def post(self): '''Accepts a username and password to create a new token''' args = login_post.parse_args() userData = userModel.getByUsername(args['username']) expiration = datetime.datetime.utcnow() + datetime.timedelta(days=30) if bcrypt.checkpw(args['password'].encode('utf8'), userData['password']): '''delete any existing tokens if any''' deletedTokensCount = userModel.delete_authentication_token(userData['_id']) if deletedTokensCount != 0: print(deletedTokensCount, "Tokens removed") key = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(32)]) token = create_token(str(userData['_id']), key).decode('utf8') '''Adding expiration to expand functionality for the future''' tokenObj = { 'user_id': userData['_id'], 'authentication_token': token, 'salt': key, 'expires': expiration } insertedToken = userModel.createAuthenticationToken(tokenObj) if insertedToken == {}: api.abort(500, 'Internal Server Error') response = {'user_id': str(userData['_id']), 'authentication_token': token} '''Since mongo is fire and forget, use the id and token generated before insertion''' return response else: api.abort(401, 'username or password does not match')
def post(self): todo = api.payload if not api.payload or 'title' not in api.payload.keys(): api.abort(401, "Todo need at least a title" + str(api.payload)) todo_obj = models.Todo(**todo) db.session.add(todo_obj) db.session.commit() db.session.refresh(todo_obj) return todo_obj.to_dict(), 201
def delete(self, id): '''Delete a User with Given ID''' checkResult = UserModel.get_by_id_string(self, id) if (checkResult is None): return {"No Specified User Found" : "Equal to Deleted"}, 200 delete_one_result = UserModel.delete_by_id(self, id) deleted_count = delete_one_result.deleted_count if (deleted_count == 0): api.abort(500, 'Cannot Delete the Specified User') return {"Specified User Deleted" : "Done"}, 200
def put(self, todo_id): """Update a task given its identifier""" todo_obj = models.Todo.query.get(todo_id) if not todo_obj: api.abort(404, f"Todo {todo_id} doesn't exist") todo_obj.title = api.payload['title'] if 'complete' in api.payload: todo_obj.complete = api.payload['complete'] db.session.commit() return todo_obj.to_dict(), 200
def put(self, id): '''Update an Existinng User''' #check whether it's existed or not checkResult = UserModel.get_by_id_string(self, id) if (checkResult is None): api.abort(404, 'User Not Found') args = user_parser.parse_args() incomingUserData = args['data'] upserted_res = UserModel.update_user(self, id, incomingUserData) if upserted_res == {}: api.abort(500, 'Cannot Updated the User') res = UserModel.get_by_id_string(self, id) return res,
def post(self): '''Add a New User''' args = user_post_parser.parse_args() incomingUserData = args['data'] # Hashing Password before store into the db! hashed_password = bcrypt.hashpw(str(args['password']).encode('utf8'), bcrypt.gensalt()) incomingUserData['password'] = hashed_password insert_one_result = UserModel.create_user(self, incomingUserData) if isinstance(insert_one_result, dict) and 'error' in insert_one_result.keys(): api.abort(500, newUser['error']) # Have not confirmed the usage of insertOneResult.key() !!! if insert_one_result == {}: api.abort(500, 'Internal Server Error: Can Not Create the User') user_inserted_id = insert_one_result.inserted_id #create authentication token for the user token = create_token(str(user_inserted_id), key).decode("utf-8") key = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(32)]) expiration = datetime.datetime.utcnow() + datetime.timedelta(days=30) tokenObj = { 'user_id': user_inserted_id, 'authentication_token': token, 'salt': key, 'expires': expiration } # create it/put it into database auth_res = UserModel.create_authentication_token(tokenObj) if auth_res == {}: api.abort(500, 'Internal Server Error: Can not create authentication token') # create verification token and send email to verify user verificationToken = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(32)]) verificationTokenObj = { 'user_id': user_inserted_id, 'verification_token': str(verificationToken) } veri_res = UserModel.create_email_verfication_token(verificationTokenObj) if veri_res == {}: api.abort(500, 'Internal server error: Can not create verification token') emailResponse = sendEmail(CONFIG['email'], args['email'], 'Verify email address', CONFIG['host']+'user/verify?token='+verificationToken) if emailResponse == {}: api.abort(500, 'Email could not be delivered') # expose only user_id and user authentication toekn # not necessary return all user's information response = {'user_id': str(user_inserted_id), 'authentication_token': token} return response, 200
