In [1]:
!pip install flask_marshmallow flask_sqlalchemy
!pip install marshmallow marshmallow-sqlalchemy

Collecting flask_marshmallow
  Using cached flask_marshmallow-1.2.1-py3-none-any.whl.metadata (5.2 kB)
Collecting flask_sqlalchemy
  Using cached flask_sqlalchemy-3.1.1-py3-none-any.whl.metadata (3.4 kB)
Collecting marshmallow>=3.0.0 (from flask_marshmallow)
  Using cached marshmallow-3.23.1-py3-none-any.whl.metadata (7.5 kB)
Using cached flask_marshmallow-1.2.1-py3-none-any.whl (12 kB)
Using cached flask_sqlalchemy-3.1.1-py3-none-any.whl (25 kB)
Using cached marshmallow-3.23.1-py3-none-any.whl (49 kB)
Installing collected packages: marshmallow, flask_sqlalchemy, flask_marshmallow
Successfully installed flask_marshmallow-1.2.1 flask_sqlalchemy-3.1.1 marshmallow-3.23.1
Collecting marshmallow-sqlalchemy
  Using cached marshmallow_sqlalchemy-1.1.0-py3-none-any.whl.metadata (6.3 kB)
Using cached marshmallow_sqlalchemy-1.1.0-py3-none-any.whl (14 kB)
Installing collected packages: marshmallow-sqlalchemy
Successfully installed marshmallow-sqlalchemy-1.1.0


In [None]:
from flask import Flask, request, jsonify
from flask_sqlalchemy import SQLAlchemy
from marshmallow import Schema, fields, validate, ValidationError
from werkzeug.security import generate_password_hash, check_password_hash
import threading

app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///users.db'
app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False
db = SQLAlchemy(app)

class User(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    username = db.Column(db.String(80), unique=True, nullable=False)
    password = db.Column(db.String(120), nullable=False)

class UserSchema(Schema):
    id = fields.Int(dump_only=True)
    username = fields.Str(required=True, validate=validate.Length(min=1, max=80))
    password = fields.Str(required=True, validate=validate.Length(min=6))

user_schema = UserSchema()
users_schema = UserSchema(many=True)

with app.app_context():
    db.create_all()

@app.route('/')
def home():
    return "Welcome to the Security Testing Demo!"

@app.route('/users', methods=['GET'])
def get_users():
    try:
        users = User.query.all()
        result =  users_schema.dump(users)
        return jsonify(result)
    except Exception as e:
        return jsonify({"message": "An error occurred while fetching users", "error": str(e)}), 500


@app.route('/user/<int:id>', methods=['GET'])
def get_user(id):
    user = User.query.get(id)
    if user:
      result = user_schema.dump(user)
      return jsonify(result)
    return jsonify({"message": "User not found"}), 404

@app.route('/user', methods=['POST'])
def add_user():
    data = request.get_json()
    errors = user_schema.validate(data)
    if errors:
        return jsonify(errors), 400

    hashed_password = generate_password_hash(data['password'])
    new_user = User(username=data['username'], password=hashed_password)
    db.session.add(new_user)
    db.session.commit()
    return jsonify({"message": "User added successfully"}), 201

@app.route('/user/<int:id>', methods=['PUT'])
def update_user(id):
    data = request.get_json()
    errors = user_schema.validate(data)
    if errors:
        return jsonify(errors), 400

    user = User.query.get(id)
    if user:
        user.username = data['username']
        user.password = generate_password_hash(data['password'])
        db.session.commit()
        return jsonify({"message": "User updated successfully"})
    return jsonify({"message": "User not found"}), 404

@app.route('/user/<int:id>', methods=['DELETE'])
def delete_user(id):
    user = User.query.get(id)
    if user:
        db.session.delete(user)
        db.session.commit()
        return jsonify({"message": "User deleted successfully"})
    return jsonify({"message": "User not found"}), 404

threading.Thread(target=app.run, kwargs={'host':'0.0.0.0','port':6000}).start()


 * Serving Flask app '__main__'
 * Debug mode: off


 * Running on all addresses (0.0.0.0)
 * Running on http://127.0.0.1:6000
 * Running on http://192.168.4.43:6000
[33mPress CTRL+C to quit[0m
  user = User.query.get(id)
127.0.0.1 - - [13/Nov/2024 15:45:35] "[33mPUT /user/1 HTTP/1.1[0m" 404 -
  user = User.query.get(id)
127.0.0.1 - - [13/Nov/2024 15:45:48] "[33mGET /user/1 HTTP/1.1[0m" 404 -
127.0.0.1 - - [13/Nov/2024 15:46:13] "[35m[1mPOST /user HTTP/1.1[0m" 201 -
  user = User.query.get(id)
127.0.0.1 - - [13/Nov/2024 15:46:25] "PUT /user/1 HTTP/1.1" 200 -
127.0.0.1 - - [13/Nov/2024 15:46:37] "GET /users HTTP/1.1" 200 -
  user = User.query.get(id)
127.0.0.1 - - [13/Nov/2024 15:46:41] "GET /user/1 HTTP/1.1" 200 -
  user = User.query.get(id)
127.0.0.1 - - [13/Nov/2024 15:46:46] "DELETE /user/1 HTTP/1.1" 200 -


In [11]:
!curl -X POST http://localhost:6000/user -H "Content-Type: application/json" -d '{"username":"testuser","password":"securepassword"}'

{"message":"User added successfully"}


In [14]:
!curl -X GET http://localhost:6000/users

[{"id":1,"password":"scrypt:32768:8:1$m6HYsAo4pNjRagD6$28e3d41c63a6655bb0f57ef8fa7a6750e30b4f08fbde3b6376436923e6cf7d4c8989f9083024ead130145d41bf667fe85729dc8c451a377e317177c146e0f7d1","username":"testuser"}]


In [15]:
!curl -X GET http://localhost:6000/user/1

{"id":1,"password":"scrypt:32768:8:1$m6HYsAo4pNjRagD6$28e3d41c63a6655bb0f57ef8fa7a6750e30b4f08fbde3b6376436923e6cf7d4c8989f9083024ead130145d41bf667fe85729dc8c451a377e317177c146e0f7d1","username":"testuser"}


In [12]:
!curl -X PUT http://localhost:6000/user/1 -H "Content-Type: application/json" -d '{"username":"testuser","password":"newsecurepassword"}'

{"message":"User updated successfully"}


In [16]:
!curl -X DELETE http://localhost:6000/user/1

{"message":"User deleted successfully"}
