async def post(self, request): if not check_csrf(request): return json({'message': 'access denied'}, status=403) user_row = request['session'].get('user', None) if user_row: await log_out(request) return json({'message': 'logout succeeded'}, status=200) return json({'message': 'not logged in'}, status=401)
async def post(self, request, table_name=None): """Post endpoint. Create a new row. :param request: Sanic Request. :param table_name: Name of the table to access. """ if not check_csrf(request): return json({'message': 'access denied'}, status=403) get_jawaf() table = registry.get(table_name) if not table: return json({'message': 'access denied'}, status=403) async with Connection(table['database']) as con: stmt = table['table'].insert().values(**request.json) await con.execute(stmt) await add_audit_action( 'post', 'admin', table_name, request['session']['user']) return json({'message': 'success'}, status=201)
async def post(self, request): if not check_csrf(request): return json({'message': 'access denied'}, status=403) username = request.json.get('username', '') old_password = request.json.get('old_password', None) new_password = request.json.get('new_password', None) user_row = await check_user(username, old_password) if not user_row: return json({'message': 'bad user data'}, status=403) if user_row.get('id') != request['session']['user'].get('id'): return json({'message': 'bad user data'}, status=403) if new_password is None: return json({'message': 'no password'}, status=403) await update_user(database=None, target_username=username, password=new_password) return json({'message': 'password changed'}, status=200)
async def post(self, request, user_id, token): if not check_csrf(request): return json({'message': 'access denied'}, status=403) user_id = decode_user_id(user_id) username = request.json.get('username', None) new_password = request.json.get('new_password', None) verified = await check_user_reset_access(username, user_id, token, database=None) if verified: if new_password is None or username is None: return json({'message': 'bad user data'}, status=401) await update_user(database=None, target_user_id=user_id, password=new_password) return json({'message': 'accepted'}, status=200) return json({'message': 'unauthorized'}, status=403)
async def post(self, request): if not check_csrf(request): return json({'message': 'access denied'}, status=403) username = request.json.get('username', '') password = request.json.get('password', None) next_url = request.json.get('next', None) if not password: return json({'message': 'no password'}, status=403) user_row = await check_user(username, password) if user_row: await log_in(request, user_row) return json( { 'message': 'login succeeded', 'next': next_url, 'username': username }, status=200) return json({'message': 'login failed'}, status=403)
async def delete(self, request, table_name=None): """Delete endpoint. :param request: Sanic Request. :param table_name: Name of the table to access. """ if not check_csrf(request): return json({'message': 'access denied'}, status=403) get_jawaf() table = registry.get(table_name) target_id = request.json.get('id', None) if not target_id: return json({'message': 'no id'}, status=400) if not table: return json({'message': 'access denied'}, status=403) async with Connection(table['database']) as con: stmt = table['table'].delete().where( table['table'].c.id == target_id) await con.execute(stmt) await add_audit_action( 'delete', 'admin', table_name, request['session']['user']) return json({'message': 'success'}, status=200)