def homepage():
if (basic_auth.username() == current_app.config['VERIFY_TOKEN_USERNAME'] or
basic_auth.username() == current_app.config['ISSUE_TOKEN_USERNAME']
or basic_auth.username()
== current_app.config['EMAIL_USER_USERNAME']):
return make_response('', 403)
elif basic_auth.username() == current_app.config['ADMIN_PORTAL_USERNAME']:
return redirect('/admin/', 301)
elif basic_auth.username() == current_app.config['EMAIL_ADMIN_USERNAME']:
return redirect('/email/', 301)
else:
return render_template('query.html')
def decode_user():
if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']:
abort(403)
action = request.form['action']
username = request.form['username']
user = DecodeUser.query.filter_by(username=username).first()
if action == 'delete':
if user:
db.session.delete(user)
db.session.commit()
return make_response('User ' + username + ' has been deleted.')
else:
return make_response(
'The username you want to delete does not exist.')
elif action == 'update':
if request.form['pwd'] != request.form['pwd_confirm']:
return make_response('Two passwords do not match. Try again.')
if request.form['pwd'] != ''.join(request.form['pwd'].split()):
return make_response(
'The password should not contain any whitespace characters.')
password_hash = pbkdf2_sha256.hash(request.form['pwd'])
if user:
user.password_hash = password_hash
else:
user = DecodeUser(username=username, password_hash=password_hash)
db.session.add(user)
db.session.commit()
return make_response('User ' + username +
' has been added or updated successfully.')
def clearall():
if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']:
abort(403)
Token.query.delete()
User.query.delete()
db.session.commit()
return make_response('All token and user records have been deleted.')
def result():
if (basic_auth.username() == current_app.config['VERIFY_TOKEN_USERNAME'] or
basic_auth.username() == current_app.config['ISSUE_TOKEN_USERNAME']
or basic_auth.username()
== current_app.config['EMAIL_USER_USERNAME']):
return abort(403)
encoded_ids = request.form['Encoded_ID_List'].strip().split('\n')
results = ''
for i, x in enumerate(encoded_ids):
x = x.strip()
results += ('\t<tr>\n\t\t<td>' + str(i + 1).zfill(3) +
'</td>\n\t\t<td class="second">')
user = User.query.filter_by(user_id=x).first()
y = 'Not Found' if user is None else user.real_id
results += (x + '</td>\n\t\t<td>' + y + '</td>\n\t</tr>\n')
return render_template('results.html', results=results)
def email_alert():
if basic_auth.username() != current_app.config['EMAIL_USER_USERNAME']:
return make_response(jsonify({'error': 'Forbidden'}), 403)
try:
supervisor_report, configs, messages = load_request_and_config()
except BadRequest:
return make_response(jsonify({'error': 'Invalid json data'}), 400)
except AttributeError:
return make_response(jsonify({'error': 'No admin config available'}), 500)
except KeyError as e:
return make_response(jsonify({'error': 'Failed to retrieve required key: ' + str(e)}), 400)
except ValueError as e:
return make_response(jsonify({'error': str(e)}), 400)
try:
invalid_ids = {} if messages['ignore_invalid_ids'] else None
decode_ids(messages, invalid_ids)
except ValueError as e:
return make_response(jsonify({'error': str(e)}), 400)
except SQLAlchemyError:
return make_response(jsonify({'error': 'Internal Database Error'}), 500)
try:
send_email(configs, messages, supervisor_report)
except (ConnectionRefusedError, smtplib.SMTPConnectError):
return make_response(jsonify({'error': 'Cannot access the mail server ' + configs['smtp_host']}), 500)
except smtplib.SMTPAuthenticationError:
return make_response(jsonify({'error': 'Mail server authentication failed'}), 400)
except smtplib.SMTPException as e:
return make_response(jsonify({'error': 'Cannot send emails because a SMTP excetion was rasied: ' + str(e)}), 500)
response = invalid_ids if invalid_ids else {}
response['status'] = 'Success'
return make_response(jsonify(response), 200)
def settings():
if basic_auth.username() != current_app.config['EMAIL_ADMIN_USERNAME']:
abort(403)
settings = EmailSettings.query.first()
settings.smtp_host = request.form['smtp_host']
settings.smtp_port = request.form['smtp_port']
settings.use_ssl = True if request.form['use_ssl'] == 'true' else False
settings.sender_address = request.form['sender_address']
settings.test_receiver = request.form['test_receiver']
settings.email_address_regex = request.form['email_address_regex']
settings.supervisor_address = request.form['supervisor_address']
db.session.commit()
return make_response('All settings have been updated successfully.')
