def post(self): """ Creates a new customer. """ if not (0 <= request.json["pin"] <= 99999): raise UnprocessableEntity("The PIN must be of 5 digits") new_customer = Customer( customer_mail_address=request.json['mail_address'], customer_first_name=request.json['first_name'], customer_last_name=request.json['last_name'], customer_pin_hash=str(request.json['pin'])) print(new_customer.customer_pin_hash) db.session.add(new_customer) try: db.session.commit() except OperationalError: db.session.remove() raise InternalServerError( description='Customer table does not exists.') except IntegrityError: db.session.remove() raise Conflict(description=new_customer.__repr__() + ' already exists') current_app.logger.info(new_customer.__repr__() + ' added to database.') return {'message': 'Resource created'}, 201
def test_encode_auth_token(self): user = Customer(customer_mail_address='*****@*****.**', customer_pin_hash=str(12612), customer_first_name='foo', customer_last_name='bar') db.session.add(user) db.session.commit() auth_token = user.encode_auth_token() self.assertTrue(isinstance(auth_token, bytes))
def test_decode_auth_token(self): user = Customer(customer_mail_address='*****@*****.**', customer_pin_hash=str(12612), customer_first_name='foo', customer_last_name='bar') db.session.add(user) db.session.commit() auth_token = user.encode_auth_token() self.assertTrue(isinstance(auth_token, bytes)) resp = Customer.decode_auth_token(auth_token.decode("utf-8")) if resp['status'] == 'success': self.assertTrue(resp['customer'] == user.customer_mail_address) else: assert False
def post(self): """ Performs a purchase operation """ data = Customer.decode_auth_token(request.headers['Authorization']) try: customer = Customer.query.filter_by( customer_mail_address=data['customer']).first() except OperationalError: raise InternalServerError('Customer table is missing') purchase = Purchase( purchase_date=dt.utcnow(), purchase_customer_mail_address=customer.customer_mail_address) if customer is None: raise NotFound(description='Resource ' + customer.__repr__() + ' is not found') # check if the product is requested more than once product_list = set() for details in request.json['purchase_details']: # adds the product to a set to later check if the product # appears more than once in the purchase_details if details['purchase_quantity'] <= 0: raise UnprocessableEntity('Purchase quantity cannot be <= 0') product_list.add(details['product_code']) # If length of set and received entries are different then # it means some products shows up twice in the list, # raise 422 HTTP error if len(product_list) != len(request.json['purchase_details']): raise UnprocessableEntity('A product has been submitted twice') # adds the purchase to session db.session.add(purchase) for details in request.json['purchase_details']: product = Product.query.filter_by( product_code_uuid=details['product_code']).first() if product is None: raise NotFound('Product ' + details['product_code'] + ' not found') if not product.product_availability: db.session.remove() raise UnprocessableEntity('Unavailable product selected') if product.product_quantity <= 0: db.session.remove() raise UnprocessableEntity('Product out of stock') if product.product_quantity < details['purchase_quantity']: db.session.remove() raise UnprocessableEntity('Too much quantity requested') # update the product quantity product.product_quantity = product.product_quantity - details[ 'purchase_quantity'] # create a new association object between a purchase and a product purchase_item = PurchaseItem( purchase_item_product_code_uuid=product.product_code_uuid, purchase_item_purchase_code_uuid=purchase.purchase_code_uuid, purchase_item_quantity=details['purchase_quantity']) db.session.add(purchase_item) db.session.commit() return {'purchase_uuid': purchase.purchase_code_uuid}, 200
def get_dummy_customer(): """ Returns an instance of Customer for testing purposes :return: A Customer object """ return Customer(customer_mail_address='*****@*****.**', customer_pin=generate_password_hash(str(123456)), customer_first_name='foo', customer_last_name='bar')
def register_admin_customer(): admin = Customer(customer_mail_address='*****@*****.**', customer_first_name='admin', customer_last_name='admin', customer_pin_hash='12345') admin.customer_is_admin = True db.session.add(admin) try: db.session.commit() except IntegrityError: db.session.remove() raise Conflict(description=admin.__repr__() + ' already exists') response = { 'mail_address': admin.customer_mail_address, 'pin': 12345, 'message': 'Login to get an admin token' } return response, 200
def post(self, mail_address): """ Produce the expense bill """ data = Customer.decode_auth_token(request.headers['Authorization']) if data['customer'] != mail_address: raise Forbidden( "You don't have the permission to access the requested resource" ) return produce_purchase_list(mail_address)
def decorated(*args, **kwargs): token = None if 'Authorization' in request.headers: token = request.headers['Authorization'] data = Customer.decode_auth_token(token) if data['status'] == 'fail': return data, 401 if not token: return {'message': 'Token is missing'}, 401 return f(*args, **kwargs)
def get(self, mail_address): """ Get customer data. """ token = request.headers['Authorization'] data = Customer.decode_auth_token(token) if not data['admin'] and data['customer'] != mail_address: raise Unauthorized() customer = Customer.query.filter_by( customer_mail_address=mail_address).first() if customer is None: raise NotFound() return customer, 200
def logout_customer(data): auth_token = data if auth_token: resp = Customer.decode_auth_token(auth_token) if resp['status'] == 'success': # mark the token as blacklisted return save_token(token=auth_token) else: return resp, 401 else: response_object = { 'status': 'fail', 'message': 'Provide a valid auth token' } return response_object, 403
def decorated(*args, **kwargs): token = None if 'Authorization' in request.headers: token = request.headers['Authorization'] data = Customer.decode_auth_token(token) if data['status'] == 'fail': return data, 401 elif not data['admin']: return { 'message': 'Admin token required, please login with an admin account' }, 401 if not token: return {'message': 'Token is missing'}, 401 return f(*args, **kwargs)
def put(self, mail_address): """ Edit customer data. """ token = request.headers['Authorization'] data = Customer.decode_auth_token(token) if data['customer'] != mail_address: raise Forbidden() customer = Customer.query.filter_by( customer_mail_address=mail_address).first() if customer is None: raise NotFound() if 'pin' in request.json.keys(): if not (0 <= request.json["pin"] <= 99999): raise UnprocessableEntity("The PIN must be 5 digits") customer.set_password(str(request.json['pin'])) if 'first_name' in request.json.keys(): customer.customer_first_name = request.json['first_name'] if 'last_name' in request.json.keys(): customer.customer_last_name = request.json['last_name'] db.session.commit() return '', 204
def post(self, purchase_uuid): data = Customer.decode_auth_token(request.headers['Authorization']) return undo_purchase(purchase_uuid, data['customer']), 204