def create_user():
app.logger.info('entered action')
data = request.json
user_schema = UserSchema()
app.logger.info('created schema')
parsed_data = {
'username':
data['username'],
'email':
data['email'],
'password_hash':
bcrypt.generate_password_hash(data['password']).decode('utf-8')
}
if "role" in data:
parsed_data['role'] = data['role']
if not session.query(User).filter(
User.username == parsed_data['username']).one_or_none() is None:
return 'username busy', 400
try:
user = user_schema.load(parsed_data)
except ValidationError as err:
return err.messages, 400
app.logger.info('created user')
session.add(user)
session.commit()
return user_schema.dump(user), 201
def post(self):
user_schema_register = UserRegistrationSchema()
user_json = request.get_json()
try:
user = user_schema_register.load(user_json)
except ValidationError as e:
return e.messages
if UserService.get_by_username(user["username"]):
return {"message": USER_ALREADY_EXISTS}, 400
if UserService.get_by_email(user["email"]):
return {"message": EMAIL_ALREADY_EXISTS}, 400
try:
user = UserService.create(
user["username"],
user["email"],
user["password"],
user["first_name"],
user["last_name"],
)
user_schema = UserSchema()
return user_schema.dump(user), 201
except: # failed to save user to db
traceback.print_exc()
if user:
user.delete()
return {"message": FAILED_TO_CREATE}, 500
def on_get(self, req, resp):
user = req.context['user']
user_schema = UserSchema()
result = user_schema.dump(user)
resp.context['result'] = result.data
def post(self):
data = parser.parse_args()
username = data['username']
# Searching user by username
current_user = UserModel.find_by_username(username)
# user does not exists
if not current_user:
return {'message': f'User {username} doesn\'t exist'}, 404
# user exists, comparing password and hash
if UserModel.verify_hash(data['password'], current_user.password):
# generating access token and refresh token
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
user_schema = UserSchema(exclude=['id', 'password'])
user = user_schema.dump(current_user)
return {
'user': f'{user}',
'message': f'Logged in as {username}',
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': "Wrong credentials"}, 404
class UsersView(FlaskView):
user_schema = UserSchema(many=False, session=db.session)
user_update_schema = UserSchema(
many=False, session=db.session,
exclude=["name"]) # PATCHing username is not allowed
users_schema = UserSchema(many=True)
def index(self): # list all users
all_users = User.query.all()
return jsonify(self.users_schema.dump(all_users))
def get(self, username: str): # get specific info
u = User.query.find_by(name=username).first()
if u:
return jsonify(self.user_schema.dump(u))
else:
abort(404)
@json_required
def post(self): # register user
try:
u = self.user_schema.load(request.get_json())
except ValidationError as e:
abort(422, str(e))
db.session.add(u)
try:
db.session.commit() # save updated userinfo
except sqlalchemy.exc.IntegrityError as e:
abort(409,
"Database integrity violation (username already taken?)")
