def test_user(self):
from user import has_user, create_user, create_siteowner, USER_AUTHENTICATED, USER_CREATED, USER_DOES_NOT_EXIST, USER_EXISTS_BUT_WRONG_PASSWORD, USER_AUTHENTICATED_BUT_WRONG_MODEL, USER_EXISTS_BUT_WRONG_PASSWORD_AND_WRONG_MODEL
from forum.models.user import User as ForumUser
from django.contrib.auth.models import User as DjangoUser
self.assertEquals(has_user('abc', 'def'), USER_DOES_NOT_EXIST)
self.assertEquals(create_user('abc', 'def'), USER_CREATED)
self.assertEquals(create_user('abc', 'def'), USER_AUTHENTICATED)
self.assertEquals(has_user('abc', 'def'), USER_AUTHENTICATED)
self.assertEquals(has_user('abc', ''), USER_EXISTS_BUT_WRONG_PASSWORD)
# the password is not really 'rty', the hash of the password is
DjangoUser.objects.create(username='******', password='******')
self.assertEquals(has_user('qwe', 'rty'),
USER_EXISTS_BUT_WRONG_PASSWORD_AND_WRONG_MODEL)
self.assertEquals(create_user('qwe', ''),
USER_EXISTS_BUT_WRONG_PASSWORD_AND_WRONG_MODEL)
u = DjangoUser.objects.get(username='******')
u.set_password('rty')
u.save() # now the password is really 'try'
self.assertEquals(has_user('qwe', 'rty'),
USER_AUTHENTICATED_BUT_WRONG_MODEL)
# Cannot create a new user if there is such a Django User,
# even if there is no Forum User for this username
self.assertEquals(create_user('qwe', ''),
USER_EXISTS_BUT_WRONG_PASSWORD_AND_WRONG_MODEL)
self.assertEquals(create_user('qwe', 'rty'),
USER_AUTHENTICATED_BUT_WRONG_MODEL)
self.assertRaises(Exception, lambda: create_siteowner('root', 'root'),
"too late to create a site owner")
self.assertEquals(has_user('root', 'root'), USER_DOES_NOT_EXIST)
def create_users_page():
if check_logged_in() != ' ':
if session['user'][4] == 'Admin':
if request.method == 'POST':
if '' in [request.form.get('username'),
request.form.get('first_name'),
request.form.get('seccond_name'),
request.form.get('password'),
request.form.get('permissions')]:
return render_template('create_user.html',
user=check_logged_in(),
error='Entry Was Left Blank')
else:
try:
user.create_user(request.form.get('username'),
request.form.get('first_name'),
request.form.get('seccond_name'),
request.form.get('password'),
request.form.get('permissions'))
except:
return render_template('create_user.html',
user=check_logged_in(),
error='Username Is Already In Use')
return redirect(url_for('manage_users_page'))
else:
return render_template('create_user.html',
user=check_logged_in())
return redirect(url_for('login_page'))
def setup_for_user(username):
"""
Install Docker with Docker Compose and setup a 'deploy' user
"""
print('Setup Docker for {0} user'.format(username))
install()
user.create_user(username)
setup_docker_user(username)
install_docker_compose()
def register():
if request.method == 'GET':
return render_template('login.html', target = '/register', way = '注册')
else:
user_name = request.form.get('username')
password = request.form.get('password')
create_user(user_name, password)
flash('创建用户成功,请登陆')
return redirect('/login')
def test_create_user_no_duplicate(self):
"""Makes sure users can't have the same username and email."""
