def get(self):
claims = get_jwt_claims()
if not claims['is_admin']:
return {'message': 'User not authorized to view'}
try:
data = request.args
role_id = data.get("role_id")
role_desc = data.get("role_desc")
role_name = data.get("role_name")
if role_id:
roles = UserRoleModel.find_by_role_id(role_id)
elif role_name:
roles = UserRoleModel.find_by_role_name(role_name)
elif role_desc:
roles = UserRoleModel.find_by_role_desc(role_desc)
else:
roles = UserRoleModel.find_all()
except:
roles = UserRoleModel.find_all()
finally:
if len(roles) > 0:
resp = []
for role in roles:
resp.append(role.json())
return resp, 200
return {'message': 'Role not found'}, 404
def json(self):
return {"email": self.email, # "status": self.status, \
"first_name": self.first_name, "last_name": self.last_name, \
"gender": self.gender, "mobile": self.mobile, \
"organization_id": self.organization_id, "organization_name":
OrganizationModel.find_by_organization_id(
self.organization_id).organization_name if OrganizationModel.find_by_organization_id(
self.organization_id) else None,
"user_role_id": self.user_role_id, "user_role_name":
UserRoleModel.find_by_role_id(self.user_role_id).role_name if UserRoleModel.find_by_role_id(self.user_role_id) else None, \
"image": self.image, "type": self.type, \
"authtoken": self.authtoken, "teacher_code": self.teacher_code, \
"bloodgroup": self.bloodgroup}
def fetch_user_role_org(user: UserModel):
try:
user_role = UserRoleModel.find_by_role_id(user.user_role_id).role_name
user_organization = \
OrganizationModel.find_by_organization_id(user.organization_id).organization_name
except:
user_role = None
user_organization = None
finally:
return {'user_role': user_role, 'user_organization': user_organization}
def post(self):
'''Log in user'''
try:
# Get User-agent and ip address
my_ip = request.environ.get('HTTP_X_FORWARDED_FOR')
if my_ip is None:
ip = request.environ['REMOTE_ADDR']
else:
ip = request.environ['HTTP_X_FORWARDED_FOR']
if ip is None or str(ip) == '127.0.0.1'or str(ip) == '172.17.0.1':
return{'message': 'This request has been rejected. Please use a recognised device'}, 403
# Compute operating system and location
device_operating_system = generate_device_data()
if 'error' in device_operating_system.keys():
return {'message': device_operating_system['error']}, 403
device_os = device_operating_system['device_os']
data = api.payload
if not data:
return {'message': 'No input data detected'}, 400
email = data['email']
this_user = UserModel.fetch_by_email(email)
if this_user:
if check_password_hash(this_user.password, data['password']):
# current_user = user_schema.dump(this_user) # This line would be used if we were outputing the user
user_id = this_user.id
# fetch User role
user_role = UserRoleModel.fetch_by_user_id(user_id)
# UserPrivilege.get_privileges(user_id = user_id, role= user_role.role)
# privileges = UserPrivilege.privileges
privileges = user_role.role.role
# Create access token
expiry_time = timedelta(minutes=30)
my_identity = {'id':this_user.id, 'privileges':privileges}
access_token = create_access_token(identity=my_identity, expires_delta=expiry_time, fresh=True)
refresh_token = create_refresh_token(my_identity)
# Save session info to db
new_session_record = SessionModel(user_ip_address=ip, device_operating_system=device_os, user_id=user_id)
new_session_record.insert_record()
return { 'access_token': access_token, "refresh_token": refresh_token}, 200
if not this_user or not check_password_hash(this_user.password, data['password']):
return {'message': 'Could not log in, please check your credentials'}, 400
except Exception as e:
print('========================================')
print('error description: ', e)
print('========================================')
return {'message': 'Could not log in user.'}, 500
def delete(self):
claims = get_jwt_claims()
if not claims['is_super_admin']:
return {'message': 'Super Admin privilege required.'}, 412
data = _user_role_parser.parse_args()
try:
role_name = data["role_name"]
except Exception as e:
return {"message": f"Role name missing."}
user_role = UserRoleModel.find_by_role_name(role_name)[0]
if user_role:
user_role.delete_from_db()
return {'message': 'Role name deleted.'}, 200
return {'message': 'Role name not found.'}, 404
def set_attribute(self, payload):
cols = [
'status', 'first_name', 'last_name', 'gender', 'password',
'mobile', 'designation', 'image', 'type', 'authtoken',
'teacher_code', 'bloodgroup', 'user_role_id', 'organization_id'
]
for col in cols:
if col in payload.keys():
setattr(self, col, payload[col])
if payload.get('user_role_name'):
user_role = UserRoleModel.find_by_role_name(
payload['user_role_name'])
self.user_role_id = user_role.id
if payload.get('organization_name'):
organization = OrganizationModel.find_by_organization_name(
payload['organization_name'])
self.organization_id = organization.id
if 'password' in payload.keys():
self.password = md5(str(
payload['password']).encode('UTF-8')).hexdigest()
def put(self):
claims = get_jwt_claims()
if not claims['is_super_admin']:
return {'message': 'Super Admin privilege required.'}, 412
