async def patch_student(auth_obj):
"""PATCH STUDENT (Student editing their own account)"""
form = await request.form
student_manager = current_app.config['student_manager']
to_update = auth_obj.make_copy()
# Student is updating theirselves
if form.get('username'):
to_update.username = form.get('username')
if form.get('forename'):
to_update.forename = form.get('forename')
if form.get('surname'):
to_update.surname = form.get('surname')
new_password = ''
if form.get('password'):
new_password = form.get('password')
if not is_password_sufficient(new_password):
return '', HTTPCode.BADREQUEST
try:
await student_manager.update(auth_obj, to_update, new_password = new_password)
except UsernameTaken:
return '', HTTPCode.BADREQUEST
return '', HTTPCode.OK
async def create_teacher():
"""Creates a new teacher."""
data = await request.form
teachers = current_app.config['teacher_manager']
try:
if not is_password_sufficient(data['password']):
return '', HTTPCode.BADREQUEST
forename = data.get("forename")
surname = data.get("surname")
username = data.get("username")
title = data.get("title")
password = data.get("password")
if not (forename and surname and title and password):
return '', HTTPCode.BADREQUEST
await teachers.create(forename, surname, username if username else "",
title, password)
all_teachers = await teachers.get()
teacher = max(all_teachers,
key=lambda x: x.id) # Returns the newest teacher
return stringify([teacher]), HTTPCode.CREATED, {
"Location": bp.url_prefix + "/" + str(teacher.id)
}
except UsernameTaken:
return '', HTTPCode.BADREQUEST # Username taken
async def patch_own_teacher(auth_obj):
form = await request.form
teacher = auth_obj.make_copy()
teachers = current_app.config['teacher_manager']
# GET DATA FROM FORM AND UPDATE TEACHER IF GIVEN
username = form.get('username') or None
forename = form.get('forename') or None
surname = form.get('surname') or None
title = form.get('title') or None
if username:
teacher.username = username
if forename:
teacher.forename = forename
if surname:
teacher.surname = surname
if title:
teacher.title = title
# UPDATE DB
if form.get('password'): # If password needs changing
new_password = form.get('password')
if not is_password_sufficient(new_password):
return '', HTTPCode.BADREQUEST
try:
await teachers.update(auth_obj, teacher, new_password=new_password)
except UsernameTaken:
return '', HTTPCode.BADREQUEST
else:
try:
await teachers.update(auth_obj, teacher)
except UsernameTaken:
return '', HTTPCode.BADREQUEST
return '', HTTPCode.OK
async def patch_teacher(id):
"""PATCH teacher"""
if not id.isdigit():
return '', HTTPCode.BADREQUEST
form = await request.form
teachers = current_app.config['teacher_manager']
teacher = await teachers.get(id=int(id))
if not teacher:
return '', HTTPCode.NOTFOUND
original = teacher.make_copy() # Make a new copy that we can edit
# GET DATA FROM FORM AND UPDATE TEACHER IF GIVEN
username = form.get('username') or None
forename = form.get('forename') or None
surname = form.get('surname') or None
title = form.get('title') or None
if username:
teacher.username = username
if forename:
teacher.forename = forename
if surname:
teacher.surname = surname
if title:
teacher.title = title
# UPDATE DB
if form.get('password'): # If password needs changing
new_password = form.get('password')
if not is_password_sufficient(new_password):
return '', HTTPCode.BADREQUEST
try:
await teachers.update(original,
teacher,
new_password=form.get('password'))
except UsernameTaken:
return '', HTTPCode.BADREQUEST
else:
try:
await teachers.update(original, teacher)
except UsernameTaken:
return '', HTTPCode.BADREQUEST
return '', HTTPCode.OK
async def password_reset():
"""Route that can only be used if your password has been changed."""
form = await request.form
username = form.get("username")
current_app.config['student_manager'].cache.remove(username)
student = await current_app.config['db_handler'].fetchrow("SELECT password, salt FROM student WHERE username = $1", username)
if not student:
return '', HTTPCode.NOTFOUND
if not student[0] and not student[1]:
# Password *has* been reset
new_password = form.get("password")
if not is_password_sufficient(new_password):
return '', HTTPCode.BADREQUEST
salt, hashed = await hash_func(new_password)
await current_app.config['db_handler'].execute("UPDATE student SET password = $1, salt = $2 WHERE username = $3", hashed, salt, username)
return '', HTTPCode.OK
else:
return '', HTTPCode.UNAUTHORIZED
async def new_student():
data = await request.form
students = current_app.config['student_manager']
password = data.get('password') or None # If the password isn't given, make a new password
alps = data.get('alps')
if (alps.isdigit() and 0 <= int(alps) <= 90):
alps = int(alps)
else:
return '', HTTPCode.BADREQUEST
if password and not is_password_sufficient(password):
return '', HTTPCode.BADREQUEST
forename = data.get("forename")
surname = data.get("surname")
username = data.get("username")
if not (forename and surname and username):
return '', HTTPCode.BADREQUEST
try:
await students.create(forename, surname, username, alps, password = password)
student = await students.get(username = username)
return stringify([student]), HTTPCode.CREATED, {"Location":bp.url_prefix + "/" + str(student.id)}
except UsernameTaken:
return '', HTTPCode.BADREQUEST # Username taken