diff options
| -rw-r--r-- | wqflask/wqflask/database.py | 3 | ||||
| -rw-r--r-- | wqflask/wqflask/model.py | 32 | ||||
| -rw-r--r-- | wqflask/wqflask/templates/admin/user_manager.html | 14 | ||||
| -rw-r--r-- | wqflask/wqflask/templates/new_security/thank_you.html | 32 | ||||
| -rw-r--r-- | wqflask/wqflask/templates/new_security/verified.html | 32 | ||||
| -rw-r--r-- | wqflask/wqflask/user_manager.py | 36 | ||||
| -rw-r--r-- | wqflask/wqflask/views.py | 23 |
7 files changed, 137 insertions, 35 deletions
diff --git a/wqflask/wqflask/database.py b/wqflask/wqflask/database.py index 65ca7d0c..e55f06a7 100644 --- a/wqflask/wqflask/database.py +++ b/wqflask/wqflask/database.py @@ -19,7 +19,8 @@ def init_db(): # you will have to import them first before calling init_db() #import yourapplication.models import wqflask.model + print("Creating all..") Base.metadata.create_all(bind=engine) - + print("Done creating all...") init_db() \ No newline at end of file diff --git a/wqflask/wqflask/model.py b/wqflask/wqflask/model.py index a3cd63a5..8e7a823e 100644 --- a/wqflask/wqflask/model.py +++ b/wqflask/wqflask/model.py @@ -13,7 +13,7 @@ from wqflask import app from sqlalchemy import Column, Integer, String, Table, ForeignKey, Unicode, Boolean, DateTime, Text from sqlalchemy.orm import relationship, backref -from wqflask.database import Base +from wqflask.database import Base, init_db # Create database connection object #db = SQLAlchemy(app) @@ -50,13 +50,13 @@ from wqflask.database import Base class Role(Base): __tablename__ = "role" - the_id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4())) + id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4())) name = Column(Unicode(80), unique=True, nullable=False) description = Column(Unicode(255)) class User(Base): __tablename__ = "user" - the_id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4())) + id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4())) email_address = Column(Unicode(50), unique=True, nullable=False) # Todo: Turn on strict mode for Mysql @@ -65,18 +65,28 @@ class User(Base): full_name = Column(Unicode(50)) organization = Column(Unicode(50)) - active = Column(Boolean()) - confirmed_at = Column(DateTime()) + active = Column(Boolean(), nullable=False, default=True) - last_login_at = Column(DateTime()) - current_login_at = Column(DateTime()) - last_login_ip = Column(Unicode(39)) - current_login_ip = Column(Unicode(39)) - login_count = Column(Integer()) + registration_info = Column(Text) # json detailing when they were registered, etc. + + confirmed = Column(Text) # json detailing when they confirmed, etc. + + #last_login_at = Column(DateTime()) + #current_login_at = Column(DateTime()) + #last_login_ip = Column(Unicode(39)) + #current_login_ip = Column(Unicode(39)) + #login_count = Column(Integer()) #roles = relationship('Role', secondary=roles_users, # backref=backref('users', lazy='dynamic')) +class Login(Base): + __tablename__ = "login" + id = Column(Unicode(36), primary_key=True, default=lambda: unicode(uuid.uuid4())) + user = Column(Unicode(36), ForeignKey('user.id')) + timestamp = Column(DateTime()) + ip_address = Column(Unicode(39)) + # Setup Flask-Security #user_datastore = SQLAlchemyUserDatastore(db, User, Role) @@ -89,3 +99,5 @@ class User(Base): #user_datastore.create_role(name="Genentech", description="Genentech Beta Project(testing)") + + diff --git a/wqflask/wqflask/templates/admin/user_manager.html b/wqflask/wqflask/templates/admin/user_manager.html index 14cd12e0..1308ff4b 100644 --- a/wqflask/wqflask/templates/admin/user_manager.html +++ b/wqflask/wqflask/templates/admin/user_manager.html @@ -16,20 +16,20 @@ <table class="table table-hover"> <thead> <tr> - <th>ID</th> <th>Email</th> - <th>Confirmed at</th> + <th>Organization</th> <th>Active</th> + <th>Confirmed</th> </tr> </thead> {% for user in users %} <tr> - <td title="{{ user.