def login(request): data = JSONParser().parse(request) serializer = account_serializer.LoginRequestSerializer(data=data) if not serializer.is_valid(): return Response("Invalid input") crypto = Crypto() username = serializer.validated_data.get("username") password = serializer.validated_data.get("password") user = User.objects.filter(username=username).first() if user is None: user_serializer = account_serializer.LoginResponseSerializer( User(role=-1), context = { 'is_successful': False, 'message': "Kullanıcı adı ya da şifre yanlış" } ) return Response(user_serializer.data) computed_hash = crypto.getHashedPassword(password, user.password_salt) if computed_hash == user.password_hash: user_serializer = account_serializer.LoginResponseSerializer( user, context = { 'is_successful': True, 'message': "Giriş başarılı" } ) return Response(user_serializer.data) else : user_serializer = account_serializer.LoginResponseSerializer( User(role=-1), context = { 'is_successful': False, 'message': "Kullanıcı adı ya da şifre yanlış" } ) return Response(user_serializer.data)
def vendor_register(request): validation_result = validate_register_request(request) serializer = address_serializer.AddressRequestSerializer(data=request.data["address"]) if validation_result[0] is False: context = { 'successful': False, 'message': validation_result[1] } return Response(context) if not serializer.is_valid(): context = { 'successful': False, 'message': "Invalid Address" } return Response(context) crypto = Crypto() username = request.data["username"] salt = crypto.getSalt() password_hash = crypto.getHashedPassword(request.data["password"], salt) existing_user = User.objects.filter(username=username).first() if existing_user is not None: context = { 'successful': False, 'message': 'Username is already in use' } return Response(context) user = User(username=request.data["username"], email=request.data["email"], password_salt=salt, password_hash=password_hash, role = Role.VENDOR.value) user.save() title = serializer.validated_data.get("title") name = serializer.validated_data.get("name") surname = serializer.validated_data.get("surname") address = serializer.validated_data.get("address") province = serializer.validated_data.get("province") city = serializer.validated_data.get("city") country = serializer.validated_data.get("country") phone = serializer.validated_data.get("phone") phone_country_code = phone.get("country_code") phone_number = phone.get("number") zip_code = serializer.validated_data.get("zip_code") vendor = Vendor(first_name=request.data["firstname"], last_name=request.data["lastname"], user=user) address = Address(user=user, title=title, address=address, province=province, city=city, name=name, surname=surname, country=country, phone_country_code=phone_country_code, phone_number=phone_number, zip_code=zip_code) vendor.save() address.save() context = { 'successful': True, 'message': 'Signup succeeded' } return Response(context)
def get_user(id): ds = get_client() query = ds.query(kind='User') query.add_filter('user_id', '=', id) results = query.fetch() for i in results: if from_datastore(i)['user_id'] == id: return User(id=from_datastore(i)['user_id'], name=from_datastore(i)['name'], email=from_datastore(i)['email'], profile_pic=from_datastore(i)['picture']) return False
def register(request): validation_result = validate_register_request(request) if validation_result[0] is False: context = { 'successful': False, 'message': validation_result[1] } return Response(context) crypto = Crypto() username = request.data["username"] salt = crypto.getSalt() password_hash = crypto.getHashedPassword(request.data["password"], salt) existing_user = User.objects.filter(username=username).first() if existing_user is not None: context = { 'successful': False, 'message': 'Username is already in use' } return Response(context) user = User(username=request.data["username"], email=request.data["email"], password_salt=salt, password_hash=password_hash, role = Role.CUSTOMER.value) user.save() customer = Customer(first_name=request.data["firstname"], last_name=request.data["lastname"], user=user) customer.save() context = { 'successful': True, 'message': 'Signup succeeded' } to_email = request.data["email"] current_site = request.META.get('HTTP_REFERER') verify_message = verify_email.email_send_verify(to_email=to_email, current_site=current_site, user=user) context = { 'successful': True, 'message': 'Signup succeeded, ' + verify_message } return Response(context)