data = _user_role_parser.parse_args()
for key in data.keys():
if str(data[key]).lower() in ('none', 'null', ''):
data[key] = None
try:
role_name = data["role_name"]
except Exception as e:
return {"message": f"Role name required. {repr(e)}"}
user_role = UserRoleModel.find_by_role_name(role_name)[0]
if user_role:
user_role.set_attribute(data)
else:
user_role = UserRoleModel(**data)
user_role.save_to_db()
return user_role.json(), 201
def post(self):
claims = get_jwt_claims()
if not claims['is_super_admin']:
return {'message': 'Super Admin privilege required.'}, 412
data = _user_role_parser.parse_args()
try:
role_name = data["role_name"]
except Exception as e:
return {'message': f"Role name missing. {repr(e)}"}
if UserRoleModel.find_by_role_name(role_name):
return {'message': f"Role name already exists."}, 400
user_role = UserRoleModel(**data)
try:
user_role.save_to_db()
except Exception as e:
return {
"message":
f"An error occurred inserting the role. Error: {repr(e)}"
}, 500
return user_role.json(), 201
def post(self):
'''Register User'''
try:
# Get User-agent and ip address
my_ip = request.environ.get('HTTP_X_FORWARDED_FOR')
if my_ip is None:
ip = request.environ['REMOTE_ADDR']
else:
ip = request.environ['HTTP_X_FORWARDED_FOR']
if ip is None or str(ip) == '127.0.0.1' or str(ip) == '172.17.0.1':
return {
'message':
'This request has been rejected. Please use a recognised device'
}, 403
# Compute operating system
device_operating_system = generate_device_data()
if 'error' in device_operating_system.keys():
return {'message': device_operating_system['error']}, 403
device_os = device_operating_system['device_os']
data = api.payload
if not data:
return {'message': 'No input data detected'}, 400
email = data['email'].lower()
user = UserModel.fetch_by_email(email)
if user:
return {
'message':
'Falied... A user with this email already exists'
}, 400
phone = data['phone']
user = UserModel.fetch_by_phone(phone)
if user:
return {
'message':
'Falied... A user with this phone number already exists'
}, 400
full_name = data['full_name'].lower()
hashed_password = generate_password_hash(data['password'],
method='sha256')
# Save user to db
new_user = UserModel(full_name=full_name,
phone=phone,
email=email,
password=hashed_password)
new_user.insert_record()
# user = user_schema.dump(data) # This line would be used if we were outputing the user
this_user = UserModel.fetch_by_email(email)
UserPrivilege.generate_user_role(user_id=this_user.id)
user_id = UserPrivilege.user_id
role = UserPrivilege.role
# Ensure all roles are saved to the db before registering the role to user
db_roles = UserRoleModel.fetch_all()
all_privileges = UserPrivilege.all_privileges
if len(db_roles) == 0:
for key, value in all_privileges.items():
new_role = RoleModel(role=value)
new_role.insert_record()
# Link role to user
new_user_role = UserRoleModel(user_id=user_id, role_id=role)
new_user_role.insert_record()
# Create access token
privileges = UserPrivilege.privileges
# privileges = user_role.role.role
expiry_time = timedelta(minutes=30) # hours=1
my_identity = {'id': this_user.id, 'privileges': privileges}
access_token = create_access_token(identity=my_identity,
expires_delta=expiry_time,
fresh=True)
refresh_token = create_refresh_token(my_identity)
# Save session info to db
new_session_record = SessionModel(
user_ip_address=ip,
device_operating_system=device_os,
user_id=user_id)
new_session_record.insert_record()
return {
'access token': access_token,
"refresh_token": refresh_token
}, 201
except Exception as e:
print('========================================')
print('error description: ', e)
print('========================================')
return {'message': 'Could not register user.'}, 500
def put(self, reset_token: str):
'''Reset User Password'''
# Get User-agent and ip address
try:
my_ip = request.environ.get('HTTP_X_FORWARDED_FOR')
if my_ip is None:
ip = request.environ['REMOTE_ADDR']
else:
ip = request.environ['HTTP_X_FORWARDED_FOR']
if ip is None or str(ip) == '127.0.0.1' or str(ip) == '172.17.0.1':
return {
'message':
'This request has been rejected. Please use a recognised device'
}, 403
# Compute operating system
device_operating_system = generate_device_data()
if 'error' in device_operating_system.keys():
return {'message': device_operating_system['error']}, 403
device_os = device_operating_system['device_os']
received_reset_token = reset_token
TokenGenerator.decode_token(received_reset_token)
token = TokenGenerator.token
# Check for an existing reset_token with is_expired status as False
reset_code_record = PasswordResetModel.fetch_by_reset_code(
reset_code=token)
if not reset_code_record:
return {'message': 'This reset token does not exist'}, 404
if reset_code_record.is_expired == True:
user_id = reset_code_record.user_id
is_expired = True
user_records = PasswordResetModel.fetch_by_user_id(user_id)
record_ids = []
for record in user_records:
record_ids.append(record.id)
for record_id in record_ids:
PasswordResetModel.expire_token(id=record_id,
is_expired=is_expired)
return {
'message':
'Password reset token has already been used. Please request a new password reset.'
