def kick(self, id): try: id = int(id) except (ValueError, TypeError): raise HTTPNotFound() room = DBSession.query(Room).filter(Room.id == id).one_or_none() if room is None: raise HTTPNotFound() member_id = context.form.get('memberId') member = DBSession.query(Member) \ .filter(Member.reference_id == member_id).one_or_none() if member is None: raise HTTPStatus('611 Member Not Found') is_member = DBSession.query(Member) \ .filter( TargetMember.target_id == id, TargetMember.member_id == member.id ) \ .count() if not is_member: raise HTTPStatus('617 Not A Member') DBSession.query(TargetMember) \ .filter( TargetMember.target_id == id, TargetMember.member_id == member.id ) \ .delete() return room
def mockup(cls): god = God() god.email = '*****@*****.**' god.password = '******' god.is_active = True DBSession.add(god) DBSession.commit()
def info(self): from sharedlists import __version__ as appversion users = DBSession.query(User).count() lists = DBSession.query(Item.ownerid, Item.list) \ .group_by(Item.ownerid, Item.list).count() result = [ f'Shared Lists v{appversion}', f'Total Lists: {lists}', f'Total Users: {users}', ] me = context.identity.id mylists = DBSession.query(Item.ownerid, Item.list) \ .filter(Item.ownerid == me) \ .group_by(Item.ownerid, Item.list) \ .count() myitems = DBSession.query(Item.ownerid, Item.list) \ .filter(Item.ownerid == me) \ .count() result.append(f'My Lists: {mylists}') result.append(f'My Items: {myitems}') result.append('') return CR.join(result)
def send(self, target_id): mimetype = context.form.get('mimetype') sender = Member.current() message = Message(body=context.form.get('body')) message.target_id = int(target_id) message.sender_id = sender.id if 'attachment' in context.form: message.attachment = context.form.get('attachment') message.mimetype = message.attachment.content_type if message.attachment.content_type in BLACKLIST_MIME_TYPES: raise HTTPUnsupportedMediaType() elif mimetype: if mimetype not in SUPPORTED_TEXT_MIME_TYPES: raise HTTPUnsupportedMediaType() message.mimetype = context.form.get('mimetype') else: message.mimetype = 'text/plain' DBSession.add(message) DBSession.flush() queues.push(settings.messaging.workers_queue, message.to_dict()) webhook = Webhook() webhook.sent_message(target_id, sender.reference_id) return message
def see(self, id): id = int_or_notfound(id) member = Member.current() message = DBSession.query(Message).get(id) if message is None: raise HTTPNotFound() if message.sender_id == member.id: raise HTTPStatus('621 Can Not See Own Message') member_message_seen = DBSession.query(MemberMessageSeen) \ .filter(MemberMessageSeen.member_id == member.id) \ .filter(MemberMessageSeen.message_id == message.id) \ .one_or_none() if member_message_seen is not None: raise HTTPStatus('619 Message Already Seen') query = DBSession.query(Message) \ .filter(Message.target_id == message.target_id) \ .filter(Message.created_at <= message.created_at) \ .filter(Message.seen_at == None) \ .filter(Message.sender_id != member.id) \ query = Message.filter_by_request(query) for m in query: m.seen_by.append(member) seen_message = message.to_dict() seen_message.update({'type': 'seen'}) queues.push(settings.messaging.workers_queue, seen_message) return message
def post(self): email = context.form.get('email') password = context.form.get('password') otp = context.form.get('otp', None) principal = context.application.__authenticator__.login((email, password)) token = principal.dump().decode() try: # TODO: Add this feature for admins if principal.is_in_roles('client'): client = Client.query.filter(Client.email == email).one() if client.has_second_factor is True: if otp is None: raise HttpBadRequest('Otp needed', 'bad-otp') oath = Oath(seed=settings.membership.second_factor_seed, derivate_seed_from=client.email) is_valid, _ = oath.verify_google_auth(otp) if is_valid is False: raise HttpBadRequest('Invalid otp', 'invalid-otp') login_log = SecurityLog.generate_log(type='login') DBSession.add(login_log) DBSession.flush() except Exception as e: # FIXME: Fix the warning context.application.__authenticator__.unregister_session(principal.session_id) raise e return dict(token=token)
def register(self): email = context.form.get('email') password = context.form.get('password') name = context.form.get('name') family = context.form.get('family') description = context.form.get('description') role = 'member' member = DBSession.query(Member) \ .filter(Member.email == email) \ .one_or_none() if DBSession.query(Member.email).filter(Member.email == email).count(): raise HTTPStatus('601 Email Address Is Already Registered') member = Member( email=email, name=name, password=password, family=family, description=description, role=role, ) DBSession.add(member) return member