def login(): data = request.get_json() email = data['email'] password = data['password'] user = User.authenticate(email, password) if user: access_token = create_access_token( user.id, fresh=True, expires_delta=timedelta(seconds=900)) refresh_token = create_refresh_token(user.id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) jwt_revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) jwt_revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) return jsonify(error=False, access_token=access_token, refresh_token=refresh_token), 201 else: return jsonify(error=True, message="Invalid Details."), 401
def authenticate(self, request): auth_header = request.headers.get('Authorization') if not auth_header: user = User(role=0) return (user, None) try: access_token = auth_header.split(' ')[1] payload = jwt.decode( access_token, settings.SECRET_KEY, algorithms=['HS256']) except jwt.InvalidSignatureError: raise exceptions.AuthenticationFailed('invalid signature') except jwt.ExpiredSignatureError: raise exceptions.AuthenticationFailed('token expired') except IndexError: raise exceptions.AuthenticationFailed("invalid format") user = User.objects.filter(pk=payload['id']).first() if user is None: raise exceptions.AuthenticationFailed('user not found') return(user, None)
def build_user(userdata, access_token): '''building User model''' user = None firstName = '' lastName = '' try: email = userdata['email'] if userdata['given_name'] is not None: firstName = userdata['given_name'] if userdata['family_name'] is not None: lastName = userdata['family_name'] if userdata['email'] is not None: user = User(first_name=firstName, last_name=lastName, email=email, access_token=access_token, token_last_update=datetime.utcnow()) except Exception as e: ''' todo: write exception to logger''' user = None return user
def setUp(self): """ SetUp method .This method is run before each test.It is where all variables for tests are declared and values set. It is important for setting the state ypour testing for in the application. """ #Declaring testing client self.client = app.test_client() db.init_app(app) db.drop_all() db.create_all() #Declaring User details to use for testing password = "******" self.user = { "username": "******", "email": "*****@*****.**", "password": password } #hashing the users password for better security password_hash = generate_password_hash(password, method='sha256') #Saving the users deatils in the database user = User("david", "*****@*****.**", password=password_hash, user_date_stamp=str(datetime.datetime.now())) db.session.add(user) db.session.commit() #declaring a sample of invalid data self.invalid_data = {} #User details for login self.user_details = {"username": "******", "password": "******"} #Declaring a sample category for testing self.category = { "category_title": "breakfast", "category_description": "First meal of the morning" } #saving a sample category in the database category = Category("1", "breakfast", "First meal of the morning", "*****@*****.**", "2017-12-02 13:39:25.892164") db.session.add(category) db.session.commit() #Declaring a second sample category for testing self.category2 = { "category_title": "Drinks", "category_description": "Taken 30 minutes before and after food." } #saving a second sample category in the database category2 = Category("30", "Drinks", "Taken 30 minutes before and after food.", "*****@*****.**", "2017-12-02 13:39:25.892164") db.session.add(category) db.session.commit() #Declaring a sample recipe for testing self.recipe = { "recipe_title": "rolex", "recipe_description": "1.Obtain eggs" } #saving a second sample recipe in the database recipe = Recipe("1", "rolex", "1.Obtain eggs", "1", "*****@*****.**", "2017-12-02 13:39:25.892164", "False") db.session.add(recipe) db.session.commit() #User details for login and generating a token self.user_logins = {"username": "******", "password": "******"} response = self.client.post( "/login", data=json.dumps(self.user_logins), headers={"Content-Type": "application/json"}) token = json.loads(response.data.decode())["token"] self.headers = {"x-access-token": token}
def create_user(): if not request.json: return jsonify({ "Status": "Fail", "message ": "Invalid Data Submitted" }), 400 user_info = request.get_json() username = user_info.get("username") email = user_info.get("email") password = user_info.get("password") #Checking if all fields are filled. if isinstance(username, int): return jsonify({ "Status": "Fail", "message": "Please ensure you have input String" }), 400 #Checking if all fields are filled. if not (username and email and password): return jsonify({ "Status": "Fail", "message": "Please ensure you have input all the required fields" }), 400 #Checking to see if the email is valid if not validate_email(email): return jsonify({ "Status": "Fail", "message": "Please input correct email" }), 400 #Checking for Special character in the name and email if not re.match("^[A-Za-z0-9_-]*$", username) or not re.match( "^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$", email): return