Example #1
0
def login():
    res = ApiResponse()
    try:
        body = should_look_like(user_credentials_schema)
        app_user = AppUser.get_by_email(body['email'])
        if app_user and pbkdf2_sha256.verify(body['password'],
                                             app_user.pw_hash):
            res.data = {
                'refresh_token':
                create_refresh_token(identity=app_user.id,
                                     expires_delta=timedelta(days=1)),
                'access_token':
                create_access_token(identity=app_user.id,
                                    user_claims={'email': app_user.email},
                                    expires_delta=timedelta(hours=1)),
            }
            res.status = 200
        else:
            res.status = 401
            res.pub_msg = 'Email or password was not recognized'
    except HTTPException as exc:
        return exc
    except BaseException as exc:
        abort(500)
    return res
Example #2
0
def food_kind(kind_id=''):
    res = ApiResponse()
    try:
        if request.method == 'GET':
            if kind_id:
                res.data = FoodKind.query.get_or_404(kind_id).full_dict()
            else:
                res.data = [
                    x.full_dict() for x in FoodKind.query.filter_by(
                        user_id=get_jwt_identity()).all()
                ]
        elif request.method == 'POST':
            body = should_look_like(food_kind_schema)
            food_kind = FoodKind(**body)
            food_kind.user_id = get_jwt_identity()
            food_kind.save()
            res.status = 201
        elif request.method == 'PUT':
            body = should_look_like(food_kind_schema)
            food_kind = FoodKind.query.get_or_404(kind_id)
            if str(food_kind.user_id) != get_jwt_identity():
                res.status = 401
                res.pub_msg = 'You do not have permission to update this "food kind"'
            else:
                food_kind.update_name(body['name'])
                food_kind.unit_of_measurement_id = body[
                    'unit_of_measurement_id']
                food_kind.serving_size = body['serving_size']
                print(food_kind.unit_of_measurement_id)
                food_kind.save()
        elif request.method == 'DELETE':
            msg, status = helpers.delete_food_kind(kind_id=kind_id,
                                                   user_id=get_jwt_identity(),
                                                   force=request.args.get(
                                                       'force', False))
            res.pub_msg = msg
            res.status = status
    except HTTPException as exc:
        print(str(exc))
        return exc
    except BaseException as exc:
        print(exc)
        abort(500)
    return res
Example #3
0
def register():
    res = ApiResponse()
    try:
        body = should_look_like(user_credentials_schema)
        if AppUser.get_by_email(body['email']):
            res.status = 400
            res.pub_msg = 'Email {} already exists in our system'.format(
                body['email'])
        else:
            pw_hash = pbkdf2_sha256.hash(body['password'])
            AppUser(email=body['email'], pw_hash=pw_hash).save()
            res.status = 201
    except HTTPException as exc:
        return exc
    except BaseException as exc:
        print('EXCEPTION', exc)
        abort(500)
    return res
def create_snapshot():
    res = ApiResponse()
    try:
        body = should_look_like(snapshot_schema)
        stock = Stock.query.get_or_404(body['stock_id'])
        if stock.user_id == get_jwt_identity():
            snapshot = Snapshot(**body)
            for food_item in stock.stock_items:
                state = food_item.states.order_by(
                    desc(StockItemState.date_created)).first()
                snapshot.food_item_states.append(state)
            snapshot.save()
            res.status = 201
        else:
            res.status = 401
            res.pub_msg = 'You do not have permission to create a snapshot of this stock'
    except HTTPException as exc:
        return exc
    except BaseException as exc:
        abort(500)
    return res
Example #5
0
def reset_password():
    res = ApiResponse()
    try:
        body = should_look_like(pw_reset_schema)
        nonce = get_jwt_identity()
        pw_reset_email = PwResetEmail.query.get(nonce)
        if pw_reset_email:
            app_user = AppUser.query.get(pw_reset_email.user_id)
            app_user.pw_hash = pbkdf2_sha256.hash(body['password'])
            app_user.save()
            pw_reset_email.delete()
            res.status = 200
        else:
            res.status = 400
            res.pub_msg = 'This link has expired.'
    except HTTPException as exc:
        print(exc)
        return exc
    except BaseException as exc:
        print(exc)
        abort(500)
    return res
Example #6
0
def stock_item(stock_id='', item_id=''):
    res = ApiResponse()
    try:
        if request.method == 'POST':
            body = should_look_like(food_item_schema)
            stock = Stock.query.get_or_404(stock_id)
            if str(stock.user_id) == get_jwt_identity():
                food_item = StockItem(**{'stock_id': stock_id, **body})
                food_item.save()
                res.status = 201
            else:
                res.status = 401
                res.pub_msg = 'You do not have permission to add items to this stock'
        elif request.method == 'DELETE':
            food_item = StockItem.query.get_or_404(item_id)
            food_item.delete()
    except HTTPException as exc:
        return exc
    except BaseException as exc:
        print('EXCEPTION', exc)
        abort(500)
    return res
Example #7
0
def send_reset_link():
    res = ApiResponse()
    try:
        body = should_look_like(send_reset_link_schema)
        app_user = AppUser.get_by_email(body['email'])
        if app_user:
            # delete all records of previously sent pw reset emails so that
            # there will only be one valid link --- mitigate possibility of
            # pw reset link falling into the wrong hands
            for prev_email in PwResetEmail.find_by_user_id(app_user.id):
                prev_email.delete()

            # create new pw_reset_email record
            pw_reset_email = PwResetEmail(user_id=app_user.id)
            pw_reset_email.save()

            fresh_jwt = create_access_token(
                pw_reset_email.nonce,
                fresh=True,
                user_claims={'email': body['email']},
                expires_delta=timedelta(minutes=30))

            client_host = os.getenv('CLIENT_HOST')
            nonced_link = client_host + '/login/recover/' + fresh_jwt

            mail.send_message(subject='Grocery Inventory Password Reset',
                              recipients=[body['email']],
                              html=render_template('password_reset_email.html',
                                                   nonced_link=nonced_link))
        res.status = 201
        res.pub_msg = 'If the email address you provided us is in our system you should recieve an email with a link to reset your password.'
    except HTTPException as exc:
        print(exc)
        return exc
    except BaseException as exc:
        print(exc)
        abort(500)
    return res