def get(self, encrypted_credentials):
error = {}
log.debug(f'encrypted_credentials: {encrypted_credentials}')
try:
credentials = json.loads(auth.decrypt(encrypted_credentials))
verified = users_table.verify(credentials['usr'],
credentials['psw'])
assert (verified), 'unverified user or password'
token = auth.encode_auth_token(credentials['sys'],
credentials['usr'],
credentials['psw'],
credentials['grp'])
log.debug(f'credentials: {credentials}, verified: {verified}')
except Exception as e:
error['authorization'] = str(e)
finally:
if len(error) > 0:
abort(401, description=error)
result = {'token': token}
log.debug('')
response = make_response(json.dumps(result))
return response
def verify_otp_request():
mob_number = request.form.get('mob_number')
otp = request.form.get('otp')
userData = verify_volunteer_exists(mob_number)
if not userData['status']:
return json.dumps({
'Response': {},
'status':
False,
'string_response':
'No user found for this mobile number'
})
response, success = verify_otp(otp, mob_number)
responseObj = {}
if success:
user_id = int(str(userData['volunteer_id']))
country = userData['country']
name = userData['name']
encodeKey = f'{user_id} {country}'
responseObj = {
'auth_token': encode_auth_token(encodeKey).decode(),
'name': name,
'volunteer_id': user_id
}
return json.dumps({
'Response': responseObj,
'status': success,
'string_response': response
})
def login_request():
name = request.form.get('username')
password = request.form.get('password')
response = verify_user(name, password)
user_id, access_type = get_user_id(name, password)
if not user_id:
return {
'Response': {},
'status': False,
'string_response': 'Failed to find user.'
}
response['Response']['auth_token'] = encode_auth_token(
f'{user_id} {access_type}').decode()
return json.dumps(response)
def login():
username = request.json.get("username")
password = request.json.get("password")
if not username or not password:
return abort(
make_response(
jsonify(code="BAD_REQUEST",
message="\"username\" or \"password\" not provided."),
400))
user = User.get_by_username(username)
if not bcrypt.check_password_hash(user.password, password):
return abort(
make_response(
jsonify(code="NOT_ACCEPTABLE", message="Wrong Password"), 406))
access_token = encode_auth_token(username)
return jsonify({
"success": True,
"accessToken": access_token,
"user": user.dictionary()
}), 202
def register():
username = request.json.get("username")
password = request.json.get("password")
if not username or not password:
return abort(
make_response(
jsonify(code="BAD_REQUEST",
message="\"username\" or \"password\" not provided."),
400))
user = User(
username=username,
password=bcrypt.generate_password_hash(password).decode("UTF-8"),
email=request.json.get("email"),
first_name=request.json.get("firstName"),
last_name=request.json.get("lastName"))
user.insert()
access_token = encode_auth_token(user.username)
return jsonify({
"success": True,
"accessToken": access_token,
"user": user.dictionary()
}), 201
def test_decode_auth_token(self):
token = auth.encode_auth_token(TestServer.secret, 'user1')
self.assertTrue(isinstance(token, bytes), 'Wrong result')
result: str = auth.decode_auth_token(TestServer.secret, token)
self.assertEqual('user1', result, 'Wrong user')
def test_encode_auth_token(self):
token = auth.encode_auth_token(TestServer.secret, 'user1')
self.assertTrue(isinstance(token, bytes))
def new_user(*args, **kwargs):
name = request.form.get('name')
mob_number = request.form.get('mob_number')
email_id = request.form.get('email_id')
password = request.form.get('password')
organisation = request.form.get('organisation')
creator_access_type = request.form.get('creator_access_type')
user_access_type = request.form.get('user_access_type')
creator_user_id = request.form.get('creator_user_id')
verification_team = request.form.get('verification_team', 1)
current_time = dt.datetime.utcnow() + dt.timedelta(minutes=330)
if (user_access_type == 'moderator'):
access_type = 2
elif (user_access_type == 'viewer'):
access_type = 3
elif (user_access_type == 'superuser'):
response = {
'Response': {},
'status': False,
'string_response': 'You cannot create superuser'
}
return json.dumps(response)
else:
response = {
'Response': {},
'status': False,
'string_response': 'Invalid access type'
}
return json.dumps(response)
req_dict = {
'creation_date': [current_time],
'name': [name],
'mob_number': [mob_number],
'email_id': [email_id],
'organisation': [organisation],
'password': [password],
'access_type': [access_type],
'created_by': [creator_user_id],
'verification_team': [verification_team]
}
df = pd.DataFrame(req_dict)
if (creator_access_type == 'superuser'):
response = add_user(df)
user_id, access_type = get_user_id(mob_number, password)
if not user_id:
return {
'Response': {},
'status': False,
'string_response':
'Failed to create user. Please try again later'
}
response['auth_token'] = encode_auth_token(
f'{user_id} {access_type}').decode()
else:
response = {
'Response': {},
'status': False,
'string_response':
'User does not have permission to create new users'
}
return json.dumps(response)