def login(): res = ApiResponse() try: body = should_look_like(user_credentials_schema) app_user = AppUser.get_by_email(body['email']) if app_user and pbkdf2_sha256.verify(body['password'], app_user.pw_hash): res.data = { 'refresh_token': create_refresh_token(identity=app_user.id, expires_delta=timedelta(days=1)), 'access_token': create_access_token(identity=app_user.id, user_claims={'email': app_user.email}, expires_delta=timedelta(hours=1)), } res.status = 200 else: res.status = 401 res.pub_msg = 'Email or password was not recognized' except HTTPException as exc: return exc except BaseException as exc: abort(500) return res
def food_kind(kind_id=''): res = ApiResponse() try: if request.method == 'GET': if kind_id: res.data = FoodKind.query.get_or_404(kind_id).full_dict() else: res.data = [ x.full_dict() for x in FoodKind.query.filter_by( user_id=get_jwt_identity()).all() ] elif request.method == 'POST': body = should_look_like(food_kind_schema) food_kind = FoodKind(**body) food_kind.user_id = get_jwt_identity() food_kind.save() res.status = 201 elif request.method == 'PUT': body = should_look_like(food_kind_schema) food_kind = FoodKind.query.get_or_404(kind_id) if str(food_kind.user_id) != get_jwt_identity(): res.status = 401 res.pub_msg = 'You do not have permission to update this "food kind"' else: food_kind.update_name(body['name']) food_kind.unit_of_measurement_id = body[ 'unit_of_measurement_id'] food_kind.serving_size = body['serving_size'] print(food_kind.unit_of_measurement_id) food_kind.save() elif request.method == 'DELETE': msg, status = helpers.delete_food_kind(kind_id=kind_id, user_id=get_jwt_identity(), force=request.args.get( 'force', False)) res.pub_msg = msg res.status = status except HTTPException as exc: print(str(exc)) return exc except BaseException as exc: print(exc) abort(500) return res
def register(): res = ApiResponse() try: body = should_look_like(user_credentials_schema) if AppUser.get_by_email(body['email']): res.status = 400 res.pub_msg = 'Email {} already exists in our system'.format( body['email']) else: pw_hash = pbkdf2_sha256.hash(body['password']) AppUser(email=body['email'], pw_hash=pw_hash).save() res.status = 201 except HTTPException as exc: return exc except BaseException as exc: print('EXCEPTION', exc) abort(500) return res
def create_snapshot(): res = ApiResponse() try: body = should_look_like(snapshot_schema) stock = Stock.query.get_or_404(body['stock_id']) if stock.user_id == get_jwt_identity(): snapshot = Snapshot(**body) for food_item in stock.stock_items: state = food_item.states.order_by( desc(StockItemState.date_created)).first() snapshot.food_item_states.append(state) snapshot.save() res.status = 201 else: res.status = 401 res.pub_msg = 'You do not have permission to create a snapshot of this stock' except HTTPException as exc: return exc except BaseException as exc: abort(500) return res
def reset_password(): res = ApiResponse() try: body = should_look_like(pw_reset_schema) nonce = get_jwt_identity() pw_reset_email = PwResetEmail.query.get(nonce) if pw_reset_email: app_user = AppUser.query.get(pw_reset_email.user_id) app_user.pw_hash = pbkdf2_sha256.hash(body['password']) app_user.save() pw_reset_email.delete() res.status = 200 else: res.status = 400 res.pub_msg = 'This link has expired.' except HTTPException as exc: print(exc) return exc except BaseException as exc: print(exc) abort(500) return res
def stock_item(stock_id='', item_id=''): res = ApiResponse() try: if request.method == 'POST': body = should_look_like(food_item_schema) stock = Stock.query.get_or_404(stock_id) if str(stock.user_id) == get_jwt_identity(): food_item = StockItem(**{'stock_id': stock_id, **body}) food_item.save() res.status = 201 else: res.status = 401 res.pub_msg = 'You do not have permission to add items to this stock' elif request.method == 'DELETE': food_item = StockItem.query.get_or_404(item_id) food_item.delete() except HTTPException as exc: return exc except BaseException as exc: print('EXCEPTION', exc) abort(500) return res
def send_reset_link(): res = ApiResponse() try: body = should_look_like(send_reset_link_schema) app_user = AppUser.get_by_email(body['email']) if app_user: # delete all records of previously sent pw reset emails so that # there will only be one valid link --- mitigate possibility of # pw reset link falling into the wrong hands for prev_email in PwResetEmail.find_by_user_id(app_user.id): prev_email.delete() # create new pw_reset_email record pw_reset_email = PwResetEmail(user_id=app_user.id) pw_reset_email.save() fresh_jwt = create_access_token( pw_reset_email.nonce, fresh=True, user_claims={'email': body['email']}, expires_delta=timedelta(minutes=30)) client_host = os.getenv('CLIENT_HOST') nonced_link = client_host + '/login/recover/' + fresh_jwt mail.send_message(subject='Grocery Inventory Password Reset', recipients=[body['email']], html=render_template('password_reset_email.html', nonced_link=nonced_link)) res.status = 201 res.pub_msg = 'If the email address you provided us is in our system you should recieve an email with a link to reset your password.' except HTTPException as exc: print(exc) return exc except BaseException as exc: print(exc) abort(500) return res