Role.create(role_name='tester')
create_user('Tester', 'test', '0000000000', 'tester', 'ttest', 'testing', '*****@*****.**')
from peewee import IntegrityError
with self.assertRaises(IntegrityError):
create_user('Tester', 'test', '0000000000', 'tester', 'ttest', 'testing', '*****@*****.**')
delete_user = User.delete().where(User.username == 'ttest')
delete_user.execute()
delete_role = Role.delete().where(Role.role_name == 'tester')
delete_role.execute()
def signup_page():
form = SignupForm()
if form.validate_on_submit():
username = form.data["username"]
if not is_username_taken(username):
password = form.data["password"]
create_user(username, hasher.encrypt(password))
flash("You have successfully created an account.")
next_page = request.args.get("next", url_for("login_page"))
return redirect(next_page)
flash("Username taken.")
return render_template("signup.html", form=form)
def test_create_user(self):
"""Create an user."""
Role.create(role_name='tester')
create_user('Tester', 'test', '0000000000', 'tester', 'ttest', 'testing', '*****@*****.**')
user = User.select().where(User.username == 'ttest')
delete_user = User.delete().where(User.username == 'ttest')
delete_user.execute()
delete_role = Role.delete().where(Role.role_name == 'tester')
delete_role.execute()
self.assertEqual(str(user), ("<class 'models.User'> SELECT `t1`.`id`, `t1`.`first_name`,"
" `t1`.`second_name`, `t1`.`phone`, `t1`.`role_id`,"
" `t1`.`username`, `t1`.`password`, `t1`.`email` FROM `user`"
" AS t1 WHERE (`t1`.`username` = %s) ['ttest']"))
def register(self):
# Get inputs from entry boxes
username = self.username_box.text()
password = self.password_box.text()
confirm_password = self.confirm_password_box.text()
# Clear any existing errors
self.username_error.clear()
self.password_error.clear()
# The following conditions must be met to register for a new account
if not username:
self.username_error.setText("Please enter a username")
return
elif len(username) > 14:
self.username_error.setText(
"Username must be less than 15 characters")
return
elif not username_available(username):
self.username_error.setText("Username not available")
return
elif not password:
self.password_error.setText("Please enter a password")
return
elif len(password) < 8:
self.password_error.setText(
"Password must be at least 8 characters")
return
elif password.isupper() or password.islower():
self.password_error.setText(
"Password must contain uppercase and lowercase letters")
return
elif not confirm_password:
self.password_error.setText("Please confirm your password")
return
elif password != confirm_password:
self.password_error.setText("Passwords do not match")
return
# Add new user to accounts file
create_user(username, password)
# Sign in automatically after registering for new account
user = get_user(username)
self.parent.sign_in(user)
self.reset()
self.parent.stack.setCurrentIndex(0)
def image_post():
"""
Posts new user with given image
:return: json dict of new user values
:rtype: Request
:return: 4xx error with json error dict if missing key
or incorrect type given
:rtype: Request
"""
r = request.get_json()
try:
username = r["username"]
image_new = r["image"]
assert type(image_new) is str
except KeyError as e:
logging.warning("Incorrect JSON input:{}".format(e))
err = {"error": "Incorrect JSON input"}
return jsonify(err), 400
except AssertionError as e:
logging.warning("Incorrect image type given: {}".format(e))
err = {"error": "Incorrect image type given"}
return jsonify(err), 400
if already_user(username):
u_vals = add_uploadimage(username, image_new, datetime.datetime.now())
else:
u_vals = create_user(username)
u_vals = add_uploadimage(username, image_new, datetime.datetime.now())
logging.debug("adding new image to user: {}".format(u_vals))
return jsonify(u_vals), 200
def register():
"""Register view."""
