def github_oauth(github_authbp, token):
if not github.authorized:
return redirect(url_for("github.login"))
resp = github.get("/user")
if not resp.ok:
return redirect(url_for("github.login"))
info = resp.json()
auth = oauth.OAuth.query.filter_by(provider_user_id=info["id"]).first()
if auth is None:
auth = oauth.OAuth(provider="github",
provider_user_id=info["id"],
token=token)
if auth.user:
login_user(auth.user)
return redirect("/home", 302)
else:
if not validate_username(info["login"]):
return redirect("/register")
if info["login"] == "fwordadmin":
user = users.User(username=info["login"],
email=info["email"],
is_admin=True)
else:
user = users.User(username=info["login"], email=info["email"])
auth.user = user
base.db_session.add_all([user, auth])
base.db_session.commit()
login_user(user)
return redirect("/home", 302)
else:
login_user(auth.user)
return redirect("/home", 302)
def user_test():
name=request.args.get('name')
age=request.args.get('age')
user=users.User(name,age)
userlist=[]
for i in range(11):
user_model=users.User("name"+str(i),i)
userlist.append(user_model)
# 消息提示
flash("hello world")
return render_template('user_test.html',user=user,users=userlist)
def create(username, email, password):
usr = users.User("", email, "") # on creer notre modele utilisateur
usr = usr.get_by_email() # on appel la db avec l email quon a remplit
if usr != None: # si l utilisateur avec cet email n existe pas
return None, "user already exist"
hashed_pw = sha256_crypt.encrypt(password)
usr = users.User(username, email, hashed_pw)
usr.save()
usr.get_by_email(
) # recupere l utilisateur d apres son email (gestion des id = -1)
return usr, None
def create(email, password):
# etape 1 : verifier que l utilisateur existe
usr = users.User()
usr.email = email
usr = usr.get_by_email()
if usr == None:
return None, None, 'User not found' # on renvoit juste l EEREUR
# etape 2 : verifier le mot de passe correspond
if sha256_crypt.verify(password, usr.password) == False:
return None, None, 'Bad password' # on renvoit juste l EEREUR
# etape 3 : creer un token(str) (si etape 1 et 2 validees)
encoded = str(
jwt.encode({
'username': usr.username,
'email': usr.email
},
'l4ur45k',
algorithm='HS256'))
# etape 4 : appeler la db (create)
sess = sessions.Session(encoded)
sess.user_id = usr.id
sess.create()
# etape 5 : retourner un token(str) et un user(objet json)(username, email, id, password)
# None => pas d'erreur
return encoded, usr, None
def get_token(check_pw=True, user_id=False):
""" Tries to get credentials from the request headers. Fails verbosely."""
U = None
if check_pw:
if request.json is None:
return Response(
response="JSON payload missing from /login request!",
status=422)
U = users.authenticate(request.json.get("username", None),
request.json.get("password", None))
else:
U = users.User(_id=user_id)
if U is None:
return utils.http_401
tok = {
'access_token':
flask_jwt_extended.create_access_token(identity=U.jsonize()),
"_id":
str(U.user["_id"]),
}
return Response(response=json.dumps(tok),
status=200,
mimetype="application/json")
def create_user(db: Session, user: schema.UserCreate):
fake_hashed_password = user.password + "jhaihfndsh"
db_user = users.User(email=user.username,
hashed_password=fake_hashed_password)
db.add(db_user)
db.commit()
db.refresh(db_user)
return db_user
def get_user_by_email(email):
usr = users.User()
usr.email = email
usr = usr.get_by_email()
if usr == None:
return None, "user not found"
return usr, None
def put(self, phonenum, pwd):
try:
user = users.User(username=phonenum, phonenum=phonenum, pwd)
users.db.session.add(user)
users.db.session.commit()
return {'flag': True}
except Exception, e:
return {'flag': False}
def get_user_by_id(_id):
usr = users.User()
usr.id = _id
usr = usr.get_by_id()
if usr == None:
return None, "user not found"
return usr, None
def __init__(self, oid=None):
