Beispiel #1
0
def send_email(username):
    if request.method == 'POST':
        mailaddr = apiDB.getEmail(username)
        print(username)
        print(mailaddr)
        mailkey = URLSafeTimedSerializer(
            'blowfish'
        )  #TODO move this to a secure position (encrypted perhaps)
        token = mailkey.dumps(username, salt='email-confirm')
        sendMail(
            'Verification Code', mailaddr,
            "<a href=http://127.0.0.1:3864/confirm_email/" + token +
            ">Follow this link for account activation</a>")
        apiLog.logInfo("Sent email verification to {}".format(mailaddr))
        return flask.jsonify(
            json.dumps({
                "Success": True,
                "Status": 'Sent verification code'
            })), 200
    else:
        apiLog.logError("Failed to send email verification")
        return flask.jsonify(
            json.dumps({
                "Success": False,
                "Status": 'Failed to send verification code'
            })), 400
Beispiel #2
0
def OneTimeCode(passcode):
    try:
        mailkey = URLSafeTimedSerializer('onetimeblow') #TODO move this to a secure position (encrypted perhaps)
        username = mailkey.loads(passcode, salt='oneblowfish',max_age=180)
        print(username) #TODO a request that changes emailVerify boolean to true and compare username to database
        #apiLog.logInfo("OTP verified for {}", username)
        return flask.jsonify(json.dumps({"Success":True, "Status":'Passed OTP', "JWT":str(issueJWT(username).decode("UTF-8"))})),200
    except Exception as e:
        print(e)
        apiLog.logError("Failed to verify OTP")
        return flask.jsonify(json.dumps({"Success":False, "Status":e})),400
Beispiel #3
0
def processData():
    response = checkJWT(request.headers["JWT"])
    username = response["username"]
    #TODO check the jwt (DONE)
    if allowAccess(['Staff', 'Permission_Admin'], request) == True:
        Data = apiDB.MenuUser()
        apiLog.logInfo("{} accessed database".format(username))
        #TODO record log
        return flask.jsonify(Data), 200
    elif allowAccess(['Client'], request) == True:
        Data = {}
        Data[username] = username
        return flask.jsonify(Data), 200
    else:
        apiLog.logError("{} raised {}".format(username, response["Error"]))
        return flask.jsonify(response), 400
Beispiel #4
0
def getData(patientusername):
    #TODO check jwt check role
    response = checkJWT(request.headers["JWT"])
    if response["Success"] == False:
        apiLog.logError(response["Error"])
        return flask.jsonify(response), 400

    username = response["username"]
    role = apiDB.getrole(username)
    if role == "Client" and patientusername != username:
        apiLog.logWarn("{} unauthorized access".format(username))
        return "unauthorized access", 400

    User = apiDB.getUser(patientusername)
    if User == False:
        return "No Such user", 400
    apiLog.logInfo("{} accessed {}'s data".format(username, patientusername))
    return flask.jsonify(User), 200
Beispiel #5
0
def getData(patientusername):
	response = checkJWT(request.headers["JWT"])
	username = response["username"]
    #TODO check jwt check role
	if allowAccess(['Staff','Permission_Admin','Client'],request) == True:
		if patientusername != username:
			apiLog.logWarn("{} unauthorized access".format(username))
			return flask.jsonify(json.dumps(response["Error"])),400
    #response = checkJWT(request.headers["JWT"])
    #if response["Success"] == False:
        #apiLog.logError(response["Error"])
        #return flask.jsonify(json.dumps(response)),400
    #username = response["username"]
    #role = apiDB.getrole(username)
    #if role == "Client" and patientusername != username:
        #apiLog.logWarn("{} unauthorized access".format(username))
        #return flask.jsonify(json.dumps(response["Error"])),400
		User = apiDB.getUser(patientusername)
		print(User)
		apiLog.logInfo("{} accessed {}'s data".format(username, patientusername))
		return flask.jsonify(json.dumps(User)),200
	else:
		apiLog.logError(response["Error"])
		return flask.jsonify(json.dumps(response)),400
Beispiel #6
0
	response = checkJWT(request.headers["JWT"])
	username = response["username"] 
    #TODO check the jwt (DONE)
	if allowAccess(['Staff','Permission_Admin'],request) == True:
	    Data = apiDB.MenuUser()
	    apiLog.logInfo("{} accessed database".format(username))
        #TODO record log
	    return flask.jsonify(json.dumps(Data)),200
    else:
        if allowAccess(['Client'],request) == True:
        #TODO log
            Data={}
            Data[username] = username
            return flask.jsonify(Data),200
	else:
		apiLog.logError("{} raised {}".format(username, response["Error"]))
		return flask.jsonify(json.dumps(response)),400

@app.route("/data/<string:patientusername>", methods=["GET"])
def getData(patientusername):
	response = checkJWT(request.headers["JWT"])
	username = response["username"]
    #TODO check jwt check role
	if allowAccess(['Staff','Permission_Admin','Client'],request) == True:
		if patientusername != username:
			apiLog.logWarn("{} unauthorized access".format(username))
			return flask.jsonify(json.dumps(response["Error"])),400
    #response = checkJWT(request.headers["JWT"])
    #if response["Success"] == False:
        #apiLog.logError(response["Error"])
        #return flask.jsonify(json.dumps(response)),400