def post(self):
post_data = request.get_json()
refresh_token = post_data.get("refresh_token")
response_object = {}
try:
resp = User.decode_token(refresh_token)
user = get_user_by_id(resp)
if not user:
auth_namespace.abort(401, "Invalid token")
access_token = user.encode_token(user.id, "access")
refresh_token = user.encode_token(user.id, "refresh")
response_object = {
"access_token": access_token.decode(),
"refresh_token": refresh_token.decode(),
}
return response_object, 200
except jwt.ExpiredSignatureError:
auth_namespace.abort(401,
"Signature expired. Please log in again.")
return "Signature expired. Please log in again."
except jwt.InvalidTokenError:
auth_namespace.abort(401, "Invalid token. Please log in again.")
def delete(self, user_id):
"""Updates a user."""
response_object = {}
user = get_user_by_id(user_id)
if not user:
users_namespace.abort(404, f"User {user_id} does not exist")
delete_user(user)
response_object["message"] = f"{user.email} was removed!"
return response_object, 200
def put(self, user_id):
"""Updates a user."""
post_data = request.get_json()
username = post_data.get("username")
email = post_data.get("email")
response_object = {}
user = get_user_by_id(user_id)
if not user:
users_namespace.abort(404, f"User {user_id} does not exist")
update_user(user, username, email)
response_object["message"] = f"{user.id} was updated!"
return response_object, 200
def get(self):
auth_header = request.headers.get("Authorization")
if auth_header:
try:
access_token = auth_header.split(" ")[1]
resp = User.decode_token(access_token)
user = get_user_by_id(resp)
if not user:
auth_namespace.abort(401, "Invalid token")
return user, 200
except jwt.ExpiredSignatureError:
auth_namespace.abort(
401, "Signature expired. Please log in again.")
return "Signature expired. Please log in again."
except jwt.InvalidTokenError:
auth_namespace.abort(401,
"Invalid token. Please log in again.")
else:
auth_namespace.abort(403, "Token required")
def decorator(*args, **kwargs):
token = None
if 'Authorization' in request.headers:
auth_header = request.headers.get("Authorization")
token = auth_header
resp = User.decode_token(token)
if not resp:
users_namespace.abort(404, f"a valid token is missing")
try:
user = get_user_by_id(resp)
if not user:
users_namespace.abort(404, f"User does not exist")
except Exception as e:
users_namespace.abort(404, f"a valid token is missing")
return f(*args, **kwargs)
def test_update_user_with_passord(test_app, test_database, add_user):
password_one = "greaterthaneight"
password_two = "somethingdifferent"
user = add_user("user-to-be-updated", "*****@*****.**",
password_one)
assert bcrypt.check_password_hash(user.password, password_one)
client = test_app.test_client()
resp = client.put(
f"/users/{user.id}",
data=json.dumps({
"username": "******",
"email": "*****@*****.**",
"password": password_two
}),
content_type="application/json",
)
assert resp.status_code == 200
user = get_user_by_id(user.id)
assert bcrypt.check_password_hash(user.password, password_one)
assert not bcrypt.check_password_hash(user.password, password_two)
def get(self, user_id):
"""Returns a single user."""
user = get_user_by_id(user_id)
if not user:
users_namespace.abort(404, f"User {user_id} does not exist")
return user, 200
