def delete(self): parser = request.get_json() email = parser.get('email') password = parser.get('password') if email is None or password is None: abort(400) # missing arguments if user_datastore.find_user(email=email) is None: abort(403) # existing user user = user_datastore.find_user(email=email) user_datastore.delete_user(user) return 200
def post(self): parser = request.get_json() if parser is None: abort(400) email = parser.get('email') password = parser.get('password') if email is None or password is None: abort(400) if user_datastore.find_user(email=email) is None: abort(403) user = user_datastore.find_user(email=email) if user.verify_password(password) is False: abort(403) login_user(user, remember = True) return jsonify({"message": "Login as %s" % current_user.email})
def login(): form = forms.LoginForm() if form.validate_on_submit(): login_user(user_datastore.find_user(email=form.email.data, password=form.password.data)) return '', 200 for field, errors in form.errors.items(): for error in errors: print(error) return '', 403
def check_member_supplier(id, email): """Check a member's viewing supplier authorization. return Boolean :param id: id :param email: Email of the person who will perform the action """ suppliers = user_datastore.find_user(email=email).suppliers if id in suppliers: return True return False
def log_in_credentials(credentials): """ Finds user and returns json token """ user = user_datastore.find_user(email=credentials["email"]) if user == None: return (False, "Password or email is wrong") else: verification = verify_password(credentials["password"], user.password) if verification: return (True, user.get_auth_token()) else: return (False, "Password or email is wrong")
def check_member_role(roles, email): """Check a member's viewing authorization. return Boolean :param roles: A list of acceptable roles :param email: Email of the person who will perform the action """ required_roles = roles user_roles = user_datastore.find_user(email=email).roles for user_role in user_roles: if user_role in required_roles: return True return False
def post(self): email = request.json["email"] current_password = request.json["current_password"] new_password = request.json["new_password"] new_password_retype = request.json["new_password_retype"] user = User.query.filter_by(email=email).first() if verify_password(current_password, user.password) and new_password == new_password_retype and len(current_password) > 5: user_datastore.find_user(email=email).password = hash_password(new_password) db_session.commit() return { "version": api_version, "message":"Member password for {} has been updated".format(email), "data": { "email": "{}".format(email), } }, 200
def post(self): if "application/json" in request.headers["Content-Type"]: email = request.json["email"] password = request.json["password"] user = user_datastore.find_user(email=email) if user and verify_password(password, user.password): login_user(user) roles = user.roles user.login_count += 1 user.last_login_ip = user.current_login_ip user.current_login_ip = request.remote_addr user.last_login_at = user.current_login_at user.current_login_at = datetime.datetime.now() db_session.commit() try: suppliers_list = user.suppliers except: print("something is wrong") return { "version": api_version, "message": "Successfully logged in as {}".format(email), "data": { "email": email, "username": user.username, "company": user.company, "contact": user.contact, "address": user.address, "suppliers": ast.literal_eval(suppliers_list), "roles": list(map(lambda x: x.name, roles)), } }, 200 return { "version": api_version, "message": "Please check your log in credentials for {}".format(email), "data": {} }, 401 else: return { "version": api_version, "message": "Please check your input type", "data": {} }, 404
def get(self, member_id): if check_member_role(["admin"], current_user.email) == False: return { "message": 'Missing authorization to retrieve content', }, 401 if "application/json" in request.headers["Content-Type"]: user = user_datastore.find_user(id=member_id) ops_history = Logging.query.filter_by(email=user.email).all() data = [log.as_dict() for log in ops_history] return { "version": api_version, "message": 'Ops history for {} (User id {})'.format(user.email, user.id), "data": data }, 200 return { "version": api_version, "message": "Please check your input data type", "data": {} }, 404
def load_user(user_id): return user_datastore.find_user(id=user_id)
