def create(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "user_id": validation.Integer(), "reason": validation.String(length_min=orm.UsersBans.REASON_LEN_MIN, length_max=orm.UsersBans.REASON_LEN_MAX) }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Authorization auth_response = self._s_auth.authorize(Action.USERS_BANS_CREATE, request.user) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Get the user's ID from request (Which gets it's user info from a token) if not isinstance(request.user, Registered): return responses.UnauthorizedNotLoggedIn() user: Registered = request.user # Query try: self._m_users_bans.create(request.body["user_id"], user.user_id, request.body["reason"]) return responses.Created() except IntegrityError: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "user_id": validation.Integer(), "reason": validation.String(length_min=orm.UsersBans.REASON_LEN_MIN, length_max=orm.UsersBans.REASON_LEN_MAX) }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) user_id = request.body["user_id"] # Query for authorization try: orm_user_ban = self._m_users_bans.get(user_id) except NoResultFound: return responses.NotFoundByID("user_id") # Authorization auth_response = self._s_auth.authorize(Action.USERS_BANS_UPDATE, request.user, orm_user_ban.banner_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Query try: self._m_users_bans.update(user_id, request.body["reason"]) return responses.OKEmpty() except NoResultFound: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get_all(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "user_id": validation.Integer(allow_none=True), "banner_id": validation.Integer(allow_none=True), }, allow_none=True, allow_empty=True, allow_all_defined_keys_missing=True, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Filters user_id_filter = None if request.body is None else request.body.get("user_id") banner_id_filter = None if request.body is None else request.body.get("banner_id") # Authorization # TODO check whatever is going on here auth_response = self._s_auth.authorize(Action.USERS_ACCESS_BANNED, request.user) if isinstance(auth_response, responses.OKEmpty): # Can access all bans result = self._m_users_bans.get_all(user_id_filter, banner_id_filter) return responses.OK(result) else: # Can only access visible bans if isinstance(request.user, Registered): result = self._m_users_bans.get_all_visible(request.user.user_id, user_id_filter, banner_id_filter) return responses.OK(result) else: # An unregsitered user cannot get banned nor create bans return responses.OK([]) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get_all(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "user_id": validation.Integer(allow_none=True) }, allow_none=True, allow_empty=True, allow_all_defined_keys_missing=True, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Filters user_id_filter = None if request.body is None else request.body.get("user_id") # Filters by authorization user_id = None if isinstance(request.user, Registered): user_id = request.user.user_id auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_PUBLIC, request.user) exclude_public = not isinstance(auth_response, responses.OKEmpty) auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_PRIVATE, request.user) exclude_private = not isinstance(auth_response, responses.OKEmpty) auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_BANNED, request.user) exclude_banned = not isinstance(auth_response, responses.OKEmpty) result = self._m_rooms.get_all( exclude_banned, exclude_public, exclude_private, user_id, user_id_filter ) return responses.OK(result) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( {"user_id": validation.Integer()}, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) user_id = request.body["user_id"] # Query to find the user try: orm_user = self._m_users.get(user_id) except NoResultFound: return responses.NotFoundByID("user_id") # Check if user is banned orm_user_ban = None try: orm_user_ban = self._m_users_bans.get(user_id) except NoResultFound: pass # User is not banned # Authorization (can see banned users or not?) auth_action = Action.USERS_ACCESS_NOTBANNED if orm_user_ban is None else Action.USERS_ACCESS_BANNED auth_response = self._s_auth.authorize(auth_action, request.user, user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response return responses.OK(orm_user) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "room_id": validation.Integer(), "title": validation.String(length_min=orm.Rooms.TITLE_LEN_MIN, length_max=orm.Rooms.TITLE_LEN_MAX), }) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) room_id = request.body["room_id"] # Query for authorization try: orm_room = self._m_rooms.get(room_id) except NoResultFound: return responses.NotFoundByID("room_id") # Authorization auth_response = self._s_auth.authorize(Action.ROOMS_UPDATE_TITLE, request.user, orm_room.user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response try: self._m_rooms.update(room_id, request.body["title"]) return responses.OKEmpty() except NoResultFound: return responses.NotFoundByID("room_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def create(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "room_id": validation.Integer(), "user_id": validation.Integer() }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) room_id = request.body["room_id"] user_id = request.body["user_id"] # Query for authorization try: orm_room = self._m_rooms.get(room_id) except