def verify_token(self, encoded_token): principal = CASPrincipal.load(encoded_token) member = DBSession.query(Member) \ .filter(Member.reference_id == principal.reference_id) \ .one_or_none() if not member and not 'HTTP_X_OAUTH2_ACCESS_TOKEN' in context.environ: raise HTTPBadRequest() access_token = context.environ['HTTP_X_OAUTH2_ACCESS_TOKEN'] \ if 'HTTP_X_OAUTH2_ACCESS_TOKEN' in context.environ \ else member.access_token cas_member = CASClient().get_member(access_token) if cas_member['email'] != principal.email: raise HTTPBadRequest() if member: if member.title != cas_member['title']: member.title = cas_member['title'] if member.first_name != cas_member['firstName']: member.first_name = cas_member['firstName'] if member.avatar != cas_member['avatar']: member.avatar = cas_member['avatar'] if member.last_name != cas_member['lastName']: member.last_name = cas_member['lastName'] DBSession.commit() return principal
def test_soft_delete_mixin(self): # noinspection PyArgumentList instance = SoftDeleteCheckingModel(title='test title') DBSession.add(instance) DBSession.commit() instance.assert_is_not_deleted() self.assertRaises(ValueError, instance.assert_is_deleted) instance = SoftDeleteCheckingModel.query.one() instance.soft_delete() DBSession.commit() instance.assert_is_deleted() self.assertRaises(ValueError, instance.assert_is_not_deleted) self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 1) self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 0) instance.soft_undelete() DBSession.commit() instance.assert_is_not_deleted() self.assertRaises(ValueError, instance.assert_is_deleted) self.assertEqual(SoftDeleteCheckingModel.filter_deleted().count(), 0) self.assertEqual(SoftDeleteCheckingModel.exclude_deleted().count(), 1) DBSession.delete(instance) self.assertRaises(HttpConflict, DBSession.commit)
def claim(self): email = context.form.get('email') email_pattern = r'(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)' if not email: raise HTTPBadRequest() if not re.match(email_pattern, email): raise HTTPStatus('701 Invalid email format.') if DBSession.query(Member.email).filter(Member.email == email).count(): raise HTTPStatus( '601 The requested email address is already registered.') # FIXME: Token should be put in payload serializer = \ itsdangerous.URLSafeTimedSerializer(settings.activation.secret) token = serializer.dumps(email) DBSession.add( ActivationEmail(to=email, subject='Activate your NueMD Coder account', body={ 'activation_token': token, 'activation_url': settings.activation.url })) return dict(email=email)
def update(self, id): id = int_or_notfound(id) user_name = context.form.get('userName') email = context.form.get('email') member = DBSession.query(Member) \ .filter(Member.id == id) \ .one_or_none() if member is None: raise HTTPNotFound() username_exists = DBSession.query(Member) \ .filter(Member.user_name == user_name) \ .filter(Member.id != id) \ .one_or_none() if username_exists: raise StatusRepetitiveUsername() email_exist = DBSession.query(Member) \ .filter(Member.email == email) \ .filter(Member.id != id) \ .one_or_none() if email_exist: raise StatusRepetitiveEmail() member.update_from_request() return member
def mockup(): with StoreManager(DBSession): images = PlaceImageList([ PlaceImage.create_from(f'{IMAGE_PATH}/1.jpeg'), PlaceImage.create_from(f'{IMAGE_PATH}/2.jpeg'), ]) categories = [ Category(name='جنگل', ), Category(name='رودخونه', ), Category(name='کوه', ), Category(name='مذهبی', ), ] for i in range(1000): place = Place( name=f'foo {i}', description=description, address=address, latitude=random() * 20 + 30, longitude=random() * 20 + 30, images=images, category=choice(categories), ) DBSession.add(place) DBSession.commit()
def register(self): email = context.form.get('email') password = context.form.get('password') invitation_code = context.form.get('invitationCode', None) client = Client() if invitation_code is None and settings.membership.invitation_code_required is True: raise HttpBadRequest('Bad invitation code', 'bad-invitation-code') if invitation_code is not None: invitation = Invitation.query.filter(Invitation.code == invitation_code).with_for_update().one_or_none() if invitation is None or invitation.is_active is False: raise HttpBadRequest('Bad invitation code', 'bad-invitation-code') if invitation.unfilled_sits <= 0: raise HttpBadRequest('Fully filled invitation code', 'fully-filled-invitation-code') invitation.filled_sits += 1 client.invitation_code = invitation_code client.email = email client.password = password client.is_active = True DBSession.add(client) return client
def insert_mockup(self, args=None): # pragma: no cover from restfulpy.orm import DBSession from .models import User oscar = User(id='pylover', email='*****@*****.**', password='******') DBSession.add(oscar) DBSession.commit()
def unregister(self, id): id = int_or_notfound(id) member = DBSession.query(Member).get(id) if member is None: raise HTTPNotFound() DBSession.delete(member) return member
