def create_product(product, id_user):
# TODO : APPELEZ LA FONCTION get_open_request_cache dans OPen food facts utilities
product_info = requests.get(urlopenfoodfact.format(
product['id_ean'])).json()
if not "product" in product_info:
raise Exception("Erreur sur lors de la creation du produit")
name = product_info['product']['product_name_fr'][:100]
name_gen = product_info['product']['generic_name_fr'][:100]
new_product = Product(date_insert=datetime.datetime.now(),
date_update=datetime.datetime.now(),
expiration_date=product['expiration_date'],
status=0,
id_rfid=product['id_rfid'],
id_ean=product['id_ean'],
position=product['position'],
id_user=id_user,
product_name=name,
product_name_gen=name_gen)
try:
session.begin()
session.add(new_product)
session.commit()
except Exception as e:
session.rollback()
session.flush()
raise Exception("Erreur lors de la création du produit")
return new_product
def delete_user(request, user_id):
"""
Delete an user
:param request:
:param user_id:
:return: Httreponse
"""
if not request:
abort(400)
if not check_user_permission(user_id):
error = {
'error':
'Action interdite: Tentative d\'action sur un compte non identifié'
}
return HttpResponse(403).custom(error)
user = session.query(User).filter(User.id == user_id).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
try:
session.begin()
session.query(User).filter(User.id == user_id).delete()
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.USER_DELETED)
def update_user(request, user_id):
if not request:
abort(400)
user = session.query(User).filter(User.id == user_id).first()
if not user:
return HttpResponse(403).error(ErrorCode.USER_NFIND)
infos = request.json
verification = check_user_infos(infos)
if verification is not None:
return HttpResponse(403).error(verification)
if 'mail' in infos:
existing = session.query(User).filter(
User.mail == infos['mail']).first()
if existing:
return HttpResponse(403).error(ErrorCode.MAIL_USED)
if 'password' in infos:
hashed = get_hashed_password(infos['password'])
infos['password'] = hashed
infos['date_update'] = datetime.datetime.now()
try:
session.begin()
session.query(User).filter(User.id == user_id).update(infos)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.USER_UPDATED)
def create_authorization_code(self, application, user, scope):
"""
Generate an authorization code for this application, entity, scope
:param APIOAuthApplicationModel application: An oauth application model
:param dict entity: Entity attached to this token
:rtype: APIOAuthTokenModel
"""
code = AccessToken(
app_id=application.id,
type='authorization_code',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=user.id,
expiration_date=datetime.datetime.now() + datetime.timedelta(weeks=2),
is_enable=1,
scopes=scope
)
try:
session.begin()
session.add(code)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return code
def grant_password(self):
validator = HttpRequestValidator()
validator.throw_on_error(True)
validator.add_param('username', True)
validator.add_param('password', True)
if validator.verify():
username = self.__request.get_param('username')
username = username.lower()
user = session.query(User).filter(User.mail == username).first()
if user and user.is_active != 0 and user.password:
current_pw = user.password
password = self.__request.get_param('password')
if PasswordUtilities.check_password(password, current_pw):
scope = "user"
access_token = AccessToken(
app_id=self.application_id,
type='bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=user.id,
expiration_date=arrow.now().shift(hours=+10).datetime,
is_enable=1,
scopes='user')
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=self.application_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return access_token, refresh_token
else:
raise Exception('Invalid username or password')
else:
raise Exception('Invalid username or password')
def link_product_to_user_with_id_rfid(id_rfid, id_user):
"""
Link a product to with a user by id rfid
:param id_rfid:
:param id_user:
:return: True if the modification is ok
False if not
"""
product = session.query(Product).filter(Product.id_rfid == id_rfid).first()
info = {"date_update": datetime.datetime.now(), "id_user": id_user}
try:
session.begin()
session.query(Product).filter(Product.id_rfid == id_rfid).update(info)
session.commit()
except Exception as e:
session.rollback()
session.flush()
raise e
def delete_products(request, product_id):
"""
Delete a product
:param request:
:param product_id:
:return:
"""
if not request:
abort(400)
product = session.query(Product).filter(Product.id == product_id).first()
if not product:
return HttpResponse(403).error(ErrorCode.PRODUCT_NFIND)
try:
session.begin()
session.query(Product).filter(Product.id == product_id).delete()
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(202).success(SuccessCode.PRODUCT_DELETED)
def create_user(request):
if not request:
abort(400)
verification = check_user_infos(request.json)
if verification is not None:
return HttpResponse(403).error(verification)
existing = session.query(User).filter(
User.mail == request.json['mail']).first()
if existing:
return HttpResponse(403).error(ErrorCode.MAIL_USED)
hashed = get_hashed_password(request.json['password'])
new_user = User(date_insert=datetime.datetime.now(),
date_update=datetime.datetime.now(),
is_active=1,
status=0,
gender=request.json['gender'],
lastname=request.json['lastname'],
firstname=request.json['firstname'],
mail=request.json['mail'],
password=hashed,
country=request.json['country'],
town=request.json['town'],
street=request.json['street'],
street_number=request.json['street_number'],
region=request.json['region'],
postal_code=request.json['postal_code'])
try:
session.begin()
session.add(new_user)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
app_id = session.query(AuthApplication).filter(
AuthApplication.project_id == "arlex-ccevqe").first().id
access_token = AccessToken(app_id=app_id,
type='bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=new_user.id,
expiration_date=datetime.datetime.now() +
datetime.timedelta(weeks=2),
is_enable=1,
scopes="user")
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=app_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return HttpResponse(201).success(
SuccessCode.USER_CREATED, {
'id': new_user.id,
'access_token': access_token.token,
'refresh_token': refresh_token.token
})
def grant_authorization_code(self):
validator = HttpRequestValidator()
validator.throw_on_error(False)
validator.add_param('code', True)
validator.add_param('redirect_uri', True)
if not validator.verify():
raise Exception('Invalid code')
code = session.query(AccessToken).filter(
AccessToken.token == self.__request.get_param('code')).first()
if code is None or code.is_enable == 0:
raise Exception('Missing valid code')
info = {"is_enable": 0}
try:
session.begin()
session.query(AccessToken).filter(
AccessToken.id == code.id).update(info)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
if str(code.app_id) != str(self.application_id):
raise Exception('Code does not match your app_id.')
user = self.get_user(code.id_user)
if not user or user.is_active == 0:
raise Exception('Cannot authorize. Account is disabled.')
access_token = AccessToken(
app_id=self.application_id,
type='Bearer',
token=uuid.uuid4().hex[:35],
date_insert=datetime.datetime.now(),
id_user=user.id,
expiration_date=arrow.now().shift(hours=+10).datetime,
is_enable=1,
scopes="user")
try:
session.begin()
session.add(access_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
refresh_token = RefreshToken(
app_id=self.application_id,
date_insert=datetime.datetime.now(),
token=uuid.uuid4().hex[:35],
is_enable=True,
access_token_id=access_token.id,
)
try:
session.begin()
session.add(refresh_token)
session.commit()
except Exception as e:
session.rollback()
session.flush()
return HttpResponse(500).error(ErrorCode.DB_ERROR, e)
return access_token, refresh_token
