def get(self):
users = User.query.filter_by(admin=False).all()
users_schema = UserSchema(many=True)
response_obj = {
"success": True,
"data": {
"users": users_schema.dump(users)
}
}
return response_obj
def get(self):
user_identifier = get_jwt_identity()
user = User.query.filter_by(id=user_identifier).first()
user_schema = UserSchema(
exclude=["cart", "password", "active", "product_rating", "cards", "addresses", "admin", "failed_login_attempts_count"])
response_user = user_schema.dump(user)
index_at_sign = response_user["email"].find("@")
response_user["email"] = response_user["email"][:2] + "*"*(index_at_sign-2) + response_user["email"][index_at_sign:]
response_obj = {
"success": True,
"data": response_user
}
return response_obj
def get(self, model: str):
user_id = get_jwt_identity()
user = User.query.filter_by(id=user_id).first()
args_query = request.args
if len(args_query) == 0:
return abort(400)
if model.lower() == "product":
schema = ProductSchema(many=True)
query = f"%{args_query['name']}%"
results = pagination.paginate(Product.query.filter(Product.name.like(query)), schema)
elif model.lower() == "user":
if user.id is None:
return abort(401)
elif not user.admin:
return abort(403)
schema = UserSchema(many=True, only=("email", "username", "email_verified", "active"))
query = f"%{args_query['username']}%"
results = pagination.paginate(User.query.filter(User.username.like(query)), schema)
else:
return abort(404)
response_obj = {
"success": True,
"data": {
"results": results
}
}
return response_obj
def put(self):
post_data = request.get_json(force=True)
user_identifier = get_jwt_identity()
user = User.query.filter_by(id=user_identifier).first()
for key in post_data:
if key.lower() != "password":
setattr(user, key.lower(), post_data.get(key.lower()))
else:
password = post_data.get("password")
sha_1 = hashlib.sha1()
email = post_data.get("email")
sha_1.update(password.encode())
user.password = sha_1.hexdigest()
db.session.commit()
user_schema = UserSchema()
response_obj = {"success": True, "data": user_schema.dump(user)}
return response_obj
def post(self):
post_data = request.get_json()
schema = UserSchema()
try:
data = schema.load(post_data)
except ValidationError as err:
return {"errors": err.messages}, 422
email = data["email"]
username = data["username"]
email_exist = User.query.filter_by(email=email).first()
user_exist = User.query.filter_by(username=username).first()
if not user_exist and not email_exist:
user = User(email=email,
password=data["password"],
username=username)
db.session.add(user)
db.session.commit()
cart = UserCart(user_id=user.id)
db.session.add(cart)
db.session.commit()
token = url_serializer.dumps(
email, salt="192168876303253213878675934144992262075")
msg = Message("Cybernetic Email Confirmation",
sender="*****@*****.**",
recipients=[email])
link = url_for('auth_register_confirm_email',
token=token,
_external=True)
# link = f"http://{app.config['DOMAIN']}/auth/register/confirm-email/{token}"
msg.body = 'Your link is {} \n The link will expire in 5 Minutes'.format(
link)
mail.send(msg)
response_obj = {
"success": True,
"message": "Successfully registered, confirmation email sent.",
}
return make_response(jsonify(response_obj), 201)
else:
response_obj = {
"success": False,
"message": "User already exists. Please Log in.",
}
return make_response(jsonify(response_obj), 202)
def put(self):
user_schema = UserSchema()
post_data = request.get_json(force=True)
user_identifier = get_jwt_identity()
user = User.query.filter_by(id=user_identifier).first()
try:
data = user_schema.load(post_data, instance=user, partial=True)
except ValidationError as err:
return {"errors": err.messages}, 422
for key in post_data:
if key.lower() == "password":
password = post_data.get("password")
user.password = bcrypt.generate_password_hash(password).decode("utf-8")
revoke_tokens(user_identifier)
else:
setattr(user, key.lower(), post_data.get(key.lower()))
if "email" in post_data:
user.email_verified = False
db.session.commit()
email = post_data.get("email")
token = url_serializer.dumps(email, salt="192168876303253213878675934144992262075")
msg = Message("Cybernetic Email Confirmation", sender="*****@*****.**",
recipients=[email])
link = url_for('auth_register_confirm_email', token=token, _external=True)
msg.body = 'Your link is {} \n The link will expire in 5 Minutes'.format(link)
mail.send(msg)
response_obj = {
"success": True,
"message": "Please verify your email, the email confirmation link has sent to your email."