NoResultFound: return responses.NotFoundByID("room_id") # Authorization auth_response = self._s_auth.authorize(Action.ROOMS_USERS_CREATE, request.user, orm_room.user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Query try: self._m_rooms_users.create(room_id, user_id) return responses.Created() except IntegrityError: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( {"room_id": validation.Integer()}, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) room_id = request.body["room_id"] # Queries for authorization try: orm_room_ban = self._m_rooms_bans.get(room_id) except NoResultFound: return responses.NotFoundByID("room_id") try: orm_room = self._m_rooms.get(room_id) except NoResultFound: return responses.NotFoundByID("room_id") # Authorization auth_response = self._s_auth.authorize( Action.ROOMS_BANS_ACCESS, request.user, [orm_room.user_id, orm_room_ban.banner_id]) if not isinstance(auth_response, responses.OKEmpty): return auth_response return responses.OK(orm_room_ban) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def create(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "title": validation.String(length_min=orm.Rooms.TITLE_LEN_MIN, length_max=orm.Rooms.TITLE_LEN_MAX), "is_public": validation.Boolean() }) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Authorization auth_response = self._s_auth.authorize(Action.ROOMS_CREATE, request.user) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Get the user's ID from request (Which gets it's user info from a token) if not isinstance(request.user, Registered): return responses.UnauthorizedNotLoggedIn() user: Registered = request.user # Query try: self._m_rooms.create(user.user_id, request.body["is_public"], request.body["title"]) return responses.Created() except IntegrityError: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def delete_self(self, request: 'th_Request'): validator = validation.Dict( {}, allow_none=True, allow_empty=True, allow_all_defined_keys_missing=True, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Authorization auth_response = self._s_auth.authorize(Action.USERS_DELETE_SELF, request.user) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Get the user's ID from request (Which gets it's user info from a token) if not isinstance(request.user, Registered): return responses.UnauthorizedNotLoggedIn() user: Registered = request.user # Query try: self._m_users.delete(user.user_id) return responses.OKEmpty() except NoResultFound: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def delete(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( {"user_id": validation.Integer()}, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) user_id = request.body["user_id"] # Authorization auth_response = self._s_auth.authorize(Action.USERS_DELETE, request.user, user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Query try: self._m_users.delete(user_id) return responses.OKEmpty() except NoResultFound: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def create(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "room_id": validation.Integer(), "content": validation.String(length_min=orm.Posts.CONTENT_LEN_MIN, length_max=orm.Posts.CONTENT_LEN_MAX) }, allow_undefined_keys=not self._strict_requests) try: print(request.body) # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) room_id = request.body["room_id"] # Queries for authorization try: orm_room = self._m_rooms.get(room_id) except NoResultFound: return responses.NotFoundByID("room_id") orm_room_users = self._m_rooms_users.get_all_by_room(orm_room.id) # Get the user's ID from request (Which gets it's user info from a token) if not isinstance(request.user, Registered): return responses.UnauthorizedNotLoggedIn() user: Registered = request.user # Authorize if orm_room.is_public: auth_response = self._s_auth.authorize( Action.POSTS_CREATE_PUBLIC, request.user) else: allowed_ids = [orm_room.user_id] + [ orm_ru.user_id for orm_ru in orm_room_users ] auth_response = self._s_auth.authorize(Action.POSTS_CREATE, request.user, allowed_ids) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Query try: self._m_posts.create(room_id, user.user_id, request.body["content"]) return responses.Created() except IntegrityError: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "post_id": validation.Integer(), }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) post_id = request.body["post_id"] # Queries for authorization try: orm_post = self._m_posts.get(post_id) except NoResultFound: return responses.NotFoundByID("post_id") try: orm_room = self._m_rooms.get(orm_post.room_id) except NoResultFound: return responses.NotFoundByID("room_id") orm_room_users = self._m_rooms_users.get_all_by_room(orm_room.id) orm_room_ban = None try: orm_room_ban = self._m_rooms_bans.get(orm_post.room_id) except NoResultFound: pass # Room is not banned # Authorization if orm_room_ban is not None: # can the user access the banned room? auth_response = self._s_auth.authorize( Action.ROOMS_ACCESS_BANNED, request.user, orm_room.user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # yes # TODO check this out auth_response = self._s_auth.authorize( Action.ROOMS_ACCESS_PUBLIC if orm_room.is_public else Action.ROOMS_ACCESS_PRIVATE, request.user, [orm_room.user_id] + [orm_room_user.user_id for orm_room_user in orm_room_users]) if not isinstance(auth_response, responses.OKEmpty): return auth_response return responses.OK(orm_post) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get_all(self, request: 