def set_pref_all(name, value):
"""Set a user preference for all users. This command will overwrite
the existing settings of all users and cannot be undone, so use with care.
"""
UserMetadata.delete().where(UserMetadata.key == name).execute()
if value == "1":
for user in User.select():
UserMetadata.create(uid=user.uid, key=name, value="1")
def promote_user_to_admin(client, user_info):
"""Assuming user_info is the info for the logged-in user, promote them
to admin and leave them logged in.
"""
log_out_current_user(client)
admin = User.get(fn.Lower(User.name) == user_info["username"])
UserMetadata.create(uid=admin.uid, key="admin", value="1")
log_in_user(client, user_info)
def add(username):
try:
user = User.get(fn.Lower(User.name) == username.lower())
except User.DoesNotExist:
print("Error: User does not exist")
return
UserMetadata.create(uid=user.uid, key="admin", value="1")
print("Done.")
def add(username):
try:
user = User.get(fn.Lower(User.name) == username.lower())
except User.DoesNotExist:
print("Error: User does not exist")
return
UserMetadata.create(uid=user.uid, key="admin", value="1")
UserMessageBlock.delete().where(
((UserMessageBlock.uid == user.uid) | (UserMessageBlock.target == user.uid))
).execute()
UserContentBlock.delete().where(
((UserContentBlock.uid == user.uid) | (UserContentBlock.target == user.uid))
).execute()
print("Done.")
def test_admin_totp_auth_flow(client, user_info, test_config):
register_user(client, user_info)
assert client.get(url_for("admin.auth")).status_code == 404
promote_user_to_admin(client, user_info)
rv = client.get(url_for("admin.auth"), follow_redirects=True)
assert rv.status_code == 200
assert b"TOTP setup" in rv.data
user = User.get(User.name == user_info["username"])
user_secret = UserMetadata.get((UserMetadata.uid == user.uid)
& (UserMetadata.key == "totp_secret"))
totp = pyotp.TOTP(user_secret.value)
data = {"csrf_token": csrf_token(rv.data), "totp": totp.now()}
rv = client.post(url_for("admin.auth"), data=data, follow_redirects=False)
assert rv.status_code == 302
assert rv.location == url_for("admin.index")
# Try again with bad token
data["totp"] = "1"
rv = client.post(url_for("admin.auth"), data=data, follow_redirects=False)
assert rv.status_code == 200
assert b"Invalid or expired token." in rv.data
# Check if we're actually logged in.
assert client.get(url_for("admin.index")).status_code == 200
# Get QR code after we already set up TOTP
assert client.get(url_for("admin.get_totp_image")).status_code == 403
# Try logging out.
client.post(url_for("admin.logout"), data=data)
assert client.get(url_for("admin.index"),
follow_redirects=False).status_code == 302
def remove(username):
try:
user = User.get(fn.Lower(User.name) == username.lower())
except User.DoesNotExist:
return print("Error: User does not exist.")
try:
umeta = UserMetadata.get((UserMetadata.uid == user.uid)
& (UserMetadata.key == 'admin'))
umeta.delete_instance()
print("Done.")
except UserMetadata.DoesNotExist:
print("Error: User is not an administrator.")
def set_nsfw_hidden_to_blur():
"""Change the NSFW preference of all users who have show NSFW content off
to "Blur until clicked". This command will overwrite users' existing
settings and cannot be undone, so use with care."""
for user in (User.select().join(
UserMetadata,
JOIN.LEFT_OUTER).where((UserMetadata.key == "nsfw")
& (UserMetadata.value.is_null()
| (UserMetadata.value == "0")))):
UserMetadata.delete().where(
(UserMetadata.uid == user.uid)
& ((UserMetadata.key == "nsfw")
| (UserMetadata.key == "nsfw_blur"))).execute()
UserMetadata.create(uid=user.uid, key="nsfw", value="1")
UserMetadata.create(uid=user.uid, key="nsfw_blur", value="1")
addremove = parser.add_mutually_exclusive_group(required=True)
addremove.add_argument('--add', metavar='USERNAME', help='Make a user administrator')
addremove.add_argument('--remove', metavar='USERNAME', help='Remove admin privileges')
addremove.add_argument('-l', '--list', action='store_true', help='List administrators')
args = parser.parse_args()
with app.app_context():
if args.add:
try:
user = User.get(fn.Lower(User.name) == args.add.lower())
except User.DoesNotExist:
print("Error: User does not exist")
sys.exit(1)
UserMetadata.create(uid=user.uid, key='admin', value='1')
print("Done.")
elif args.remove:
try:
user = User.get(fn.Lower(User.name) == args.remove.lower())
except User.DoesNotExist:
print("Error: User does not exist.")
sys.exit(1)
try:
umeta = UserMetadata.get((UserMetadata.uid == user.uid) & (UserMetadata.key == 'admin'))
umeta.delete_instance()
print("Done.")
except UserMetadata.DoesNotExist:
print("Error: User is not an administrator.")
elif args.list:
"hitler": {"nick": "hitler", "name": "Literally Hitler", "alt": "", "icon": "evil.svg", "score": 100},
"miner": {"nick": "miner", "name": "Grinder", "alt": _l("Mined a lot of Phuks"), "icon": "shovel.svg", "score": 300},
"spotlight": {"nick": "spotlight", "name": "Spotlight", "alt": _l("Top post of the day"), "icon": "bubbles.svg", "score": 200},
"commando": {"nick": "commando", "name": "Keyboard commando", "alt": _l("Make a good post every day for a week"), "icon": "coffee.svg", "score": 300},
"enthusiasm": {"nick": "enthusiasm", "name": "Enthusiasm", "alt": _l("Too hyped to wait!"), "icon": "account-switch.svg", "score": -100},
"broccoli": {"nick": "broccoli", "name": "Broccoli supporter", "alt": _l("Once proud men, the Broccoli People now must remain in hiding after early on the Vegetable Wars against the Cabbages."), "icon": "broccoli.svg", "score": 100},
"cabbage": {"nick": "cabbage", "name": "Cabbage supporter", "alt": _l("The Cabbage People are now the dominant force in the Vegetable Wars, being in the road to become an hegemon after defeating the Broccolis."), "icon": "cabbage.svg", "score": 100},
"shitposter2018": {"nick": "2018shit", "name": "Shitposter of the year", "alt": _l("Winner of the shitposter of the year 2018 contest"), "icon": "shitposter18.svg", "score": 250}
}
for bg in badges:
badges[bg]['icon'] = open('./app/static/svg/' + badges[bg]['icon'])
app = create_app()
with app.app_context():
with app.request_context({'wsgi.url_scheme': "", 'SERVER_PORT': "", 'SERVER_NAME': "", 'REQUEST_METHOD': ""}):
for badge in badges.values():
ufile = badge['icon']
mtype = 'image/svg+xml'
basename = str(uuid.uuid5(storage.FILE_NAMESPACE, badge['nick'] + ".svg"))
f_name = storage.store_file(ufile, basename, mtype, remove_metadata=True)
b = Badge.create(name=badge['name'], alt=badge['alt'], icon=f_name, score=badge['score'], rank=100)
UserMetadata.update(value=b.bid).where((UserMetadata.key == 'badge') & (UserMetadata.value == badge['nick'])).execute()