__dict__ }}"> - <a href="{{ url_for('manage_user', user_id=user.id) }}">{{ user.id }}</a> + <td title="{{ user.id }}"> + <a href="{{ url_for('manage_user', user_id=user.id) }}">{{ user.email_address }}</a> </td> - <td>{{ user.email }}</td> - <td>{{ user.confirmed_at }}</td> - <td>{{ user.active }}</td> + <td>{{ user.organization }}</td> + <td>{{ 'Yes' if user.active else 'No' }}</td> + <td title="{{ user.confirmed }}">{{ 'True' if user.confirmed else 'False' }}</td> </tr> {% endfor %} </table> diff --git a/wqflask/wqflask/templates/new_security/thank_you.html b/wqflask/wqflask/templates/new_security/thank_you.html new file mode 100644 index 00000000..5aa11ebf --- /dev/null +++ b/wqflask/wqflask/templates/new_security/thank_you.html @@ -0,0 +1,32 @@ +{% extends "base.html" %} +{% block title %}Register{% endblock %} +{% block content %} + <header class="jumbotron subhead" id="overview"> + <div class="container"> + <h1>Thank you</h1> + <p class="lead"> + Thanks for verifying. + </p> + </div> + </header> + + <div class="container"> + <div class="page-header"> + <h1>All done</h1> + </div> + + <p>Enjoy using the site.</p> + + <p>Go to the <a href="{{ url_for("/") }}">homepage</a></p>. + </div> + +{% endblock %} + +{% block js %} + <!--<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>--> + + {% include "new_security/_scripts.html" %} + <script type="text/javascript" src="/static/new/js_external/zxcvbn/zxcvbn-async.js"></script> + <script type="text/javascript" src="/static/new/javascript/password_strength.js"></script> +{% endblock %} + diff --git a/wqflask/wqflask/templates/new_security/verified.html b/wqflask/wqflask/templates/new_security/verified.html new file mode 100644 index 00000000..97cb7807 --- /dev/null +++ b/wqflask/wqflask/templates/new_security/verified.html @@ -0,0 +1,32 @@ +{% extends "base.html" %} +{% block title %}Register{% endblock %} +{% block content %} + <header class="jumbotron subhead" id="overview"> + <div class="container"> + <h1>Thank you</h1> + <p class="lead"> + Thanks for verifying. + </p> + </div> + </header> + + <div class="container"> + <div class="page-header"> + <h3>You are done registering</h3> + </div> + + <p>Enjoy using the site.</p> + + <p>Go to the <a href="{{ url_for("index_page") }}">homepage</a></p>. + </div> + +{% endblock %} + +{% block js %} + <!--<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"></script>--> + + {% include "new_security/_scripts.html" %} + <script type="text/javascript" src="/static/new/js_external/zxcvbn/zxcvbn-async.js"></script> + <script type="text/javascript" src="/static/new/javascript/password_strength.js"></script> +{% endblock %} + diff --git a/wqflask/wqflask/user_manager.py b/wqflask/wqflask/user_manager.py index 159a0ffc..b967c86f 100644 --- a/wqflask/wqflask/user_manager.py +++ b/wqflask/wqflask/user_manager.py @@ -22,7 +22,7 @@ from redis import StrictRedis Redis = StrictRedis() -from flask import Flask, g, render_template, url_for +from flask import Flask, g, render_template, url_for, request from wqflask import app @@ -41,8 +41,11 @@ from utility import Bunch from base.data_set import create_datasets_list -#from app import db -print("globals are:", globals()) + + +def timestamp(): + return datetime.datetime.utcnow().isoformat() + class UsersManager(object): @@ -54,7 +57,7 @@ class UsersManager(object): class UserManager(object): def __init__(self, kw): - self.user_id = int(kw['user_id']) + self.user_id = kw['user_id'] print("In UserManager locals are:", pf(locals())) #self.user = model.User.get(user_id) #print("user is:", user) @@ -73,6 +76,7 @@ class UserManager(object): class RegisterUser(object): def __init__(self, kw): + self.thank_you_mode = False self.errors = [] self.user = Bunch() @@ -102,12 +106,16 @@ class RegisterUser(object): self.set_password(password) + self.user.registration_info = json.dumps(basic_info(), sort_keys=True) + self.new_user = model.User(**self.user.