def create_app(): app = Flask(__name__) app.secret_key = 'bdb92dbe238008edfac05e92412b0c23' # Another bad practice in security is # when you embed security keys in your code like this # app.config['PERMANENT_SESSION_LIFETIME'] = 120 # session lifetime disabled for showing bad security practice app.config['FLASK_ADMIN_SWATCH'] = 'united' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///info.db' app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False admin = Admin(app, name='Admin-Panel', template_mode='bootstrap3') db.init_app(app) # csrf.init_app(app) with app.app_context(): from application.views import main_bp from application.model import db_init, User, Comments app.register_blueprint(main_bp) # admin.add_views(MyModelView(User, db.session), MyModelView(Comments, db.session)) # For the custom model above admin.add_views(ModelView(User, db.session), ModelView(Comments, db.session)) db.drop_all() db_init() # initialize sql injection db for part 1 db.create_all() # initialize db for logins, comments db.session.add(Comments(comment=' 🤘🏾🤘🏾 Spaces in code is the way to go. Who uses Tabs 😂😂?')) db.session.add(User(username='******', password='******')) db.session.add(User(username='******', password='******')) db.session.commit() return app
def post(self): args = self.reqparse.parse_args() user = User(username = args['username']) user.set_password(args['password']) try: db.session.add(user) db.session.commit() print "saved" status = True except: raise status = False db.session.close() return jsonify({'result': status})
def get_identity(self, oauth_session, decoder=None): if decoder is None: decoder = OAuth2Service.__default_identity_decoder__ method = getattr(oauth_session, OAuth2Service.__default_identity_query_method__) me = decoder(method(self._config['IDENTITY_RESOURCE'])) user_obj = User.get_or_create(me[self._config['IDENTITY_USER_NAME_FIELD']], me[self._config['IDENTITY_USER_ID_FIELD']]) return user_obj, me
def register_user(username, password): if not query_user_exist(username=username): user = User(username=username, password=password) try: db.session.add(user) db.session.commit() except exc.SQLAlchemyError: return False return True
def login(): if session.get('username'): return redirect(url_for('index')) form = LoginForm() if form.validate_on_submit(): email = form.email.data password = form.password.data user = User.objects(email=email).first() if user and user.get_password(password): flash(f"{user.first_name},you are successfully logged in!","success") session['user_id'] = user.user_id session['username'] = user.first_name return redirect("/index") else: flash("Sorry, something went wrong","danger") return render_template("login.html", title ="Login", form = form,login =True)
def register(): if request.method == 'POST': name = request.form['name'] email = request.form['email'].lower() password = sha256_hash(request.form['password']) token = str(uuid.uuid4()) if User.query.filter(User.email == email).first() is not None: return "E-mail already in use" user = User() user.name = name user.email = email user.password = password user.token = token user.creation = time.time() user.update = time.time() db.session.add(user) db.session.commit() login_user(user) return redirect(url_for('frontend_app')) else: return render_template('register.html')
def submitResearch(): """ Submits the research form """ form_data = request.form user = User(feedback=form_data['feedback']) db.session.add(user) for i in range(1, 30): s_i = str(i) if "title_" + s_i in form_data: track = Track.query.filter_by(title=request.form["title_" + s_i]).first() db.session.add( Rating(user_id=user.id, track_id=track.id, rating=form_data["rating_" + s_i])) try: db.session.commit() return jsonify({'success': True}) except: return jsonify({'success': False})
def register(): if session.get('username'): return redirect(url_for('index')) form = RegisterForm() if form.validate_on_submit(): user_id = User.objects.count() user_id += 1 email = form.email.data password = form.password.data first_name = form.first_name.data last_name = form.last_name.data user = User(user_id = user_id, email = email, first_name = first_name, last_name= last_name) user.set_password(password) user.save() flash('You are successfully registered!') return redirect(url_for('index')) return render_template("register.html",title = "Register",form = form,register =True)
def validate_email(self,email): user = User.objects(email = email.data).first() if user: raise ValidationError("Email is already in use. Pick another one.")
def delete(self,idx): User.objects(user_id = idx).delete() return jsonify('User is deleted!')
def put(self,idx): data = api.payload User.objects(user_id = idx).update(**data) return jsonify(User.objects(user_id))
def get(self,idx): return jsonify(User.objects(user_id = idx))
def post(self): data = api.payload user = User(user_id = data['user_id'], email = data['email'], first_name = data['first_name'], last_name= data['last_name']) user.set_password(data['password']) user.save() return jsonify(User.objects(user_id =data['user_id']))