def test_crud(self):
with self.app_context():
user = UserModel('test', 'abcd')
self.assertIsNone(UserModel.find_by_username('test'))
self.assertIsNone(UserModel.find_by_id(1))
user.save_to_db()
self.assertIsNotNone(UserModel.find_by_username('test'))
self.assertIsNotNone(UserModel.find_by_id(1))
def wrapped(*args, **kwargs):
parser = RequestParser()
parser.add_argument('class',
type=str,
help='This field cannot be blank',
required=True)
g.data = data = parser.parse_args()
# check if class is correct type
if data['class'] not in ['people', 'landscape']:
return {'message': 'class field should not be empty'}, 400
# check if event exists
g.event = event = EventModel.query.get(kwargs['event_id'])
if not event:
return {
'message':
'Event id {} does not exist'.format(kwargs['event_id'])
}, 404
# check if current_user has access to the group
username = get_jwt_identity()
g.current_user = current_user = UserModel.find_by_username(
username)
group = GroupModel.query.join(GroupModel.users).filter(
UserModel.username == username,
GroupModel.id == event.group.id).first()
if not group:
return {
'message':
'Group id {} does not exist'.format(kwargs['event_id'])
}, 404
return fn(*args, **kwargs)
def get(self):
username = get_jwt_identity()
current_user = UserModel.find_by_username(username)
if not current_user:
return {'message': 'Wrong access token'}, 401
else:
return {'id': current_user.id, 'username': current_user.username}
def put(self, username):
data = UserInfo.parser.parse_args()
user = UserModel.find_by_username(username)
if user:
if data['password']:
data['password'] = UserModel.get_password_hash(
data['password'])
user.password = data['password']
if data['first_name']:
user.first_name = data['first_name']
if data['last_name']:
user.last_name = data['last_name']
if data['active']:
user.active = data['active']
else:
if data['password']:
data['password'] = UserModel.get_password_hash(
data['password'])
user = UserModel(username, data['password'], data['first_name'],
data['last_name'], data['active'])
user.save_to_db()
return user.json()
def wrapped(*args, **kwargs):
username = get_jwt_identity()
g.current_user = current_user = UserModel.find_by_username(
username)
if not current_user:
return {
'message': 'User {} does not exist'.format(username)
}, 401
# kwargs['event_id'] is always int, so we don't need try block
g.event = event = EventModel.query.get(kwargs['event_id'])
if not event:
return {
'message':
'Event id {} does not exist'.format(kwargs['event_id'])
}, 404
# current user doesn't have access to the event
user = list(
filter(lambda x: x.id == current_user.id, event.group.users))
if not user:
return {
'message':
'Event id {} does not exist'.format(kwargs['event_id'])
}, 404
return fn(*args, **kwargs)
def post(self):
data = EmployeeController.parser.parse_args()
username = data['username']
email = data['email']
if (UserModel.find_by_username(username)
or UserModel.find_by_email(email)):
return {'message': "User already exists."}, 400
# Because only admin can create employee
admin_user = AdminModel.find_by_user_id(current_identity.id)
if not admin_user:
abort(403,
message="Please use admin or ask admin to crete company.")
# Create a new Employee user
employee = EmployeeModel(isAdmin=data['isAdmin'])
user_data = data
del user_data['isAdmin']
user = UserModel(**user_data)
user = user.hash_password()
user.employee_id = employee
employee.user_id = user
# save the database
try:
db.session.add(user)
db.session.add(employee)
db.session.commit()
except (ArgumentError, DataError):
abort(500,
message="Server internal error due to invalid argument.")
return employee.get_employee(user), 201
def wrapped(*args, **kwargs):
username = get_jwt_identity()
g.current_user = current_user = UserModel.find_by_username(
username)
if not current_user:
return {
'message': 'User {} does not exist'.format(username)
}, 401
return fn(*args, **kwargs)
def post(self):
data = UserRegister.parser.parse_args()
if UserModel.find_by_username(data["username"]):
return {"message": "Error: username already exists"}, 409
user = UserModel(**data)
user.save()
return {"message": "User registered successfully"}, 201
def post(self):
data = UserRegister.parser.parse_args()
if UserModel.find_by_username(data['username']):
return {'message': 'This username already exists'}, 400
user = UserModel(**data)
user.save_to_db()
return {'message': 'User created successfully'}, 201
def post(self):
data = UserRegister.parser.parse_args()
if UserModel.find_by_username(data['username']):
return {"message": "User with that username already exists."}, 400
user = UserModel(**data) ## unpack the data, because its a dictionary
user.save_to_db()
return {"message": "User created successfully."}, 201
def create_tables():
db.create_all()
db.session.commit()
from app.models.user import UserModel
if not UserModel.find_by_username("admin"):
UserModel(username="******",
password="******",
firstName="admin",
lastName="admin",
phoneNumber="123467890").save_to_db()
def post(self):
data = UserRegister.parser.parse_args()
if UserModel.find_by_username(data['username']):
return {
'message': 'UserModel has already been created, aborting.'
