def init_db(): """initialize database and create schema""" from app import db # drop and create tables models = db.Model.__subclasses__() models += {m2m.get_through_model() for model in models for m2m in model._meta.manytomany.values()} model_dict = {model.__name__: model for model in models} db.database.drop_tables(models) db.database.create_tables(models) # initialize data from flask_peewee.utils import make_password User.create(username='******', password=make_password('admin'), email='*****@*****.**', permission=0b10000) user = User.create(username='******', password=make_password('user'), email='*****@*****.**') User.create(username='******', password=make_password('user2'), email='*****@*****.**') with open(join(dirname(__file__), 'data.json'), encoding='utf-8') as f: data = json.load(f) for key, items in data.items(): model = model_dict[key] for item in items: model.create(**item) TestPaper.get_by_id(1).choices.add(Choice.select().order_by(fn.Random()).limit(3)) TestPaper.get_by_id(2).choices.add(Choice.select().order_by(fn.Random()).limit(3)) Exam.get_by_id(1).users.add(User.select().where(User.id > 0)) Exam.get_by_id(2).users.add(User.select().where(User.id > 1)) Report.create(user=user, exam=Exam.get_by_id(1), score=100) print('db init finished')
def test_passwords(self): p = make_password('testing') self.assertTrue(check_password('testing', p)) self.assertFalse(check_password('testing ', p)) self.assertFalse(check_password('Testing', p)) self.assertFalse(check_password('', p)) p2 = make_password('Testing') self.assertFalse(p == p2)
def test_auth_create(self): self.create_users() new_pass = make_password('test') user_data = {'username': '******', 'password': new_pass, 'email': ''} serialized = json.dumps(user_data) # this request is not authorized resp = self.app.post('/api/user/', data=serialized) self.assertEqual(resp.status_code, 401) # authorized, but user does not exist in database resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('xxx', 'xxx')) self.assertEqual(resp.status_code, 401) # authorized, user in database, but not an administrator resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('normal', 'normal')) self.assertEqual(resp.status_code, 401) # authorized as an admin resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin')) self.assertEqual(resp.status_code, 200)
def edit_(self, obj, data): if "password" in data: current_password = data.pop("current_password", None) new_password = make_password(data.pop("password")) if check_password(current_password, obj.password): data["password"] = new_password return super(UserResource, self).edit_(obj, data)
def read_request_data(self): """ overrides read_request_data() to mask password """ data = request.data or request.form.get('data') or '' dt = json.loads(data.decode('utf8')) password = dt.get('password') if password: dt['password'] = make_password(password) return dt
def init_db(): if not SyncLog.table_exists(): SyncLog.create_table() if not User.table_exists(): User.create_table() User.create(username='******', password=make_password('admin'), admin=True) for mod_class in MASTER_CLASSES.keys(): if not MODELS_CLASS[mod_class].table_exists(): MODELS_CLASS[mod_class].create_table() for mod_class in sorted(DEPENDENT_CLASSES.keys()): if not MODELS_CLASS[mod_class].table_exists(): MODELS_CLASS[mod_class].create_table()
def test_create(self): self.create_users() new_pass = make_password('test') user_data = {'username': '******', 'password': new_pass, 'email': ''} serialized = json.dumps(user_data) # authorized as an admin resp = self.app.post('/api/user/', data=serialized, headers=self.auth_headers('admin', 'admin')) self.assertEqual(resp.status_code, 200) new_user = User.get(username='******') self.assertTrue(check_password('test', new_user.password)) resp_json = self.response_json(resp) self.assertAPIUser(resp_json, new_user)
def homepage(): login_form = LoginForm(request.form) register_form = RegisterForm(request.form) login_errors = "" register_errors = "" if request.method == "POST": if login_form.username.name in request.form and login_form.validate(): try: #makes a select query here to see if username post data is in database user = User.select().where(User.username==request.form['username']).get() if check_password(request.form["username"], make_password(request.form["username"])): auth.login_user(user) return redirect(url_for("dashboard")) except User.DoesNotExist: login_errors = "This User does not exist" return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors) elif register_form.register_username.name in request.form and register_form.validate(): try: exists = User.select().where(User.username==request.form["register_username"]).get() register_errors= "Sorry, %s has been taken." % (request.form["register_username"]) return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors) except User.DoesNotExist: if register_form.register_password.data != register_form.confirm.data: register_errors= "Passwords do not match" return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors) else: u = User( username=register_form.register_username.data, email=register_form.email.data, creation_date=datetime.datetime.now(), active=True ) u.set_password(register_form.register_password.data) u.save() auth.login_user(u) return redirect(url_for("dashboard")) else: return render_template("home.html", login_form=login_form, login_errors=login_errors, register_form=register_form, register_errors=register_errors)
def set_password(self, password): self.password = make_password(password)
def make_token(self, exam): return make_password(str(exam.id) + str(exam.token))
def init_db(): if not User.table_exists(): User.create_table() User.create(username='******', password=make_password('admin'), admin=True)
def create_(self, data): data["password"] = make_password(data.get("password")) return super(UserResource, self).create_(data)