}
return response_obj
else:
db.session.commit()
response_obj = {
"success": True
}
return response_obj
def post(self):
post_data = request.get_json(force=True)
schema = UserSchema(exclude=("username", "password"))
try:
post_data = schema.load(post_data)
except ValidationError as err:
return {"errors": err.messages}, 422
email = post_data.get("email")
user = User.query.filter_by(email=email).first()
if user:
token = url_serializer.dumps(
email, salt="192168876303253213878675934144992262075")
msg = Message("Cybernetic Forget Password",
sender="*****@*****.**",
recipients=[email])
link = url_for('auth_forget_password_request_new',
token=token,
_external=True)
# link = f"http://{app.config['DOMAIN']}/auth/register/confirm-email/{token}"
msg.body = 'Your link is {} \n The link will expire in 5 Minutes'.format(
link)
mail.send(msg)
response_obj = {
"success":
True,
"message":
"A reset password link has been sent to your email, "
"please check your inbox",
}
return response_obj
else:
response_obj = {
"success": False,
"message": "No user found with the email address provided",
}
return make_response(jsonify(response_obj), 404)
def get(self):
user_identifier = get_jwt_identity()
user = User.query.filter_by(id=user_identifier).first()
if user.admin:
users_schema = UserSchema(many=True, only=("email", "username", "email_verified", "active"))
users = pagination.paginate(User.query.filter_by(admin=False), users_schema)
response_obj = {
"success": True,
"data": {
"users": users
}
}
return response_obj
else:
response_obj = {
"success": False,
"message": "Unauthorised Access"
}
return make_response(jsonify(response_obj), 403)
def get(self, model: str):
user = get_jwt_identity()
schema = None
if model.lower() == "product":
schema = ProductSchema(many=True)
elif model.lower() == "user":
if user is None:
return abort(401)
schema = UserSchema(many=True)
query = f"SELECT * FROM {model} WHERE "
args_query = request.args
if len(args_query) == 0:
return abort(400)
else:
for key in args_query:
query += f"{key} LIKE '%{args_query[key]}%' "
results = db.session.execute(query).fetchall()
response_obj = {
"success": True,
"data": {
"results": schema.dump(results)
}
}
return response_obj
def post(self):
post_data = request.get_json()
schema = UserSchema(only=("email", "password"))
try:
post_data = schema.load(post_data)
except ValidationError as err:
return {"errors": err.messages}, 422
email = post_data.get("email")
password = post_data.get("password")
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password,
password) and user.active:
if user.email_verified and not user.enabled_2fa:
auth_token = create_access_token(
identity=user.id,
expires_delta=datetime.timedelta(days=1, seconds=0))
add_token_to_database(auth_token,
app.config['JWT_IDENTITY_CLAIM'])
if auth_token:
response_obj = {
"success": True,
"message": "Successfully logged in.",
"auth_token": auth_token
}
return response_obj
elif not user.email_verified:
token = url_serializer.dumps(
email, salt="192168876303253213878675934144992262075")
msg = Message("Cybernetic Email Confirmation",
sender="*****@*****.**",
recipients=[email])
link = url_for('auth_register_confirm_email',
token=token,
_external=True)
msg.body = 'Your link is {} \n The link will expire in 5 Minutes'.format(
link)
mail.send(msg)
response_obj = {
"success":
False,
"message":
"Your email address hasn't been verified, A new link has been sent to your email, "
"please check your inbox",
}
return response_obj, 403
elif user.enabled_2fa:
msg = Message("Cybernetic 2FA PIN",
sender="*****@*****.**",
recipients=[email])
two_factor = User2FA(user.id)
db.session.add(two_factor)
db.session.commit()
msg.body = f'Your 2FA PIN is {two_factor.pin} \n The PIN will expire in 5 minute'
mail.send(msg)
response_obj = {
"success": True,
"message":
"2FA required, A 6 digit PIN has been sent to your registered email address",
"2fa_required": True
}
return response_obj
else:
response_obj = {
"success": False,
"message": "Incorrect username or password",
}
return response_obj, 401
def get(self):
user_identifier = get_jwt_identity()
user = User.query.filter_by(id=user_identifier).first()
user_schema = UserSchema()
response_obj = {"success": True, "data": user_schema.dump(user)}
return response_obj