async def filter_user_by_login(req: Request, resp: Response, *, operation,
data):
# pylint: disable=unused-variable
# TODO: This method is deprecated as it is substituted by the more
# general get_user_by_attr method
if req.method == "get":
users = []
if operation == "contains":
users = await models.User.filter(login__contains=data)
elif operation == "icontains":
users = await models.User.filter(login__icontains=data)
elif operation == "startwith":
users = await models.User.filter(login__startswith=data)
elif operation == "istartswith":
users = await models.User.filter(login__istartswith=data)
elif operation == "endswith":
users = await models.User.filter(login__endswith=data)
elif operation == "iendswith":
users = await models.User.filter(login__iendswith=data)
elif operation == "iequals":
users = await models.User.filter(login__iequals=data)
else:
resp.status_code = 400
resp.text("Unupported filter operation.")
return
UserModel.list_model([UserModel.from_orm(user)
for user in users]).send_json(resp)
else:
resp.status_code = 405
resp.text = "Method not allowed"
async def on_put(self, req: Request, resp: Response) -> None:
"""
Updates a user. If the user does not exist, a 404 status is returned.
:param int user_id: The id of the user
"""
try:
user = await User.get(self.current_user.id)
data = await req.media()
password = data.get("password", None)
# Because password is not a standard field
# it cannot be set via the update() method
# and needs a special treatment. The setter
# of the user takes care of it.
if password is not None:
user.password = data.pop("password")
user.update(data)
await user.save()
# filter_fields = self.get_filter_fields(req)
UserModel.from_orm(user).send_json(resp)
except IntegrityError as error:
error_response(resp, 405, str(error))
except Exception as error: # pylint: disable=W0703
error_response(resp, 500, str(error))
async def on_get(req: Request, resp: Response, *, school_id):
try:
school = await School.get(id=school_id).prefetch_related('teacher')
UserModel.list_model([
UserModel.from_orm(user) for user in school.teacher
]).send_json(resp)
except DoesNotExist:
resp.status_code = 404
resp.text = f"No school with id {school_id} found."
except Exception: # pylint: disable=bare-except
resp.status_code = 500
resp.text = f"Could not request teachers for school with id {school_id}"
logger.exception("Unable to perform filter")
async def get_user_by_attr(req: Request, resp: Response):
try:
result = await users_blueprint.build_query_set(models.User, req)
if result is None:
resp.media = None
elif isinstance(result, int):
resp.media = result
elif isinstance(result, models.User):
UserModel.from_orm(result).send_json(resp)
else:
UserModel.list_model([UserModel.from_orm(user)
for user in result]).send_json(resp)
except Exception: # pylint: disable=bare-except
logger.exception("Unable to perform filter")
async def get_school_teacher(req: Request, resp: Response, *, school_id):
if req.method == "get":
school = await models.School.get_or_none(id=school_id
).prefetch_related("teacher")
if school is None:
resp.status_code = 404
resp.text = f"School with id {school_id} not found."
else:
UserModel.list_model([
UserModel.from_orm(teacher) for teacher in school.teacher
]).send_json(resp)
else:
resp.status_code = 405
resp.headers["Allow"] = "GET"
resp.text = ""
async def on_get(self, req: Request, resp: Response, *, school_id: int):
"""
Get the students of a certain school.
"""
try:
school = await School.get(id=school_id
).prefetch_related("students")
# filter_fields = self.get_filter_fields(req)
UserModel(__root__=[
UserModel.from_orm(student) for student in school.students
]).send_json(resp)
except DoesNotExist:
error_response(resp, 404, "School not found")
except Exception as error: # pylint: disable=W0703
error_response(resp, 500, str(error))
async def on_get(self, req: Request, resp: Response):
"""
Requesting all users.
"""
# Is the UserModel schema requested?
if req.accepts("application/schema+json"):
"""
The client can request a schema for a user by
adding the above mime-type to its Accept header
entries.
