def view_dm(user_id):
auth_user_id = get_jwt_identity()
user_one = get_user(str(auth_user_id))
user_two = get_user(str(user_id))
if user_one.ID == user_two.ID:
return jsonify({'Error': 'Requested DM with self.'}), 400
try:
target_room = find_dm(
user_one, user_two
) # find_dm orders params properly to prevent duplicate DMs
if target_room:
room_object = get_room(target_room)
return jsonify(
return_room(room_object, user_one.username, auth_user_id)), 200
else:
new_dm = create_dm(user_one, user_two)
room_object = get_room(new_dm)
return jsonify(
return_room(room_object, user_one.username, auth_user_id)), 200
except BrokenPipeError as e:
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
add_log_event(200, auth_user_id, '{}'.format(e), ip_address=ip)
return jsonify({'Error': 'Please try again. {}'.format(e)}), 500
def change_password(user_id):
auth_user_id = get_jwt_identity()
auth_user = get_user(auth_user_id)
json_input = request.get_json()
if request.method == 'POST':
current_app.logger.info('NOTE: {} changing their password'.format(
auth_user.username, user_id))
new_password = json_input['new_password']
old_password = json_input['old_password']
if len(new_password) == 0 or len(old_password) == 0:
return jsonify({'Error': 'Empty input fields.'}), 400
if auth_user and auth_user.check_password(old_password):
change_user_password(auth_user_id, new_password)
add_log_event(200,
auth_user.ID,
'Password',
ip_address=request.remote_addr)
return jsonify({'Success': 'Password changed'}), 200
else:
return jsonify({'Error': 'Incorrect password'}), 403
return jsonify({'Error': ''}), 500
def refresh():
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
user_id = get_jwt_identity()
access_token = create_access_token(identity=user_id, fresh=True)
add_log_event(200, user_id, 'Refresh', ip_address=ip)
return jsonify({'Token': access_token})
def login():
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
current_app.logger.info('{} hit /login'.format(ip))
json_input = request.get_json(force=True)
try:
username = json_input['username']
password = json_input['password']
except KeyError as e:
return jsonify({'Error':
'Invalid request: Missing required field.'}), 400
except TypeError as e:
return jsonify({'Error': 'Invalid request: Must be a json/dict.'}), 400
if len(username) == 0 or username == '':
return jsonify({'Error': 'Please provide a username.'}), 400
if len(password) == 0:
return jsonify({'Error': 'Please provide a password'}), 400
if not re.match("^[A-Za-z_]*$", username):
return jsonify({'Error': 'Invalid username.'}), 400
if request.method == 'POST':
try:
user_id = get_user_id(username)
if not user_id:
return jsonify({'Error': 'User not found.'}), 400
user = get_user(user_id)
except TypeError as e:
return jsonify({'Error': 'Bad username.'}), 400
if user and user.check_password(password):
access_token = create_access_token(identity=user_id, fresh=True)
refresh_token = create_refresh_token(identity=user_id)
current_app.logger.info('Login')
add_log_event(200, username, 'Login', ip_address=ip)
return jsonify({
'Token': access_token,
'Refresh': refresh_token
}), 200
elif not user:
return jsonify({'Error': 'User not found.'}), 400
else:
current_app.logger.info('%s failed to log in', username)
return jsonify({'Error': 'Wrong password.'}), 403
else:
return jsonify({'Error': 'Request must be POST'}), 405
def create_account():
ip = request.environ.get('HTTP_X_REAL_IP', request.remote_addr)
json_input = request.get_json(force=True)
try:
username = json_input['username']
password = json_input['password']
email = json_input['email']
full_name = json_input['name']
current_app.logger.info('{} trying to create a new account, {}'.format(
request.remote_addr, username))
if len(username) == 0 or len(password) == 0 or len(email) == 0 or len(
full_name) == 0:
raise KeyError('Empty field.')
except KeyError as e:
return jsonify(
{'Error':
'Invalid request: Missing required field. {}'.format(e)}), 400
except TypeError as e:
return jsonify(
{'Error':
'Invalid request: Must be a json/dict. {}'.format(e)}), 400
regex_email = r'\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Z|a-z]{2,}\b'
if not re.match(regex_email, email):
return jsonify({'Error': 'Invalid email address.'}), 400
if not re.match("^[A-Za-z ]*$", full_name):
return jsonify({'Error': 'Invalid full name.'}), 400
if re.match("^[A-Za-z_]*$", username):
if len(password) < 6:
return jsonify({'Error': 'Password must be 6+ characters.'}), 400
try:
user_id = save_user(username, email, password, full_name)
current_app.logger.info('{} created a new account, {}'.format(
request.remote_addr, username))
add_log_event(200, user_id, 'Signup', ip_address=ip)
return jsonify({'Success': 'User created.'.format(user_id)}), 200
except DuplicateKeyError:
return jsonify({'Error':
'Username or email is already in use.'}), 400
else:
return jsonify({'Error': 'Bad username.'}), 400
return jsonify({'Error': ''}), 500