def user(user_id): ''' For GET requests, return the given user. For DELETE requests, delete the given user. ''' user = User.query.filter_by(id=user_id).first() if user is None: return 'user does not exist', 404 # request is a GET if request.method == 'GET': schema = UserSchema(strict=True) user_data = schema.dump(user) return jsonify(user_data) # request is a DELETE elif request.method == 'DELETE': if current_user == user: return json.dumps({'success': False}), 200, { 'ContentType': 'application/json' } db.session.delete(user) db.session.commit() return json.dumps({'success': True}), 200, { 'ContentType': 'application/json' }
def read_all(active_only=False): query = User.query if active_only: query = query.filter(User.is_active == True) users = query.all() user_schema = UserSchema(many=True) return user_schema.dump(users)
def profiles(): '''render webpage profiles''' users = db.session.query(User).all() if request.method == "POST": serializer = UserSchema(many=True) result = serializer.dump(users) return jsonify({'Users': result.data}) return render_template('profile.html', users=users)
def on_get(self, req, res): session = req.context['session'] users = session.query(User).all() schema = UserSchema() out = [] for u in users: out.append(schema.dump(u).data) res.status = falcon.HTTP_200 res.body = self.to_json(out)
def post(self): """创建 Redis 实例 """ data = request.get_json() user, errors = UserSchema().load(data) if errors: return errors, 400 user.save() return {'ok': True}, 201
def GetUser(request): print(current_user.get_id()) userdetails = User.query.filter_by(id=current_user.get_id()).first() schema = UserSchema() pprint(schema.dump(userdetails).data) user_details = schema.dump(userdetails).data if request == None: return user_details return jsonify(user_details)
def put(self, object_id): """更新服务器 """ schema = UserSchema(context={'instance': g.instance}) data = request.get_json() server, errors = schema.load(data, partial=True) if errors: return errors, 400 server.save() return {'ok': True}
def create(user, cleartext_password): schema = UserSchema() user["email"] = sanitize_email(user["email"]) new_user = schema.load(user, session=db.session) new_user.set_password(cleartext_password) db.session.add(new_user) db.session.commit() return new_user
def decorated_view(*args, **kwargs): data = request.get_json() schema = UserSchema() validate = schema.validate({ 'email': data['email'], 'password': data['password'] }) for key in validate: if key: return json.dumps({'message': validate[key][0]}), 400 return func(*args, **kwargs)
def post(self): message = {'errors': {}} data = request.get_json() email = data.get('email') username = data.get('username') password = data.get('password') username_valid = False if UserModel.find_by_username( username) else True email_valid = False if UserModel.find_by_email(email) else True email_exists = True if validate_email(email, check_mx=True) else False if not username_valid: message['errors'][ 'UsernameExistsError'] = 'UserModel with such username already exists' if not email_valid: message['errors'][ 'UserWithSuchEmailExists'] = 'UserModel with such email already exists' if not email_exists: message['errors'][ 'EmailDoesNotExistError'] = 'Entered email does not exist' try: UserSchema().load(data) except ValidationError as vall_err: message['errors']['ValidationError'] = vall_err.messages return make_response(jsonify(message), 400) else: if message['errors']: return make_response(jsonify(message), 400) user = UserModel(username=username, email=email) user.set_password(password) user.save_to_db() return message, 201
def CreateUser(request): print("Request is : ", request.json) if not request.json: return jsonify({'message': 'No input data provided '}), 400 content = request.get_json() schema = UserSchema() userData = schema.load(content) newAsset = userData.data a = User(**newAsset) db.session.add(a) try: db.session.commit() return jsonify({"sucess": True}) except IntegrityError: return jsonify({"sucess": False}) db.session.rollback()
def delete(self): # 新增数据 data = request.get_json() userschema = user_schema.load(data) app = UserSchema(**userschema) db.session.add(app) db.session.commit() return normal_request("create app success")
