def bunk_post (self, client): """ Log a user in. @request_param username (str) @request_param password (str) @response user_id (int) """ password_hash = UserDBModel.hash_password(client.params.get("password")) username = client.params.get("username") try: users_filters = [ ["username", "=", username], ["password_hash", "=", password_hash], ["is_deleted", "=", False] ] users = UserDBModel.filter(users_filters).limit(1)() if users: # user loaded user = users[0] # update last log in date user.date_last_log_in = "@NOW()" user.save() # store user details in session client.session["user_id"] = user.user_id client.session["username"] = user.username client.session["email"] = user.email # set session auth roles self.auth_set_roles((AUTH_ROLE_USER,)) else: # failed to authenticate err_code = RESP_ERR_CODE_AUTHENTICATION_FAILED err_msg = "Login credentials provided failed to authenticate." return self.respond_error(err_code, err_msg, response_code.HTTP_500) except Exception, e: # failed to log user in for unknown reason err_code = RESP_ERR_CODE_LOGIN_FAILED err_msg = "User log in failed for unknown reason." return self.respond_error(err_code, err_msg, response_code.HTTP_500)
def bunk_post (self, client): """ Create a user and return user_id. @request_param username (str) @request_param password (str) @request_param email (str) @response user_id (int) """ user = UserDBModel() user.email = client.params.get("email") user.password = str(client.params.get("password")) user.username = client.params.get("username") if user.validate(): try: # get db connection and cursor db = self.get_db() dbconn = db.get_connection() dbcurs = dbconn.cursor() # check if user exists existing_user = UserDBModel.filter([["username", "=", user.username]])() if existing_user: # user exists err_code = RESP_ERR_CODE_USERNAME_ALREADY_IN_USE err_msg = "Username already in use." field_errs = [('username', 'Username already in use. Please select another one.')] return self.respond_error(err_code, err_msg, response_code.HTTP_409, field_errors=field_errs) # create user user.save(connection=dbconn) # retrieve newely created user_id dbcurs.execute("SELECT CURRVAL('user_user_id_seq') AS value") user.user_id = db.fetch_all(dbcurs)[0]["value"] except Exception, e: # failed to create user for unknown reason err_code = RESP_ERR_CODE_USER_CREATION_FAILED err_msg = "User failed to create for unknown reason." return self.respond_error(err_code, err_msg, response_code.HTTP_500)
def bunk_get (self, client): """ Retrieve details for a user. @request_param username (str) @response user_id (int) @response username (int) @response email (int) """ is_admin = AUTH_ROLE_ADMIN in self.auth_roles try: users_filters = [ ["username", "=", client.params.get("username")], ["is_deleted", "=", False] ] users = UserDBModel.filter(users_filters).limit(1)() if users: user = users[0] if is_admin or user.user_id == client.session.get("user_id"): # build reponse response = { "user_id": user.user_id, "username": user.username, "email": user.email } # return user details return self.respond(response, response_code.HTTP_200) else: # failed to load user if is_admin: err_code = RESP_ERR_CODE_USER_DOES_NOT_EXIST err_msg = "User does not exist." return self.respond_error(err_code, err_msg, response_code.HTTP_404) # return access denied message return self.respond_access_denied() except Exception, e: # allow admin failed to log user in for unknown reason err_code = RESP_ERR_CODE_USER_DETAILS_FAILED err_msg = "User failed to load for unknown reason." return self.respond_error(err_code, err_msg, response_code.HTTP_500)