'th_Request'): validator = validation.Dict({ "user_id": validation.Integer(allow_none=True), "room_id": validation.Integer(allow_none=True), }, allow_none=True, allow_empty=True, allow_all_defined_keys_missing=True, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Filters room_id_filter = None if request.body is None else request.body.get("room_id") user_id_filter = None if request.body is None else request.body.get("user_id") # Authorization # TODO check whatever is going on here # Can user access all rooms users? auth_response = self._s_auth.authorize(Action.ROOMS_USERS_ACCESS, request.user) if isinstance(auth_response, responses.OKEmpty): # yes result = self._m_rooms_users.get_all(False, False, False, room_id_filter, user_id_filter) return responses.OK(result) else: # Only return visible # Filters by authorization user_id = None if isinstance(request.user, Registered): user_id = request.user.user_id auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_PUBLIC, request.user) exclude_public = not isinstance(auth_response, responses.OKEmpty) auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_PRIVATE, request.user) exclude_private = not isinstance(auth_response, responses.OKEmpty) auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_BANNED, request.user) exclude_banned = not isinstance(auth_response, responses.OKEmpty) result = self._m_rooms_users.get_all( exclude_banned, exclude_public, exclude_private, user_id, room_id_filter, user_id_filter ) return responses.OK(result) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "post_id": validation.Integer(), "content": validation.String(length_min=orm.Posts.CONTENT_LEN_MIN, length_max=orm.Posts.CONTENT_LEN_MAX) }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) post_id = request.body["post_id"] # Query for authorization try: orm_post = self._m_posts.get(post_id) except NoResultFound: return responses.NotFoundByID("post_id") # Authorization auth_response = self._s_auth.authorize(Action.POSTS_UPDATE, request.user, orm_post.user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # TODO # Also possible to revoke update access to the user on lost access to the room # What about banned room checks try: self._m_posts.update(post_id, request.body["content"]) return responses.OKEmpty() except NoResultFound: return responses.NotFoundByID("post_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def create(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "name": validation.String(length_min=orm.Users.NAME_LEN_MIN, length_max=orm.Users.NAME_LEN_MAX), "login": validation.String(length_min=orm.Users.LOGIN_LEN_MIN, length_max=orm.Users.LOGIN_LEN_MAX), "password": validation.String(length_min=orm.Users.PASSWORD_LEN_MIN, length_max=orm.Users.PASSWORD_LEN_MAX) }, allow_undefined_keys=not self._strict_requests) try: # Authorization auth_response = self._s_auth.authorize(Action.USERS_CREATE, request.user) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Hash password try: passhash = self._password_hasher.hash(request.body["password"]) except HashingError as he: return responses.InternalException( he, {"password": ["Could not be hashed"]}) # Query try: self._m_users.create(Roles.USER.id_, request.body["login"], request.body["name"], passhash) return responses.Created() except IntegrityError: return responses.ConflictID("login") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get(self, request: 'th_Request') -> responses.Response: validator = validation.Dict({ "room_id": validation.Integer(), "user_id": validation.Integer() }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) room_id = request.body["room_id"] user_id = request.body["user_id"] # Queries for authorization try: orm_room = self._m_rooms.get(room_id) except NoResultFound: return responses.NotFoundByID("room_id") orm_room_users = self._m_rooms_users.get_all_by_room(room_id) orm_room_ban = None try: orm_room_ban = self._m_rooms_bans.get(room_id) except NoResultFound: pass # Room isn't banned # Authorization if orm_room_ban is not None: # If room is banned auth_response = self._s_auth.authorize(Action.ROOMS_ACCESS_BANNED, request.user, orm_room.user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # room is not banned auth_response = self._s_auth.authorize( Action.ROOMS_ACCESS_PUBLIC if orm_room.is_public else Action.ROOMS_ACCESS_PRIVATE, request.user, # Room's creator + users added to the room [orm_room.user_id] + [orm_room_user.user_id for orm_room_user in orm_room_users] ) if not isinstance(auth_response, responses.OKEmpty): return auth_response try: return responses.OK(self._m_rooms_users.get(room_id, user_id)) except NoResultFound: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def get_all(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( {}, allow_none=True, allow_empty=True, allow_all_defined_keys_missing=True, allow_undefined_keys=not self._strict_requests) # No keys since there's nothing to filter by (login is 'secret') try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) auth_response = self._s_auth.authorize( [Action.USERS_ACCESS_NOTBANNED, Action.USERS_ACCESS_BANNED], request.user) if isinstance(auth_response, responses.OKEmpty): # Can access all result = self._m_users.get_all() return responses.OK(result) auth_response = self._s_auth.authorize( Action.USERS_ACCESS_NOTBANNED, request.user) if isinstance(auth_response, responses.OKEmpty): # Can only access unbanned result = self._m_users.get_all_unbanned() return