Staging

.coveragerc

@@ -0,0 +1,6 @@
+[report]
+omit =
+    tests/*
+    config.py
+    manage.py
+    models.py

.gitignore

@@ -4,5 +4,7 @@
 .env
 .secret_key
 npm-debug.log
+
 .coverage
 .cache
+coverage.xml

Procfile

@@ -1,2 +1,2 @@
-web: python manage.py db upgrade && gunicorn cal:app --log-file -
+web: python manage.py db upgrade && gunicorn -w 4 cal:app --log-file -
 dev: python manage.py db upgrade && python manage.py runserver

cal.py

@@ -15,6 +15,7 @@
 login_manager.init_app(app)
 oauth.init_app(app)
 
+app.register_blueprint(views.api.blueprint, url_prefix='/api')
 app.register_blueprint(views.base.blueprint)
 app.register_blueprint(views.events.blueprint, url_prefix='/events')
 app.register_blueprint(views.oauth.blueprint, url_prefix='/oauth')

config.py

@@ -22,6 +22,9 @@ def __init__(self, app_root=None, testing=False):
         self.SQLALCHEMY_TRACK_MODIFICATIONS = False
         self.TEMPLATES_AUTO_RELOAD = True
 
+        self.MAILGUN_DOMAIN = os.getenv('MAILGUN_DOMAIN', '')
+        self.MAILGUN_API_KEY = os.getenv('MAILGUN_API_KEY', '')
+
         if testing:
             self.TESTING = True
             self.WTF_CSRF_ENABLED = False

forms.py

@@ -4,59 +4,103 @@
 from wtforms.fields import *
 from wtforms.validators import *
 from wtforms.widgets import TextArea
+from wtforms_components import read_only
 
 import util
 from models import User
 
 
 class LoginForm(Form):
-    identifier = StringField('Username', validators=[InputRequired()])
-    password = PasswordField('Password', validators=[InputRequired()])
+    identifier = StringField("Username", validators=[InputRequired()])
+    password = PasswordField("Password", validators=[InputRequired()])
 
     def get_user(self, identifier=None):
         return User.get_by_identifier(identifier or self.identifier.data)
 
     def validate_identifier(self, field):
         if self.get_user(field.data) is None:
-            raise ValidationError('Invalid identifier')
+            raise ValidationError("Invalid identifier")
 
     def validate_password(self, field):
         user = self.get_user(self.identifier.data)
         if not user:
             return
         if not user.check_password(field.data):
-            raise ValidationError('Invalid password')
+            raise ValidationError("Invalid password")
 
 
 class RegisterForm(Form):
-    email = StringField('Email', validators=[InputRequired()])
-    username = StringField('Username', validators=[InputRequired(), Length(min=4, max=16,
-                                                                           message='Username must be between 4 and 16 characters long.')])
-    password = PasswordField('Password', validators=[InputRequired(), Length(min=8, max=56,
-                                                                             message='Password must be between 8 and 56 characters long.')])
+    email = StringField("Email", validators=[InputRequired()])
+    username = StringField("Username", validators=[InputRequired(), Length(min=4, max=16, message="Username must be between 4 and 16 characters long.")])
+    password = PasswordField("Password", validators=[InputRequired(), Length(min=8, max=56, message="Password must be between 8 and 56 characters long.")])
+
+
+def validate_email(self, field):
+    if not util.validate_email_format(field.data):
+        raise ValidationError("Invalid email")
+    if User.query.filter(func.lower(User.email) == func.lower(field.data)).count():
+        raise ValidationError("Email taken!")
+
+
+def validate_username(self, field):
+    if not util.validate_username_format(field.data):
+        raise ValidationError("Invalid username")
+    if User.query.filter(func.lower(User.username) == func.lower(field.data)).count():
+        raise ValidationError("Username taken!")
+
+
+class PasswordForgotForm(Form):
+    email = StringField("Email", validators=[InputRequired()])
+
+    def __init__(self):
+        super(PasswordForgotForm, self).__init__()
+        self._user = None
+        self._user_cached = False
+
+    @property
+    def user(self):
+        if not self._user_cached:
+            self._user = User.query.filter(func.lower(User.email) == self.email.data.lower()).first()
+            self._user_cached = True
+        return self._user
 
     def validate_email(self, field):
         if not util.validate_email_format(field.data):
-            raise ValidationError('Invalid email')
-        if User.query.filter(func.lower(User.email) == func.lower(field.data)).count():
-            raise ValidationError('Email taken!')
+            raise ValidationError("Invalid email")
 
-    def validate_username(self, field):
-        if not util.validate_username_format(field.data):
-            raise ValidationError('Invalid username')
-        if User.query.filter(func.lower(User.username) == func.lower(field.data)).count():
-            raise ValidationError('Username taken!')
 
+class PasswordResetForm(Form):
+    password = PasswordField('New Password', validators=[InputRequired(), Length(min=8, max=56, message='Password must be between 8 and 56 characters long.')])
+    password_confirm = PasswordField('Confirm Password', validators=[InputRequired(), EqualTo('password', message='Passwords must match.')])
 
