_path.public(filename=filename_save, type=type) db.add(file_db) file.save(file_path.public(filename=filename_save, type=type)) elif file_db.repo == "private": file_db.path = file_path.private(filename=filename_save, type=type) db.add(file_db) file.save(file_path.private(filename=filename_save, type=type)) flash('File {} uploaded successfully!'.format(file.filename)) return url_for('upload')