__dict__) db_session.add(self.new_user) db_session.commit() self.send_email_verification() + self.thank_you_mode = True + def set_password(self, password): pwfields = Bunch() @@ -122,7 +130,7 @@ class RegisterUser(object): pwfields.iterations = 100000 pwfields.keylength = 32 - pwfields.created_ts = datetime.datetime.utcnow().isoformat() + pwfields.created_ts = timestamp() # One more check on password length assert len(password) >= 6, "Password shouldn't be so short here" @@ -146,8 +154,8 @@ class RegisterUser(object): verification_code = str(uuid.uuid4()) key = "verification_code:" + verification_code - data = json.dumps(dict(the_id=self.new_user.the_id, - timestamp=datetime.datetime.utcnow().isoformat()) + data = json.dumps(dict(id=self.new_user.id, + timestamp=timestamp()) ) Redis.set(key, data) @@ -158,15 +166,25 @@ class RegisterUser(object): body = render_template("email/verification.txt", verification_code = verification_code) send_email(to, subject, body) - + + +def basic_info(): + return dict(timestamp = timestamp(), + ip_address = request.remote_addr, + user_agent = request.headers.get('User-Agent')) -def verify_email(request): +def verify_email(): print("in verify_email request.url is:", request.url) verify_url_hmac(request.url) verification_code = request.args['code'] data = Redis.get("verification_code:" + verification_code) data = json.loads(data) print("data is:", data) + user = model.User.query.get(data['id']) + user.confirmed = json.dumps(basic_info(), sort_keys=True) + db_session.commit() + + diff --git a/wqflask/wqflask/views.py b/wqflask/wqflask/views.py index b552e160..fe91e014 100644 --- a/wqflask/wqflask/views.py +++ b/wqflask/wqflask/views.py @@ -267,15 +267,20 @@ def sharing_info_page(): template_vars = SharingInfoPage.SharingInfoPage(fd) return template_vars -# Take this out or secure it before going into production +# Take this out or secure it before g[umlfoing into production @app.route("/get_temp_data") def get_temp_data(): temp_uuid = request.args['key'] return flask.jsonify(temp_data.TempData(temp_uuid).get_all()) -@app.route("/thank_you") -def thank_you(): - return render_template("security/thank_you.html") +#@app.route("/thank_you") +#def thank_you(): +# return render_template("security/thank_you.html") + +@app.route("/manage/verify") +def verify(): + user_manager.verify_email() + return render_template("new_security/verified.html") @app.route("/manage/users") def manage_users(): @@ -292,10 +297,7 @@ def manage_groups(): template_vars = user_manager.GroupsManager(request.args) return render_template("admin/group_manager.html", **template_vars.__dict__) -@app.route("/manage/verify") -def verify(): - user_manager.verify_email(request) - return "foo" + @app.route("/n/register", methods=('GET', 'POST')) @@ -310,6 +312,11 @@ def new_register(): print("Attempting to register the user...") result = user_manager.RegisterUser(params) errors = result.errors + + if result.thank_you_mode: + assert not errors, "Errors while in thank you mode? That seems wrong..." + return render_template("new_security/thank_you.html") + return render_template("new_security/register_user.html", values=params, errors=errors) #@app.route("/n/register_submit", methods=('POST',)) |