}, 403
user_id = reset_code_record.user_id
is_expired = True
user_records = PasswordResetModel.fetch_by_user_id(user_id)
record_ids = []
for record in user_records:
record_ids.append(record.id)
for record_id in record_ids:
PasswordResetModel.expire_token(id=record_id,
is_expired=is_expired)
data = api.payload
if not data:
return {'message': 'No input data detected'}, 400
password = data['password']
hashed_password = generate_password_hash(data['password'],
method='sha256')
UserModel.update_password(id=user_id, password=hashed_password)
this_user = UserModel.fetch_by_id(id=user_id)
# user = user_schema.dump(this_user) # This line would be used if we were outputing the user
user_id = this_user.id
# fetch User role
user_role = UserRoleModel.fetch_by_user_id(user_id)
privileges = user_role.role.role
# Create access token
expiry_time = timedelta(minutes=30)
my_identity = {'id': this_user.id, 'privileges': privileges}
access_token = create_access_token(identity=my_identity,
expires_delta=expiry_time,
fresh=True)
refresh_token = create_refresh_token(my_identity)
# Save session info to db
new_session_record = SessionModel(
user_ip_address=ip,
device_operating_system=device_os,
user_id=user_id)
new_session_record.insert_record()
# Record this event in user's logs
log_method = 'put'
log_description = 'Password reset'
auth_token = {"Authorization": "Bearer %s" % access_token}
record_user_log(auth_token, log_method, log_description)
return {
'access_token': access_token,
"refresh_token": refresh_token
}, 200
except Exception as e:
print('========================================')
print('error description: ', e)
print('========================================')
return {'message': 'Could not reset password.'}, 500
def find_by_any(cls, **kwargs):
cols = [
'id', 'email', 'status', 'first_name', 'last_name', 'gender',
'mobile', 'designation', 'type', 'teacher_code', 'bloodgroup',
'organization_id', 'user_role_id', 'organization_name',
'user_role_name'
]
filter_str = 'cls.query'
if 'id' in kwargs.keys():
filter_str = filter_str + '.filter_by(_id="' + str(
kwargs['id']) + '")'
if 'email' in kwargs.keys():
filter_str = filter_str + '.filter_by(email="' + str(
kwargs['email']) + '")'
if 'status' in kwargs.keys():
filter_str = filter_str + '.filter_by(status="' + str(
kwargs['status']) + '")'
if 'first_name' in kwargs.keys():
filter_str = filter_str + '.filter_by(first_name="' + str(
kwargs['first_name']) + '")'
if 'last_name' in kwargs.keys():
filter_str = filter_str + '.filter_by(last_name="' + str(
kwargs['last_name']) + '")'
if 'gender' in kwargs.keys():
filter_str = filter_str + '.filter_by(gender="' + str(
kwargs['gender']) + '")'
if 'mobile' in kwargs.keys():
filter_str = filter_str + '.filter_by(mobile="' + str(
kwargs['mobile']) + '")'
if 'designation' in kwargs.keys():
filter_str = filter_str + '.filter_by(designation="' + str(
kwargs['designation']) + '")'
if 'type' in kwargs.keys():
filter_str = filter_str + '.filter_by(type="' + str(
kwargs['type']) + '")'
if 'teacher_code' in kwargs.keys():
filter_str = filter_str + '.filter_by(teacher_code="' + str(
kwargs['teacher_code']) + '")'
if 'bloodgroup' in kwargs.keys():
filter_str = filter_str + '.filter_by(bloodgroup="' + str(
kwargs['bloodgroup']) + '")'
if 'organization_id' in kwargs.keys():
filter_str = filter_str + '.filter_by(organization_id="' + str(
kwargs['organization_id']) + '")'
if 'user_role_id' in kwargs.keys():
filter_str = filter_str + '.filter_by(user_role_id="' + str(
kwargs['user_role_id']) + '")'
if 'user_role_name' in kwargs.keys():
user_role = UserRoleModel.find_by_role_name(
kwargs['user_role_name'])
if user_role:
user_role_id = user_role[0].id
filter_str = filter_str + '.filter_by(user_role_id="' + str(
user_role_id) + '")'
if 'organization_name' in kwargs.keys():
organization = OrganizationModel.find_by_organization_name(
kwargs['organization_name'])
if organization:
organization_id = organization[0].id
filter_str = filter_str + '.filter_by(organization_id="'\
+ str(organization_id) + '")'
filter_str = filter_str + '.all()'
return eval(filter_str)