def log_in_user():
if request.method == 'POST':
# convert from JSON string to python
data = json.loads(request.data.decode())
if "email" not in data.keys() or "password" not in data.keys():
return jsonify({"error": strings.ERROR_LOGIN}), 403
email = data['email']
password = data['password']
# check if the user is valid
user = User.authenticate_user(email, password)
if user:
# log the user in using flask_login
login_user(user)
# convert the user object to standard, serializable, python
user = user.get_result()
permissions = Permissions.get_permission_for_user_group(
user["group"]).get_result()
# converts string of permissions to standard python object
user["permissions"] = json.loads(permissions["rules"])
return jsonify(User.cleaned(user))
else:
return jsonify({"error": strings.ERROR_LOGIN}), 403
def register_user():
if request.method == 'POST':
data = json.loads(request.data.decode())
if "email" not in data.keys():
return jsonify({"error": strings.ERROR_REGISTER_USER}), 500
email = data['email']
password = User.generate_password()
if "permission" in data.keys():
permission = data['permission']
else:
permission = Permissions.default_permission
if Permissions.user_has_permission(current_user, 'add-user'):
if User.create_new(email, password, permission):
# notify the new user
msg = Message(strings.EMAIL_HEADING_REGISTER,
sender="*****@*****.**",
recipients=[email])
msg.html = gen_email(email, password)
mail.send(msg)
return jsonify({"success": strings.SUCCESS_REGISTER_USER}), 200
else:
return jsonify({"error": strings.ERROR_REGISTER_USER}), 500
else:
return "Page not found", 404
def login():
form = LoginForm()
if request.method == 'POST':
if form.validate() == False:
return render_template('auth/login.html', form=form)
else:
user = User.authenticate_user(form.email.data, form.password.data)
if User.authenticate_user(form.email.data, form.password.data):
if login_user(user):
print(current_user)
return "valid user"
else:
return "error logging in", 500
else:
flash(strings.ERROR_LOGIN)
return render_template('auth/login.html', form=form)
elif request.method == 'GET':
if current_user.is_authenticated:
return "hello"
else:
return render_template('auth/login.html', form=form)
pass
return render_template('auth/login.html', form=form)
def signup():
form = SignupForm()
if request.method == 'POST':
if form.validate() == False:
return render_template('auth/signup.html', form=form)
else:
User.create_new(form.email.data, form.password.data)
return "[1] Create a new user [2] sign in the user [3] redirect to the user's profile"
elif request.method == 'GET':
return render_template('auth/signup.html', form=form)
def get_current_user():
if current_user.is_authenticated:
user = current_user.get_result()
permissions = Permissions.get_permission_for_user_group(
user["group"]).get_result()
# converts string of permissions to standard python object
user = User.cleaned(user)
user["permissions"] = json.loads(permissions["rules"])
return jsonify(user)
else:
return jsonify(None)
def validate(self):
if not Form.validate(self):
return False
#user = User.query.filter_by(email=self.email.data.lower()).first()
user = User.select().where(User.email == self.email.data.lower())
if user:
self.email.errors.append("That email is already taken")
return False
else:
return True
def validate(self):
if not Form.validate(self):
return False
user = User.authenticate_user(self.email.data.lower(),
self.password.data)
if user:
return True
else:
self.email.errors.append("Invalid e-mail or password")
return False
def load_user(user_id):
try:
user = User.get(User.id == user_id)
return user
except Exception:
print("uh oh")