def signin():
#if user already logged in, then redirect to main page
if 'profile' in session:
if session['profile'] is not None:
return redirect(util.my_url_for(url_for('main')))
#sigin button click
if request.method == 'POST':
args = request.form
validator = MyValidator()
dovalidate = validator.wrp_validate(args, {
'username': {'type': 'string', 'required': True, 'empty': False},
'password': {'type': 'string', 'required': True, 'empty': False}
})
if(dovalidate['status'] is False):
return render_template('/user/signin.html',errmsg="Not valid username or password.")
user = UserModel.getByUsername(args['username'])
if user is not None:
password = util.generate_password(args['username'],args['password'],user.password_salt)
if password != user.password:
return render_template('/user/signin.html',errmsg="Not valid username or password.")
else:
return render_template('/user/signin.html',errmsg="Not valid username or password.")
last_loggedin = {
'last_loggedin_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'is_loggedin': 1
}
result = UserModel.doUpdate(user.id, last_loggedin)
data = {
'uid': user.id,
'fullname': user.fullname,
'phonenumber': user.phonenumber,
'email': user.email
}
session['profile'] = data
return redirect(util.my_url_for(url_for('main')))
else:
return render_template('/user/signin.html')
def user_add():
if request.method == "POST":
#get form input
args = request.form.to_dict()
#validate form input
validator = MyValidator()
dovalidate = validator.wrp_validate(args, UserModel.addNewValidation)
if(dovalidate['status'] is False):
errmsg = util.validate_message_to_dict(dovalidate['messages'])
#print(errmsg)
return render_template('/user/form.html',errmsg=errmsg,edit_data=args)
#insert database
args['created_by'] = session['profile']['uid']
args['password_salt'] = str(uuid.uuid4())
args['password'] = util.generate_password(args['username'],args['password'],args['password_salt'])
result = UserModel.addNew(args)
return redirect(util.my_url_for(url_for('user_list')))
return render_template('/user/form.html',errmsg={},edit_data={})
def user_edit():
qargs = request.args.to_dict()
if request.method == "POST":
#get form input
args = request.form.to_dict()
#validate form input
validator = MyValidator()
dovalidate = validator.wrp_validate(args, UserModel.updateValidation)
if(dovalidate['status'] is False):
errmsg = util.validate_message_to_dict(dovalidate['messages'])
#print(errmsg)
return render_template('/user/form.html',errmsg=errmsg,edit_data=args)
#update database
args['updated_by'] = session['profile']['uid']
result = UserModel.doUpdate(qargs['id'],args)
return redirect(util.my_url_for(url_for('user_list')))
else:
args = UserModel.getById(qargs['id'])
return render_template('/user/form.html',errmsg={},edit_data=args)
def post(self):
args = request.get_json()
validator = MyValidator()
dovalidate = validator.wrp_validate(args, self.Orm.addNewValidation)
if(dovalidate['status'] is False):
return self.response({
'title':'Error',
'body':dovalidate['messages'],
'status_code':422
})
claims = get_jwt_claims()
args['created_by'] = claims['uid']
args['password_salt'] = str(uuid.uuid4())
args['password'] = util.generate_password(args['username'],args['password'],args['password_salt'])
result = self.Orm.addNew(args)
return self.response({"data":result.serialize()})
def user_delete():
UserModel.doDelete(request.args['id'])
return redirect(util.my_url_for(url_for('user_list')))
def post(self):
args = request.get_json()
validator = MyValidator()
dovalidate = validator.wrp_validate(
args, {
'username': {
'type': 'string',
'required': True,
'empty': False
},
'password': {
'type': 'string',
'required': True,
'empty': False
}
})
if (dovalidate['status'] is False):
return self.response({
'title': 'Error',
'body': dovalidate['messages'],
'status_code': 422
})
user = UserModel.getByUsername(args['username'])
# Check Max Login Attempt Mode
max_login_attempt = int(app.config['MAX_LOGIN_ATTEMPT'])
if user is not None:
user = user.serialize()
if user['login_attempt'] >= max_login_attempt or user[
'status'] == VariableConstant.USER_STATUS_BLOCKED:
return self.response(VariableConstant.USER_BLOCKED_RESPONSE)
password = util.generate_password(args['username'],
args['password'],
user['password_salt'])
if password != user['password']:
app.logger.error('ERROR LOGIN : '******'msg': 'Wrong Username or Password'})
# Auto Increment Login Attempt
la = UserModel.incrementLoginAttempt(user['id'])
if (user['login_attempt'] + 1) >= max_login_attempt:
# Block user
UserModel.doUpdate(
user['id'], {
'status': VariableConstant.USER_STATUS_BLOCKED,
'isloggedin': 0,
'login_attempt': 0
})
return self.response(
VariableConstant.USER_BLOCKED_RESPONSE)
return self.response(
VariableConstant.USER_LOGIN_FAILED_RESPONSE)
else:
app.logger.error('ERROR LOGIN : '******'msg': 'User Not Found '})
return self.response(VariableConstant.USER_LOGIN_FAILED_RESPONSE)
user['access_token'] = create_access_token(identity=args['username'])
user['refresh_token'] = create_refresh_token(identity=args['username'])
access_jti = get_jti(encoded_token=user['access_token'])
refresh_jti = get_jti(encoded_token=user['refresh_token'])
revoked_store.set(access_jti, 'false',
app.config['JWT_ACCESS_TOKEN_EXPIRES'] * 1.2)
revoked_store.set(refresh_jti, 'false',
app.config['JWT_REFRESH_TOKEN_EXPIRES'] * 1.2)
#update last logged in
UserModel.doUpdate(
user['id'], {
'last_loggedin_at':
datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'is_loggedin': 1
})
result = {}
result['access_token'] = user['access_token']
result['refresh_token'] = user['refresh_token']
return self.response({'data': result})