def api_deactivate_account():
"""
De-activate an user.
@TODO: should change expiration date too?
:rtype: Response
:return the success or failed in json format
"""
user_id = utils.get_safe_int(request.form.get("user_id"))
user = UserEntity.get_by_id(user_id)
user = UserEntity.update(user, active=False)
LogEntity.account_modified(session["uuid"], "User deactivated: {}".format(user))
return utils.jsonify_success({"message": "User deactivated."})
def api_extend_account():
"""
Change the `User.usrAccessExpiresAt` to today's date + 180 days
:rtype: Response
:return the success or failed in json format
"""
user_id = request.form.get("user_id")
today_plus_180 = utils.get_expiration_date(180)
user = UserEntity.get_by_id(user_id)
user = UserEntity.update(user, access_expires_at=today_plus_180)
# @TODO: add dedicated log type
LogEntity.account_modified(session["uuid"], "Updated expiration date to {}. {}".format(today_plus_180, user.email))
return utils.jsonify_success({"message": "Updated expiration date to {}".format(today_plus_180)})
def api_deactivate_account():
"""
De-activate an user.
@TODO: should change expiration date too?
:rtype: Response
:return the success or failed in json format
"""
user_id = utils.get_safe_int(request.form.get('user_id'))
user = UserEntity.get_by_id(user_id)
user = UserEntity.update(user, active=False)
LogEntity.account_modified(session['uuid'],
"User deactivated: {}".format(user))
return utils.jsonify_success({"message": "User deactivated."})
def api_expire_account():
"""
Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time
effectively blocking the user access.
:rtype: Response
:return the success or failed in json format
"""
user_id = utils.get_safe_int(request.form.get("user_id"))
user = UserEntity.get_by_id(user_id)
today = datetime.today()
today_start = datetime(today.year, today.month, today.day)
user = UserEntity.update(user, access_expires_at=today_start)
# @TODO: add dedicated log type
LogEntity.account_modified(session["uuid"], "User access was expired. {}".format(user.email))
return utils.jsonify_success({"message": "User access was expired."})
def api_verify_email():
"""
@TODO: add counter/log to track failed attempts
:rtype: Response
:return the success or failed in json format
"""
if "POST" == request.method:
token = utils.clean_str(request.form.get("tok"))
else:
token = utils.clean_str(request.args.get("tok"))
if not token:
return utils.jsonify_error({"message": "No token specified."})
try:
email = utils.get_email_from_token(token, app.config["SECRET_KEY"], app.config["SECRET_KEY"])
except Exception as exc:
# @TODO: add dedicated log type
app.logger.error("api_verify_email: {}".format(exc.message))
return utils.jsonify_error({"message": exc.message})
app.logger.debug("Decoded email from token: {}".format(email))
user = UserEntity.query.filter_by(email=email).first()
if user is None:
app.logger.error("Attempt to verify email with incorrect token: {}".format(token))
return utils.jsonify_error({"message": "Sorry."})
user = UserEntity.update(user, email_confirmed_at=datetime.today())
app.logger.debug("Verified token {} for user {}".format(token, user.email))
# @TODO: add dedicated log type
LogEntity.account_modified(session["uuid"], "Verified token {} for user {}".format(token, user.email))
return utils.jsonify_success({"message": "Email was verified for {}.".format(email)})
def api_send_verification_email():
"""
Send Verification Email to the `user_id` specified in the request
:rtype: Response
:return the success or failed in json format
"""
passed, errors = check_email_config()
if not passed:
app.logger.warn(" ".join(errors))
return utils.jsonify_error(
{"message": "Unable to send email due to configuration errors."})
user_id = utils.get_safe_int(request.form.get('user_id'))
user = UserEntity.get_by_id(user_id)
try:
emails.send_verification_email(user)
return utils.jsonify_success(
{"message": "Verification email was sent."})
except Exception as exc:
details = "Connection config: {}/{}:{}".format(
app.config['MAIL_USERNAME'],
app.config['MAIL_SERVER'],
app.config['MAIL_PORT'])
app.logger.debug(details)
return utils.jsonify_error(
{"message": "Unable to send email due: {} {}".format(exc, details)})
def api_save_user():
""" Save a new user to the database """
email = request.form["email"]
first = request.form["first"]
last = request.form["last"]
minitial = request.form["minitial"]
roles = request.form.getlist("roles[]")
email_exists = False
try:
existing_user = UserEntity.query.filter_by(email=email).one()
email_exists = existing_user is not None
except:
pass
if email_exists:
return utils.jsonify_error({"message": "Sorry. This email is already taken."})
# @TODO: fix hardcoded values
# salt, hashed_pass = generate_auth(app.config['SECRET_KEY'], password)
added_date = datetime.today()
access_end_date = utils.get_expiration_date(180)