-class EventForm(Form):
+
+class EventCreateForm(Form):
     title = StringField('Title', validators=[InputRequired(), Length(max=256)])
-    start_time = IntegerField('Start Time (UNIX Time)', validators=[InputRequired(), NumberRange(min=0, max=2147483647,
-                                                                                     message='Start time must be between 0 and 2147483647!')])
-    duration = FloatField('Duration (Hours)', validators=[InputRequired(), NumberRange(min=0, max=2147483647,
-                                                                                       message='Duration must be between 0 and 2147483647!')])
+    start_time = IntegerField('Start Time', validators=[InputRequired(), NumberRange(min=0, max=2147483647, message='Start time must be between 0 and 2147483647!')])
+    duration = FloatField('Duration (hours)', validators=[InputRequired(), NumberRange(min=0, max=2147483647, message='Duration must be between 0 and 2147483647!')])
     description = StringField('Description', widget=TextArea(), validators=[InputRequired(), Length(max=1024)])
     link = StringField('Link', validators=[InputRequired(), Length(max=256)])
 
     def validate_link(self, field):
         if not any(field.data.startswith(prefix) for prefix in [u'http://', u'https://']):
             raise ValidationError('Invalid link')
+
+
+class EventManageForm(Form):
+    title = StringField('Title', validators=[InputRequired(), Length(max=256)])
+    start_time = IntegerField('Start Time', validators=[InputRequired(), NumberRange(min=0, max=2147483647, message='Start time must be between 0 and 2147483647!')])
+    duration = FloatField('Duration (hours)', validators=[InputRequired(), NumberRange(min=0, max=2147483647, message='Duration must be between 0 and 2147483647!')])
+    description = StringField('Description', widget=TextArea(), validators=[InputRequired(), Length(max=1024)])
+    link = StringField('Link', validators=[InputRequired(), Length(max=256)])
+    client_id = StringField('Client ID')
+    client_secret = StringField('Client Secret')
+    redirect_uris = StringField('Redirect URIs', widget=TextArea(), validators=[])
+
+    def __init__(self, *args, **kwargs):
+        super(EventManageForm, self).__init__(*args, **kwargs)
+        read_only(self.client_id)
+        read_only(self.client_secret)
+
+    def validate_link(self, field):
+        if not any(field.data.startswith(prefix) for prefix in [u'http://', u'https://']):
+            raise ValidationError('Invalid link')

migrations/versions/7905cec750a2_.py

@@ -0,0 +1,33 @@
+"""Add password reset fields.
+
+Revision ID: 7905cec750a2
+Revises: d25be15cb75d
+Create Date: 2016-09-04 00:53:58.969972
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = '7905cec750a2'
+down_revision = 'd25be15cb75d'
+
+import sqlalchemy as sa
+from alembic import op
+
+
+def upgrade():
+    ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('password_reset_tokens',
+                    sa.Column('id', sa.Integer(), nullable=False),
+                    sa.Column('active', sa.Boolean(), nullable=True),
+                    sa.Column('token', sa.String(length=16), nullable=True),
+                    sa.Column('email', sa.Unicode(length=128), nullable=True),
+                    sa.Column('expire', sa.DateTime(), nullable=True),
+                    sa.PrimaryKeyConstraint('id')
+                    )
+    ### end Alembic commands ###
+
+
+def downgrade():
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('password_reset_tokens')
+    ### end Alembic commands ###

migrations/versions/bf3dc65dd471_.py

@@ -0,0 +1,28 @@
+"""Add relationship to user to password reset token.
+
+Revision ID: bf3dc65dd471
+Revises: 7905cec750a2
+Create Date: 2016-09-05 12:38:07.126105
+
+"""
+
+# revision identifiers, used by Alembic.
+revision = 'bf3dc65dd471'
+down_revision = '7905cec750a2'
+
+import sqlalchemy as sa
+from alembic import op
+
+
+def upgrade():
+    ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('password_reset_tokens', sa.Column('user_id', sa.Integer(), nullable=True))
+    op.create_foreign_key('pwd_reset_token_user_id_fk', 'password_reset_tokens', 'users', ['user_id'], ['id'])
+    ### end Alembic commands ###
+
+
+def downgrade():
+    ### commands auto generated by Alembic - please adjust! ###
+    op.drop_constraint('pwd_reset_token_user_id_fk', 'password_reset_tokens', type_='foreignkey')
+    op.drop_column('password_reset_tokens', 'user_id')
+    ### end Alembic commands ###

models.py

@@ -1,5 +1,5 @@
+import time
 from datetime import datetime, timedelta
-from functools import partial
 
 from flask_login import current_user, LoginManager
 from flask_oauthlib.provider import OAuth2Provider
@@ -22,7 +22,7 @@ class User(db.Model):
     email = db.Column(db.Unicode(length=128), unique=True)
     _password = db.Column('password', db.String(length=60))  # password hash
     admin = db.Column(db.Boolean, default=False)
-    joined = db.Column(db.DateTime, default=datetime.utcnow)
+    _joined = db.Column('joined', db.DateTime, default=datetime.utcnow)
 
     def __eq__(self, other):
         if isinstance(other, User):
@@ -40,6 +40,10 @@ def __ne__(self, other):
     def __repr__(self):
         return '<User %r>' % self.username
 
