def upcoming_vendor_engagements(self):
location = Auth.get_location()
engagements = self.vendor_engagement_repo.get_engagement_by_date()
engagements_list = []
for e in engagements.items:
if e.location_id == location:
engagement = e.serialize()
engagement['vendor'] = e.vendor.serialize()
engagements_list.append(engagement)
return self.handle_response(
'OK', payload={'engagements': engagements_list, 'meta': self.pagination_meta(engagements)}
)
def authenticate_user(self):
username, password = self.request_params("username", "password")
user = self.user_repo.find_first(email=username)
if user is not None and check_password_hash(user.password, password):
time_limit = datetime.datetime.utcnow() + datetime.timedelta(
days=3)
user_roles = self.user_role_repo.get_unpaginated(user_id=user.id)
user_roles_list = [
user_role.role.to_dict(only=["id", "name"])
for user_role in user_roles
]
user_data = {
"UserInfo": {
"id":
user.id,
"first_name":
user.first_name,
"last_name":
user.last_name,
"email":
user.email,
"name":
f"{user.first_name} {user.last_name}",
"picture":
"",
"roles":
user_roles_list,
"date_time_now":
datetime.datetime.utcnow().strftime("%Y-%m-%d %H:%M:%S"),
"date_time_exp":
time_limit.strftime("%Y-%m-%d %H:%M:%S"),
},
"iat": datetime.datetime.utcnow(),
"exp": time_limit,
"aud": "webspoons.com",
"iss": "accounts.webspoons.com",
}
token = Auth.encode_token(user_data)
return self.handle_response("OK",
payload={
"token": token,
"user": user.email
},
status_code=200)
return self.handle_response("Username/password combination is wrong",
status_code=400)
def delete_order(self, order_id):
order = self.order_repo.get(order_id)
if order:
if order.is_deleted:
return self.handle_response('Order has already been deleted', status_code=400)
if Auth.user('id') != order.user_id:
return self.handle_response('You cannot delete an order that is not yours', status_code=403)
updates = {}
updates['is_deleted'] = True
self.order_repo.update(order, **updates)
return self.handle_response('Order deleted', payload={"status": "success"})
return self.handle_response('Invalid or incorrect order_id provided', status_code=400)
def list_vendor_engagements(self):
location = Auth.get_location()
engagements = self.vendor_engagement_repo.filter_by_desc(
self.vendor_engagement_repo._model.start_date,
is_deleted=False, location_id=location
)
engagements_list = []
for e in engagements.items:
engagement = e.serialize()
engagement['vendor'] = e.vendor.serialize()
engagements_list.append(engagement)
return self.handle_response(
'OK', payload={'engagements': engagements_list, 'meta': self.pagination_meta(engagements)}
)
def test_has_role_method_handles_succeeds(self, mock_auth_user,
mock_find_first, mock_role_repo):
def mock_get(*args):
get_obj = namedtuple('mock', 'name')
return get_obj('admin')
class MockRole:
role_id = 1
mock_auth_user.return_value = {'id': 1}
mock_find_first.return_value = MockRole
mock_role_repo.return_value = mock_get()
response = Auth.has_role('admin')(lambda n: n)('test')
self.assertEqual(response, 'test')
def login(self):
email_address, password = self.request_params('emailAddress',
'password')
user = self.user_service.filter_first(
**{'email_address': email_address})
if user:
if bcrypt.check_password_hash(user.password, password):
token = Auth.create_token(user.id)
del user.password
return self.handle_response('Ok',
payload={
'user': user.serialize(),
'token': token.decode()
})
else:
return self.handle_response('Wrong password', status_code=400)
else:
return self.handle_response('User does not exist', status_code=404)
def login():
"""
商户登录接口
:return:
"""
res = ResMsg()
req = request.get_json(force=True)
username = req.get("username")
password = req.get("password")
password_hash = hash_password(password)
noew_timestr = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime())
user = db.session.query(ETMerchants).filter(
ETMerchants.username == username,
ETMerchants.password == password_hash).first()
if user.status != 1:
res.update(code=ResponseCode.Fail, data={}, msg='当前账户已禁用,请请联系客服')
return res.data
res_data = dict()
if user:
user = db.session.query(ETMerchants.username).first()
res_data.update(dict(zip(user.keys(), user)))
db.session.query(ETMerchants).filter(
ETMerchants.username == username).update(
{"last_login": noew_timestr})
access_token, refresh_token = Auth.encode_auth_token(user_id=username)
res_data.update({
"access_token": access_token.decode("utf-8"),
"refresh_token": refresh_token.decode("utf-8")
})
res.update(code=ResponseCode.LoginSuccess,
data=res_data,
msg=ResponseMessage.LoginSuccess)
return res.data
else:
res.update(code=ResponseCode.LoginFail,
data={},
msg=ResponseMessage.LoginFail)
return res.data
def create_vendor_rating(self):
'''Adds a vendor rating during a specific engagement'''
(vendor_id, comment, rating, channel,
engagement_id) = self.request_params('vendorId', 'comment', 'rating',
'channel', 'engagementId')
user_id = Auth.user('id')
if self.vendor_repo.get(vendor_id):
rating = self.vendor_rating_repo.new_rating(
vendor_id, user_id, rating, RatingType.engagement, 0,
engagement_id, channel, comment)
rtng = rating.serialize()
return self.handle_response('Rating created',
