def auth_registration(): data = request.get_json() username = data.get('username') first_name = data.get('first_name') last_name = data.get('last_name') email = data.get('email') pass1 = data.get('password1') pass2 = data.get('password2') no_exist = User.query.filter_by(email=email).first() is None pass_equiv = pass1 == pass2 xhr = MakeResponse() if not pass_equiv: xhr.set_error(422, "Paswords do not match.") elif not no_exist: xhr.set_error(409, "Email address is not available for use.") else: user = User({ "username": username, "first_name": first_name, "last_name": last_name, "email": email, "password": pass1 }) user.save() xhr.set_status(200) return xhr.response
def get_user_tags(user_id): user = helpers.get_user() xhr = MakeResponse() if user.id is not user_id: xhr.set_error(401) return xhr.response tags = User.query.get_or_404(user_id).tags tags = [t.to_dict() for t in tags] xhr.set_body(tags) return xhr.response
def delete_document(doc_id): user = api.helpers.get_user() doc = Document.query.get_or_404(doc_id) xhr = MakeResponse(200) if not doc.user_has_access(user, 'delete'): xhr.set_error(401, "Not authorized to delete document.") return xhr.response doc.delete() return xhr.response
def delete_tag(tag_id): user = api.helpers.get_user() tag = Tag.query.get_or_404(tag_id) xhr = MakeResponse(200) if not tag.user_is_owner(user): xhr.set_error(401, "You are not the owner of this tag.") return xhr.response tag.delete() return xhr.response
def get_document(doc_id): user = api.helpers.get_user() doc = Document.query.get_or_404((doc_id)) xhr = MakeResponse() if not doc.user_has_access(user, 'read'): xhr.set_error(401, "Not Authorized") return xhr.response res = document_schema.dump(doc) xhr.set_success(data=res.data) return xhr.response
def get_tag(tag_id): user = api.helpers.get_user() tag = Tag.query.get_or_404(tag_id) xhr = MakeResponse(200) if not tag.user_is_owner(user): xhr.set_error(401, "You are not the owner of this tag.") return xhr.response tag = tag_schema.dump(tag).data xhr.set_body(data=tag) return xhr.response
def auth_login(): data = request.get_json() username = data.get('username') password = data.get('password') user = User.query.filter_by(username=username).first() xhr = MakeResponse(200) if user and user.authenticate(password): token = jwt.create_token_for_user(user) res = dict(access_token=token) xhr.set_body(res) return xhr.response else: xhr.set_error(401, {"error": "Trouble authenticating"}) return xhr.response
def edit_document(doc_id): user = api.helpers.get_user() data = document_schema.load(request.get_json()) doc = Document.query.get_or_404(doc_id) xhr = MakeResponse() if not doc.user_has_access(user, 'write'): xhr.set_error(401, "Not authorized to edit document.") return xhr.response for k, v in data.data.iteritems(): setattr(doc, k, v) doc.save() xhr = MakeResponse(200, body=document_schema.dump(doc).data) return xhr.response
def refresh_auth_token(): data = request.get_json() agent = request.headers.get('User-Agent') refresh_token = data.get('refresh_token') user = api.helpers.get_user() user_id = user.id xhr = MakeResponse(200) if jwt.verify_refresh_token(refresh_token, user_id, agent): token = jwt.create_token_for_user(user) xhr.set_body(dict(access_token=token)) return xhr.response xhr.set_error( 401, "Could not refresh, please try logging out and logging back in.") return xhr.response
def refresh_auth_token(): data = request.get_json() agent = request.headers.get('User-Agent') refresh_token = data.get('refresh_token') user = api.helpers.get_user() user_id = user.id xhr = MakeResponse(200) if jwt.verify_refresh_token(refresh_token, user_id, agent): token = jwt.create_token_for_user(user) xhr.set_body(dict(access_token=token)) return xhr.response xhr.set_error( 401, "Could not refresh, please try logging out and logging back in." ) return xhr.response
def wrapper(*args, **kwargs): PREFIX = app.config.get('JWT_TOKEN_PREFIX') auth_header = request.headers.get('Authorization', None) payload = None xhr = MakeResponse() xhr.set_error(401, "Authorization Required") if auth_header is None: return xhr.response succ = False if len(auth_header) > 0 and auth_header.startswith(PREFIX): succ, payload = verify_token(auth_header[len(PREFIX):].strip()) if not succ: return xhr.response user_id = payload.get('user_id') g.current_user = User.query.get(user_id) return f(*args, **kwargs)
def get_users(): page = request.args.get('page') rows = request.args.get('rows') sort = request.args.get('sort') user = helpers.get_user() xhr = MakeResponse() if not user.is_admin: xhr.set_error(401, "You must be an admin.") return xhr.response query = User.query count = query.count() query = filters.sort_query(query, User, sort) query = filters.limit_and_offset(query, page=page, rows=rows) users = query.all() users = [u.to_dict(include='is_admin') for u in users] result = helpers.format_result(users, page, rows, count) xhr = MakeResponse(200, body=result) return xhr.response
def get_users(): page = request.args.get("page") rows = request.args.get("rows") sort = request.args.get("sort") user = helpers.get_user() xhr = MakeResponse() if not user.is_admin: xhr.set_error(401, "You must be an admin.") return xhr.response query = User.query count = query.count() query = filters.sort_query(query, User, sort) query = filters.limit_and_offset(query, page=page, rows=rows) users = query.all() users = [u.to_dict(include="is_admin") for u in users] result = helpers.format_result(users, page, rows, count) xhr = MakeResponse(200, body=result) return xhr.response