def post(self): if check_member_role(["admin"], current_user.email) == False: return { "message": 'Missing authorization to retrieve content', }, 401 if "application/json" in request.headers["Content-Type"]: email = request.json["email"] print('\n\n\n\n', email, '\n\n\n\n') password = request.json["password"] username = request.json.get("username") current_login_ip = request.remote_addr company = request.json.get("company") contact = request.json.get("contact") address = request.json.get("address") roles = request.json.get("role") ####### NEED TO UPDATE TO DYNAMICALLY SEARCH AND INDEX INPUT FROM CLIENT ###### try: suppliers = request.json["suppliers"] except: # suppliers_list = Supplier.query.order_by(Supplier.email).all() # data = [supplier.as_dict() for supplier in suppliers_list] suppliers = [] pass # suppliers_list = Supplier.query.order_by(Supplier.email).all() # data = [supplier.as_dict() for supplier in suppliers_list] if user_datastore.get_user(email): return { "version": api_version, "message": "User {} exist. Please login".format(email), "data": {} }, 422 elif not re.match(r"[^@]+@[^@]+\.[^@]+", email): return { "version": api_version, "message": "Please check your email format.", "data": {} }, 422 elif len(password) < 6 or not password: return { "version": api_version, "message": "Password must be at least 6 characters long.", "data": {} }, 422 # create user and add user role as default user_datastore.create_user(email=email, password=hash_password(password), username=username, current_login_ip=current_login_ip, suppliers=str(suppliers), company=company, contact=contact, address=address) db_session.commit() if roles and Role.query.filter_by(name=roles).first(): user_datastore.add_role_to_user(email, roles) else: user_datastore.add_role_to_user(email, "user") db_session.commit() roles = user_datastore.find_user(email=email).roles user = User.query.filter_by(email=email).first() return { "version": api_version, "message": "User {} created.".format(email), "data": { "id": user.id, "email": user.email, "roles": list(map(lambda x: x.name, roles)), "suppliers": ast.literal_eval(user.suppliers), "company": user.company, "contact": user.contact, "address": user.address, "active": user.active } }, 200
def get_user(email): res = user_datastore.find_user(email=email) return res
def post(self): if "application/json" in request.headers["Content-Type"]: email = request.json["email"] password = request.json["password"] username = request.json.get("username") current_login_ip = request.remote_addr ####### NEED TO UPDATE TO DYNAMICALLY SEARCH AND INDEX INPUT FROM CLIENT ###### # try: # suppliers = request.json["suppliers"] # except: # suppliers_list = Supplier.query.order_by(Supplier.email).all() # data = [supplier.as_dict() for supplier in suppliers_list] # print(data) suppliers_list = Supplier.query.order_by(Supplier.email).all() data = [supplier.as_dict() for supplier in suppliers_list] company = request.json.get("company") contact = request.json.get("contact") content = render_user_client_structure() if user_datastore.get_user(email): return { "version": api_version, "message": "User {} exist. Please login".format(email), "data": {} }, 422 elif not re.match(r"[^@]+@[^@]+\.[^@]+", email): return { "version": api_version, "message": "Please check your email format.", "data": {} }, 422 elif len(password) < 6: return { "version": api_version, "message": "Password must be at least 6 characters long.", "data": {} }, 422 # create user and add user role as default user_datastore.create_user( email = email, password = hash_password(password), username = username, current_login_ip = current_login_ip, suppliers = { "data": data }, company = company, contact = contact, content = content, ) db_session.commit() user_datastore.add_role_to_user(email, "user") db_session.commit() roles = user_datastore.find_user(email=email).roles user = User.query.filter_by(email=email).first() return { "version": api_version, "message": "User {} created.".format(email), "data": { "email": "{}".format(email), "roles":list(map(lambda x: x.name, roles)), "suppliers": user.suppliers, "company": company, "contact": contact } }, 200
def check_email(email): """ Checks if user exists by email """ return user_datastore.find_user(email=email)
def add_role_to_user(email,role): user = user_datastore.find_user(email=email) user_datastore.add_role_to_user(user,role) db.session.commit()