return jsonify(self.user_schema.dump(u))
@json_required
def patch(self, username: str): # update user info
u = User.query.filter_by(name=username).first()
if not u:
abort(404)
try:
self.user_update_schema.load(request.get_json(),
instance=u,
partial=True)
except ValidationError as e:
if "name" in e.data:
abort(403, "Username can not be changed")
else:
abort(422, str(e))
db.session.commit() # save updated userinfo
return jsonify(self.user_schema.dump(u))
def post(self):
try:
data = UserSchema().load(request.json)
except ValidationError as e:
return {'error': str(e)}
user = User.objects.create(**data)
return UserSchema().dump(user)
def update(self, id):
schema = UserSchema()
# Load update data, then find and update user
update_data = schema.load_data(request.form)
user = User.query.get(id)
user.update_fields(update_data)
db.session.commit()
# Return success
return jsonify(schema.dump_data(user))
def create(self):
schema = UserSchema()
# Load user data
user = schema.load_data(request.form)
# Add to database
db.session.add(user)
db.session.commit()
# Return success
return jsonify(schema.dump_data(user))
def get_all_users():
try:
users = session.query(User).all()
except:
users = []
users_dto = UserSchema(many=True)
return jsonify(users_dto.dump(users)), 200
def register_user():
data = request.json
if request.method == 'POST':
user_data = {
'username':
data['username'],
'firstname':
data['firstname'],
'lastname':
data['lastname'],
'email':
data['email'],
'password':
bcrypt.generate_password_hash(data['password']).decode('utf-8'),
'phone':
data['phone']
}
user_reply = session.query(User).filter(
User.username == data['username']).one_or_none()
if user_reply is None:
user = UserSchema().load(user_data)
session.add(user)
session.commit()
else: # pragma: no cover
return "This username is not available"
token = create_access_token(identity=user.username)
return jsonify(access_token=token), 200
if request.method == 'PUT':
if not get_jwt_identity(): # pragma: no cover
abort(401, 'You need to log in')
user = session.query(User).filter(
User.username == data['username']).one_or_none()
if user.username != get_jwt_identity(): # pragma: no cover
abort(403, 'You can only change your own account details')
username = data['username']
password = bcrypt.generate_password_hash(
data['password']).decode('utf-8')
email = data['email']
if user is None: # pragma: no cover
abort(404, 'User does not exist')
else:
user.username = username
user.password = password
user.email = email
session.add(user)
session.commit()
token = create_access_token(identity=username)
return jsonify(access_token=token), 200
def login_user(self, user_data):
user = self.db.query(UserModel).filter_by(
username=user_data.get("username")).first()
if not user:
raise NotFound('Order with id {} not found'.format(
user_data.get("username")))
if not check_password_hash(user.password, user_data.get("password")):
raise ValueError
schemas = UserSchema()
return schemas.dump(user).data
def find_user(user_id):
try:
UserSchema(only=['id']).load({'id': user_id})
except ValidationError as err:
return 'invalid id', 400
found_user = session.query(User).filter(User.id == user_id).one_or_none()
if found_user is None:
return 'user not found', 404
user_schema = UserSchema(exclude=['password_hash'])
user = user_schema.dump(found_user)
return user
def validate_update(data, user_id):
# got_id = data['id']
found_user = session.query(User).filter(User.id == user_id).one_or_none()
if found_user is None:
raise ValidationError(message='invalid id')
username = data['username']
username_user = session.query(User).filter(
User.username == username).one_or_none()
if found_user.username != username and not username_user is None:
raise ValidationError(message='username is busy')
user_data = {'username': data['username'], 'email': data['email']}
schema = UserSchema()
schema.load(user_data)
class UserRegistration(Resource):
def __init__(self):
self.user_schema = UserSchema()
self.validator = Validator({
'username': {
'type': 'string',
'empty': False,
'minlength': 4,
'maxlength': 30
},
'password': {
'type': 'string',
'empty': False,
'minlength': 4,
},
'email': {
'type': 'string',
'regex': '^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$',
'empty': False,
'minlength': 5
}
})
super().__init__
def post(self):
args = request.get_json()
self.validator.validate(args)
if len(self.validator.errors) > 0:
return {'error': self.validator.errors}, 400
existing_user = UserModel.query.filter_by(
username=args.get('username')).first()
if existing_user:
return {'error': 'Username already taken'}, 400
try:
# Overriding value in dictionary to encrypted password
args['password'] = _flask_bcrypt.generate_password_hash(
