def post(self, user=None):
""" Add a new entry """
entry = User(**api.payload)
entry = entry.save()
return {
"message": f"Add user '{entry.firstname}'",
"id": str(entry.id)
}, 201
def get(self):
""" Fetch a list with all entries """
args = self.parser.parse_args()
include_deactivated = args["deactivated"]
if not include_deactivated:
# Select only active entries
res = User.objects(is_active=True).all()
else:
# Include deprecated entries
res = User.objects().all()
return list(res)
def post(self):
"""Fetch an access token to perform requests which require elevated privileges
Upon successful login, you receive an access token. Pass the token as value of 'x-access-token' in
the header of every request that requires elevated privileges. The token is only valid for a certain time
interval.
"""
email = api.payload["email"]
password = api.payload["password"]
user = User.objects(email=email).first()
if not user or not check_password_hash(user.password, password):
raise Exception(
"The email does not exists or the email password combination is wrong"
)
# Create token
token = jwt.encode(
{
"user_id": str(user.id),
"iat": datetime.datetime.utcnow(),
"exp":
datetime.datetime.utcnow() + datetime.timedelta(minutes=30),
},
app.secret_key,
)
return {"X-Access-Token": token.decode("UTF-8")}
def decorated(self, *args, **kwargs):
""" Get token and try to decode it"""
if not app.config["CHECK_ACCESS_TOKEN"]:
return f(self, *args, **kwargs)
token = request.headers.get("X-Access-Token")
if not token:
logger.info(
f"No access token provided for protected endpoint {request.path}."
)
raise TokenException(
f"Your '{f.__name__}' request on '{request.path}' requires an access token. "
f"Please provide an 'x-access-token' in the header of the request. A token will be "
f"generated through log in.")
try:
payload = jwt.decode(token, app.secret_key)
except InvalidSignatureError and DecodeError as e:
raise TokenException(
f"Your given token is invalid. Your can receive a valid token bt login."
) from e
# Get the user and pass it to the request
user = User.objects(id=payload["user_id"]).first()
return f(self, user=user, *args, **kwargs)
def put(self, id, user=None):
""" Update an entry given its unique identifier """
entry = User.objects(id=id).get()
entry.update(**api.payload)
# Needed to hash password
entry.clean()
entry.save()
return {"message": f"Update entry '{entry.firstname}'"}
def delete(self, id, user=None):
""" Delete an entry given its unique identifier """
args = self._delete_parser.parse_args()
force_delete = args["complete"]
entry = User.objects(id=id).get()
if not force_delete:
entry.update(is_active=False)
return {"message": f"Inactivated entry '{entry.firstname}'"}
else:
entry.delete()
return {"message": f"Delete entry {entry.firstname}"}
def delete(self, user=None):
""" Delete all entries"""
args = self._delete_parser.parse_args()
force_delete = args["complete"]
entry = User.objects().all()
if not force_delete:
entry.update(deprecated=True)
return {"message": "Deprecate all entries"}
else:
entry.delete()
return {"message": "Delete all entries"}
def get(self, id):
"""Fetch an entry given its unique identifier"""
return User.objects(id=id).get()