if not ObjectId.is_valid(oid):
print("The user ID '%s' is not a valid Object ID." % (oid))
sys.exit(1)
self._id = ObjectId(oid)
self.User = users.User(_id=self._id)
self.login = self.User.user['login']
print("\n Working with user \x1b[1;33;40m %s \x1b[0m [%s]" % (self.login, self._id))
def update(self, *args, **kwargs): #try
try:
users.User().save()
except:
print "error @ post"
finally:
response = make_response()
return response()
def delete(_id, token):
sess = sessions.Session(token)
sess = sess.get_by_token()
if sess == None:
return "your are not logined"
# if sess.user_id != id :
# return "You don't have the right to do it"
usr = users.User()
usr.id = _id
usr.delete()
return True
def add_user(login, password_hash, name, surname, email, type_id):
session = create_session()
user = users.User()
user.login = login
user.hashed_password = password_hash
user.name = name
user.surname = surname
user.email = email
user.type_id = type_id
session.add(user)
session.commit()
return [0, user.id] # SUCCESS
def profile():
# instantiate giphy, post, group and user
giphy = safygiphy.Sticky(token="aYiNwV98zSwp2eeIQ1ucWNpAtEaTt51r")
post = posts.Post(session["user_id"])
group = groups.Group(session["user_id"])
user = users.User(session["user_id"])
# retrieve data
groupfollow = group.followed()
feed = user.profilefeed()
trending = giphy.trending(limit=25)
trending_list = [
trending["data"][i]["images"]["fixed_width_small"]["url"]
for i in range(25)
]
comments = post.loadcomments()
if request.method == "POST":
# retrieve data
gif_link = request.form.get("gif")
post_id = request.form.get("post_id")
comment = request.form.get("comment")
# if text comment
if not gif_link:
post.comment(post_id, comment)
comments = post.loadcomments()
return render_template("profile.html",
groupnames=groupfollow,
feed=feed,
gif_list=trending_list,
comments=comments)
else:
post.comment_gif(post_id, gif_link)
comments = post.loadcomments()
return render_template("profile.html",
groupnames=groupfollow,
feed=feed,
gif_list=trending_list,
comments=comments)
else:
return render_template("profile.html",
groupnames=groupfollow,
feed=feed,
gif_list=trending_list,
comments=comments)
def new_asset(asset_type):
""" Uses the 'Authorization' block of the header and POSTed params to create
a new settlement. """
# first, check to see if this is a request to make a new user. If it is, we
# don't need to try to pull the user from the token b/c it doesn't exist
# yet, obvi. Instead, initialize a user obj w/ no _id to call User.new().
if asset_type == 'user':
U = users.User()
return U.serialize()
request.collection = asset_type
request.User = users.token_to_object(request)
return request_broker.new_user_asset(asset_type)
def create_default_account_info(db):
user_manager = SharedState().getInstance().user_mgr
admin_role = users.Role(name="ADMIN")
user_role = users.Role(name="USER")
default_admin = users.User(username=lms_cfg.DEFAULT_LMS_ADMIN,
password=user_manager.hash_password(lms_cfg.DEFAULT_LMS_PW),
fullname=lms_cfg.DEFAULT_LMS_FN,
email=lms_cfg.DEFAULT_LMS_EMAIL,
is_active=True,
confirmed_at=datetime.utcnow(), roles=[admin_role])
default_library = libraries.Library(name=lms_cfg.DEFAULT_LMS_LIBRARY,
admin=lms_cfg.DEFAULT_LMS_ADMIN,
is_active=True,
users=[default_admin])
add_and_commit_db(db, [default_library, admin_role, user_role])
return
def update(_id, username, email, password, token):
sess = sessions.Session(token)
sess = sess.get_by_token()
if sess == None:
return "your are not logined"
if password != "":
hashed_pw = sha256_crypt.encrypt(password)
else:
hashed_pw = password
usr = users.User(username, email, hashed_pw)
usr.id = _id
if hashed_pw != "":
usr.update(True)
else:
usr.update(False)
return usr
def get_user_asset(collection=None, asset_id=None):
""" Tries to return an initialized asset from one of our collections.