def get_one_user(public_id): """ This route gets a single user from the database and returns it as a json object. Args {string} public_id Returns {Object<json>} 200 success: {string} user: {Object<json>} Throws {Exception{Object<json>}} error: NoResultFound 404 SQLAlchemyError 400 NotAuthorized 401 """ # Get the user's id from access token uid = get_jwt_identity() # If user's public_id doesn't equal public id in url, return error if user.public_id != public_id: return jsonify({'error': 'Not authorized!'}), 401 # Try to get user from database query = User.query.filter_by(public_id=uid) try: user = query.one() # If no result found, return error except NoResultFound: return jsonify({'error': 'No result found!'}), 404 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Serialze the user object and return json response user_schema = UserSchema() output = user_schema.dump(user).data return jsonify({ 'success': 'Successfully retrieved user.', 'user': output }), 200
def get_all_users(): """ This route gets all users from the database and returns the array as a json object. Returns {Object<json>} 200 num_results: {string} success: {string} users: {Object<json>} Throws {Exception{Object<json>}} error: NoResultFound 404 SQLAlchemyError 400 """ # Try to get all users from database query = User.query try: users = query.all() # If query returns no users, return erorr if len(users) == 0: return jsonify({'error': 'No results found!'}), 404 # If no result found, return error except NoResultFound: return jsonify({'error': 'No result found!'}), 404 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Serialize array of users user_schema = UserSchema(many=True) output = user_schema.dump(users).data # Return json response return jsonify({ 'num_results': str(len(output)), 'success': 'Successfully retrieved users!', 'users': output, }), 200
class UserController(MethodView): def __init__(self): self.service = UserService() self.schema = UserSchema() self.many_schema = UserSchema(many=True) def get(self, user_id): res = None serialized = None if user_id is None: res = self.service.get_all_users() serialized = self.many_schema.dump(res) else: res = self.service.get_user_by_id(user_id) serialized = self.schema.dump(res) return jsonify({'user': serialized}), 200 def post(self): password = request.json['password'] encrypted_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) user = User( email=request.json['email'], password=encrypted_password) self.service.save_user(user) serialized = self.schema.dump(user) return jsonify({'user': serialized}), 201 def put(self, user_id): user = self.service.update_user_by_id(user_id, request.json['user']) serialized = self.schema.dump(user) return jsonify({'user': serialized}), 200 def delete(self, user_id): self.service.delete_user_by_id(user_id) return jsonify({}), 204
def users(): ''' For GET requests, return all users. For POST requests, add a new user. ''' if request.method == 'GET': all_users = User.query.all() schema = UserSchema(many=True, strict=True) users = schema.dump(all_users) return jsonify(users[0]) # request is a POST else: username = request.form.get('Username') role = request.form.get('Role') role = Role.query.filter_by(name=role).first() user = User.query.filter_by(username=username).first() if user is not None: return json.dumps({'success': False}), 200, { 'ContentType': 'application/json' } elif role is None: return 'failed to enter into database - role doesnt exist', 400 user = User(username=username, role_id=role.id) user.set_password(request.form.get('Password')) db.session.add(user) db.session.commit() schema = UserSchema(strict=True) user_data = schema.dump(user) return jsonify(user_data[0]), 201
def on_post(self, req, res): """ Create a new user. Will test the data passed to the resource. """ session = req.context['session'] data = json.loads(req.bounded_stream.read().decode()) result = UserSchema().load(data) if result.errors: res.status = falcon.HTTP_BAD_REQUEST res.body = self.to_json({'errors': result.errors}) else: roles = get_roles() user = User(email=data['email'], fn=data['fn'], ln=data['ln'], password=hash_password(data['password']), role=roles['member']) session.add(user) session.flush() schema = UserSchema() res.status = falcon.HTTP_200 res.body = self.to_json(schema.dump(user).data)
from app import app, db from flask import Flask, request, jsonify from app.models import User, Flight, UserSchema, FlightSchema from flask_cors import CORS CORS(app) # initialize schema user_schema = UserSchema(strict=True) users_schema = UserSchema(many=True, strict=True) flight_schema = FlightSchema(strict=True) flights_schema = FlightSchema(many=True, strict=True) @app.route('/registro-usuario', methods=['POST']) def add_user(): name = request.json['name'] email = request.json['email'] user_type = request.json['user_type'] cpf = request.json['cpf'] phone_number = request.json['phone_number'] birthday = request.json['birthday'] matricula = request.json['cpf'] new_user = User(matricula, name, email, user_type, cpf, phone_number, birthday) new_user.persist() return user_schema.jsonify(new_user)