responses.OK(result) auth_response = self._s_auth.authorize(Action.USERS_ACCESS_BANNED, request.user) if isinstance(auth_response, responses.OKEmpty): # Can only access banned result = self._m_users.get_all_banned() return responses.OK(result) return auth_response except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def from_flask(self, flask_request: 'th_flask_request', additional_json: dict = None) -> responses.Response: token = flask_request.headers.get("token") users_response = self._s_users.from_token_string(token) if not isinstance(users_response, responses.OK): return users_response user = users_response.object if flask_request.method == "GET": body = flask_request.args.to_dict() # Convert str to int, if int for key in body: try: body[key] = int(body[key]) except ValueError: pass else: data = flask_request.get_data() if len(data) < 1: body = None else: try: body = json.loads(data.decode("utf-8")) except json.JSONDecodeError: if self._strict_requests: return responses.Unprocessable({"json": "Corrupt"}) else: body = None if additional_json is not None: if body is None: body = {} for key in additional_json: body[key] = additional_json[key] result = request.Request(user, body) return responses.OK(result)
def delete(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "post_id": validation.Integer(), }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) post_id = request.body["post_id"] # Query for authorization try: orm_post = self._m_posts.get(post_id) except NoResultFound: return responses.NotFoundByID("post_id") # Authorization auth_response = self._s_auth.authorize(Action.POSTS_DELETE, request.user, orm_post.user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Also possible to revoke delete access to the user on lost access to the room # what about bans try: self._m_posts.delete(post_id) return responses.OKEmpty() except NoResultFound: return responses.NotFoundByID("post_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def login(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "login": validation.String(), "password": validation.String() }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) # Authorization auth_response = self._s_auth.authorize(Action.LOGIN, request.user) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Query # Find user by login try: user = self._m_users.get_by_login(request.body["login"]) except NoResultFound: return responses.NotFoundByID("login") # Check if user is banned try: self._m_users_bans.get(user.id) return responses.Forbidden() except NoResultFound: # Not banned, ok pass # Verify password try: self._password_hasher.verify(user.passhash, request.body["password"]) except VerifyMismatchError: return responses.Unauthorized( {"all": ["Invalid login or password"]}) except (VerificationError, InvalidHash) as argonerr: return responses.InternalException( argonerr, {"password": ["Hashing error"]}) # Check rehash if self._password_hasher.check_needs_rehash(user.passhash): try: passhash_new = self._password_hasher.hash( request.body["password"]) self._m_users.update(user.id, passhash=passhash_new) except (HashingError, SQLAlchemyError, NoResultFound, MultipleResultsFound) as err: # Not crucial logging.exception(err) # Generate and return token token = jwt.Token.generate(jwt.Claims(user.id), self._private_key, user.passhash) return responses.OK({"token": token.to_string()}) except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)
def update(self, request: 'th_Request') -> responses.Response: validator = validation.Dict( { "user_id": validation.Integer(), "role": validation.Integer(allow_none=True), "login": validation.String(allow_none=True, length_min=orm.Users.LOGIN_LEN_MIN, length_max=orm.Users.LOGIN_LEN_MAX), "name": validation.String(allow_none=True, length_min=orm.Users.NAME_LEN_MIN, length_max=orm.Users.NAME_LEN_MAX), "password": validation.String(allow_none=True, length_min=orm.Users.PASSWORD_LEN_MIN, length_max=orm.Users.PASSWORD_LEN_MAX) }, allow_undefined_keys=not self._strict_requests) try: # Validation try: validator.validate(request.body) except validation.Error as ve: return responses.Unprocessable(ve.errors) user_id = request.body["user_id"] # Authorization (certain attributes) if "name" in request.body: # Authorize name change auth_response = self._s_auth.authorize( Action.USERS_UPDATE_NAME, request.user, user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response if "role" in request.body: # Authorize role change auth_response = self._s_auth.authorize( Action.USERS_UPDATE_ROLE, request.user, None) if not isinstance(auth_response, responses.OKEmpty): return auth_response if "login" in request.body or "password" in request.body: # Authorize credential change auth_response = self._s_auth.authorize( Action.USERS_UPDATE_CRED, request.user, user_id) if not isinstance(auth_response, responses.OKEmpty): return auth_response # Hash password try: passhash = None if "password" not in request.body else self._password_hasher.hash( request.body["password"]) except HashingError as he: return responses.InternalException( he, {"password": ["Could not be hashed"]}) # Query try: self._m_users.update(user_id, request.body.get("role"), request.body.get("login"), request.body.get("name"), passhash) return responses.OKEmpty() except IntegrityError: return responses.ConflictID("login") except NoResultFound: return responses.NotFoundByID("user_id") except SQLAlchemyError as sqlae: return responses.DatabaseException(sqlae)