def delete_user(username):
if not User.is_user_exists_by_username(username):
return False
conn = connect_sys_db()
# SQL
query = 'DELETE FROM users WHERE username = \'{username}\' AND admin = \'{admin}\'' \
.format(username=username, admin=0)
with mysql(conn) as cursor:
cursor.execute(query)
return True
def update_user_password(username, new_password):
if not User.is_user_exists_by_username(username):
return False
conn = connect_sys_db()
# SQL
query = 'UPDATE users SET password = HEX(AES_ENCRYPT(\'{new_password}\', \'{key}\'))' \
' WHERE username = \'{username}\' AND' \
' admin = \'{admin}\'' \
.format(
username=username,
new_password=new_password,
key=SECRET_KEY,
admin=0
)
with mysql(conn) as cursor:
cursor.execute(query)
return True
def put(self):
info = request.json
new_username = info['username']
# input cannot be empty string
if new_username == "":
return {
'message': 'Update failed. new username cannot be empty'
}, 401
if User.is_user_exists_by_username(new_username):
return {'message': 'This user already existed'}, 401
# Get user's detail from token
token = request.headers.get('AUTH-TOKEN')
token_info = jwt.decode(token, SECRET_KEY, algorithms='HS256')
# Get user object
id = token_info['id']
user = User(id)
try:
user.update_username(new_username)
except pymysql.Error as e:
return {'message': e.args[1]}, 500
return {'message': 'Change username successfully'}, 200