def delete(self):
parser = request.get_json()
email = parser.get('email')
password = parser.get('password')
if email is None or password is None:
abort(400) # missing arguments
if user_datastore.find_user(email=email) is None:
abort(403) # existing user
user = user_datastore.find_user(email=email)
user_datastore.delete_user(user)
return 200
def post(self):
parser = request.get_json()
if parser is None:
abort(400)
email = parser.get('email')
password = parser.get('password')
if email is None or password is None:
abort(400)
if user_datastore.find_user(email=email) is None:
abort(403)
user = user_datastore.find_user(email=email)
if user.verify_password(password) is False:
abort(403)
login_user(user, remember = True)
return jsonify({"message": "Login as %s" % current_user.email})
def login():
form = forms.LoginForm()
if form.validate_on_submit():
login_user(user_datastore.find_user(email=form.email.data, password=form.password.data))
return '', 200
for field, errors in form.errors.items():
for error in errors:
print(error)
return '', 403
def check_member_supplier(id, email):
"""Check a member's viewing supplier authorization.
return Boolean
:param id: id
:param email: Email of the person who will perform the action
"""
suppliers = user_datastore.find_user(email=email).suppliers
if id in suppliers:
return True
return False
def log_in_credentials(credentials):
""" Finds user and returns json token """
user = user_datastore.find_user(email=credentials["email"])
if user == None:
return (False, "Password or email is wrong")
else:
verification = verify_password(credentials["password"], user.password)
if verification:
return (True, user.get_auth_token())
else:
return (False, "Password or email is wrong")
def check_member_role(roles, email):
"""Check a member's viewing authorization.
return Boolean
:param roles: A list of acceptable roles
:param email: Email of the person who will perform the action
"""
required_roles = roles
user_roles = user_datastore.find_user(email=email).roles
for user_role in user_roles:
if user_role in required_roles:
return True
return False
def post(self):
email = request.json["email"]
current_password = request.json["current_password"]
new_password = request.json["new_password"]
new_password_retype = request.json["new_password_retype"]
user = User.query.filter_by(email=email).first()
if verify_password(current_password, user.password) and new_password == new_password_retype and len(current_password) > 5:
user_datastore.find_user(email=email).password = hash_password(new_password)
db_session.commit()
return {
"version": api_version,
"message":"Member password for {} has been updated".format(email),
"data": {
"email": "{}".format(email),
}
}, 200
def post(self):
if "application/json" in request.headers["Content-Type"]:
email = request.json["email"]
password = request.json["password"]
user = user_datastore.find_user(email=email)
if user and verify_password(password, user.password):
login_user(user)
roles = user.roles
user.login_count += 1
user.last_login_ip = user.current_login_ip
user.current_login_ip = request.remote_addr
user.last_login_at = user.current_login_at
user.current_login_at = datetime.datetime.now()
db_session.commit()
try:
suppliers_list = user.suppliers
except:
print("something is wrong")
return {
"version": api_version,
"message": "Successfully logged in as {}".format(email),
"data": {
"email": email,
"username": user.username,
"company": user.company,
"contact": user.contact,
"address": user.address,
"suppliers": ast.literal_eval(suppliers_list),
"roles": list(map(lambda x: x.name, roles)),
}
}, 200
return {
"version":
api_version,
"message":
"Please check your log in credentials for {}".format(email),
"data": {}
}, 401
else:
return {
"version": api_version,
"message": "Please check your input type",
"data": {}
}, 404
def get(self, member_id):
if check_member_role(["admin"], current_user.email) == False:
return {
"message": 'Missing authorization to retrieve content',
}, 401
if "application/json" in request.headers["Content-Type"]:
user = user_datastore.find_user(id=member_id)
ops_history = Logging.query.filter_by(email=user.email).all()
data = [log.as_dict() for log in ops_history]
return {
"version":
api_version,
"message":
'Ops history for {} (User id {})'.format(user.email, user.id),
"data":
data
}, 200
return {
"version": api_version,
"message": "Please check your input data type",
"data": {}
}, 404
def load_user(user_id):
