def auth_user():
""" auth endpoint """
data = validate_user(request.get_json())
if data['ok']:
data = data['data']
# user = mongo.db.users.find_one({'email': data['email']}, {"_id": 0})
LOG.debug(user)
if user and flask_bcrypt.check_password_hash(user['password'],
data['password']):
del user['password']
access_token = create_access_token(identity=data)
refresh_token = create_refresh_token(identity=data)
user['token'] = access_token
user['refresh'] = refresh_token
return jsonify({'ok': True, 'data': user}), 200
else:
return jsonify({
'ok': False,
'message': 'invalid username or password'
}), 401
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def post(self,path):
self.head()
if not user.validate_user(self):
self.response.write(json.dumps({"_error": "Invalid email or password"}));
else:
# get user's state associated with path
q = db.GqlQuery("SELECT * from State WHERE stype = 'page' and email = :1 and path = :2",
self.request._email,path)
state_entity = q.get()
# if new state is supplied, update/insert user's state entry for this path
new_state = self.request.params.get('state',None)
if not new_state is None:
# check the answers, annotate state
new_state = check_answers(path,new_state)
if state_entity is None:
state_entity = State(parent = self.request._user, # user is parent of State entity
email = self.request._email,
stype = 'page',
path = path)
state_entity.state = new_state
state_entity.timestamp = datetime.datetime.utcnow()
state_entity.put()
#logging.debug('user:%s, path:%s, new_state:%s'% (self.request._email,path,new_state))
# response with saved state
self.response.write('{}' if state_entity is None else state_entity.state);
def post(self, path):
self.head()
self.response.headers['Content-Type'] = 'text/html'
if not user.validate_user(self):
message = ''
if len(self.request.get('_user')) > 0:
message = 'Invalid username or password'
# give a user a form to sign in
path = os.path.join(os.path.dirname(__file__),
'templates/login.html')
self.response.write(
template.render(path, {
'url': self.request.url,
'message': message
}))
return
u = self.request._user
template_file = 'templates/records.html'
template_info = {
'url': self.request.url,
'name': u.first_name + ' ' + u.last_name,
'email': u.email,
'scores': grades.scores(u.email),
}
if u.status == 'staff':
template_file = 'templates/records_staff.html'
template_info['user_list'] = user.user_list()
path = os.path.join(os.path.dirname(__file__), template_file)
self.response.write(template.render(path, template_info))
def post(self,path):
self.head()
self.response.headers['Content-Type'] = 'text/html'
if not user.validate_user(self):
message = ''
if len(self.request.get('_user')) > 0:
message = 'Invalid username or password'
# give a user a form to sign in
path = os.path.join(os.path.dirname(__file__), 'templates/login.html')
self.response.write(template.render(path,{'url': self.request.url,'message':message}))
return
u = self.request._user
template_file = 'templates/records.html'
template_info = {
'url': self.request.url,
'name': u.first_name + ' ' + u.last_name,
'email': u.email,
'scores': grades.scores(u.email),
}
if u.status == 'staff':
template_file = 'templates/records_staff.html'
template_info['user_list'] = user.user_list()
path = os.path.join(os.path.dirname(__file__), template_file)
self.response.write(template.render(path,template_info))
def login():
params = request.args if request.method == 'GET' else request.form
username = params.get('username', '')
password = params.get('password', '')
if user.validate_user(username, password):
return redirect('/users/')
else:
return render_template('login.html',
username=username,
error=u'用户名或密码错误')
def commituser():
adduser = request.form.get('adduser')