user = UserEntity.create(
email=email,
first=first,
last=last,
minitial=minitial,
added_at=added_date,
modified_at=added_date,
access_expires_at=access_end_date,
password_hash="",
)
user_roles = []
try:
for role_name in roles:
role_entity = RoleEntity.query.filter_by(name=role_name).one()
user_roles.append(role_entity)
except Exception as exc:
app.logger.debug("Problem saving user: {}".format(exc))
[user.roles.append(rol) for rol in user_roles]
user = UserEntity.save(user)
app.logger.debug("saved user: {}".format(user))
LogEntity.account_created(session["uuid"], user)
return utils.jsonify_success({"user": user.serialize()})
def api_save_user():
""" Save a new user to the database """
email = request.form['email']
first = request.form['first']
last = request.form['last']
minitial = request.form['minitial']
roles = request.form.getlist('roles[]')
email_exists = False
try:
existing_user = UserEntity.query.filter_by(email=email).one()
email_exists = existing_user is not None
except:
pass
if email_exists:
return utils.jsonify_error(
{'message': 'Sorry. This email is already taken.'})
# @TODO: fix hardcoded values
# salt, hashed_pass = generate_auth(app.config['SECRET_KEY'], password)
added_date = datetime.today()
access_end_date = utils.get_expiration_date(180)
user = UserEntity.create(email=email,
first=first,
last=last,
minitial=minitial,
added_at=added_date,
modified_at=added_date,
access_expires_at=access_end_date,
password_hash="")
user_roles = []
try:
for role_name in roles:
role_entity = RoleEntity.query.filter_by(name=role_name).one()
user_roles.append(role_entity)
except Exception as exc:
app.logger.debug("Problem saving user: {}".format(exc))
[user.roles.append(rol) for rol in user_roles]
user = UserEntity.save(user)
app.logger.debug("saved user: {}".format(user))
LogEntity.account_created(session['uuid'], user)
return utils.jsonify_success({'user': user.serialize()})
def api_extend_account():
"""
Change the `User.usrAccessExpiresAt` to today's date + 180 days
:rtype: Response
:return the success or failed in json format
"""
user_id = request.form.get('user_id')
today_plus_180 = utils.get_expiration_date(180)
user = UserEntity.get_by_id(user_id)
user = UserEntity.update(user, access_expires_at=today_plus_180)
# @TODO: add dedicated log type
LogEntity.account_modified(session['uuid'],
"Updated expiration date to {}. {}".format(
today_plus_180, user.email))
return utils.jsonify_success(
{"message": "Updated expiration date to {}".format(today_plus_180)})
def api_expire_account():
"""
Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time
effectively blocking the user access.
:rtype: Response
:return the success or failed in json format
"""
user_id = utils.get_safe_int(request.form.get('user_id'))
user = UserEntity.get_by_id(user_id)
today = datetime.today()
today_start = datetime(today.year, today.month, today.day)
user = UserEntity.update(user, access_expires_at=today_start)
# @TODO: add dedicated log type
LogEntity.account_modified(session['uuid'],
"User access was expired. {}".format(user.email))
return utils.jsonify_success({"message": "User access was expired."})
def create_sample_data(self):
""" Add some data """
# == Create users
added_date = datetime.today()
access_end_date = utils.get_expiration_date(180)
user = UserEntity.create(email="*****@*****.**",
first="First",
last="Last",
minitial="M",
added_at=added_date,
modified_at=added_date,
email_confirmed_at=added_date,
access_expires_at=access_end_date)
# == Create roles
role_admin = RoleEntity.create(name=ROLE_ADMIN, description='role')
role_tech = RoleEntity.create(name=ROLE_TECHNICIAN, description='role')
def api_send_verification_email():
"""
@TODO: Send Verification Email to user_id
:rtype: Response
:return the success or failed in json format
"""
user_id = utils.get_safe_int(request.form.get("user_id"))
user = UserEntity.get_by_id(user_id)
try:
emails.send_verification_email(user)
return utils.jsonify_success({"message": "Verification email was sent."})
except Exception as exc:
details = "Connection config: {}/{}:{}".format(
app.config["MAIL_USERNAME"], app.config["MAIL_SERVER"], app.config["MAIL_PORT"]
)
app.logger.debug(details)
return utils.jsonify_error({"message": "Unable to send email due: {} {}".format(exc, details)})
def test_user(self):
""" verify save and find operations """
added_date = datetime.today()
access_end_date = utils.get_expiration_date(180)
user = UserEntity.create(email="*****@*****.**",
first="",
last="",
minitial="",
added_at=added_date,
modified_at=added_date,
access_expires_at=access_end_date)
self.assertEqual(1, user.id)
self.assertEqual("*****@*****.**", user.email)
with self.assertRaises(NoResultFound):
UserEntity.query.filter_by(email="[email protected]").one()
found = UserEntity.query.filter_by(email="*****@*****.**").one()
self.assertIsNotNone(found)