return user_datastore.find_user(id=user_id)
def post(self):
if check_member_role(["admin"], current_user.email) == False:
return {
"message": 'Missing authorization to retrieve content',
}, 401
if "application/json" in request.headers["Content-Type"]:
email = request.json["email"]
print('\n\n\n\n', email, '\n\n\n\n')
password = request.json["password"]
username = request.json.get("username")
current_login_ip = request.remote_addr
company = request.json.get("company")
contact = request.json.get("contact")
address = request.json.get("address")
roles = request.json.get("role")
####### NEED TO UPDATE TO DYNAMICALLY SEARCH AND INDEX INPUT FROM CLIENT ######
try:
suppliers = request.json["suppliers"]
except:
# suppliers_list = Supplier.query.order_by(Supplier.email).all()
# data = [supplier.as_dict() for supplier in suppliers_list]
suppliers = []
pass
# suppliers_list = Supplier.query.order_by(Supplier.email).all()
# data = [supplier.as_dict() for supplier in suppliers_list]
if user_datastore.get_user(email):
return {
"version": api_version,
"message": "User {} exist. Please login".format(email),
"data": {}
}, 422
elif not re.match(r"[^@]+@[^@]+\.[^@]+", email):
return {
"version": api_version,
"message": "Please check your email format.",
"data": {}
}, 422
elif len(password) < 6 or not password:
return {
"version": api_version,
"message": "Password must be at least 6 characters long.",
"data": {}
}, 422
# create user and add user role as default
user_datastore.create_user(email=email,
password=hash_password(password),
username=username,
current_login_ip=current_login_ip,
suppliers=str(suppliers),
company=company,
contact=contact,
address=address)
db_session.commit()
if roles and Role.query.filter_by(name=roles).first():
user_datastore.add_role_to_user(email, roles)
else:
user_datastore.add_role_to_user(email, "user")
db_session.commit()
roles = user_datastore.find_user(email=email).roles
user = User.query.filter_by(email=email).first()
return {
"version": api_version,
"message": "User {} created.".format(email),
"data": {
"id": user.id,
"email": user.email,
"roles": list(map(lambda x: x.name, roles)),
"suppliers": ast.literal_eval(user.suppliers),
"company": user.company,
"contact": user.contact,
"address": user.address,
"active": user.active
}
}, 200
def get_user(email): res = user_datastore.find_user(email=email) return res
def post(self):
if "application/json" in request.headers["Content-Type"]:
email = request.json["email"]
password = request.json["password"]
username = request.json.get("username")
current_login_ip = request.remote_addr
####### NEED TO UPDATE TO DYNAMICALLY SEARCH AND INDEX INPUT FROM CLIENT ######
# try:
# suppliers = request.json["suppliers"]
# except:
# suppliers_list = Supplier.query.order_by(Supplier.email).all()
# data = [supplier.as_dict() for supplier in suppliers_list]
# print(data)
suppliers_list = Supplier.query.order_by(Supplier.email).all()
data = [supplier.as_dict() for supplier in suppliers_list]
company = request.json.get("company")
contact = request.json.get("contact")
content = render_user_client_structure()
if user_datastore.get_user(email):
return {
"version": api_version,
"message": "User {} exist. Please login".format(email),
"data": {}
}, 422
elif not re.match(r"[^@]+@[^@]+\.[^@]+", email):
return {
"version": api_version,
"message": "Please check your email format.",
"data": {}
}, 422
elif len(password) < 6:
return {
"version": api_version,
"message": "Password must be at least 6 characters long.",
"data": {}
}, 422
# create user and add user role as default
user_datastore.create_user(
email = email,
password = hash_password(password),
username = username,
current_login_ip = current_login_ip,
suppliers = { "data": data },
company = company,
contact = contact,
content = content,
)
db_session.commit()
user_datastore.add_role_to_user(email, "user")
db_session.commit()
roles = user_datastore.find_user(email=email).roles
user = User.query.filter_by(email=email).first()
return {
"version": api_version,
"message": "User {} created.".format(email),
"data": {
"email": "{}".format(email),
"roles":list(map(lambda x: x.name, roles)),
"suppliers": user.suppliers,
"company": company,
"contact": contact
}
}, 200
def check_email(email):
""" Checks if user exists by email """
return user_datastore.find_user(email=email)
def add_role_to_user(email,role): user = user_datastore.find_user(email=email) user_datastore.add_role_to_user(user,role) db.session.commit()
