def authenticate_user(db: Session, login: str,
password: str) -> Optional[User]:
user = crud.get_user(db, login)
if not user:
return None
if not _verify_password(password, user.password):
return None
return user
def delete_list(db: Session = Depends(get_db),
owner_id: int = Header(None),
list_id: int = Header(None),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
if not token_validated['auth']:
raise HTTPException(status_code=401, detail="401 Unauthorized")
user = crud.get_user(db, owner_id)
if not user.email == token_validated['email']:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
if list_id == 1:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
lista = crud.get_list_by_id(db, list_id)
if not owner_id == lista.owner_id:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
if crud.delete_list_by_id(db, list_id):
return crud.get_user(db, owner_id)
def create_list_for_user(user_list: schemas.UserListCreate,
db: Session = Depends(get_db),
user_id: int = Header(None),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
if not token_validated['auth']:
raise HTTPException(status_code=401, detail="401 Unauthorized")
user = crud.get_user(db, user_id)
if not user.email == token_validated['email']:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
return crud.create_user_list(db, user_list, user_id)
async def get_user_by_id(request: Request,
user_id,
db: Session = Depends(get_db)):
try:
authentication = request.headers['authententication']
verify_access_token(authentication)
except KeyError:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Access token not provided",
)
user = get_user(db, user_id)
return user
def read_lists_from_user(user_id: int = Header(None),
skip: int = 0,
limit: int = 30,
db: Session = Depends(get_db),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
if not token_validated['auth']:
raise HTTPException(status_code=401, detail="401 Unauthorized")
user = crud.get_user(db, user_id)
if not user.email == token_validated['email']:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
# lists = crud.get_lists_from_user(db, user_id, skip, limit)
return user.lists
def read_user(db: Session = Depends(get_db),
user_id: int = Header(None),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
# token_validated = {'auth': False}
if not token_validated['auth']:
raise HTTPException(status_code=401, detail="401 Unauthorized")
db_user = crud.get_user(db, user_id=user_id)
if db_user is None:
raise HTTPException(status_code=404, detail='404 User not found')
if not token_validated['email'] == db_user.email:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
return db_user
def change_exhibition_mode(db: Session = Depends(get_db),
owner_id: int = Header(None),
exhibition_mode: str = Header(None),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
if not token_validated['auth']:
raise HTTPException(status_code=401, detail="401 Unauthorized")
user = crud.get_user(db, owner_id)
if not user.email == token_validated['email']:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
return crud.change_exhibition_mode(db, owner_id, exhibition_mode)
def login_user(login: schemas.Login,
db: Session = Depends(get_db),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
# token_validated = {'auth': True}
if not token_validated['auth']: # token not valid
raise HTTPException(status_code=401, detail="401 Unauthorized")
if not token_validated['email'] == login.email:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
user = crud.get_user_by_email(db, login.email)
if not user:
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND,
detail="NOT FOUND")
return crud.get_user(db, user.id)
def update_item(db: Session = Depends(get_db),
owner_id: int = Header(None),
item_id: int = Header(None),
list_id: int = Header(None),
token: str = Depends(oauth2_scheme)):
token_validated = auth.auth_token(token)
if not token_validated['auth']:
raise HTTPException(status_code=401, detail="401 Unauthorized")
user = crud.get_user(db, owner_id)
if not user.email == token_validated['email']:
raise HTTPException(status_code=status.HTTP_403_FORBIDDEN,
detail="403 FORBIDDEN")
item = crud.get_item_by_id(db, item_id)
if item.owner_list_id == list_id:
raise HTTPException(status_code=200, detail="OK")
return crud.move_item(db, item_id, list_id)
async def create_preference(request: Request,
preference: ListPreference,
db: Session = Depends(get_db)):
#email = get_current_user(verify_access_token(request.headers.get('Authorization')))
#user = get_user_by_email(db, email)
user = get_user(db, 1)
city = get_or_create_city(db, preference.city)
category = get_or_create_category(db, preference.category)
preference = Preference(city=city,
owner=user,
query=preference.query,
radius=preference.radius,
category=category)
db.add(preference)
db.commit()
db.refresh(preference)
preference = ListPreference(query=preference.query,
city=city.name,
radius=preference.radius,
category=category.name)
return preference
async def get_current_user(db: Session = Depends(get_db),
token: str = Depends(oauth_scheme)) -> User:
credentials_exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Could not validate credentials",
headers={"WWW-Authenticate": "Bearer"})
try:
payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
login = payload.get("sub")
if login is None:
raise credentials_exception
token_data = TokenData(login=login)
except JWTError:
raise credentials_exception
user = crud.get_user(db, login=token_data.login)
if user is None:
raise credentials_exception
return user
def _validate_data(db: Session, login: str) -> dict:
if crud.get_user(db, login):
return {"is_valid": False, "detail": "username already exists"}
return {"is_valid": True}
def read_user(user_name: str, db: Session = Depends(get_db)):
db_user = crud.get_user(db, name=user_name)
if db_user is None:
raise HTTPException(status_code=404, detail="User not found")
return db_user
def create_user(user: schemas.UserCreate, db: Session = Depends(get_db)):
db_user = crud.get_user(db, name=user.User_Name)
if db_user:
raise HTTPException(status_code=400, detail="Email already registered")
return crud.create_user(db=db, user=user)