form = RegisterForm()
if form.validate_on_submit():
flash("Username registered.", "success")
user.create_user(
first_name=form.first_name.data,
second_name=form.second_name.data,
phone=form.phone.data,
role=form.role.data,
username=form.username.data,
password=form.password.data,
email=form.email.data
)
return redirect(url_for('index'))
return render_template('user/register.html', form=form)
def register():
"""
Registers a new user using the credentials that they send
"""
# Get the data from client
req = flask.request.get_json(force=True)
first_name = req.get('firstName', None)
last_name = req.get('lastName', None)
email = req.get('email', None)
password = req.get('password', None)
# Hash password using flask_praetorian guard
hashed_password = guard.hash_password(password)
assigned_role = 'examinee'
user = User(first_name=first_name, last_name=last_name, email=email, password=hashed_password, role=assigned_role)
# Create a new user
create_user(user)
return { 'success': True, 'user': f"{first_name} {last_name}"}, 201
def add_customer(start_num, end_num):
now = datetime.datetime.now()
for i in range(end_num - start_num + 1):
values = {'serial_num': start_num + i}
ref = user.create_user(values['serial_num'], general_num(), '3', now)
values['user_id'] = ref['id']
values['created_at'] = now
db.customer_create(values)
return True
def signup():
if request.method == 'POST':
username = request.form['name']
password = request.form['password']
error = None
if not user_exists(username):
create_user(username,password)
else:
error = 'Username already exists.'
if error is None:
return redirect(url_for('login'))
flash(error)
return render_template('signup.html')
def add_merchant(name,
host_name,
phone,
email,
address,
deadline,
password='******'):
if db.merchant_phone_if_exist_in_db(phone):
raise exception.PhoneIsExistException()
values = {
'name': name,
'host_name': host_name,
'phone': phone,
'email': email,
'address': address,
'deadline': deadline,
}
ref = user.create_user(phone, password, '2')
values['user_id'] = ref['id']
ref = db.merchant_create(values)
values = {
'merchant_id':
ref['id'],
'level1':
100,
'level2':
240,
'level3':
408,
'level4':
608,
'level5':
858,
'level6':
1138,
'level7':
1498,
'level8':
2028,
'rule_info':
'推荐贵宾在****消费,每消费1元推荐者活动1积分,以5000进度为起点,会员可以自选档次兑换感'
'恩回馈金。(活动期间:参加活动的会员介绍消费成功可按活动期间倍率来获取积分)'
}
db.rule_create(values)
values = {
'merchant_id':
ref['id'],
'multiple':
2,
'start_time':
datetime_toString(datetime.datetime.now() -
datetime.timedelta(days=1)),
'end_time':
datetime_toString(datetime.datetime.now())
}
db.activity_create(values)
return ref
def create_account(is_superuser=False, is_staff=False, is_active=True, is_mentor=True, provider='facebook', user_values={}, profile_values={}):
entries = {}
user, profile = create_user(is_superuser, is_staff, is_active, provider, user_values)
entries['user'] = user
entries['profile'] = profile
entries['profiles'] = {}
entries['profiles']['mentor'] = create_mentor_profile(user, profile, is_mentor, profile_values)
return entries
def user_create():
try:
name= ""
birth = ""
password = ""
try:
json_request = request.json
name = json_request["name"]
birth = json_request["birth_date"]
password = json_request["password"]
except:
response_invalid()
try:
avatar_path = json_request["avatar_path"]
except KeyError:
avatar_path = ""
try:
user_tags = json_request["user_tags"]
except KeyError:
user_tags = ""
try:
description = json_request["description"]
except KeyError:
description = ""
# Input checking
if not verify_str(name) or not verify_birth_date(birth) or not verify_str(avatar_path) or not verify_str(
password) or name == "" or password == "":
print(verify_str(name))
print(verify_birth_date(birth))
print(verify_str(avatar_path))
print(verify_str(password))
return response_invalid()
user_id = user.create_user(
name,
datetime.strptime(birth, "%Y/%M/%d").date(),
avatar_path,
password,
description,
user_tags
)
print("user created " + user_id)
response_json = flask.json.dumps({"Username": user_id})
return Response(response_json, status=created_code, mimetype='application/json')
except Exception as e:
print(e)
return response_unknown()
def signup():
if request.method == "GET":
form = SignUpForm()
return render_template('signup.html',
form=form) # prompt user to sign up
elif request.method == "POST":
password = request.form['password']
userid = request.form['userid']
user_name = request.form['user_name']
email = request.form['email']
log_in = request.form.getlist('log_in') # log me in too!