def post(self): args = assistance_parser.parse_args() event = Event.query.get_by_tag(args.event) if not event.hasAvailability(): api.abort(400, "The event haven't availability") newAssistance = Assistance( eventTag = args.event, event = event.getAppearanceAssistance(), user = currentUser().username, requirements = map(lambda req: Requirement(name=req["name"],quantity=req["quantity"]), args.requirements) ) newAssistance.save() mailService.assistance(newAssistance, currentUser()) log.info("Crea una Asistencia con: {'evento':'%s'}" % newAssistance.event) return newAssistance, 201
def get(self, tag): log.info("Otorga el Evento con: {'tag':'%s'}" % tag) event = Event.query.get_by_tag(tag) event.hasAssistance = False event.isOwner= False user = currentUser() event.soldOut = not event.hasAvailability() if event.hasAccess(user) : if isLogged(): assistance = Assistance.query.get_by_eventTag_and_user(event.tag, user) event.hasAssistance = assistance is not None event.requirementMissing = event.lackRequirements() event.isOwner = event.owner.username == user.username return event else: log.warning("Se requiere Autorizacion para este recurso.") api.abort(401, "Authorization Required")
def post(self): '''kills the access token''' token = logout_post.parse_args()['x-access-token'] user_id = logout_post.parse_args()['user_id'] killedToken = userModel.delete_authentication_token(token) if killedToken == {}: return api.abort(404, 'Token not found') return response_success
def post(self): args = assistance_parser.parse_args() event = Event.query.get_by_tag(args.event) if not event.hasAvailability(): api.abort(400, "The event haven't availability") newAssistance = Assistance( eventTag=args.event, event=event.getAppearanceAssistance(), user=currentUser().username, requirements=map( lambda req: Requirement(name=req["name"], quantity=req["quantity"]), args.requirements)) newAssistance.save() mailService.assistance(newAssistance, currentUser()) log.info("Crea una Asistencia con: {'evento':'%s'}" % newAssistance.event) return newAssistance, 201
def post(self): '''Reset password''' old_password = reset_post.parse_args()['old_password'] new_password = reset_post.parse_args()['new_password'] # Here toekn is same as the temp_password tempPasswordLookup = userModel.searchEmailVerificationToken(old_password) if tempPasswordLookup == {}: api.abort(401, "Password not found") #update verification data for future reset code delete_email_verification_token(self, old_password) newPasswordObj = { 'user_id': user_id, 'verification_token': new_password } insertedVerificationToken = userModel.create_email_verfication_token(newPasswordObj) if insertedVerificationToken == {}: api.abort(500, 'Internal server error') hashedPassword = bcrypt.hashpw(new_password.encode('utf8'), bcrypt.gensalt()) userData = userModel.get_by_id_string(tempPasswordLookup['user_id']) if userData == {}: api.abort(404, 'User Not found') userData['password'] = hashedPassword userId = '' if '_id' in userData.keys(): userId = userData['_id'] del userData['_id'] else: api.abort(500, 'Internal server error') updatedUserData = userModel.update_user(userId, userData) if (updatedUserData == {}): api.abort(404, 'User Not found') return response_success
def post(self): '''Send email to reset password''' user_id = forgot_post.parse_args()['user_id'] email = forgot_post.parse_args()['email'] user_output = userModel.getOne(user_id) if email == user_output['email']: #what if this delete is not succssful? delete_email_verification_token_by_id(self, user_id) tempPassword = ''.join([random.choice(string.ascii_letters + string.digits) for n in range(8)]) tempPasswordObj = { 'user_id': user_id, 'verification_token': tempPassword } insertedVerificationToken = userModel.create_email_verfication_token(tempPasswordObj) if insertedVerificationToken == {}: api.abort(500, 'Internal server error') #if temp password has been updated '''send email with temp password''' emailResponse = sendEmail('*****@*****.**', email, 'New Password', tempPassword) if emailResponse == {}: api.abort(500, 'Internal server error') else: api.abort(404, "Email not found") return response_success
def get(self): '''Verify email''' token = verify_get.parse_args()['token'] verificationTokenLookup = userModel.search_email_verification_token(token) if verificationTokenLookup == {}: api.abort(404, 'Token not found') userData = userModel.get_by_id_string(verificationTokenLookup['user_id']) userData['email_verified'] = True del userData['_id'] updatedUserData = userModel.update_user(verificationTokenLookup['user_id'], userData) if updatedUserData == {}: api.abort(404, 'User not found') deleteVerificationToken = userModel.delete_email_verification_token(verificationTokenLookup['verification_token']) if deleteVerificationToken == {}: api.abort(500, 'Internal Server Error') return response_success
def get(self, id): for todo in self.todos: if todo['id'] == id: return todo api.abort(404, "Todo {} doesn't exist".format(id))
def error_handler(e): api.abort(401, "Authorization Required")
def get(self, id): '''Fetch a User with Given ID''' target_user = UserModel.get_by_id_string(self, id) if target_user == {}: api.abort(404, 'User Not Found') return target_user, 200