+    @hybrid_property
+    def joined(self):
+        return int(time.mktime(self._joined.timetuple()))
+
     @property
     def is_active(self):
         return True
@@ -99,11 +103,11 @@ class Event(db.Model):
     removed = db.Column(db.Boolean, default=False)
 
     # OAuth2 stuff
-    client_id = db.Column(db.String(40), unique=True, default=partial(util.generate_string, 16))
-    client_secret = db.Column(db.String(55), unique=True, index=True, nullable=False, default=partial(util.generate_string, 32))
+    client_id = db.Column(db.String(40), unique=True, default=lambda: util.generate_string(16))
+    client_secret = db.Column(db.String(55), unique=True, index=True, nullable=False, default=lambda: util.generate_string(32))
     is_confidential = db.Column(db.Boolean, default=True)
     _redirect_uris = db.Column(db.Text)
-    _default_scopes = db.Column(db.Text)
+    _default_scopes = db.Column(db.Text, default='profile')
 
     @property
     def formatted_start_time(self):
@@ -125,16 +129,24 @@ def client_type(self):
 
     @property
     def redirect_uris(self):
+        'getting'
         if self._redirect_uris:
-            return self._redirect_uris.split()
+            return self._redirect_uris  # .split()
         return []
 
+    @redirect_uris.setter
+    def redirect_uris(self, value):
+        'setting'
+        self._redirect_uris = value
+        db.session.commit()
+
     @property
     def default_redirect_uri(self):
         return self.redirect_uris[0]
 
     @property
     def default_scopes(self):
+        return ["user"]
         if self._default_scopes:
             return self._default_scopes.split()
         return []
@@ -210,6 +222,21 @@ def scopes(self):
         return []
 
 
+class PasswordResetToken(db.Model):
+    __tablename__ = 'password_reset_tokens'
+    id = db.Column(db.Integer, primary_key=True)
+    user_id = db.Column(db.Integer, db.ForeignKey('users.id', name='pwd_reset_token_user_id_fk'))
+    user = db.relationship('User', backref=db.backref('password_reset_tokens', lazy='dynamic'), lazy='joined')
+    active = db.Column(db.Boolean)
+    token = db.Column(db.String(length=16), default=util.generate_string_of(16))
+    email = db.Column(db.Unicode(length=128))
+    expire = db.Column(db.DateTime)
+
+    @property
+    def expired(self):
+        return datetime.now() >= self.expire
+
+
 def get_current_user():
     if current_user:
         return current_user

requirements.txt

@@ -9,11 +9,14 @@ Flask-SQLAlchemy
 Flask-WTF
 gunicorn
 jinja2
+git+git://github.com/failedxyz/oauthlib.git@master#egg=oauthlib
 passlib
 pathlib
 psycopg2
 pymysql
 pytest
 python-dotenv
+requests
 sqlalchemy
 wtforms
+wtforms_components

static/css/calendar.css

@@ -1,3 +1,6 @@
+html, body {
+    font-family: "Product Sans", Arial, sans-serif;
+}
 
 #timeline #ctf_schedule {
     /* min-height: 400px; */

templates/base/index.html

@@ -42,12 +42,6 @@ <h2>{{ event.title }}</h2>
         </div>
     </div>
 
-    <script src="http://momentjs.com/downloads/moment.min.js"
-            integrity="sha384-ohw6o2vy/chIavW0iVsUoWaIPmAnF9VKjEMSusADB79PrE3CdeJhvR84BjcynjVl"
-            crossorigin="anonymous"></script>
-    <script src="https://cdn.rawgit.com/mattbradley/livestampjs/1.1.2/livestamp.min.js"
-            integrity="sha384-3w5S8eBXk/lb0z05Hu52Nal4FV5PNERXScY2BXGqwiaMURz8I5urTaOU6JMYodVi"
-            crossorigin="anonymous"></script>
     <script type="text/javascript" src="{{ url_for('static', filename='/js/dragscroll.js') }}"></script>
     <script type="text/javascript" src="{{ url_for('static', filename='/js/jquery.infinitescroll.min.js') }}"></script>
 {% endblock %}

templates/events/list.html

@@ -80,13 +80,13 @@
         </table>
     </div>
 
-    <p>
+    <center>
         {% if page_number == 1 %}Prev{% else %}
             <a href="{{ url_for('events.events_%s' % tab, page_number=page_number - 1) }}">Prev</a>{% endif %}
         / Page <b>{{ page_number }}</b> /
         {% if last_page %}Next{% else %}
             <a href="{{ url_for('events.events_%s' % tab, page_number=page_number + 1) }}">Next</a>{% endif %}
-    </p>
+    </center>
 
     <script type="text/javascript">
         $(document).ready(function () {