if not get_name(userid): # if user doesn't exist
create_user(userid, user_name, password, email)
if len(log_in) > 0:
return redirect(
url_for('login'),
code=307) # continue post request to log user in
else:
return redirect(url_for('login'))
else: # userid already taken
form = SignUpForm()
return render_template('signup.html', res=1, form=form)
def signup():
form = RegisterForm()
if form.validate_on_submit():
user_name = form.username.data
password = form.password.data
if is_user_existed(user_name):
flash('User name is existed.')
else:
user = create_user(user_name, password)
login_user(user)
return redirect(request.args.get('next') or url_for('main.dashboard'))
return render_template('auth/signup.html', form=form)
def get_users(event, context):
print(event)
user_id = auth.get_cookie_value(event['headers'])
if user_id is None:
body = user.create_user()
else:
body = user.get_user(user_id)
response = {
'headers': {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Credentials': True,
},
"statusCode": 200,
"body": json.dumps(body)
}
return response
def _process_registration_request(self, request_filename):
class RegistrationError(Exception):
def __init__(self, status_code, message, random_chars, user_id=0):
Exception.__init__(self)
self.status_code = status_code
self.message = message
self.random_chars = random_chars
self.user_id = user_id
try:
logging.debug("Processing registration request file '%s'." %
request_filename)
only_file = os.path.split(request_filename)[1]
random_chars = only_file[len(self.request_prefix):]
logging.debug('random chars: %s' % random_chars)
try:
request_file = open(request_filename)
request_line = request_file.readline()
request_file.close()
except IOError, e:
logging.error("There was an error reading registration"
" request file '%s'. The error was: %s. "
% (request_filename, e))
raise RegistrationError(10, "Configuration error", random_chars)
request = request_line.strip().split(',', 2)
if len(request) < 2:
logging.error("Registration request file '%s' doesn't "
"have enough sections. Skipping this "
"file." % request_filename)
raise RegistrationError(11, "Registration request error",
random_chars)
if len(request) > 2:
logging.warn("Registration request file '%s' has too "
"many sections. Ignoring the extra ones."
% request_filename)
# TODO Validate IP address
try:
new_user = user.create_user(request[0])
new_user.ip = request[1]
except user.InvalidNameError, e:
logging.error("Registration request file '%s' contained"
" an invalid name (%s). Skipping this "
"file." % (request_filename, e))
raise RegistrationError(12, "Invalid name", random_chars)
def ajax_create_new_user():
email = request.args.get('email').strip()
if user.get_name(email, db) is None:
families = user.get_families(db)
firstName = request.args.get('fName')
lastName = request.args.get('lName')
family = request.args.get('family')
if not len(firstName) > 0 and len(lastName) > 0:
return json.dumps({'success': False,
'outcome': '<p>Name appears to be invalid, please ensure to:</p><ul><li>Make sure to enter your first and last name</li></ul>'}), \
200, {
'ContentType': 'application/json'}
if not validate_email(email):
return json.dumps({'success': False,
'outcome': '<p>Email appears to be invalid, please ensure to:</p><ul><li>Enter a valid email address</li><li>The email account is active</li></ul>'}), \
200, {
'ContentType': 'application/json'}
try:
familyExists = False
for familySingle in families:
if int(family) is familySingle[0]:
familyExists = True
break
if not familyExists:
return json.dumps({'success': False,
'outcome': '<p>Provided family was invalid, please ensure to:</p><ul><li>Select a family</li></ul>'}), 200, {
'ContentType': 'application/json'}
except TypeError:
return json.dumps({'success': False,
'outcome': '<p>Provided family was invalid, please ensure to:</p><ul><li>Select a family</li></ul>'}), 200, {
'ContentType': 'application/json'}
if not user.create_user(firstName, lastName, email, family, db):
return json.dumps({'success': False,
'outcome': '<p>Account creation failed. Please email [email protected] if this issue persists</p>'}), 500, {
'ContentType': 'application/json'}
login_cookie = generate_session(email)
return json.dumps({'success': True, 'outcome': '<p>Successfully created account</p>', 'redirect': '/',
'user_secret': login_cookie}), 200, {
'ContentType': 'application/json'}
else:
return json.dumps({'success': False, 'outcome': '<p>Account creation failed. Email already registered.</p>',
'redirect': '/'}), 200, {
'ContentType': 'application/json'}
def handle_message(msg):
"""
Ponto de entrada das mensagens recebidas no Telegram.
