def Update(id):
""" Updates teachers information """
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
if not first_name and not last_name and not email and not mobile_phone and not password:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please enter details for the teacher.'
})
teachers = TeacherModel.findById(id)
if not teachers:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
if first_name:
teachers.setFirstName(first_name)
if last_name:
teachers.setLastName(last_name)
if email:
teachers.setEmail(email)
if mobile_phone:
teachers.setMobile(mobile_phone)
if password:
salt = teachers.getSalt()
hashedPassword = Security.hashPassword(password, salt)
teachers.setPassword(hashedPassword)
try:
teachers.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Create():
"""Creates a new student (JSON) (Post variables: first_name, last_name, email, mobile_phone)"""
#Change who is authorised
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
salt = Security.generateSalt()
hashedPassword = Security.hashPassword(password, salt)
student = StudentModel()
if not first_name or not last_name or not email or not mobile_phone or not password:
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please fill all fields for the new student.'
})
student.setFirstName(first_name)
student.setLastName(last_name)
student.setEmail(email)
student.setMobile(mobile_phone)
student.setPassword(hashedPassword)
student.setSalt(salt)
try:
student.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Create():
""" Creates a new teacher """
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
salt = Security.generateSalt()
hashedPassword = Security.hashPassword(password, salt)
teachers = TeacherModel()
if not teachers:
return JsonResponse.notFound({
'message': 'not_found',
'nice_message': 'Teacher not found.'
})
teachers.setFirstName(first_name)
teachers.setLastName(last_name)
teachers.setEmail(email)
teachers.setMobile(mobile_phone)
teachers.setPassword(hashedPassword)
teachers.setSalt(salt)
try:
teachers.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Update(id):
"""POST /staff/[id] - Updates staff information (JSON) (Post variables: first_name, last_name, email, mobile_phone, salt, password, role (integer))"""
#Auth
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
role = request.form.get('role')
if not first_name and not last_name and not email and not mobile_phone and not password and not role:
#Bad request
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Pleaase enter new details for the staff member'
})
staff = StaffModel.findById(id)
#Not sure on method names
if first_name:
staff.setFirstName(first_name)
if last_name:
staff.setLastName(last_name)
if email:
staff.setEmail(email)
if mobile_phone:
staff.setMobile(mobile_phone)
if role:
staff.setRole(role)
#Password hashed here
if password:
salt = staff.getSalt()
hashedPassword = Security.hashPassword(password, salt)
staff.setPassword(hashedPassword)
try:
staff.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def Create():
"""POST /staff - Creates a new staff member (JSON)
(Post variables: first_name, last_name, email, mobile_phone, salt, password, role (integer))"""
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized({
'message':
'no_access',
'nice_message':
'You do not have access to this function. Contact system administrator.'
})
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
role = request.form.get('role')
password = request.form.get('password')
#password = '******' #generatePassword()
salt = Security.generateSalt()
hashedPassword = Security.hashPassword(password, salt)
staff = StaffModel()
staff.setFirstName(first_name)
staff.setLastName(last_name)
staff.setEmail(email)
staff.setMobile(mobile_phone)
staff.setRole(role)
staff.setPassword(hashedPassword)
staff.setSalt(salt)
try:
staff.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def LoginPost():
""" Example route, show information about system and current session. """
if Authorization.isLoggedIn(session.get('user')):
return redirect(url_for('Campus.List'))
email = request.form.get('email')
password = request.form.get('password')
staff = StaffModel.findBy('email', email)
if len(staff) != 0:
staff = staff[0]
if staff.getPassword() == Security.hashPassword(
password, staff.getSalt()):
session['user'] = staff.getId()
return redirect(url_for('Campus.List'))
return render_template('auth/login.html', data={'email': email})
def Update(id):
"""Updates student information """
"""(JSON) (Post variables: first_name, last_name, email, mobile_phone, password)"""
#Auth
if not Authorization.canAccess(session.get('user'), ('admin')):
return JsonResponse.unauthorized()
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
email = request.form.get('email')
mobile_phone = request.form.get('mobile_phone')
password = request.form.get('password')
if not first_name and not last_name and not email and not mobile_phone and not password:
#Bad request
return JsonResponse.badRequest({
'message':
'missing_parameters',
'nice_message':
'Please fill out new information for the student.'
})
student = StudentModel.findById(id)
#Not sure on method names
if first_name:
student.setFirstName(first_name)
if last_name:
student.setLastName(last_name)
if email:
student.setEmail(email)
if mobile_phone:
student.setMobile(mobile_phone)
#Password hashed here
if password:
salt = student.getSalt()
hashedPassword = Security.hashPassword(password, salt)
student.setPassword(hashedPassword)
try:
student.save()
except:
return JsonResponse.badRequest({'error': 'database_error'})
return JsonResponse.ok()
def SessionLogin():
if 'X-App-Token' in request.headers and ApiSession.isValid(request):
return JsonResponse.ok({'token': request.headers['X-App-Token']})
userEmail = request.form.get('email')
userPassword = request.form.get('password')
userType = request.form.get('user_type')
# Step 1: Verify presence of values and validate them
if not userEmail or not userPassword or not userType:
return JsonResponse.badRequest({
'message': 'post_property_missing',
'nice_message': 'Missing POST property.'
})
if userType not in ('student', 'teacher'):
return JsonResponse.badRequest({
'message':
'invalid_user_type',
'nice_message':
'Given user type is invalid! Allowable types are: student/teacher.'
})
# Step 2: Verify password
if userType == 'student':
user = StudentModel.findBy('email', userEmail)
elif userType == 'teacher':
user = TeacherModel.findBy('email', userEmail)
else:
return JsonResponse.internalServerError({
'message':
'unexpected_user_type',
'nice_message':
'Unexpected user type. Contact system administrator.'
})
if len(user) != 1:
return JsonResponse.unauthorized({
'message':
'invalid_credentials',
'nice_message':
'Supplied credentials (email/password) are invalid.'
})
user = user[0]
salt = user.getSalt()
hashedPassword = Security.hashPassword(userPassword, salt)
if hashedPassword != user.getPassword():
return JsonResponse.unauthorized({
'message':
'invalid_credentials',
'nice_message':
'Supplied credentials (email/password) are invalid.'
})
userId = user.getId()
# Step 3: Create session
ipAddress = request.remote_addr
if Config.getValue('DEPLOYMENT') == 'heroku':
ipAddress = request.headers['X-Forwarded-For']
token = ApiSession.create(userId, userType, ipAddress,
request.headers['User-Agent'])
if token:
return JsonResponse.ok({'token': token})
return JsonResponse.internalServerError({
'message':
'session_generation_failed',
'nice_message':
'Session generation failed. Contact system administrator.'
})