def test_adduser(self):
"""添加两个用户user/guest"""
admin = User("user", "*****@*****.**", hash_sha1("password"))
admin.CREATER_ID = 0
guest = User("guest", "*****@*****.**", hash_sha1("password"))
guest.CREATER_ID = 0
with db.session.begin_nested():
db.session.add(admin)
db.session.add(guest)
db.session.commit()
u = User.query.filter_by(LOGIN="******").first()
self.assertTrue(u.LOGIN == "user")
def add_user():
title = "MyApp - Add a new user"
error = None
msg = None
if session['username']:
if request.method == 'POST':
firstname = request.form['firstname']
lastname = request.form['lastname']
email = request.form['email']
username = request.form['username']
passwd = request.form['password']
role = request.form['role']
if firstname is None or lastname is None or email is None or username is None or passwd is None or role is None:
error = 'All fields are mandatory.'
else:
passwd_hash = hash_sha1(passwd)
db = get_db()
db.add_user(username, passwd_hash, firstname, lastname, email,
role)
msg = 'User was successfully added!'
return render_template('adduser.html',
title=title,
msg=msg,
error=error)
else:
return redirect(url_for('login'))
def login():
if request.method == "POST" and "uid" in request.form and "passwd" in request.form:
uid = request.form["uid"]
passwd = request.form["passwd"]
user = db.session.query(User).filter(User.LOGIN == uid).first()
if user and hash_sha1(passwd) == user.PASSWORD:
remember = request.form.get("remember", "no") == "yes"
if login_user(user, remember=remember):
next = request.args.get("next")
#if not is_safe_url(next):
# return flask.abort(400)
return redirect(next or "/")
else:
flash("unable to log you in")
return render_template("/auth/login.html")
def login():
title = "MyApp - Login"
error = None
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
hashed_password = hash_sha1(password)
db = get_db()
stored_password = db.get_user_password(username)
if stored_password != hashed_password:
error = 'Apprend a te login !'
else:
session['username'] = username
return redirect(url_for('index'))
return render_template('login.html', title=title, error=error)
def login():
title = "MyApp - Login"
error = None
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
hashed_password = hash_sha1(password)
db = get_db()
# custom query
stored_password = db.get_user_password(username)
if stored_password != hashed_password:
error = 'Invalid Credentials. Please try again.'
else:
session['username'] = username
return redirect(url_for('index'))
return render_template('login.html', title=title, error=error)
def add_user():
title = "MyApp - Add a new user"
title2 = "MyApp - Welcome!"
error = None
msg = None
db = get_db()
username = "******" + session['username'] + "'"
role = db.query("SELECT role_id FROM user WHERE username = " + username)
if session['username']:
if role == [{'role_id': u'El\xe8ve'}]:
error = 'tu n as pas le droit d aller la'
return render_template('error.html', error=error)
else:
if request.method == 'POST':
firstname = request.form['firstname']
lastname = request.form['lastname']
email = request.form['email']
username = request.form['username']
passwd = request.form['password']
role = request.form['role']
if firstname is None or lastname is None or email is None or username is None or passwd is None or role is None:
error = 'All fields are mandatory.'
else:
try:
passwd_hash = hash_sha1(passwd)
db = get_db()
db.add_user(username, passwd_hash, firstname, lastname,
email, role)
msg = 'user was successfully added!'
except:
error = 'user already exists'
return render_template('adduser.html',
title=title,
msg=msg,
error=error)
else:
return redirect(url_for('login'))
