Ejemplo n.º 1
0
    def get(current_user, self, name=None):
        if name is None and not current_user.is_admin:
            abort(
                401,
                message="Missing rights. Try /user/<username> for user info.")

        kwarg = {} if name is None else {'name': name}
        user_data = Users.objects(**kwarg)
        user_data = [user.to_json() for user in user_data]

        if name is None:
            return {'users': user_data}, 200
        else:
            if len(user_data) < 1:
                abort(404, message="User '{}' doesn't exist".format(name))
            return {'user': user_data[0]}, 200
Ejemplo n.º 2
0
    def delete(current_user, self, name=None):
        if name is None:
            abort(
                405,
                message="Can't DELETE at this endpoint. Try /user/<username>")
        if current_user.name != name and not current_user.is_admin:
            abort(401, message="Missing rights.")

        existing_user = Users.objects(name=name).first()

        if existing_user is None:
            abort(404, message="User '{}' doesn't exist".format(name))

        existing_user.delete()

        return {}, 204
Ejemplo n.º 3
0
    def get(self):
        auth = request.authorization
        user = Users.objects(name=auth.username).first()

        if not auth or not auth.username or not auth.password or user is None or not verify_password(user.password, auth.password):
            return {'message': 'Could not verify'}, 401, {'WWW-Authenticate': 'Basic realm="Login required"'}

        if not user.active:
            abort(401, message='Your account has been banned. Please contact the moderators if you feel that was a mistake.')

        token = encode({
            'exp': datetime.utcnow() + timedelta(minutes=60),
            'iat': datetime.utcnow(),
            'sub': str(user.id)
        }, app_secret_key)

        return {'token': token.decode('UTF-8')}, 200
Ejemplo n.º 4
0
    def decorated(*args, **kwargs):
        try:
            token = request.headers['authorization'][7:]
            payload = decode(token, app_secret_key)

            assert payload['exp'] > timegm(datetime.utcnow().utctimetuple())
            assert payload['iat'] > timegm(
                (datetime.utcnow() - token_expiration_time).utctimetuple())

            current_user = Users.objects(id=payload['sub']).first()

            assert current_user is not None
            assert current_user.active is True

            assert payload['iat'] >= current_user.last_logout_time
        except Exception as e:
            abort(401, message='Token is missing, invalid or expired')

        return f(current_user, *args, **kwargs)
Ejemplo n.º 5
0
    def get(self, name, post_id=None):
        if post_id is not None and (not isinstance(post_id, str)
                                    or len(post_id) != 24):
            abort(404, message="{} is not a valid post id".format(post_id))

        user_data = Users.objects(name=name).first()
        if user_data is None:
            abort(404, message="User '{}' doesn't exist".format(name))

        if post_id is None:
            post_data = [post.to_json() for post in user_data.posts]
            return {"user's '{}' posts".format(name): post_data}, 200
        else:
            post_data = [
                post.to_json() for post in user_data.posts
                if str(post.id) == post_id
            ]
            if len(post_data) < 1:
                abort(
                    404,
                    message="Post with id '{}' doesn't exist".format(post_id))
            return {"user's '{}' post".format(name): post_data[0]}, 200
Ejemplo n.º 6
0
    def put(current_user, self, name=None):
        if name is None:
            abort(405,
                  message="Can't PUT to this endpoint. Try /user/<username>")
        if current_user.name != name and not current_user.is_admin:
            abort(401, message="Missing rights.")

        existing_user = Users.objects(name=name).first()
        if existing_user is None:
            abort(404, message="User '{}' doesn't exist".format(name))

        received_json = request.get_json()
        errors = validate_values_in_dictionary(
            received_json,
            Users,
            sensitive_keys={'name'},
            unique_keys={'name', 'email'},
            admin=current_user.is_admin,
            admin_keys={'active', 'is_admin', 'name'})
        if errors:
            abort(400, errors=errors)

        if received_json.get('active') is not None:
            existing_user.active = bool(received_json.get('active'))
        if received_json.get('is_admin') is not None:
            existing_user.is_admin = bool(received_json.get('is_admin'))
        if received_json.get('name') is not None:
            existing_user.name = received_json.get('name')

        if received_json.get('email') is not None:
            existing_user.email = received_json.get('email')
        if received_json.get('password') is not None:
            existing_user.password = hash_string_with_salt(
                received_json.get('password'))

        existing_user.save()

        return {}, 204