import math from datetime import datetime from flask import flash, redirect, render_template, request, url_for from flask_login import current_user, login_required from app import db from app.main import bp from app.main.forms import (AddCategoryForm, AddTaskForm, AddUserCategoryForm, EditProfileForm, NewSessionAddTaskForm, RunSessionForm) from app.models import (Category, Session, Task, TaskSchema, User, UserCategory, UserSchema) USER_SCHEMA = UserSchema(exclude=("last_seen", )) TASKS_SCHEMA = TaskSchema(many=True, exclude=("timestamp", )) DEBUG = False @bp.before_request def before_request(): if current_user.is_authenticated: current_user.last_seen = datetime.utcnow() db.session.commit() @bp.route('/') @bp.route('/index', methods=['GET']) @login_required def index(): user = User.query.filter_by(username=current_user.username).first_or_404()
def __init__(self): self.service = UserService() self.schema = UserSchema() self.many_schema = UserSchema(many=True)
def get(self): """获取 Redis 列表 """ servers = User.query.all() return UserSchema().dump(servers, many=True).data
from flask import jsonify from flask import request from sqlalchemy.exc import IntegrityError from app import app from app import db from app.models import User, Restaurant, Rating, Address from app.models import UserSchema, RestaurantSchema, AddressSchema, RatingSchema, RatingSchemaUpdate from marshmallow import ValidationError from datetime import datetime, timedelta from sqlalchemy import func from sqlalchemy.sql import label users_schema = UserSchema(many=True) user_schema = UserSchema() restaurants_schema = RestaurantSchema(many=True) restaurant_schema = RestaurantSchema() address_schema = AddressSchema() rating_schema = RatingSchema() ratingupdate_schema = RatingSchemaUpdate() ratings_schema = RatingSchema(many=True) import pdb #function to add object to database
def get_user(id): user_schema = UserSchema() user = UserModel.query.filter_by(id=id).first_or_404() dump_data = user_schema.dump(user) return dump_data
def bot(): incoming_msg = request.values.get('Body', '').lower() resp = MessagingResponse() msg = resp.message() sender_number = request.values.get('From') print("IN BOT") print(incoming_msg) responded = False if 'add state' in incoming_msg: state_name = incoming_msg.split("add state", 1)[1] search_term = state_name.strip() search_term = f"%{search_term}%" state = State.query.filter((State.State.like(search_term))).first() stateSchema = StateSchema() state = stateSchema.dump(state) state_id = state["Id"] state_cured = state["Cured"] state_dead = state["Dead"] state_confirmed = state["Confirmed"] state_name = state["State"] check_user_state_exist = User.query.filter_by( MobileNo=sender_number, State_Id=state['Id']).first() if not check_user_state_exist: user_new = User(State_Id=state_id, MobileNo=sender_number) db.session.add(user_new) db.session.commit() msg.body(f"{state_name} added for COVID-19 tracking.") else: msg.body(f"{state_name} already added for tracking.") msg.body( f"Currently in {state_name}, there are \n {state_confirmed} cases confirmed \n {state_cured} cases " f"cured \n {state_dead} deaths ") responded = True if 'all states' in incoming_msg: user_list = User.query.filter_by(MobileNo=sender_number).all() userSchema = UserSchema(many=True) user_list = userSchema.dump(user_list) print(user_list) if not user_list: msg.body( f"No states added currently add it like *add state Gujarat*") for user_detail in user_list: state_id = user_detail["states"] state = State.query.filter_by(Id=state_id).first() stateSchema = StateSchema() state = stateSchema.dump(state) state_id = state["Id"] state_cured = state["Cured"] state_dead = state["Dead"] state_confirmed = state["Confirmed"] state_name = state["State"] empty = "‎‎ ‎" # invisible character, to get new line hack msg.body(empty) msg.body( f" Currently in \n *{state_name}*, there are \n {state_confirmed} cases confirmed \n {state_cured} cases " f"cured \n {state_dead} deaths. \n {empty}\n") responded = True if 'remove state' in incoming_msg: state_name = incoming_msg.split("remove state", 1)[1] search_term = state_name.strip() search_term = f"%{search_term}%" user_list = User.query.filter_by(MobileNo=sender_number).all() userSchema = UserSchema(many=True) user_list = userSchema.dump(user_list) print(user_list) if not user_list: msg.body( f"No states to remove currently add it like *add state Gujarat*" ) if user_list: state = State.query.filter((State.State.like(search_term))).first() stateSchema = StateSchema() state = stateSchema.dump(state) state_id = state["Id"] state_name = state["State"] User.query.filter_by(MobileNo=sender_number, State_Id=state_id).delete() db.session.commit() msg.body(f"{state_name} removed from tracking") responded = True if 'get news' in incoming_msg: all_news = News.query.all() news_schema = NewsSchema(many=True) all_news = news_schema.dump(all_news) for news in all_news: title = news["Title"] empty = "‎‎ ‎" # invisible character, to get new line hack msg.body(f" \n *Title* : {title} \n {empty}\n ") responded = True if "what is covid 19" in incoming_msg: msg.body( "COVID-19 is a disease caused by a new strain of coronavirus. ‘CO’ stands for corona, ‘VI’ for virus, and ‘D’ for disease. Formerly, this disease was referred to as ‘2019 novel coronavirus’ or ‘2019-nCoV.’ The COVID-19 virus is a new virus linked to the same family of viruses as Severe Acute Respiratory Syndrome (SARS) and some types of common cold" ) responded = True if "symptoms of covid 19" in incoming_msg: msg.body( "Symptoms can include fever, cough and shortness of breath. In more severe cases, infection can cause pneumonia or breathing difficulties. More rarely, the disease can be fatal. These symptoms are similar to the flu (influenza) or the common cold, which are a lot more common than COVID-19. This is why testing is required to confirm if someone has COVID-19." ) responded = True if "how to be safe" in incoming_msg: msg.body('''✓ staying home when sick ✓ covering mouth and nose with flexed elbow or tissue when coughing or sneezing. Dispose ofused tissue immediately; ✓ washing hands often with soap and water; and ✓ cleaning frequently touched surfaces and objects ''') responded = True if "help" in incoming_msg: msg.body('''You can give me the following commands 👉 add state {state name} 👉 all states 👉 remove state {state name} 👉 get news 👉 what is covid 19 👉 symptoms of covid 19 👉 how to be safe 👉 help ''') responded = True if not responded: chatter_resp = chat_bot.get_response(incoming_msg) # print(chatter_resp) # print(chatter_resp.serialize()) serialize_resp = chatter_resp.serialize() res_text = serialize_resp["text"] # print(res_text) empty = "‎‎ ‎" # invisible character, to get new line hack msg.body(f"{res_text}") msg.body(f"{empty} \n you can type *help* for menu") return str(resp)
def create_bracket(): """ This route adds a new bracket to the database and returns a success message as a json object. Returns {Object<json>} 200 success: {string} bracket: {Object<json>} Throws {Exception{Object<json>}} error: NotAuthorized 401 NoResultFound 404 SQLAlchemyError 400 """ # Get the user's id from access token uid = get_jwt_identity() # If no user id, return error if not uid: return make_response( jsonify({'error': 'Could not verify!'}), 401, {'WWW-Authentication': 'Basic realm="Login required!"'}) # Try to get user from database query = User.query.filter_by(public_id=uid) try: user = query.one() # If no result found, return error except NoResultFound: return jsonify({'error': 'No result found!'}), 401 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Get bracket data from request data = request.get_json() # Verify that all required bracket data was sent bracket_columns = [ 'grp_a_1', 'grp_a_2', 'grp_b_1', 'grp_b_2', 'grp_c_1', 'grp_c_2', 'grp_d_1', 'grp_d_2', 'grp_e_1', 'grp_e_2', 'grp_f_1', 'grp_f_2', 'grp_g_1', 'grp_g_2', 'grp_h_1', 'grp_h_2' ] if not any(key in data for key in bracket_columns): return make_response(jsonify({'error': 'Missing data!'}), 400) # Create bracket object bracket = Bracket(uid=user.public_id, grp_a_1=data['grp_a_1'], grp_a_2=data['grp_a_2'], grp_b_1=data['grp_b_1'], grp_b_2=data['grp_b_2'], grp_c_1=data['grp_c_1'], grp_c_2=data['grp_c_2'], grp_d_1=data['grp_d_1'], grp_d_2=data['grp_d_2'], grp_e_1=data['grp_e_1'], grp_e_2=data['grp_e_2'], grp_f_1=data['grp_f_1'], grp_f_2=data['grp_f_2'], grp_g_1=data['grp_g_1'], grp_g_2=data['grp_g_2'], grp_h_1=data['grp_h_1'], grp_h_2=data['grp_h_2']) # Try to add bracket to database try: db.session.add(bracket) db.session.commit() # If bracket name already in database, return error except IntegrityError: return jsonify({'error': 'User with name or email already exists'}), 400 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Add the bracket to the user object user.bracket = bracket # Serialze the bracket and user objects and return json response bracket_schema = BracketSchema() b_output = bracket_schema.dump(bracket).data user_schema = UserSchema() u_output = user_schema.dump(user).data return jsonify({ 'success': 'Successfully retrieved bracket.', 'bracket': b_output, 'user': u_output, }), 200