Returns a (bad) HTTP response if it cannot. """
R = badResponse()
try:
if collection == "settlement":
return settlements.Settlement(_id=asset_id)
elif collection == "survivor":
return survivors.Survivor(_id=asset_id)
elif collection == "user":
return users.User(_id=asset_id)
else:
return R
except Exception as e:
return R.send_bad_response(e)
def register():
if request.method == "POST":
username = validate_on_login(request.form.get("username"))
password = validate_on_login(request.form.get("password"))
email = request.form.get("email")
if not username or not password or not email:
return render_template("register.html", msg="Invalid informations")
if not validate_username(username):
return render_template("register.html",
msg="This username is already used")
user = users.User(username=username, email=email)
user.set_password(password)
base.db_session.add(user)
base.db_session.commit()
login_user(user)
return redirect("/home")
else:
return render_template("register.html", msg="")
def update_user(oid, level, beta):
""" Loads a user from the MDB, initializes it and calls the methods that set
the patron level and the beta flag, etc. """
if not ObjectId.is_valid(oid):
print("The user ID '%s' is not a valid Object ID." % (oid))
if type(beta) == bool:
pass
elif beta[0].upper() == 'T':
beta = True
else:
beta = False
U = users.User(_id=ObjectId(oid))
U.set_patron_attributes(int(level), beta)
print("\n %s Updated patron attributes:\n %s\n" % (U, U.user['patron']))
def new_asset(asset_type):
""" Uses the 'Authorization' block of the header and POSTed params to create
a new settlement. """
# first, check to see if this is a request to make a new user. If it is, we
# don't need to try to pull the user from the token b/c it doesn't exist
# yet, obvi. Instead, initialize a user obj w/ no _id to call User.new().
if asset_type == 'user':
U = users.User()
output = U.serialize('create_new')
output["Authorization"] = {
'access_token': flask_jwt_extended.create_access_token(identity=U.jsonize()),
"_id": str(U.user["_id"]),
}
return Response(response=json.dumps(output, default=json_util.default), status=200, mimetype="application/json")
request.collection = asset_type
request.User = users.token_to_object(request, strict=False)
return request_broker.new_user_asset(asset_type)
def post(self, *args, **kwargs):
user_name = self.get_argument('user_name')
password = self.get_argument('password')
email = self.get_argument('email')
phone = self.get_argument('phone')
user = users.User.by_email(users.User,email)
if user:
print('用户已存在')
registerSuccess = {'responseObject':
{"data": "",
"result": "1",
"msg": '用户已存在'
}
}
registerSuccess = json.dumps(registerSuccess)
self.write(json.dumps(registerSuccess))
else:
print('用户不存在,把新增用户添加到数据库')
new_user = users.User()
new_user.user_name = user_name
new_user.password = password
new_user.email = email
new_user.phone_num = phone
self.db.add(new_user)
self.db.commit()
data = {
"user_name":user_name,
"email":email
}
registerSuccess = {'responseObject':
{"data":data,
"result":"1",
"msg":'注册成功'
}
}
registerSuccess = json.dumps(registerSuccess)
self.write(registerSuccess)
def post(self):
try:
data = request.get_json()
hashedPassword = bcrypt.generate_password_hash(
data["password"]).decode("utf-8")
users.User(email=data["email"],
telephone=data["telephone"],
password=hashedPassword).save()
obj = users.User.objects.values().get({"email": data["email"]})
sanitized = json.loads(json_util.dumps(obj))
# print(sanitized)
return {**sanitized, "logged": True, "registered": True}, 201
except Exception as err:
print(err)
return {
"message": "Email already exists",
"exist": True,
"logged": False
}, 200
def settings():
# load grouplist in sidebar
group = groups.Group(session["user_id"])
groupfollow = group.followed()
if request.method == "POST":
# instantiate user
user = users.User(session["user_id"])
# password button pressed
if request.form["action"] == "Change password":
# ensure forms filled in properly
if not request.form.get("current_password"):
