async def post(self, request):
if not check_csrf(request):
return json({'message': 'access denied'}, status=403)
user_row = request['session'].get('user', None)
if user_row:
await log_out(request)
return json({'message': 'logout succeeded'}, status=200)
return json({'message': 'not logged in'}, status=401)
async def post(self, request, table_name=None):
"""Post endpoint. Create a new row.
:param request: Sanic Request.
:param table_name: Name of the table to access.
"""
if not check_csrf(request):
return json({'message': 'access denied'}, status=403)
get_jawaf()
table = registry.get(table_name)
if not table:
return json({'message': 'access denied'}, status=403)
async with Connection(table['database']) as con:
stmt = table['table'].insert().values(**request.json)
await con.execute(stmt)
await add_audit_action(
'post', 'admin', table_name, request['session']['user'])
return json({'message': 'success'}, status=201)
async def post(self, request):
if not check_csrf(request):
return json({'message': 'access denied'}, status=403)
username = request.json.get('username', '')
old_password = request.json.get('old_password', None)
new_password = request.json.get('new_password', None)
user_row = await check_user(username, old_password)
if not user_row:
return json({'message': 'bad user data'}, status=403)
if user_row.get('id') != request['session']['user'].get('id'):
return json({'message': 'bad user data'}, status=403)
if new_password is None:
return json({'message': 'no password'}, status=403)
await update_user(database=None,
target_username=username,
password=new_password)
return json({'message': 'password changed'}, status=200)
async def post(self, request, user_id, token):
if not check_csrf(request):
return json({'message': 'access denied'}, status=403)
user_id = decode_user_id(user_id)
username = request.json.get('username', None)
new_password = request.json.get('new_password', None)
verified = await check_user_reset_access(username,
user_id,
token,
database=None)
if verified:
if new_password is None or username is None:
return json({'message': 'bad user data'}, status=401)
await update_user(database=None,
target_user_id=user_id,
password=new_password)
return json({'message': 'accepted'}, status=200)
return json({'message': 'unauthorized'}, status=403)
async def post(self, request):
if not check_csrf(request):
return json({'message': 'access denied'}, status=403)
username = request.json.get('username', '')
password = request.json.get('password', None)
next_url = request.json.get('next', None)
if not password:
return json({'message': 'no password'}, status=403)
user_row = await check_user(username, password)
if user_row:
await log_in(request, user_row)
return json(
{
'message': 'login succeeded',
'next': next_url,
'username': username
},
status=200)
return json({'message': 'login failed'}, status=403)
async def delete(self, request, table_name=None):
"""Delete endpoint.
:param request: Sanic Request.
:param table_name: Name of the table to access.
"""
if not check_csrf(request):
return json({'message': 'access denied'}, status=403)
get_jawaf()
table = registry.get(table_name)
target_id = request.json.get('id', None)
if not target_id:
return json({'message': 'no id'}, status=400)
if not table:
return json({'message': 'access denied'}, status=403)
async with Connection(table['database']) as con:
stmt = table['table'].delete().where(
table['table'].c.id == target_id)
await con.execute(stmt)
await add_audit_action(
'delete', 'admin', table_name, request['session']['user'])
return json({'message': 'success'}, status=200)