def signup():
try:
kwargs = request.body_params.dict()
exist_user = CustomerModel.verify_for_signup(kwargs.get("email"), kwargs.get("telephone"))
if exist_user:
return jsonify(error="Email or phone number already in use"), 400
role_id = RoleModel.find_by_identity("customer").id
new_user = CustomerModel(**kwargs, role_id=role_id)
new_user.save()
# Create the tokens we will be sending back to the user
access_token = create_access_token(identity=new_user, additional_claims={"role": new_user.role_id})
refresh_token = create_refresh_token(identity=new_user, additional_claims={"role": new_user.role_id})
customer_dto = CustomerSchema.from_orm(new_user).dict()
# Update Tracking
CustomerActivityModel.update_activity_tracking(new_user.id, request.remote_addr)
resp = jsonify(customer=customer_dto, accessToken=access_token, refreshToken=refresh_token), 200
return resp
except Exception as error:
print(error)
return jsonify(error="Customer signup error"), 50
def login():
try:
kwargs = request.body_params.dict()
exist_user = CustomerModel.find_by_identity(kwargs["email"])
if exist_user is None:
return jsonify(error="wrong email or password"), 400
if not exist_user.authenticate(kwargs["password"]):
return jsonify(error="wrong email or password"), 400
if not exist_user.is_active:
return jsonify(error="Account deactivated. please contact Support center"), 401
if not has_access(exist_user.role, ["customer"]):
return jsonify(error="Access denied"), 403
# Create the tokens we will be sending back to the user
access_token = create_access_token(identity=exist_user, additional_claims={"role": exist_user.role_id})
refresh_token = create_refresh_token(identity=exist_user, additional_claims={"role": exist_user.role_id})
customer_dto = CustomerSchema.from_orm(exist_user).dict()
# Update Tracking
CustomerActivityModel.update_activity_tracking(exist_user.id, request.remote_addr)
resp = jsonify(customer=customer_dto, accessToken=access_token, refreshToken=refresh_token), 200
return resp
except Exception as e:
print(e)
return jsonify(error="Customer login error"), 500
def password_reset():
try:
data = request.get_json() or {}
reset_token = data.get('reset_token', None)
new_password = data.get('password', None)
customer = CustomerModel.deserialize_token(reset_token)
if customer is None:
return jsonify(error="Account not found or token expired."), 400
customer.password = CustomerModel.encrypt_password(new_password)
customer.save()
return jsonify(message="Password reset successful"), 200
except Exception as e:
return jsonify(error="Password update error"), 500
def edit_consumer(customer_id):
try:
kwargs = request.body_params.dict()
exists_customer = CustomerModel.get_by_id(customer_id)
if exists_customer is None:
return jsonify(error="Customer not found"), 400
exists_customer.email = kwargs.get("email") or exists_customer.email
exists_customer.first_name = kwargs.get(
"first_name") or exists_customer.first_name
exists_customer.last_name = kwargs.get(
"last_name") or exists_customer.last_name
exists_customer.telephone = kwargs.get(
"telephone") or exists_customer.telephone
exists_customer.city = kwargs.get("city") or exists_customer.city
exists_customer.country = kwargs.get(
"country") or exists_customer.country
exists_customer.is_active = kwargs.get(
"is_active") or exists_customer.is_active
exists_customer.save()
user_dto = AdminRespUser.from_orm(exists_customer).dict()
return jsonify(customer=user_dto), 200
except Exception as e:
print(e)
return jsonify(error="Staff edit error"), 500
def get_customers(page=1):
try:
sort = request.args.get("sort", "created_at")
direction = request.args.get("direction", "desc")
sort_by = CustomerModel.sort_by(sort, direction)
order_values = f"{sort_by[0]} {sort_by[1]}"
search_query = CustomerModel.search(request.args.get("q", ""))
paginated_users = CustomerModel.paginate_account(
page, order_values, search_query)
AdminUserPaginateSchema.update_forward_refs()
dto = AdminUserPaginateSchema.from_orm(paginated_users).dict()
return jsonify(data=dto), 200
except Exception as e:
return jsonify(error="Users error"), 500
def begin_password_reset():
try:
data = request.get_json() or {}
customer = CustomerModel.find_by_identity(data["email"])
if customer is None:
return jsonify(error="Account not found."), 400
if not customer.is_active:
return jsonify(error="Account deactivated. please contact Support center"), 401
customer.initialize_password_reset()
return jsonify(message=f"An email has been sent to {data['email']}"), 200
except Exception as e:
return jsonify(error="Password reset request error"), 500
def customer(customer_id):
try:
user = CustomerModel.get_by_id(customer_id)
if user is None:
return jsonify(error="User not found"), 400
AdminRespUser.update_forward_refs()
user_dto = AdminRespUser.from_orm(user).dict()
resp = jsonify(user=user_dto), 200
return resp
except Exception as e:
print(e)
return jsonify(error="User error"), 500
def delete_customer(customer_id):
try:
customer = CustomerModel.get_by_id(customer_id)
if customer is None:
return jsonify(error="Customer not found"), 400
if customer.role == "admin":
return jsonify(error="Access denied"), 403
customer.is_active = False
customer.save()
dto = AdminRespUser.from_orm(customer).dict()
return jsonify(customer=dto), 200
except Exception as e:
return jsonify(error="Staff delete error"), 500
def user_lookup_loader(_jwt_header, jwt_data):
# TODO: Better way to Load user by role
identity = jwt_data.get("sub")
role_id = jwt_data.get("role")
role = RoleModel.get_by_id(role_id)
if role is None:
return None
user = None
if role.name in ["admin", "staff"]:
user = EmployeeModel.get_by_id(identity)
else:
user = CustomerModel.get_by_id(identity)
return user