File tree Expand file tree Collapse file tree 3 files changed +66
-0
lines changed
testing/vulnerable_app/views Expand file tree Collapse file tree 3 files changed +66
-0
lines changed Original file line number Diff line number Diff line change 55 'location' ,
66 'sequence' ,
77 'types' ,
8+ 'user' ,
89]
Original file line number Diff line number Diff line change 1+ from flask_restplus import fields
2+
3+ from ...core .extensions import api
4+
5+
6+ user_model = api .model (
7+ 'User' ,
8+
9+ # Additional keys are supported. The library just needs something to
10+ # label the object returned, otherwise, the response will just be `None`.
11+ # NOTE: In addition, this dictionary cannot be empty.
12+ {
13+ 'user_id' : fields .Integer (required = True ),
14+ },
15+ )
Original file line number Diff line number Diff line change 1+ """
2+ Mainly used for setup.
3+ """
4+ import random
5+ import string
6+
7+ from flask_restplus import Resource
8+
9+ from ..core import database
10+ from ..core .auth import requires_user
11+ from ..core .extensions import api
12+ from ..models .api_key import ApiKey
13+ from ..util import get_name
14+ from .models .database import user_model
15+
16+
17+ ns = api .namespace (
18+ get_name (__name__ ),
19+ url_prefix = '/{}' .format (get_name (__name__ )),
20+ )
21+
22+
23+ @ns .route ('/create' )
24+ class CreateUser (Resource ):
25+ @api .response (200 , 'Success' , model = str )
26+ def post (self ):
27+ api_key = random_string (20 )
28+ with database .connection () as session :
29+ entry = ApiKey (api_key = api_key )
30+
31+ session .add (entry )
32+ session .commit ()
33+
34+ return api_key
35+
36+
37+ @ns .route ('/' )
38+ class GetUser (Resource ):
39+ @api .doc (security = 'apikey' )
40+ @api .response (200 , 'Success' , model = user_model )
41+ @requires_user
42+ def get (self , user ):
43+ return {
44+ 'user_id' : user .id ,
45+ ** user .to_dict (),
46+ }
47+
48+
49+ def random_string (k = 8 ):
50+ return '' .join (random .choice (string .ascii_letters + string .digits ) for _ in range (k ))
You can’t perform that action at this time.
0 commit comments