"""
user = create_user(msg['from']['first_name'], msg['from']['id'])
if START_COMMAND_PATTERN.match(msg['text']):
bot.sendMessage(
user.id,
'Olá, %s! Bem-vindo ao programa tocador de notas do Arduino. '
'Use o comando /queue para entrar na fila.' % user.name)
bot.sendMessage(
user.id,
'O comando /tempo N serve para mudar o tempo em BPM das notas '
'que serão tocadas.\nPara mandar tocar as notas de fato, envie '
'NOTA,DURAÇÃO. Pode enviar quantas quiser de uma só vez.\n'
'Para listar as músicas de exemplo, use o comando /musicas.')
return
elif SERIAL_COMMAND_PATTERN.match(msg['text']):
for i in range(100):
if arduino.setup_serial():
bot.sendMessage(user.id, 'Serial reconfigurada.')
break
else:
bot.sendMessage(user.id, 'Não foi possível reconfigurar a serial.')
return
if current_user is not None and user.id == current_user.id:
process_message(msg, current_user)
else:
# Verifica se o comando é de enfileirar
if QUEUE_COMMAND_PATTERN.match(msg['text']):
if enqueue_user(user):
if len(user_queue) == 1 and current_user is None:
shift_users()
else:
bot.sendMessage(user.id, 'Você foi adicionado à fila. '
'Aguarde um instante, por favor.')
else:
bot.sendMessage(user.id, 'Você já está na fila.')
def add_customer(merchant_id, name, identify_id, phone, email, we_chat):
now = datetime.datetime.now()
values = {
'serial_num': phone
}
ref = user.create_user(values['serial_num'], '123456', '3', now)
values = {
'user_id': ref['id'],
'merchant_id': merchant_id,
'serial_num': phone,
'name': name,
'identify_id': identify_id,
'phone': phone,
'email': email,
'we_chat': we_chat
}
db.customer_create(values)
return True
def create_user_page():
form = forms.LoginForm()
if form.validate_on_submit():
username = request.form["username"]
password = request.form["password"]
type_ = request.form["type"]
hashed = hasher.hash(password)
new_user = usr.create_user(username, hashed, type_)
if new_user is None:
flash("Username exists")
else:
login_user(new_user)
current_m = current_app.config["current_m"]
next_page = request.args.get(
"next", url_for("home_page", current_m=current_m))
return redirect(next_page)
return render_template("create_user2.html", form=form)
def _register_user(self, name, ip):
"""Tries to register a user and sends a result page back to the client.