# two unbound objects ...
role_admin = self.get_role(ROLE_ADMIN)
role_tech = self.get_role(ROLE_TECHNICIAN)
# save them to the database...
db.session.add(role_admin)
db.session.add(role_tech)
db.session.commit()
saved_role = RoleEntity.query.filter_by(name=ROLE_ADMIN).one()
self.assertEqual(1, saved_role.id)
# ...then use them
user.roles.append(role_admin)
user.roles.append(role_tech)
user_roles = UserRoleEntity.query.all()
self.assertEqual(2, len(user_roles))
user_role = UserRoleEntity.get_by_id(1)
self.assertEqual(1, user_role.id)
self.assertEqual(ROLE_ADMIN, user_role.role.name)
def test_user(self):
""" verify save and find operations """
added_date = datetime.today()
access_end_date = utils.get_expiration_date(180)
user = UserEntity.create(email="*****@*****.**",
first="",
last="",
minitial="",
added_at=added_date,
modified_at=added_date,
access_expires_at=access_end_date)
self.assertEqual(1, user.id)
self.assertEqual("*****@*****.**", user.email)
with self.assertRaises(NoResultFound):
UserEntity.query.filter_by(email="[email protected]").one()
found = UserEntity.query.filter_by(email="*****@*****.**").one()
self.assertIsNotNone(found)
# two unbound objects ...
role_admin = self.get_role(ROLE_ADMIN)
role_tech = self.get_role(ROLE_TECHNICIAN)
# save them to the database...
db.session.add(role_admin)
db.session.add(role_tech)
db.session.commit()
saved_role = RoleEntity.query.filter_by(name=ROLE_ADMIN).one()
self.assertEqual(1, saved_role.id)
# ...then use them
user.roles.append(role_admin)
user.roles.append(role_tech)
user_roles = UserRoleEntity.query.all()
self.assertEqual(2, len(user_roles))
user_role = UserRoleEntity.get_by_id(1)
self.assertEqual(1, user_role.id)
self.assertEqual(ROLE_ADMIN, user_role.role.name)
def api_verify_email():
"""
@TODO: add counter/log to track failed attempts
:rtype: Response
:return the success or failed in json format
"""
if 'POST' == request.method:
token = utils.clean_str(request.form.get('tok'))
else:
token = utils.clean_str(request.args.get('tok'))
if not token:
return utils.jsonify_error({'message': 'No token specified.'})
try:
email = utils.get_email_from_token(token,
app.config["SECRET_KEY"],
app.config["SECRET_KEY"])
except Exception as exc:
# @TODO: add dedicated log type
app.logger.error("api_verify_email: {}".format(exc.message))
return utils.jsonify_error({'message': exc.message})
app.logger.debug("Decoded email from token: {}".format(email))
user = UserEntity.query.filter_by(email=email).first()
if user is None:
app.logger.error("Attempt to verify email with incorrect token: {}"
.format(token))
return utils.jsonify_error({'message': 'Sorry.'})
user = UserEntity.update(user, email_confirmed_at=datetime.today())
app.logger.debug("Verified token {} for user {}".format(token, user.email))
# @TODO: add dedicated log type
LogEntity.account_modified(session['uuid'],
"Verified token {} for user {}".format(
token, user.email))
return utils.jsonify_success(
{"message": "Email was verified for {}.".format(email)})
def load_user(user_id):
"""Return the user from the database"""
return UserEntity.get_by_id(user_id)
def load_user(user_id):
"""Return the user from the database"""
return UserEntity.get_by_id(user_id)
