def verify_user_can_create_token(self, username, password, id):
self.validate_user_and_id_match(id, username)
user = self.get_user_role(id)
post_body = json.dumps({"userName": username.lower(), "passWord": password})
headers = {'content-type': 'application/json'}
r = requests.post(self.url + "Validation", data=post_body, headers=headers)
response = json.loads(r.text)
if r.status_code is not 200:
raise InvalidUsage(response['Error'], status_code=r.status_code)
user_can_login = response['passWordIsValid']
if not user_can_login:
raise InvalidUsage('Password is not valid, no action will be taken', status_code=400)
token = UserLogin.create_token(user)
return token['access_token']
def create_a_new_user(self, user):
headers = {'content-type': 'application/json'}
r = requests.post(self.url + "Users", data=json.dumps(user.__dict__), headers=headers)
response = json.loads(r.text)
if r.status_code is not 201:
raise InvalidUsage(response['Error'], status_code=r.status_code)
return response
def delete_a_user(id):
"""
Delete a user in the backend
---
description: Protected content method. Can not be seen without valid token. Only admins can delete users
tags:
- User Methods
security:
- APIKeyHeader: []
parameters:
- name: id
type: string
in: path
required: true
description: user to delete
example: 4
responses:
200:
description: User successfully accessed the content.
"""
current_user_role = get_jwt_identity()['role']
if current_user_role != 'admin':
raise InvalidUsage('Forbidden for this user', status_code=403)
else:
# admin
url = app.config["USERS_URL"]
user_service = UserProxyAccess(url)
user_service.delete_a_user(id)
return '', 204
def validate_schema(schema, file):
v = Validator(schema)
valid = v.validate(file, schema)
if not valid:
raise InvalidUsage('Errors occured when validating',
status_code=400,
meta=v.errors)
return
def get_user_id(self, username):
r = requests.get(self.url + "Users")
response = json.loads(r.text)
user_object = None
for user in response['allUsers']:
if user['username'].lower() == username.lower():
user_object = UserObject(user['username'], user['role'], user['id'], user['active'])
if user_object is None:
raise InvalidUsage('No user found for that user_name', status_code=404)
return user_object
def handle_non_200_status(response_code):
codes = {
400: "Server returned a bad request call failed",
404: "Server returned a not found",
501: "Server returned a not implemented - service unavailable",
500: "Server unavailable"
}
f = codes[response_code]
raise InvalidUsage(message=f, status_code=response_code)
def post_a_new_movie():
"""
Endpoint to post a new movie
---
tags:
- Movie Methods
security:
- APIKeyHeader: []
parameters:
- name: body
in: body
required: true
schema:
properties:
title:
type: string
description: The title to insert
year:
type: string
description: The year the movie is from
imdb:
type: string
description: Some imdb code
type:
type: string
description: The type
example:
title: Testing goes wild
year: 2018
imdb: whatever
type: movie
responses:
400:
description: Incorrect data used
200:
description: Your movie query is correct
"""
json_body = request.json
current_user_role = get_jwt_identity()['role']
if current_user_role == 'admin':
# admin
url = app.config["MOVIES_URL"]
movie_service = MovieProxyAccess(url)
movie_service.create_a_new_movie(json_body)
return '', 201
else:
#none admin
raise InvalidUsage('Forbidden for this user', status_code=403)
def protected():
"""
Protected content method.
---
description: Protected content method. Can not be seen without valid token.
tags:
- Token Methods
security:
- APIKeyHeader: []
responses:
200:
description: User successfully accessed the content.
"""
allowed_role = 'admin'
current_user_role = get_jwt_identity()['role']
if current_user_role != allowed_role:
raise InvalidUsage('Forbidden for this user', status_code=403)
else:
return jsonify({"msg": "You are a super cool admin"})
def create_a_new_admin():
"""
Create a new admin in the backend
---
description: Protected content method. Can not be seen without valid token. Only admins can create admins
tags:
- User Methods
security:
- APIKeyHeader: []
parameters:
- name: body
in: body
required: true
schema:
type: object
properties:
username:
type: string
example: newadmin
password:
type: string
example: password
responses:
200:
description: User successfully accessed the content.
"""
current_user_role = get_jwt_identity()['role']
if current_user_role == 'admin':
# admin
user_to_post = users.CreationUserObject(
request.json['username'].lower(), request.json['password'],
'admin')
url = app.config["USERS_URL"]
user_service = UserProxyAccess(url)
created_user = user_service.create_a_new_user(user_to_post)
return jsonify(created_user), 200
else:
#none admin
raise InvalidUsage('Forbidden for this user', status_code=403)
def update_a_user(id):
"""
Update a user in the backend
---
description: Protected content method. Can not be seen without valid token. Only admins can update users
tags:
- User Methods
security:
- APIKeyHeader: []
parameters:
- name: id
type: string
in: path
required: true
description: user to update
example: 4
- name: body
in: body
required: true
schema:
type: object
properties:
active:
type: boolean
example: true
responses:
204:
description: User was updated
"""
current_user_role = get_jwt_identity()['role']
if current_user_role != 'admin':
raise InvalidUsage('Forbidden for this user', status_code=403)
else:
# admin
active = request.json['active']
url = app.config["USERS_URL"]
user_service = UserProxyAccess(url)
user_service.update_a_user(id, active)
return '', 204
def update_a_user(self, id, active):
raise InvalidUsage('Error', status_code=501)
def delete_a_user(self, id):
raise InvalidUsage('Error', status_code=501)
def validate_user_and_id_match(self, id, username):
r = requests.get(self.url + "Users/" + str(id))
matched_id = r.json()['username'].lower() == username.lower()
if not matched_id:
raise InvalidUsage('User and id do not match', status_code=400)
return