def upload_csv():
if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']:
abort(403)
if 'file' not in request.files or request.files['file'].filename == '':
return make_response('No file uploaded')
data = request.files['file']
if not data.filename.lower().endswith('.csv'):
return make_response('Not a CSV file')
rows = data.stream.read().decode("utf-8").split('\n')
for row in rows:
row = ''.join(row.split())
if row:
modify_user(*row.split(','))
return make_response('All records have been added or updated.')
def verify_token(user_id):
if basic_auth.username() != current_app.config['VERIFY_TOKEN_USERNAME']:
return make_response(jsonify({'error': 'Forbidden'}), 403)
try:
token = Token.query.get(user_id)
if token is None or token.token != request.args.get(
'token') or token.expiration <= dt.datetime.now():
response = make_response(jsonify({'status': 'Invalid'}), 400)
else:
response = make_response(jsonify({'status': 'Success'}), 200)
except SQLAlchemyError:
response = make_response(jsonify({'status': 'Database error'}), 500)
response.headers['Cache-Control'] = 'no-cache, no-store, must-revalidate'
return response
def change_password():
if basic_auth.username() != current_app.config['EMAIL_ADMIN_USERNAME']:
abort(403)
username = request.form['username']
if username not in [current_app.config['EMAIL_ADMIN_USERNAME'], current_app.config['EMAIL_USER_USERNAME']]:
abort(400)
if request.form['pwd'] != request.form['pwd_confirm']:
return make_response('Two passwords do not match. Try again.')
if request.form['pwd'] != ''.join(request.form['pwd'].split()):
return make_response('The password should not contain any whitespace characters.')
password_hash = pbkdf2_sha256.hash(request.form['pwd'])
admin = Admin.query.filter_by(username=username).first()
admin.password_hash = password_hash
db.session.commit()
return make_response('The password of ' + username + ' has been changed successfully.')
def issue_token(real_id):
if basic_auth.username() != current_app.config['ISSUE_TOKEN_USERNAME']:
return make_response(jsonify({'error': 'Forbidden'}), 403)
try:
user = User.query.get(real_id)
if user is None:
return make_response(jsonify({'error': 'User not found'}), 400)
user_id = user.user_id
return make_response(
jsonify({
'user_id': user_id,
'token': generate_token(user_id)
}), 200)
except SQLAlchemyError:
return make_response(jsonify({'error': 'Database error'}), 500)
def dashboard():
if basic_auth.username() != current_app.config['EMAIL_ADMIN_USERNAME']:
abort(403)
templates = {}
templates['email_admin_username'] = current_app.config['EMAIL_ADMIN_USERNAME']
templates['email_user_username'] = current_app.config['EMAIL_USER_USERNAME']
settings = EmailSettings.query.first()
templates['smtp_host'] = settings.smtp_host
templates['smtp_port'] = settings.smtp_port
templates['use_ssl_true'] = 'checked' if settings.use_ssl else ''
templates['use_ssl_false'] = '' if settings.use_ssl else 'checked'
templates['sender_address'] = settings.sender_address
templates['test_receiver'] = settings.test_receiver
templates['email_address_regex'] = settings.email_address_regex
templates['supervisor_address'] = settings.supervisor_address
return render_template('/email/email_index.html', **templates)
def entry():
if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']:
abort(403)
action = request.form['action']
real_id = request.form['real_id']
if action == 'delete':
record = User.query.filter_by(real_id=real_id).first()
if record:
token_record = Token.query.filter_by(
user_id=record.user_id).first()
if token_record:
db.session.delete(token_record)
db.session.delete(record)
db.session.commit()
return make_response('Record ' + real_id + ' has been deleted.')
else:
return make_response('Record ' + real_id + ' does not exist.')
elif action == 'update':
modify_user(real_id, request.form['user_id'])
return make_response('Record ' + real_id +
' has been added or updated.')
else:
abort(400)
def dashboard():
if basic_auth.username() != current_app.config['ADMIN_PORTAL_USERNAME']:
abort(403)
templates = {}
templates['admin_portal_username'] = current_app.config[
'ADMIN_PORTAL_USERNAME']
templates['issue_token_username'] = current_app.config[
'ISSUE_TOKEN_USERNAME']
templates['verify_token_username'] = current_app.config[
'VERIFY_TOKEN_USERNAME']
templates['decode_users'] = ''
templates['not_usernames'] = ''
for x in [
'ADMIN_PORTAL', 'ISSUE_TOKEN', 'VERIFY_TOKEN', 'EMAIL_ADMIN',
'EMAIL_USER'
]:
templates['not_usernames'] += current_app.config[x +
'_USERNAME'] + ', '
decode_users = DecodeUser.query.all()
if decode_users:
for user in decode_users:
templates[
'decode_users'] += '\n <p><strong>' + user.username + '</strong></p>'
return render_template('/admin/admin_index.html', **templates)