payload={'rating': rtng},
status_code=201)
return self.handle_response('Invalid vendor_id provided',
status_code=400)
def test_has_role_method_handles_unmatching_roles(self, mock_auth_user,
mock_find_first,
mock_role_repo):
def mock_get(*args):
get_obj = namedtuple('mock', 'name')
return get_obj('user')
class MockRole:
role_id = 1
mock_auth_user.return_value = {'id': 1}
mock_find_first.return_value = MockRole
mock_role_repo.return_value = mock_get()
response = Auth.has_role('admin')(lambda n: n)('test')
self.assertEqual(
response[0].get_json()['msg'],
'Access Error - This role does not have the access rights')
def eventSubscribe(msg):
Redis.write(msg.scene_id, msg.source)
# 创建 access_token
access_token = Auth.generate_access_token(user_id=msg.source)
if access_token:
access_token = access_token.decode('utf-8')
logger.debug("用户初次订阅行为,flag为: ", msg.scene_id)
# 查询用户详细信息
user = client.user.get(msg.source)
# 开始用户登陆或注册
user_login = wx_login_or_register(user)
# 缓存用户信息
Redis.write(
msg.source,
json.dumps(
dict(user_id=user_login['id'],
access_token=access_token,
headimgurl=user['headimgurl'],
nickname=user['nickname'],
admin=user_login['admin'])))
def update_vendor_rating(self, rating_id):
"""edits an existing rating"""
rtng = self.vendor_rating_repo.get(rating_id)
comment = self.get_json()['comment']
if rtng:
if Auth.user(
'id'
) == rtng.user_id: #You cannot update someone else's rating
updates = {}
if comment:
updates['comment'] = comment
self.vendor_rating_repo.update(rtng, **updates)
return self.handle_response(
'OK', payload={'rating': rtng.serialize()})
return self.handle_response(
'You are not allowed to update a rating that is not yours',
status_code=403)
return self.handle_response('Invalid or incorrect rating_id provided',
status_code=404)
def eventscan(msg):
Redis.write(msg.scene_id, msg.source)
# 创建 access_token
access_token = Auth.generate_access_token(user_id=msg.source)
if access_token:
access_token = access_token.decode('utf-8')
logger.debug("已订阅用户扫描行为,flag为: ", msg.scene_id)
# 查询用户详细信息
client = C_WeChatClient._get_wechatclient()
user = client.user.get(msg.source)
# 开始用户登陆或注册
user_login = wx_login_or_register(user)
# 缓存用户信息
Redis.write(
msg.source,
json.dumps(
dict(user_id=user_login['id'],
access_token=access_token,
headimgurl=user['headimgurl'],
nickname=user['nickname'],
admin=user_login['admin'])))
def login():
"""登陆成功获取到数据获取token和刷新token"""
res = ResMsg()
obj = request.get_json(force=True)
name = obj.get("name")
if not all([obj, name, obj.get("password")]):
res.update(code=ResponseCode.InvalidParameter)
return res.data
user_obj = User.query.filter(User.name == name).first()
if user_obj and user_obj.password == obj.get("password"):
access_token, refresh_token = Auth.encode_auth_token(user_id=name)
data = {
"access_token": access_token.decode("utf-8"),
"refresh_token": refresh_token.decode("utf-8"),
"user": model_to_dict(user_obj)
}
res.update(data=data)
else:
res.update(code=ResponseCode.AccountOrPassWordErr)
return res.data
def before_request():
# 这里使用的是 jwt, 数据用户 id 从 jwt 中读取
user_id = Auth().get_jwt_data(request)
if user_id:
from app.models import User
# g 是在 before_request 之前创建的
g.user = User.query.get(user_id)
# count 变量用于计数
count = 0
# 从缓存中查询请求次数
try:
count = redis_store.get("request_count:%s" % user_id) or 0
except Exception as e:
# current_app 与 g 是同时创建的,生命周期相同
# 将报错信息记录在 current_app.logger,这里不能 return 否则程序会被阻断
current_app.logger.error(e)
if isinstance(count, str):
count = int(count)
# 如果次数大于20,直接不让用户再继续了
# 这里只能等 redis 刷新之后再继续了
if count >= 20:
return jsonify(code=1234, msg='请求过于频繁,请稍后尝试')
# count 计数,每次登录时自增 1
count += 1
try:
# 在 redis 中添加数据 user_id count 以及 redis 请求次数有效时间,单位是秒
redis_store.set("request_count:%s" % user_id, count, 5)
except Exception as e:
current_app.logger.error(e)
# 判断用户请求是否包含有浏览器(软件信息以及 http 版本信息等)信息,不过没有,则判定为爬虫
if not request.user_agent:
return jsonify('不是浏览器请求,可能是爬虫')
return
def handle_loginout():
"""
账号登出接口
:return:
"""
res = ResMsg()
header_token = request.headers.get("xtoken")
access_token = request.args.get("token",header_token)
if not access_token:
res.update(code=ResponseCode.InvalidParameter)
return res.data
payload = Auth.decode_auth_token(access_token)
if not payload:
res.update(code=ResponseCode.PleaseSignIn)
return res.data
if "user_id" not in payload:
res.update(code=ResponseCode.PleaseSignIn)
return res.data
# @todo 移除accesstoken
access_token = None
data = {"access_token": None}
res.update(code=ResponseCode.Success, data=data, msg='logout success!')
return res.data
def test_decode_token_returns_dict_on_valid_token(self):
token = Auth.decode_token(self.get_valid_token())
if type(token) is dict:
assert True
else:
assert False
def test_decode_token_throws_exception_on_invalid_token(self):
try:
Auth.decode_token(self.get_invalid_token())
assert False
except Exception as e:
assert True
def user_first_and_last_name():
return (
Auth.decode_token(BaseTestCase.get_valid_token())["UserInfo"]["firstName"],
Auth.decode_token(BaseTestCase.get_valid_token())["UserInfo"]["lastName"],
)
def user(self, *keys):
return Auth.user(*keys)
def user_email():
return Auth.decode_token(BaseTestCase.get_valid_token())["UserInfo"]["email"]
