def post(self):
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["email", "password"])
user_db_result = user_db_util.read(
g.database,
user_db_util.identify_by_email(g.database, data["email"]))
if not user_db_result or not check_password_hash(
user_db_result["hashed_password"], data["password"]):
error(401, "Invalid username or password")
user = from_dict(data_class=User, data=user_db_result)
User.login_user(user)
response = make_response()
if user.admin:
response.set_cookie(
"is_admin",
expires=time.time() + 365 * 24 * 60 *
60, # type: ignore # 1 year lifetime matches flask login cookie
)
return response, 200
def test_get_missing_user(self):
email = "*****@*****.**"
user_result = user.read(self.database,
user.identify_by_email(self.database, email))
assert user_result is None
def put_from_user_id(user_id):
user_db_data = user_db_util.read(g.database, user_id)
if not user_db_data:
error(404, "User id not recognized.")
if not current_user.is_admin and current_user.user_id != user_id:
error(403,
"Logged in user not admin and doesn't match requested user id.")
data = request.get_json()
if data is None:
error(400, "No json data in request body")
if not any([
key in data.keys()
for key in ["email", "name", "group_name", "password", "admin"]
]):
error(
400,
"Json data must define one or more of: \
email, name, group_name, password, admin",
)
if ("admin" in data.keys()) and (data["admin"] is
True) and (not current_user.is_admin):
error(403, "Logged in user can not grant self admin privileges.")
if "password" in data.keys() and len(data["password"]) > 0:
if len(data["password"]) < 8:
error(422, "New password is less than 8 characters long.")
data["hashed_password"] = generate_password_hash(data["password"])
try:
update_user_result = user_db_util.update(g.database, user_id, data)
except UniqueViolation:
error(422, "User with that email address already exists")
if update_user_result is None:
# Returns None if the user doesn't exist. We already checked this,
# but if it still fails, throw 404
error(404, "User id not recognized")
response_data = {
"user_id": update_user_result["user_id"],
"email": update_user_result["email"],
"admin": update_user_result["admin"],
"name": update_user_result["name"],
"group_name": update_user_result["group_name"],
"timestamp": update_user_result["date_modified"],
}
return jsonify(response_data), 200
def post(self):
data = request.get_json()
if data is None:
error(400, "No json data in request body")
check_data_fields(data, ["email", "password"])
user_db_result = user_db_util.read(g.database, user_db_util.identify_by_email(g.database, data["email"]))
if not user_db_result or not check_password_hash(user_db_result["hashed_password"], data["password"]):
error(401, "Invalid username or password")
user = from_dict(data_class=User, data=user_db_result)
User.login_user(user)
return jsonify({})
def test_get_user(self):
email = "*****@*****.**"
name = "Ima Test"
group_name = "Ima Test Group"
hashed_password = '******'
admin = True
self.create_example_user(email=email)
user_result = user.read(self.database,
user.identify_by_email(self.database, email))
self.verify_user_data(user_result["email"], user_result["name"],
user_result["group_name"],
user_result["hashed_password"],
user_result["admin"])
def get_from_user_id(user_id):
user_db_data = user_db_util.read(g.database, user_id)
if not user_db_data:
error(404, "User id not recognized")
if not current_user.is_admin and current_user.user_id != user_id:
error(403,
"Logged in user not admin and doesn't match requested user id.")
response_data = {
"user_id": user_db_data["user_id"],
"email": user_db_data["email"],
"name": user_db_data["name"],
"group_name": user_db_data["group_name"],
"admin": user_db_data["admin"],
"timestamp": user_db_data["date_created"]}
return jsonify(response_data), 201
def __user_loader(user_id):
user_db_result = user_db_util.read(g.database, user_id)
return from_dict(data_class=User, data=user_db_result)