def insert_mockup(self): for i in range(1, 11): # noinspection PyArgumentList DBSession.add( Resource(id=i, title='resource%s' % i, password='******' % i)) DBSession.commit()
def __call__(self, args): user = User( id=args.name, email=args.email, password=getpass() ) DBSession.add(user) DBSession.commit()
def add(self): bank_card = BankCard() bank_card.client_id = context.identity.id bank_card.fiat_symbol = context.form.get('fiatSymbol') bank_card.holder = context.form.get('holder') bank_card.pan = context.form.get('pan') DBSession.add(bank_card) return bank_card
def create(self): title = context.form.get('title') if DBSession.query(Person).filter(Person.title == title).count(): raise HTTPStatus('600 Already person has existed') person = Person(title=context.form.get('title')) DBSession.add(person) return person
def add(self): sheba_address = BankAccount() sheba_address.client_id = context.identity.id sheba_address.fiat_symbol = context.form.get('fiatSymbol') sheba_address.iban = context.form.get('iban') sheba_address.bic = context.form.get('bic', None) sheba_address.owner = context.form.get('owner') DBSession.add(sheba_address) return sheba_address
def list(self): current_user = DBSession.query(Member) \ .filter(Member.reference_id == context.identity.reference_id) \ .one() query = DBSession.query(Room) if not context.identity.is_in_roles('admin'): query = query.filter(Room.owner_id == current_user.id) return query
def create(self): title = context.form.get('title') if DBSession.query(Foo).filter(Foo.title == title).count(): raise HTTPStatus('604 Title Is Already Registered') foo = Foo() foo.update_from_request() DBSession.add(foo) return foo
def append(self, listtitle, itemtitle): me = self._get_current_user() item = Item( ownerid=context.identity.id, list=listtitle, title=itemtitle ) me.items.append(item) DBSession.flush() return ''.join((str(item), CR))
def list(self): current_member = DBSession.query(Member) \ .filter(Member.reference_id == context.identity.reference_id) \ .one() query = DBSession.query(Member) \ .filter( MemberContact.member_id == current_member.id, MemberContact.contact_member_id == Member.id ) return query
def test_approve_required_mixin(self): # noinspection PyArgumentList object1 = ApproveRequiredObject( title='object 1', ) DBSession.add(object1) DBSession.commit() self.assertFalse(object1.is_approved) self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 0) object1.is_approved = True self.assertTrue(object1.is_approved) DBSession.commit() object1 = DBSession.query(ApproveRequiredObject).one() self.assertTrue(object1.is_approved) json = object1.to_dict() self.assertIn('isApproved', json) self.assertEqual(DBSession.query(ApproveRequiredObject).filter(ApproveRequiredObject.is_approved).count(), 1) self.assertEqual(ApproveRequiredObject.filter_approved().count(), 1) self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'false')) self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'FALSE')) self.assertFalse(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'False')) self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'true')) self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'TRUE')) self.assertTrue(ApproveRequiredObject.import_value(ApproveRequiredObject.is_approved, 'True')) self.assertEqual(ApproveRequiredObject.import_value(ApproveRequiredObject.title, 'title'), 'title')
def delete(self, id): foo = DBSession.query(Foo) \ .filter(Foo.id == id) \ .one_or_none() if foo is None: raise HTTPNotFound(f'Foo with id: {id} is not registered') DBSession.delete(foo) return foo
def insert_basedata(self): # pragma: no cover cell1 = Cell(x=0, y=0, is_alive=True) DBSession.add(cell1) cell2 = Cell(x=1, y=0, is_alive=True) DBSession.add(cell2) cell3 = Cell(x=0, y=1, is_alive=True) DBSession.add(cell3) cell4 = Cell(x=1, y=1) DBSession.add(cell4) DBSession.commit()
def test_auto_activation(self): # noinspection PyArgumentList object1 = AutoActiveObject(title='object 1', ) DBSession.add(object1) DBSession.commit() self.assertTrue(object1.is_active) self.assertEqual( 1, DBSession.query(AutoActiveObject).filter( AutoActiveObject.is_active).count())
def test_orderable_mixin(self): for i in range(3): # noinspection PyArgumentList instance = OrderableCheckingModel(title='test title %s' % i, order=i) DBSession.add(instance) DBSession.commit() instances = OrderableCheckingModel.apply_default_sort().all() self.assertEqual(instances[0].order, 0) self.assertEqual(instances[2].order, 2)
def delete(self, listtitle, itemtitle): me = context.identity.id item = DBSession.query(Item) \ .filter(Item.ownerid == me) \ .filter(Item.list == listtitle) \ .filter(Item.title == itemtitle) \ .one_or_none() if item is None: raise HTTPNotFound() DBSession.delete(item) return ''.join((str(item), CR))