jsonify({ "Status": "Fail", "message": "Please ensure you have not input special characters" }), 400 #Checking if email already exists email_already_exists = db.session.query( db.exists().where(User.email == email)).scalar() if email_already_exists: return jsonify({ "Status": "Fail", "message": "This email has already been used to register" }), 400 #Checking to make sure no empty strings are sent if username == "" or email == "" or password == "": return jsonify({ "Status": "Fail", "message": "Please ensure you have input all your details" }), 400 hashed_password = generate_password_hash(password, method="sha256") new_user = User(username=username, email=email, password=hashed_password, user_date_stamp=str(datetime.datetime.now())) #Saving new user db.session.add(new_user) db.session.commit() return jsonify({ "Status": "Success", "message": "New user has been created!" }), 201
def register(): data = request.get_json() f_name = data['f_name'] s_name = data['s_name'] email = data['email'].lower() password = data['password'] domain = data['domain'].lower() if not re.fullmatch(r'[^@]+@[^@]+\.[^@]+', email) or \ len(password) < 8 or \ len(password) > 25 or \ not f_name.isalnum() or \ not s_name.isalnum() or \ not re.search(r'\d+', password) or \ not re.search(r'[A-Z]+', password): return jsonify(error=True, message='Invalid Details. Please Try again'), 400 if not domain.isalnum(): return jsonify( error=True, message='Your domain can only contain letters and numbers!'), 400 user = User.query.filter_by(domain=domain).first() if user is None: users = User.query.all() if len(users) < 25: user = User(domain=domain, email=email, f_name=f_name, s_name=s_name, password=generate_password_hash(password), account_type=4) user.add() user = User.query.filter_by(domain=domain).first() mailer = MailService( current_app, ('Fareed From Kreoh', current_app.config['MAIL_USERNAME']), user.id) mailer.send_welcome_message() access_token = create_access_token( user.id, fresh=True, expires_delta=timedelta(seconds=900)) refresh_token = create_refresh_token(user.id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) jwt_revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) jwt_revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) return jsonify(error=False, access_token=access_token, refresh_token=refresh_token), 201 else: return jsonify( error=True, message= "You've just missed out! The early access is currently full!" ), 400 else: return jsonify(error=True, message="unable to create user"), 400
def callback(): # Get authorization code Google sent back to you code = request.args.get("code") # Find out what URL to hit to get tokens that allow you to ask for # things on behalf of a user google_provider_cfg = get_google_provider_cfg() token_endpoint = google_provider_cfg["token_endpoint"] # Prepare and send request to get tokens! Yay tokens! token_url, headers, body = client.prepare_token_request( token_endpoint, authorization_response=fix_http(request.url), redirect_url=fix_http(request.base_url), code=code, ) token_response = requests.post( token_url, headers=headers, data=body, auth=(os.environ['GOOGLE_CLIENT_ID'], os.environ['GOOGLE_CLIENT_SECRET']), ) # Parse the tokens! client.parse_request_body_response(json.dumps(token_response.json())) # Now that we have tokens (yay) let's find and hit URL # from Google that gives you user's profile information, # including their Google Profile Image and Email userinfo_endpoint = google_provider_cfg["userinfo_endpoint"] uri, headers, body = client.add_token(userinfo_endpoint) userinfo_response = requests.get(uri, headers=headers, data=body) # We want to make sure their email is verified. # The user authenticated with Google, authorized our # app, and now we've verified their email through Google! if userinfo_response.json().get("email_verified"): unique_id = userinfo_response.json()["sub"] users_email = userinfo_response.json()["email"] picture = userinfo_response.json()["picture"] users_name = userinfo_response.json()["given_name"] else: return "User email not available or not verified by Google.", 400 # Create a user in our db with the information provided # by Google user = User(id=unique_id, name=users_name, email=users_email, profile_pic=picture) # Doesn't exist? Add to database if not get_user(unique_id): create_user(user) # Begin user session by logging the user in login_user(user) session['user'] = user.convert_to_dict() # Send user back to homepage try: return_url = session['url'] or "/" except KeyError as e: print(e) return_url = '/' return redirect(return_url)
def create(self, validated_data): user = User() user.username = validated_data.get('username') user.password = validated_data.get('password') user.save() return user