"""
# TODO Validate IP address
try:
new_user = user.create_user(name)
new_user.ip = ip
logging.info("Created user %s." % new_user)
message = "You have been successfully registered. Your user id is" \
" %s. Write this number down now! You may need it later" \
" to log in again." % new_user.id
html = registration_result.succeeded_html(message, new_user.id)
except user.InvalidNameError, e:
logging.error("Registration request contained an invalid name "
"(%s)." % e)
message = "Specified username is invalid (%s)." % e
html = registration_result.failed_html(message)
def create_webpage_lookup(user_id, webpage, lookup_id, filename, keywords,
datetime, articles):
# get a user object or create one
check_user = user.get_user(user_id)
if not check_user:
check_user = user.create_user(user_id)
# create a webpage object
webpage_id = web_page.put(webpage, filename)
webpage_lookup = {
"user": check_user,
"webpage": webpage_id,
"keywords": keywords,
"datetime": datetime,
"lookup_id": lookup_id,
"articles": articles
}
return db.webpage_lookup.insert_one(webpage_lookup)
def post_new_user():
"""
Posts new user
:return: json dict of new user initial info
:rtype: Request
:return: 4xx error with json error dict if missing key
or incorrect type given
"""
r = request.get_json()
try:
username = r["username"]
except KeyError as e:
logging.warning("Incorrect JSON input:{}".format(e))
err = {"error": "Incorrect JSON input"}
return jsonify(err), 400
if already_user(username):
u_vals = {"warning": "This user_name is already existed"}
else:
u_vals = create_user(username)
return jsonify(u_vals), 200
def register():
username = request.form.get("username")
pwd = request.form.get("pwd")
user.create_user(username, pwd)
return redirect("/index")
def fbconnect():
"""Facebook connect."""
if request.args.get("state") != login_session["state"]:
response = make_response(json.dumps("Invalid state parameter."), 401)
response.headers["Content-Type"] = "application/json"
return response
# Access token received (see access_token).
access_token = request.data
app_id = json.loads(open("fb_client_secrets.json", "r")
.read())["web"]["app_id"]
app_secret = json.loads(
open("fb_client_secrets.json", "r").read())["web"]["app_secret"]
url = ("https://graph.facebook.com/oauth/access_token?"
"grant_type=fb_exchange_token&client_id={}&client_secret={}"
"&fb_exchange_token={}").format(app_id, app_secret, access_token)
h = httplib2.Http()
result = h.request(url, "GET")[1]
# Use token to get user info from API.
# userinfo_url = "https://graph.facebook.com/v2.8/me"
"""
Due to the formatting for the result from the server token exchange we
have to split the token first on commas and select the first index which
gives us the key : value for the server access token then we split it on
colons to pull out the actual token value and replace the remaining quotes
with nothing so that it can be used directly in the graph api calls
"""
token = result.split(",")[0].split(":")[1].replace('"', "")
url = ("https://graph.facebook.com/v2.8/me?"
"access_token={}&fields=name,id,email").format(token)
h = httplib2.Http()
result = h.request(url, "GET")[1]
data = json.loads(result)
login_session["provider"] = "facebook"
login_session["username"] = data["name"]
login_session["email"] = data["email"]
login_session["facebook_id"] = data["id"]
# The token must be stored in the login_session in order to properly
# logout.
login_session["access_token"] = token
# Get user picture.
url = ("https://graph.facebook.com/v2.8/me/picture?"
"access_token={}&redirect=0&height=200&width=200").format(token)
h = httplib2.Http()
result = h.request(url, "GET")[1]
data = json.loads(result)
