def login():
res = ApiResponse()
try:
body = should_look_like(user_credentials_schema)
app_user = AppUser.get_by_email(body['email'])
if app_user and pbkdf2_sha256.verify(body['password'],
app_user.pw_hash):
res.data = {
'refresh_token':
create_refresh_token(identity=app_user.id,
expires_delta=timedelta(days=1)),
'access_token':
create_access_token(identity=app_user.id,
user_claims={'email': app_user.email},
expires_delta=timedelta(hours=1)),
}
res.status = 200
else:
res.status = 401
res.pub_msg = 'Email or password was not recognized'
except HTTPException as exc:
return exc
except BaseException as exc:
abort(500)
return res
def food_kind(kind_id=''):
res = ApiResponse()
try:
if request.method == 'GET':
if kind_id:
res.data = FoodKind.query.get_or_404(kind_id).full_dict()
else:
res.data = [
x.full_dict() for x in FoodKind.query.filter_by(
user_id=get_jwt_identity()).all()
]
elif request.method == 'POST':
body = should_look_like(food_kind_schema)
food_kind = FoodKind(**body)
food_kind.user_id = get_jwt_identity()
food_kind.save()
res.status = 201
elif request.method == 'PUT':
body = should_look_like(food_kind_schema)
food_kind = FoodKind.query.get_or_404(kind_id)
if str(food_kind.user_id) != get_jwt_identity():
res.status = 401
res.pub_msg = 'You do not have permission to update this "food kind"'
else:
food_kind.update_name(body['name'])
food_kind.unit_of_measurement_id = body[
'unit_of_measurement_id']
food_kind.serving_size = body['serving_size']
print(food_kind.unit_of_measurement_id)
food_kind.save()
elif request.method == 'DELETE':
msg, status = helpers.delete_food_kind(kind_id=kind_id,
user_id=get_jwt_identity(),
force=request.args.get(
'force', False))
res.pub_msg = msg
res.status = status
except HTTPException as exc:
print(str(exc))
return exc
except BaseException as exc:
print(exc)
abort(500)
return res
def register():
res = ApiResponse()
try:
body = should_look_like(user_credentials_schema)
if AppUser.get_by_email(body['email']):
res.status = 400
res.pub_msg = 'Email {} already exists in our system'.format(
body['email'])
else:
pw_hash = pbkdf2_sha256.hash(body['password'])
AppUser(email=body['email'], pw_hash=pw_hash).save()
res.status = 201
except HTTPException as exc:
return exc
except BaseException as exc:
print('EXCEPTION', exc)
abort(500)
return res
def create_snapshot():
res = ApiResponse()
try:
body = should_look_like(snapshot_schema)
stock = Stock.query.get_or_404(body['stock_id'])
if stock.user_id == get_jwt_identity():
snapshot = Snapshot(**body)
for food_item in stock.stock_items:
state = food_item.states.order_by(
desc(StockItemState.date_created)).first()
snapshot.food_item_states.append(state)
snapshot.save()
res.status = 201
else:
res.status = 401
res.pub_msg = 'You do not have permission to create a snapshot of this stock'
except HTTPException as exc:
return exc
except BaseException as exc:
abort(500)
return res
def reset_password():
res = ApiResponse()
try:
body = should_look_like(pw_reset_schema)
nonce = get_jwt_identity()
pw_reset_email = PwResetEmail.query.get(nonce)
if pw_reset_email:
app_user = AppUser.query.get(pw_reset_email.user_id)
app_user.pw_hash = pbkdf2_sha256.hash(body['password'])
app_user.save()
pw_reset_email.delete()
res.status = 200
else:
res.status = 400
res.pub_msg = 'This link has expired.'
except HTTPException as exc:
print(exc)
return exc
except BaseException as exc:
print(exc)
abort(500)
return res
def stock_item(stock_id='', item_id=''):
res = ApiResponse()
try:
if request.method == 'POST':
body = should_look_like(food_item_schema)
stock = Stock.query.get_or_404(stock_id)
if str(stock.user_id) == get_jwt_identity():
food_item = StockItem(**{'stock_id': stock_id, **body})
food_item.save()
res.status = 201
else:
res.status = 401
res.pub_msg = 'You do not have permission to add items to this stock'
elif request.method == 'DELETE':
food_item = StockItem.query.get_or_404(item_id)
food_item.delete()
except HTTPException as exc:
return exc
except BaseException as exc:
print('EXCEPTION', exc)
abort(500)
return res
def send_reset_link():
res = ApiResponse()
try:
body = should_look_like(send_reset_link_schema)
app_user = AppUser.get_by_email(body['email'])
if app_user:
# delete all records of previously sent pw reset emails so that
# there will only be one valid link --- mitigate possibility of
# pw reset link falling into the wrong hands
for prev_email in PwResetEmail.find_by_user_id(app_user.id):
prev_email.delete()
# create new pw_reset_email record
pw_reset_email = PwResetEmail(user_id=app_user.id)
pw_reset_email.save()
fresh_jwt = create_access_token(
pw_reset_email.nonce,
fresh=True,
user_claims={'email': body['email']},
expires_delta=timedelta(minutes=30))
client_host = os.getenv('CLIENT_HOST')
nonced_link = client_host + '/login/recover/' + fresh_jwt
mail.send_message(subject='Grocery Inventory Password Reset',
recipients=[body['email']],
html=render_template('password_reset_email.html',
nonced_link=nonced_link))
res.status = 201
res.pub_msg = 'If the email address you provided us is in our system you should recieve an email with a link to reset your password.'
except HTTPException as exc:
print(exc)
return exc
except BaseException as exc:
print(exc)
abort(500)
return res