def route_users_post_open(email=None, password=None, first_name=None, last_name=None):
if not config.USERS_OPEN_REGISTRATION:
abort(403, "Open user resgistration is forbidden on this server")
user = get_user_by_username(email, db_session)
if user:
return abort(
400, f"The user with this email already exists in the system: {email}"
)
user = create_user(db_session, email, password, first_name, last_name)
return user
def test_create_user_new_email(superuser_token_headers):
server_api = get_server_api()
username = random_lower_string()
password = random_lower_string()
data = {"email": username, "password": password}
r = requests.post(
f"{server_api}{config.API_V1_STR}/users/",
headers=superuser_token_headers,
json=data,
)
assert 200 <= r.status_code < 300
created_user = r.json()
user = get_user_by_username(username, db_session)
assert user.email == username
assert user.is_active is True
def init_db(db_session):
# Tables should be created with Alembic migrations
# But if you don't want to use migrations, create
# the tables uncommenting the next line
# Base.metadata.create_all(bind=engine)
role = get_role_by_name("default", db_session)
if not role:
role = create_role("default", db_session)
user = get_user_by_username(config.FIRST_SUPERUSER, db_session)
if not user:
user = create_user(db_session,
config.FIRST_SUPERUSER,
config.FIRST_SUPERUSER_PASSWORD,
is_superuser=True)
assign_role_to_user(role, user, db_session)
def route_login_access_token(username, password):
user = get_user_by_username(username, db_session)
if not user or not verify_password(password,
get_user_hashed_password(user)):
abort(400, "Incorrect email or password")
elif not user.is_active:
abort(400, "Inactive user")
access_token_expires = timedelta(
minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES)
return {
"access_token":
create_access_token(identity=get_user_id(user),
expires_delta=access_token_expires),
"token_type":
"bearer",
}
def route_users_post(email=None, password=None, first_name=None, last_name=None):
current_user = get_current_user()
if not current_user:
abort(400, "Could not authenticate user with provided token")
elif not check_if_user_is_active(current_user):
abort(400, "Inactive user")
elif not check_if_user_is_superuser(current_user):
abort(400, "Only a superuser can execute this action")
user = get_user_by_username(email, db_session)
if user:
return abort(
400, f"The user with this email already exists in the system: {email}"
)
user = create_user(db_session, email, password, first_name, last_name)
return user