# See if user exists.
user_id = user.get_user_id(login_session["email"])
if not user_id:
user_id = user.create_user(login_session)
login_session["user_id"] = user_id
output = "<h1>Welcome, "
output += login_session["username"]
flash("Now logged in as {}.".format(login_session["username"]), "success")
return output
def add_user():
username = request.form.get("username")
pwd = request.form.get("pwd")
if username != "" and pwd != "":
user.create_user(username, pwd)
return redirect("/user_mgr")
def testCreateUser(self):
bob = create_user('bob')
assert isinstance(bob, User)
self.assertEquals(bob.name, 'bob')
import socketserver
import os, sys, json
from user import auth, create_user
sys.path.append(os.path.dirname(os.path.abspath(__file__)))
class Myserver(socketserver.BaseRequestHandler):
def handle(self):
userinfo_bytes = self.request.recv(1024)
userinfo = json.loads(userinfo_bytes.decode("utf-8"))
print(userinfo)
if auth(**userinfo):
self.request.send('连接成功'.encode("utf-8"))
else:
self.request.send('连接失败'.encode("utf-8"))
if __name__ == "__main__":
mysocket = socketserver.ThreadingTCPServer(('127.0.0.1', 9999), Myserver)
if not os.path.isfile(r"../conf/userlist"):
print("文件不存在,请创建用户")
create_user()
mysocket.serve_forever()
def fbconnect():
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
access_token = request.data
print "access token received %s " % access_token
app_id = json.loads(open('client_secrets_facebook.json', 'r').read())[
'web']['app_id']
app_secret = json.loads(
open('client_secrets_facebook.json', 'r').read())['web']['app_secret']
url = 'https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=%s&client_secret=%s&fb_exchange_token=%s' % (
app_id, app_secret, access_token)
h = httplib2.Http()
result = h.request(url, 'GET')[1]
# Use token to get user info from API
userinfo_url = "https://graph.facebook.com/v2.8/me"
'''
Due to the formatting for the result from the server token exchange we have to
split the token first on commas and select the first index which gives us the key : value
for the server access token then we split it on colons to pull out the actual token value
and replace the remaining quotes with nothing so that it can be used directly in the graph
api calls
'''
token = result.split(',')[0].split(':')[1].replace('"', '')
url = 'https://graph.facebook.com/v2.8/me?access_token=%s&fields=name,id,email' % token
h = httplib2.Http()
result = h.request(url, 'GET')[1]
# print "url sent for API access:%s"% url
# print "API JSON result: %s" % result
data = json.loads(result)
login_session['provider'] = 'facebook'
login_session['username'] = data["name"]
login_session['email'] = data["email"]
login_session['facebook_id'] = data["id"]
# The token must be stored in the login_session in order to properly logout
login_session['access_token'] = token
# Get user picture
url = 'https://graph.facebook.com/v2.8/me/picture?access_token=%s&redirect=0&height=200&width=200' % token
h = httplib2.Http()
result = h.request(url, 'GET')[1]
data = json.loads(result)
login_session['picture'] = data["data"]["url"]
# see if user exists
user_id = get_user_id(login_session['email'])
if not user_id:
user_id = create_user(login_session)
login_session['user_id'] = user_id
output = ''
output += '<h1>Welcome, '
output += login_session['username']
output += '!</h1>'
output += '<img src="'
output += login_session['picture']
output += ' " style = "width: 300px; height: 300px;border-radius: 150px;-webkit-border-radius: 150px;-moz-border-radius: 150px;"> '
flash("Now logged in as %s" % login_session['username'])
return output
def test_create_user_no_arguments(self):
"""Attempt to create an user, but fail if not nullable arguments are missing."""
with self.assertRaises(TypeError):
create_user()
def gconnect():
# Validate state token
if request.args.get('state') != login_session['state']:
response = make_response(json.dumps('Invalid state parameter.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets(GOOGLE_CLIENT_SECRET, scope='')
oauth_flow.redirect_uri = 'postmessage'
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
json.dumps('Failed to upgrade the authorization code.'), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = ('https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=%s'
% access_token)
h = httplib2.Http()
result = json.loads(h.request(url, 'GET')[1])
# If there was an error in the access token info, abort.
if result.get('error') is not None:
response = make_response(json.dumps(result.get('error')), 500)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is used for the intended user.
gplus_id = credentials.id_token['sub']
if result['user_id'] != gplus_id:
response = make_response(
json.dumps("Token's user ID doesn't match given user ID."), 401)
response.headers['Content-Type'] = 'application/json'
return response
# Verify that the access token is valid for this app.
if result['issued_to'] != GOOGLE_CLIENT_ID:
response = make_response(
json.dumps("Token's client ID does not match app's."), 401)
print "Token's client ID does not match app's."