from app import db from flask_restplus import Namespace, Resource, fields from app.models import User, UserSchema, Post, Company, PostSchema from flask import jsonify, request from .dto import userDTO, postDTO api = Namespace('users', description='Users api') user_schema = UserSchema() user_schema_list = UserSchema(many=True) post_schema = PostSchema() post_schema_list = PostSchema(many=True) @api.route('/') class UsersResourceList(Resource): @api.marshal_with(userDTO, code=201) @api.expect(userDTO) def post(self): users = User.query.all() return user_schema_list.jsonify(users) @api.route('/<int:id>') class UsersResource(Resource): def get(self, id): user = User.query.get_or_404(id) return user_schema.jsonify(user) @api.route('/<int:id>/posts') class UsersResourcePosts(Resource): def get(self, id):
def create_user(): """ This route adds a new user to the database, sends a confirmation link to the user's email and returns a success message aa a json object. Returns {Object<json>} 200 success: {string} Throws {Exception{Object<json>}} error: NotAuthorized 401 NoResultFound 404 SQLAlchemyError 400 """ # Get user's authorization credentials auth = request.authorization # If no authorization credentials, return error if not auth or not auth.username or not auth.password: return make_response( jsonify({'error': 'Could not verify!'}), 401, {'WWW-Authentication': 'Basic realm="Login required!"'}) # Get user data from request data = request.get_json() # If name or email is missing, return error if not data['name'] or not data['email']: return make_response(jsonify({'error': 'Missing data!'}), 400) # Create a salted password random_bytes = urandom(24) salt = b64encode(random_bytes).decode('utf-8') salted_password = auth['password'] + salt # Hash the salted password hashed_password = generate_password_hash(salted_password, method='pbkdf2:sha512:80000', salt_length=20) # Create user object user = User(name=data['name'], email=data['email'], username=auth['username'], password=hashed_password, salt=salt, created_at=datetime.utcnow()) user.generate_public_id() # Try to add user to database try: db.session.add(user) db.session.commit() # If username already in database, return error except IntegrityError: return jsonify({'error': 'User with name or email already exists'}), 400 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Serialize the user object user_schema = UserSchema() output = user_schema.dump(user).data # Create the tokens to be sent to the user expires = timedelta(seconds=1800) access_token = create_access_token(identity=user.public_id, expires_delta=expires) refresh_token = create_refresh_token(identity=user.public_id) # Get the csrf tokens so they can be set as headers in response csrf_access_token = get_csrf_token(access_token) csrf_refresh_token = get_csrf_token(refresh_token) # Create json response response = make_response( jsonify({ 'user': output, 'success': 'Login successful!' }), 200) # Set JWT cookies and headers and return response set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) response.set_cookie('public_id', user.public_id) response.headers['access'] = csrf_access_token response.headers['refresh'] = csrf_refresh_token return response
def login(): """ This route authenticates the user by checking the username and password if it exists or by decoding the jwt token if it exists. Each time a user logs in new jwt tokens cookies will be set in the response. Returns {Object<json>} 200 success: {string} user: {Object<json>} Throws {Exception{Object<json}}: error: NoResultFound 401 SQLAlchemyError 400 InactiveUser 400 """ # If authorization header is present, try to authenticate the user if request.authorization: auth = request.authorization # If not username and password, return error if not auth.username or not auth.password: return not_authorized_error('Basic') # Find the user by username query = User.query.filter_by(username=auth.username) try: user = query.one() # If no user found, try by email or return error except NoResultFound: # Try to find the user by email query = User.query.filter_by(email=auth.username) try: user = query.one() # If no user found, try by email or return error except NoResultFound: return make_response( jsonify({ 'error': ('Sorry, your username or password was ' 'incorrect. Please try again.') }), 401, {'WWW-Authentication': 'Basic realm="Login required!"'}) # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # If provided password does not match user password, return error if not check_password_hash(user.password, auth.password + user.salt): return make_response( jsonify({ 'error': ('Sorry, your username or password was ' 'incorrect. Please try again.') }), 401, {'WWW-Authentication': 'Basic realm="Login required!"'}) # Serialize the user object user_schema = UserSchema() output = user_schema.dump(user).data # Create the tokens to be sent to the user expires = timedelta(seconds=1800) access_token = create_access_token(identity=user.public_id, expires_delta=expires) refresh_token = create_refresh_token(identity=user.public_id) # Get the csrf tokens so they can be set as headers in response csrf_access_token = get_csrf_token(access_token) csrf_refresh_token = get_csrf_token(refresh_token) # Create json response response = make_response( jsonify({ 'user': output, 'success': 'Login successful!' }), 200) # Set JWT cookies and headers and return response set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) response.set_cookie('public_id', user.public_id) response.headers['access'] = csrf_access_token response.headers['refresh'] = csrf_refresh_token return response # If no authorization header present, check for jwt token cookies else: public_id = get_jwt_identity() # If there isn't a valid jwt token, return error if not public_id: return not_authorized_error('Cookie') # Find the user query = User.query.filter_by(public_id=public_id) try: user = query.first() # If no user found, return error except NoResultFound: return not_authorized_error('Cookie') # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Serialize the user object user_schema = UserSchema() output = user_schema.dump(user).data # Create the tokens to be sent to the user expires = timedelta(seconds=1800) access_token = create_access_token(identity=user.public_id, expires_delta=expires) refresh_token = create_refresh_token(identity=user.public_id) # Get the csrf tokens so they can be set as headers in response csrf_access_token = get_csrf_token(access_token) csrf_refresh_token = get_csrf_token(refresh_token) # Create json response response = make_response( jsonify({ 'user': output, 'success': 'Login successful!' }), 200) # Set JWT cookies and headers and return response set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) response.set_cookie('public_id', user.public_id) response.headers['access'] = csrf_access_token response.headers['refresh'] = csrf_refresh_token return response
def oauth(provider): """ This route authenticates the user by receiving a provider and oauth token and verifying a user exists. When a user logs in new jwt tokens cookies will be set in the response. Args {string} provider - facebook or google Returns {Object<json>} 200 success: {string} user: {Object<json>} Throws {Exception{Object<json}}: error: Authorization 401 NoResultFound 401 SQLAlchemyError 400 MissingUser 400 InactiveUser 400 """ # If no authorization header, return error if not request.headers.get('Authorization'): return jsonify({'error': 'Not a valid request'}), 401 # Get the token from authorization header and convert to dictionary token = request.headers.get('Authorization').split('Bearer ')[1] token = json.loads(token) # Try to find oauth user in database query = OAuth.query.filter_by( provider=provider, provider_uid=token['userID'], ) try: oauth = query.first() # If no result found, return error except NoResultFound: return jsonify( {'error': "The user doesn't exist. Sign up to create an account"}), 404 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # If not oauth create a new user if not oauth: # Get user data from request data = request.get_json() # If name or email is missing, return error if not (data['name'] or not data['email'] or not data['picture'] or not data['provider_user_id']): return make_response(jsonify({'error': 'Missing data!'}), 400) # Create user object user = User(name=data['name'], email=data['email'], picture=data['picture'], created_at=datetime.utcnow()) user.generate_public_id() # Try to add user to database try: db.session.add(user) db.session.commit() # If username already in database, return error except IntegrityError: return jsonify({'error': 'User with name or email already exists'}), 400 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Create new oauth token account for user oauth = OAuth( provider=provider, provider_uid=data['provider_user_id'], token=token, ) # Associate the new local user account with the OAuth token oauth.user = user # Save and commit database models db.session.add(oauth) db.session.commit() # If there is no user relation, return error if not oauth.user: return jsonify({'error': 'Some problem occurred!'