"""
resp.text = UserModel.schema_json()
resp.status_code = 200
resp.mimetype = "application/schema+json"
return
count_users = await models.User.all().count()
limit, offset = self.pagination(req, count_users)
query = models.User.all() # .offset(offset).limit(limit)
filter_fields = self.get_filter_fields(req)
# If filter fields are provided, then only select these fields from
# the database.
if filter_fields is not None:
query = query.only(*filter_fields)
# Build the url for this ressource
url = req.state.api.url_for(self.__class__)
# Creating the response object
content = PagedUserModel()
content.pagination.offset = offset
content.pagination.limit = limit
content.links.anchor_self = f"{url}?offset={offset}&limit={limit}"
try:
content.result = [UserModel.from_orm(user) for user in await query]
content.send_json(resp)
except ValueError as error: # pylint: disable=W0703
logger.exception("Could not retrieve users.", exc_info=error)
error_response(resp, 500, str(error))
except KeyError as error:
logger.exception("Could not filter user attributes.",
exc_info=error)
error_response(resp, 500, str(error))
async def verify_user(
req: responder.Request, resp: responder.Response, *, data
): # pylint: disable=unused-variable, unused-argument
if req.method == "get":
# Generate a verification token for this user.
# First check, if the user exists
user = await models.User.get_or_none(id=int(data))
if user is None:
resp.status_code = 404
resp.text = f"User with id {data} not found."
else:
lifetime = timedelta(hours=6) # TODO: make this configurable
# The user may or may not be verified.
# Also the state of the user is set to "not verified".
# Because only active user can verify,
# the user is set so active.
user.is_verified = False
user.is_active = True
await user.save()
payload = {}
payload["user_id"] = user.id
payload["exp"] = datetime.utcnow() + lifetime
payload["iat"] = datetime.utcnow()
token = jwt.encode(payload, self.secret_key, algorithm="HS256")
resp.media = {"token": token, "user_id": int(data)}
elif req.method == "put":
# Check the provided token and verify the user.
try:
token = str(data)
payload = jwt.decode(token, self.secret_key, algorithms=["HS256"])
user_id = payload["user_id"]
user = await models.User.get_or_none(id=user_id)
if user is None:
resp.status_code = 404
resp.text = f"No user with id {user_id} found"
else:
user.is_verified = True
user.is_active = True
await user.save()
credentials = self.createBearerToken(user_id=user.id)
response_data = VerificationInfo(
user=UserModel.from_orm(user),
token=credentials.bearer_token,
)
resp.text = response_data.json()
except Exception: # pylint: disable=bare-except
logger.exception("Could not verify.")
else:
resp.status_code = 405
resp.text = f"Method {req.method} not allowed."
def test_users(headers):
resp = requests.get("http://127.0.0.1:3548/users/", headers=headers)
data = resp.json()
assert "result" in data
result = data["result"]
assert len(result) == 1
user = UserModel.parse_obj(result[0])
assert user.login == "root"
assert resp.status_code == 200
async def on_get(self, req: Request, resp: Response):
"""
Get the roles of e certain user
"""
try:
user = UserModel(id=self.current_user.id)
roles = await user.get_roles()
roles.send_json(resp)
except DoesNotExist:
error_response(resp, 404, "User not found")
except Exception as error: # pylint: disable=W0703
error_response(resp, 500, str(error))
async def on_put(self, req: Request, resp: Response, *, user_id: int):
"""
Updates a user. If the user does not exist, a 404 status is returned.
:param int user_id: The id of the user
"""
try:
# use r = await User.get(id =user_id)
data = await req.media()
# password = data.pop("password", None)
user = UserModel.parse_obj(data)
user.id = user_id
await user.update()
# Because password is not a standard field
# it cannot be set via the update() method
# and needs a special treatment. The setter
# of the user takes care of it.
# if password is not None:
# await user.set_password(password)
user.send_json(resp)
except DoesNotExist:
error_response(resp, 404,
f"User with id {user_id} does not exist.")
except IntegrityError as error:
error_response(resp, 405, str(error))
except Exception as error: # pylint: disable=W0703
logger.fatal("Something went wrong",
exc_info=error,
stack_info=True)
error_response(resp, 500, str(error))