response.headers['Content-Type'] = 'application/json'
return response
stored_access_token = login_session.get('access_token')
stored_gplus_id = login_session.get('gplus_id')
if stored_access_token is not None and gplus_id == stored_gplus_id:
response = make_response(json.dumps('Current user is already connected.'),
200)
response.headers['Content-Type'] = 'application/json'
return response
# Store the access token in the session for later use.
login_session['access_token'] = credentials.access_token
login_session['gplus_id'] = gplus_id
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {'access_token': credentials.access_token, 'alt': 'json'}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
login_session['username'] = data['name']
login_session['picture'] = data['picture']
login_session['email'] = data['email']
# ADD PROVIDER TO LOGIN SESSION
login_session['provider'] = 'google'
# see if user exists, if it doesn't make a new one
user_id = get_user_id(data["email"])
if not user_id:
user_id = create_user(login_session)
login_session['user_id'] = user_id
output = ''
output += '<h1>Welcome, '
output += login_session['username']
output += '!</h1>'
output += '<img src="'
output += login_session['picture']
output += ' " style = "width: 300px; height: 300px;border-radius: 150px;-webkit-border-radius: 150px;-moz-border-radius: 150px;"> '
flash("you are now logged in as %s" % login_session['username'])
print "done!"
return output
def gconnect():
"""Google connect."""
# Validate state token
if request.args.get("state") != login_session["state"]:
response = make_response(json.dumps("Invalid state parameter."), 401)
response.headers["Content-Type"] = "application/json"
return response
# Obtain authorization code
code = request.data
try:
# Upgrade the authorization code into a credentials object
oauth_flow = flow_from_clientsecrets(GOOGLE_CLIENT_SECRET, scope="")
oauth_flow.redirect_uri = "postmessage"
credentials = oauth_flow.step2_exchange(code)
except FlowExchangeError:
response = make_response(
json.dumps("Failed to upgrade the authorization code."), 401)
response.headers["Content-Type"] = "application/json"
return response
# Check that the access token is valid.
access_token = credentials.access_token
url = ("https://www.googleapis.com/oauth2/v1/tokeninfo?"
"access_token={}").format(access_token)
h = httplib2.Http()
result = json.loads(h.request(url, "GET")[1])
# If there was an error in the access token info, abort.
if result.get("error") is not None:
response = make_response(json.dumps(result.get("error")), 500)
response.headers["Content-Type"] = "application/json"
return response
# Verify that the access token is used for the intended user.
gplus_id = credentials.id_token["sub"]
if result["user_id"] != gplus_id:
response = make_response(
json.dumps("Token's user ID doesn't match given user ID."), 401)
response.headers["Content-Type"] = "application/json"
return response
# Verify that the access token is valid for this app.
if result["issued_to"] != GOOGLE_CLIENT_ID:
response = make_response(
json.dumps("Token's client ID does not match app's."), 401)
response.headers["Content-Type"] = "application/json"
return response
stored_access_token = login_session.get("access_token")
stored_gplus_id = login_session.get("gplus_id")
if stored_access_token is not None and gplus_id == stored_gplus_id:
response = make_response(
json.dumps("Current user is already connected."), 200)
response.headers["Content-Type"] = "application/json"
return response
# Store the access token in the session for later use.
login_session["access_token"] = credentials.access_token
login_session["gplus_id"] = gplus_id
# Get user info
userinfo_url = "https://www.googleapis.com/oauth2/v1/userinfo"
params = {"access_token": credentials.access_token, "alt": "json"}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
login_session["username"] = data["name"]
login_session["picture"] = data["picture"]
login_session["email"] = data["email"]
# Add provider to login session.
login_session["provider"] = "google"
# See if user exists, if it doesn't make a new one.
user_id = user.get_user_id(data["email"])
if not user_id:
user_id = user.create_user(login_session)
login_session["user_id"] = user_id
output = "<h1>Welcome, "
output += login_session["username"]
output += "!</h1>"
output += '<img src="' + login_session["picture"] + '" '
output += 'style = "width: 300px; height: 300px; border-radius: 150px; '
output += '-webkit-border-radius: 150px; -moz-border-radius: 150px;"> '
flash(
"You are now logged in as {}.".format(login_session["username"]),
"success")
return output