addage = request.form.get('addage')
addpassword = request.form.get('password')
if user.validate_user(adduser,addage,addpassword): #外部模块user.validate_user判断用户信息True执行
user.add_user(adduser,addage,addpassword)
return redirect('/users/')
else: # 检查不通过 提示信息
return render_template('adduser.html',user='******')
def delete(self, **kwargs):
playlist = models.Playlist.getPlaylistFromURL(kwargs)
if not playlist:
return self.returnJSON(None, code=404)
user = validate_user(self.request)
if not user or user.key != playlist.key.parent():
return self.returnJSON({"msg": "User Validation Failed"}, code=401)
self.deletePlaylist(playlist)
def login():
params = request.args if request.method == 'GET' else request.form
username=params.get('username', '')
password=params.get('password','')
if user.validate_user(username, password):
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)
session['username']=username
return redirect('/users/')
else:
return render_template('login.html',username=username,error=u'用户名或密码错误')
def delete(self, **kwargs):
playlist = models.Playlist.getPlaylistFromURL(kwargs)
if not playlist:
return self.returnJSON(None, code=404)
user = validate_user(self.request)
if not user or user.key != playlist.key.parent():
return self.returnJSON({"msg": "User Validation Failed"}, code=401)
self.deletePlaylist(playlist)
def post(self):
user = validate_user(self.request)
if not user:
return self.returnJSON({"msg": "User Validation Failed"}, code=401)
# create playlist from post request
if 'title' not in self.request.POST or not self.request.POST['title']:
return self.returnJSON(None, code=400)
key = models.Playlist.createAndStore(self.request.POST, user)
return self.returnJSON(json.dumps({'url':models.Playlist.keyForLinkFromKey(key),
'json':models.Playlist.jsonLinkfromKey(key)}), code=201)
def login():
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
id = validate_user(username, password)
if id:
user = User(id)
login_user(user)
return render_template('index.html')
else:
return "WRONG CREDENTIALS MAI FREND"
else:
return render_template('login.html')
def login():
params = request.args if request.method == 'GET' else request.form
username = params.get('username', '')
password = params.get('password', '')
if user.validate_user(username, password):
session.permanent = True
app.permanent_session_lifetime = timedelta(minutes=5)
session['username'] = username
return redirect('/users/')
else:
return render_template('login.html',
username=username,
error=u'用户名或密码错误')
def get(self, **kwargs):
if models.Playlist.__name__ in kwargs:
plist = models.Playlist.getPlaylistFromURL(kwargs)
if not plist:
return self.returnJSON(None, code=404)
if plist.isPublic:
return self.returnJSON(plist.json())
else:
user = validate_user(self.request)
if not user or user.key != plist.key.parent():
return self.returnJSON({"msg": "User Validation Failed"}, code=401)
else:
return self.returnJSON(plist.json())
def put(self, **kwargs):
snpt = models.Snippet.getSnippetFromURL(kwargs)
if not snpt:
return self.returnJSON(None, code=404)
#print "SNPT PARENT >>> ", snpt.key.parent().parent()
user = validate_user(self.request)
if not user or user.key != snpt.key.parent().parent():
return self.returnJSON({"msg": "User Validation Failed"}, code=401)
#update record
snpt.populate(**models.getPopulateDictionary(models.Snippet, self.request.POST.items()))
snpt.put()
return self.returnJSON(json.dumps({"url":self.request.path, "snippet":json.loads(snpt.json())}), code=200, message="snippet updated")
def post(self, token):
self.head()
self.response.headers['Content-Type'] = 'text/html'
if not user.validate_user(
self) or self.request._user.status != 'staff':
self.response.write('Only staff members can submit scores.')