}), 400 user = oauth.user # Serialze the user object user_schema = UserSchema() output = user_schema.dump(user).data # Create the tokens to be sent to the user expires = timedelta(seconds=1800) access_token = create_access_token(identity=user.public_id, expires_delta=expires) refresh_token = create_refresh_token(identity=user.public_id) # Get the csrf tokens so they can be set as headers in response csrf_access_token = get_csrf_token(access_token) csrf_refresh_token = get_csrf_token(refresh_token) # Create json response response = make_response( jsonify({ 'user': output, 'success': 'Login successful!' }), 200) # Set JWT cookies and headers and return response set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) response.set_cookie('public_id', user.public_id) response.headers['access'] = csrf_access_token response.headers['refresh'] = csrf_refresh_token return response
def edit_user(id): """ This route edits a user in the database and returns the updated user aa a json object. Returns {Object<json>} 200 success: {string} user: {Object<json>} Throws {Exception{Object<json>}} error: NotAuthorized 401 ExpiredSignatureError 400 DecodeJWTError 400 NoResultFound 404 SQLAlchemyError 400 """ auth = {} # Get the user data from the request data = request.get_json() # If there is no authorization header, get # the user's id from the access token cookie if not request.headers.get('Authorization'): public_id = get_jwt_identity() # If user's id doesn't match url id, return error if public_id != id: return jsonify({'error': 'Not authorized!'}), 401 # If basic authorization, get the user's # id from the authorization username elif request.authorization: auth = request.authorization # If authorization credentials missing, return error if not auth or not auth.username or not auth.password: return make_response( jsonify({'error': 'Could not verify'}), 401, {'WWW-Authentication': 'Basic realm="Login required!"'}) public_id = auth.username # If the user's public id doesn't match url id, return error if public_id != id: return jsonify({'error': 'Not authorized!'}), 401 else: # Get the user's token from the authorization header token = request.headers.get('Authorization').split(' ')[1] # If there is no token, return error if not token: return jsonify({'error': 'Missing token!'}), 401 token = token.encode("utf-8") # Decode the jwt token try: jwt_data = jwt.decode(token, app.config.get('SECRET_KEY'), algorithm='HS256') # If the token has expired, return error except jwt.ExpiredSignatureError: # Signature has expired return jsonify( {'error': 'Reset token is expired. Please try again.'}), 400 # If failed to decode jwt, return error if not jwt_data: return jsonify({'error': 'Failed to decode jwt token.'}), 400 # Get the user's id from the decoded jwt public_id = jwt_data['public_id'] # If the user's id doesn't match the url id, return error if public_id != id: return jsonify({'error': 'Not authorized!'}), 401 # Try to get the user from the database query = User.query.filter_by(public_id=public_id) try: user = query.one() # If no result found, return error except NoResultFound: return jsonify({'error': 'No result found!'}), 404 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # If password provided but can't be verified, return error if 'password' in auth: if not check_password_hash(user.password, auth.password + user.salt): return jsonify({ 'error': ('The password you provided could ' 'not be found for this user.') }), 401 # If new password provided, create salt and hash it if 'password' in data: random_bytes = urandom(24) salt = b64encode(random_bytes).decode('utf-8') salted_password = data['password'] + salt hashed_password = generate_password_hash(salted_password, method='pbkdf2:sha512:80000', salt_length=20) user.password = hashed_password user.salt = salt # If other user attributes provided, add # them to user and save in database if 'name' in data: user.name = data['name'] if 'username' in data: user.username = data['username'] if 'email' in data: user.email = data['email'] if 'picture' in data: user.picture = data['picture'] db.session.commit() # Serialize user user_schema = UserSchema() output = user_schema.dump(user).data # Create json and return response return jsonify({'success': 'The user has been updated', 'user': output})