}, 400
user = UserModel(**data)
user.save_to_db()
return {'message': 'user has been created successfully.'}, 201
def test_register_user(self):
with self.app() as client:
with self.app_context():
response = client.post('/register',
data={
'username': '******',
'password': '******'
})
self.assertEqual(response.status_code, 201)
self.assertIsNotNone(UserModel.find_by_username('test'))
self.assertDictEqual(json.loads(response.data),
{'message': 'User created successfully'})
def post(self):
_user_parser.add_argument('email',
type=str,
required=True,
help="This field cannot be blank.")
data = _user_parser.parse_args()
if UserModel.find_by_username(data['username']):
return {"message": "A user with that username already exists"}, 400
user = UserModel(data['username'], data['email'], data['password'])
db.session.add(user)
db.session.commit()
return {"message": "User created successfully."}, 201
def wrapped(*args, **kwargs):
parser = RequestParser()
parser.add_argument('username',
type=str,
help='This field cannot be blank',
required=True)
parser.add_argument('password',
type=str,
help='This field cannot be blank',
required=True)
g.data = data = parser.parse_args()
g.current_user = current_user = UserModel.find_by_username(
data['username'])
if not current_user:
return {'message': 'Wrong credentials'}, 401
return fn(*args, **kwargs)
def post(self):
data = _user_parser.parse_args()
user = UserModel.find_by_username(data['username'])
# this is what the `authenticate()` function did in security.py
if user and check_password_hash(user.password,
data['password']): #modified 09/19
# identity= is what the identity() function did in security.py—now stored in the JWT
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(user.id)
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 200
return {"message": "Invalid Credentials!"}, 401
def post(self):
data = UserRegister.parser.parse_args()
if UserModel.find_by_username(data['username']):
return {
"message": "A user with that username already exists."
}, 400
data['password'] = UserModel.get_password_hash(data['password'])
user = UserModel(**data)
try:
user.save_to_db()
except:
return {
'message': "An error occurred while inserting the user."
}, 500
return {"message": "User created successfully."}, 201
def post(self):
data = parser.parse_args()
current_user = UserModel.find_by_username(username=data.get("username"))
if not current_user:
return {"message": f"User {data.get('username')} doesnt exists"}
if UserModel.verify_hash(data.get("password"), current_user.password):
access_token = create_access_token(identity=data.get("username"))
refresh_token = create_refresh_token(identity=data.get("username"))
return {
"message": f"User {data.get('username')} logged",
"access_token": access_token,
"refresh_token": refresh_token,
}
else:
return {"message": "wrong credentials"}
def wrapped(*args, **kwargs):
username = get_jwt_identity()
current_user = UserModel.find_by_username(username)
if not current_user:
return {
'message': 'User {} does not exist'.format(username)
}, 401
# kwargs['group_id' is always int, so we don't need try and except block
g.group = group = GroupModel.query.join(GroupModel.users).filter(
UserModel.username == username,
GroupModel.id == kwargs['group_id']).first()
if not group:
return {
'message':
'Group id {} does not exist'.format(kwargs['group_id'])
}, 404
return fn(*args, **kwargs)
def post(self):
args = parser.parse_args(strict=True)
username = args["username"]
password = args["password"]
first_name = args["first_name"]
last_name = args["last_name"]
phone_number = args["phone_number"]
birth_date = args["birth_date"]
user = UserModel.find_by_username(username)
if user:
return {"Message:": "this username is already taken"}, 409
ret = UserModel(username=username,
password=password,
firstName=first_name,
lastName=last_name,
phoneNumber=phone_number,
birthDate=birth_date).save_to_db()
if ret:
return {"Message": "Created", "user_id": ret.id}, 201
return {"Message": "Error", "user_id": ret.id}, 500
def post(self, username):
if UserModel.find_by_username(username):
return {
'message':
"A user with the username '{}' already exists.".format(
username)
}, 400
data = UserInfo.parser.parse_args()
data['password'] = UserModel.get_password_hash(data['password'])
user = UserModel(username, data['password'], data['first_name'],
data['last_name'], data['active'])
try:
user.save_to_db()
except:
return {
'message': "An error occurred while inserting the user."
}, 500
return user.json(), 201
def wrapped(*args, **kwargs):
parser = RequestParser()
parser.add_argument('username',
type=str,
help='This field cannot be blank',
required=True)
parser.add_argument('password',
type=str,
help='This field cannot be blank',
required=True)
parser.add_argument('icon_url',
type=str,
help='This field cannot be blank',
required=True)
g.data = data = parser.parse_args()
if UserModel.find_by_username(data['username']):
return {
'message':
'User {} already exists'.format(data['username'])
}, 401
return fn(*args, **kwargs)
def post(self):
data = parser.parse_args()
new_user = UserModel(
username=data.get("username"),
password=UserModel.generate_hash(data.get("password")),
email=data.get("email"),
)
try:
if UserModel.find_by_username(data.get("username")) or UserModel.find_by_email(data.get("email")):
return {"message": f"User alread exists"}
new_user.save_to_db()
access_token = create_access_token(identity=data.get("username"))
refresh_token = create_refresh_token(identity=data.get("username"))
return {
"message": f"User {data.get('username')} was created",
"access_token": access_token,
"refresh_token": refresh_token,
}
except:
return {"message": "Something went wrong"}, 500
def delete(self, username):
user = UserModel.find_by_username(username)
if user:
user.delete_from_db()
return {'message': 'User deleted.'}
return {'message': 'User not found.'}, 404
def authenticate(username, password):
user = UserModel.find_by_username(username)
if user and safe_str_cmp(user.password, password):
return user
def authenticate(username, password):
user = UserModel.find_by_username(username)
if user and safe_str_cmp(user.password, UserModel.get_password_hash(password)) and user.active:
return user
return None
def get(self, username):
user = UserModel.find_by_username(username)
if user:
return user.json()
return {'message': "User not found"}, 404