return
email = self.request.get('email').strip()
assignment = self.request.get('assignment').strip()
action = self.request.get('action').strip()
value = self.request.get('value').strip()
notes = self.request.get('notes').strip()
logging.info('email: ' + email)
message = ''
u = user.find_user(None, email=email)
if len(action) != 0:
if u is None:
message = "User %s doesn't exist." % email
else:
score = Score(subject=course.subject,
email=email,
submitter=self.request._email,
assignment=assignment,
action=action,
value=value,
notes=notes)
score.put()
# display a form for editing user info
template_file = 'templates/submit_score.html'
template_info = {
'url':
self.request.url.split('?')[0], # strip argument(s), if any
'status_url':
self.request.url[:self.request.url.find('/grades/submit_score')],
'message':
message,
'user':
u,
'assignments':
course.assignments,
'actions':
get_scores(email),
}
path = os.path.join(os.path.dirname(__file__), template_file)
self.response.write(template.render(path, template_info))
def get(self, **kwargs):
playlist = models.Playlist.getPlaylistFromURL(kwargs)
if not playlist:
return self.returnJSON(None, code=404)
if playlist.isPublic:
return self.getPlaylist(playlist)
user = validate_user(self.request)
if not user or user.key != playlist.key.parent():
self.response.set_status(401)
self.response.write("<h1>Unauthorized Access</h1>")
return
self.getPlaylist(playlist)
def delete(self, **kwargs):
snpt = models.Snippet.getSnippetFromURL(kwargs)
if not snpt:
return self.returnJSON(None, code=404)
plist = snpt.key.parent().get()
user = validate_user(self.request)
if not user or user.key != plist.key.parent():
return self.returnJSON({"msg": "User Validation Failed"}, code=401)
if snpt.key in plist.snippetKeys:
plist.snippetKeys.remove(snpt.key)
plist.put()
snpt.key.delete()
return self.returnJSON(None, code=202, message="Snippet deleted")
def get(self, **kwargs):
playlist = models.Playlist.getPlaylistFromURL(kwargs)
if not playlist:
return self.returnJSON(None, code=404)
if playlist.isPublic:
return self.getPlaylist(playlist)
user = validate_user(self.request)
if not user or user.key != playlist.key.parent():
self.response.set_status(401)
self.response.write("<h1>Unauthorized Access</h1>")
return
self.getPlaylist(playlist)
def register():
""" register user endpoint """
data = validate_user(request.get_json())
if data['ok']:
data = data['data']
data['password'] = flask_bcrypt.generate_password_hash(
data['password'])
# mongo.db.users.insert_one(data)
return jsonify({
'ok': True,
'message': 'User created successfully!'
}), 200
else:
return jsonify({
'ok':
False,
'message':
'Bad request parameters: {}'.format(data['message'])
}), 400
def post(self,token):
self.head()
self.response.headers['Content-Type'] = 'text/html'
if not user.validate_user(self) or self.request._user.status != 'staff':
self.response.write('Only staff members can submit scores.')
return
email = self.request.get('email').strip()
assignment = self.request.get('assignment').strip()
action = self.request.get('action').strip()
value = self.request.get('value').strip()
notes = self.request.get('notes').strip()
logging.info('email: '+email)
message = ''
u = user.find_user(None,email=email)
if len(action) != 0:
if u is None:
message = "User %s doesn't exist." % email
else:
score = Score(subject = course.subject,
email = email,
submitter = self.request._email,
assignment = assignment,
action = action,
value = value,
notes = notes)
score.put()
# display a form for editing user info
template_file = 'templates/submit_score.html'
template_info = {
'url': self.request.url.split('?')[0], # strip argument(s), if any
'status_url': self.request.url[:self.request.url.find('/grades/submit_score')],
'message': message,
'user': u,
'assignments': course.assignments,
'actions': get_scores(email),
}
path = os.path.join(os.path.dirname(__file__), template_file)
self.response.write(template.render(path,template_info))
def get(self):
user = validate_user(self.request)
if not user or "public" in self.request.GET:
return self.returnJSON(json.dumps(models.Playlist.get_public_playlists()))
else:
return self.returnJSON(json.dumps(models.Playlist.get_users_playlists(user)))
def post(self,path):
self.head()
if not user.validate_user(self):
self.response.write(json.dumps({"_error": "Invalid email or password"}));
else:
# dispatch on action
action = self.request.params.get('action',None)
# autosave -- save contents in 'autosave' record
if action == 'autosave':
contents = self.request.params.get('contents',None)
if contents is None:
self.response.write(json.dumps({"_error": "No contents specified in autosave request"}))
else:
self.put_record(self.get_record(path,'autosave'),contents)
self.response.write('{}');
# load -- return contents of 'file', 'autosave' and 'backup' records
elif action == 'load':
#logging.debug("%s, %s" % (self.request._user,path))
file = self.find_record(path,'file')
if file is None:
self.response.write(json.dumps({"_error": "File not found on load: "+path}));
else:
# return dict holding 'file', 'autosave' and 'backup' contents
result = {'file': file.state}
file = self.find_record(path,'autosave')
if file: result['autosave'] = file.state
file = self.find_record(path,'backup')
if file: result['backup'] = file.state
self.response.write(json.dumps(result))
# save -- save contents in 'save' record, putting old contents in 'backup'
# delete 'autosave' record, if any
elif action == 'save':
contents = self.request.params.get('contents',None)
if contents is None:
self.response.write(json.dumps({"_error": "No contents specified in save request"}))
else:
self.save_file(path,contents)
self.response.write('{}')
# folder -- create new folder
elif action == 'folder':
self.save_file(path,'')
self.response.write('{}')
# list -- list of user's files
elif action == 'list':
q = db.GqlQuery("SELECT path from State WHERE email = :1 and stype = 'file'",
self.request._email)
flist = [s.path for s in q.run(batch_size=1000)]
self.response.write(json.dumps({"list": flist}))
# delete -- remove all records with specified path prefix
elif action == 'delete':
# look up all the user's files
q = db.GqlQuery("SELECT * from State WHERE email = :1 and stype = 'file'",
self.request._email)
# run through user's files looking for path prefix
found = False
for file in q.run(batch_size=1000):
if file.path.startswith(path):
victim = file.path
db.delete(file)
found = True
# delete 'backup' and 'autosave' records, if any
file = self.find_record(victim,'backup')
if file: db.delete(file)
file = self.find_record(victim,'autosave')
if file: db.delete(file)
if not found:
self.response.write(json.dumps({"_error": "File not found on delete: "+path}))
else:
self.response.write('{}')
# rename -- change path on 'file', 'autosave' and 'backup' records
elif action == 'rename':
file = self.find_record(path,'file')
if file:
newpath = self.request.params.get('path',None)
if newpath is None:
self.response.write(json.dumps({"_error": "No path specified on rename"}))
else:
newfile = self.find_record(newpath,'file')
if newfile:
self.response.write(json.dumps({"_error": "File already exists: "+newpath}))
else:
# rename file by changing the path field, don't update timestamp
file.path = newpath
file.put()
# rename backup and autosave records too
file = self.find_record(path,'backup')
if file:
file.path = newpath
file.put()
file = self.find_record(path,'autosave')
if file:
file.path = newpath
file.put()
self.response.write('{}')
else:
self.response.write(json.dumps({"_error": "File not found on rename: "+path}))
# zip -- return a zip file containing all the user's files
elif action == 'zip':
result = io.BytesIO()
zip = zipfile.ZipFile(result,'a') # append new archive to empty file
# each each user file to the archive
q = db.GqlQuery("SELECT * from State WHERE email = :1 and stype = 'file'",
self.request._email)
for file in q.run(batch_size=1000):
# set up correct info for archive member
info = zipfile.ZipInfo(filename=file.path)
info.date_time = (file.timestamp.year,
file.timestamp.month,
file.timestamp.day,
file.timestamp.hour,
file.timestamp.minute,
file.timestamp.second)
info.create_system = 0 # fix for Linux zip files read in windows
zip.writestr(info,bytes(file.state))
zip.close()
self.response.headers['Content-Type'] = 'application/x-zip-compressed'
self.response.headers['Content-Disposition'] = 'attachment; filename=computation_structures.zip'
self.response.write(result.getvalue())
# upload -- upload a file
elif action == 'upload':
if len(self.request.get('upload')) > 0:
userfile = self.request.POST.multi['userfile']
if os.path.splitext(userfile.filename)[1] == '.zip':
# user uploaded a .zip file
zip = zipfile.ZipFile(StringIO(userfile.file.read()))
for info in zip.infolist():
timestamp = datetime.datetime(*info.date_time)
self.save_file(info.filename,zip.read(info),timestamp=timestamp)
else:
# user uploaded a single file
path = os.path.basename(userfile.filename)
self.save_file(path,userfile.file.read())
# give a user a form to submit their file
path = os.path.join(os.path.dirname(__file__), 'templates/upload.html')
self.response.headers['Content-Type'] = 'text/html'
self.response.write(template.render(path,{'url': self.request.url}))
else:
self.response.write(json.dumps({"_error": "Unrecognized file action: "+str(action)}))