return render_template(
"settings.html",
missingcurrent="Current password missing",
groupnames=groupfollow)
if not request.form.get("new_password"):
return render_template("settings.html",
missingnew="New password missing",
groupnames=groupfollow)
if not request.form.get("check_password"):
return render_template("settings.html",
missingcheck="Password check missing",
groupnames=groupfollow)
# check if new password and password match
if request.form.get("new_password") != request.form.get(
"check_password"):
return render_template("settings.html",
nomatch="Passwords do not match",
groupnames=groupfollow)
change_password = user.change_password(
request.form.get("current_password"),
request.form.get("new_password"),
request.form.get("check_password"))
# if change successful
if change_password == True:
return render_template("settings.html",
success="Password changed!",
groupnames=groupfollow)
else:
return render_template(
"settings.html",
failure="Current password is incorrect!",
groupnames=groupfollow)
# username button pressed
elif request.form["action"] == "Change username":
# ensure forms filled in properly
if not request.form.get("current_username"):
return render_template(
"settings.html",
missingcurrent="Current username missing",
groupnames=groupfollow)
if not request.form.get("new_username"):
return render_template("settings.html",
missingnew2="New username missing",
groupnames=groupfollow)
if not request.form.get("current_password"):
return render_template("settings.html",
missingcheck2="Password is missing",
groupnames=groupfollow)
change_username = user.change_username(
request.form.get("current_username"),
request.form.get("new_username"),
request.form.get("current_password"))
if change_username is True:
return render_template("settings.html",
success="Username changed!",
groupnames=groupfollow)
if change_username is False:
return render_template("settings.html",
failure2="Password is incorrect!",
groupnames=groupfollow)
if change_username is None:
return render_template("settings.html",
failure2="Username already exists!",
groupnames=groupfollow)
else:
return render_template("settings.html", groupnames=groupfollow)
def get_user_data():
""" Returns JSON about active and recently active users, as well as info
about user agents, etc. """
# first, do the user agent popularity contest, since that's simple
results = utils.mdb.users.group(['latest_user_agent'],
{'latest_user_agent': {
'$exists': True
}}, {"count": 0},
"function(o, p){p.count++}")
sorted_list = sorted(results, key=lambda k: k["count"], reverse=True)
for i in sorted_list:
i["value"] = i['latest_user_agent']
i["count"] = int(i["count"])
ua_data = sorted_list[:25]
# next, get active/recent users
recent_user_cutoff = datetime.now() - timedelta(
hours=settings.get("application", "recent_user_horizon"))
recent_users = utils.mdb.users.find({
"latest_activity": {
"$gte": recent_user_cutoff
}
}).sort("latest_activity", -1)
# now enhance the user data to include a bit more info (to avoid having to
# do date calc in javascripts, etc.
final_user_info = []
for u in recent_users:
try:
U = users.User(_id=u["_id"])
final_user_info.append(U.serialize('admin_panel'))
except Exception as e:
logger.error(
"panel.py threw an exception while attempting to enhance recent user data!"
)
logger.error(
"User '%s' (%s) could not be initialized and enhanced! Returning it as-is..."
% (u["login"], u["_id"]))
logger.error("Exception was: %s" % e)
active_user_count = 0
recent_user_count = 0
for u in final_user_info:
if u['user']["is_active"] == True:
active_user_count += 1
else:
recent_user_count += 1
# create the final output dictionary
d = {
"meta": {
"active_user_horizon":
settings.get("application", "active_user_horizon"),
"active_user_count":
active_user_count,
"recent_user_horizon":
settings.get("application", "recent_user_horizon"),
"recent_user_count":
recent_user_count,
},
"user_agent_stats": ua_data,
"user_info": final_user_info,
}
# and return it as json
return json.dumps(d, default=json_util.default)