password=args.get('password'), rounds=15).decode('utf-8')
new_user = self.user_schema.load(args)
new_user.save()
except ValidationError as e:
return {'error': f'{e}'}, 400
except Exception as e:
return {'error': f'{e}'}, 500
return {
'message': 'New user created!',
'data': self.user_schema.dump(new_user)
}, 201
def on_get(self, req, resp):
session = req.context['session']
query = req.params.get('query', '')
user_schema = UserSchema(many=True)
users = session.query(User).\
filter(or_(
User.last_name.ilike('%' + query + '%'),
User.first_name.ilike('%' + query + '%'),
)).\
limit(100).\
all()
result = user_schema.dump(users)
resp.context['result'] = result.data
def put(self, id):
"""
Update User by id
"""
aps = ApiService()
payload = request.get_json()
return {'data': aps.update_data(User, UserSchema(), payload, id)}
class UserFriend(Resource):
@marshal_with(UserSchema(many=True), pagination=True)
def get(self, username):
deckbox_crawler = DeckboxCrawler(username)
user_friends = deckbox_crawler.getUserFriends()
return user_friends
async def login(
name: str = Body(...),
password: str = Body(...),
):
async with database.transaction():
query = users.select().where(users.c.name == name)
user = await database.fetch_one(query)
if not user:
raise HTTPException(
status_code=404,
detail=f"User with name: '{name}' not found",
)
if not check_hash(hash_code=user['hash_code'], code=password):
raise HTTPException(
status_code=403,
detail=f"Incorrect username or password",
)
token = jwt.encode(
{
'id':
user['id'],
'exp':
datetime.utcnow() + timedelta(seconds=int(config.JWT_EXPIRE))
},
config.JWT_SALT,
algorithm='HS512')
return LoginSchema(user=UserSchema(
id=user['id'],
name=user['name'],
),
token=token)
def get(self, user_id=None):
if user_id:
data_result = User.objects.get(id=user_id)
else:
data_result = User.objects()
return UserSchema().dump(data_result, many=True)
def get(self):
return jsonResponse(
{
"user":
UserSchema().dump(
User.query.filter_by(id=current_user.id).first())
}, 200)
def edit_user(user_id):
data = request.json
try:
validate_update(data, user_id)
except ValidationError as err:
return jsonify(err.messages), 400
found_user = session.query(User).filter(User.id == user_id).one_or_none()
if auth.current_user().id != found_user.id:
return "no permission", 403
found_user.username = data['username']
found_user.email = data['email']
# found_user.role = data['role']
session.commit()
return_schema = UserSchema(exclude=['password_hash'])
return_user = return_schema.dump(found_user)
return return_user
class UserView(MethodView):
user_schema = UserSchema()
@login_required
def search(self):
from flask_login import current_user
return self.user_schema.dump(current_user), 200
def test_user_json__success(self):
parsed_user, errors = UserSchema.jsonapi(self.user2)
expected_result = EXPECTED_USERS['user_json__success']
assert type(parsed_user) is str
assert_valid_response(parsed_user, expected_result)
assert errors == {}
def mutate(self, info, email: str, password: str):
db_user = crud.get_user_by_email(Session, email=email)
if db_user:
raise GraphQLError("Email ya esta registrado")
schema_user = UserSchema(email=email, password=password)
user_create = crud.create_user(Session, schema_user)
dict_user = {'id': user_create.id, 'email': user_create.email}
return CreateUser(user=User(**dict_user))
def get_user_by_id():
user = auth.current_user()
try:
user = session.query(User).filter_by(id=user.id).one()
except:
return jsonify(constants.USER_NOT_FOUND), 404
return jsonify(UserSchema().dump(user)), 200
def login():
""" User login """
user_data = request.json
schema = UserSchema()
try:
user = schema.load(user_data).data
except ValidationError as err:
response.status = 400
return schema.get_validation_errors(err)
try:
db_user = User.select().where(User.username == user.username).get()
except User.DoesNotExist as err:
return {
"code": "user_does_not_exist",
"description": "User does not exist"
}
if fn.check_password(user.password, db_user.password) == True:
return get_token(user.username)
class User(Resource):
@marshal_with(UserSchema())
def get(self, username):
deckbox_crawler = DeckboxCrawler(username)
user_profile = deckbox_crawler.getUserProfile()
user_sets = deckbox_crawler.getUserSets()
return {
**user_profile,
"sets": user_sets
}
def create_user(self, user_data):
if self.db.query(UserModel).filter_by(
username=user_data.get("username")).first():
raise ValueError
schemas = CreateUserSchema()
user_dict = schemas.load(user_data).data
user = schemas.make_user(user_dict)
user.password = generate_password_hash(user.password)
self.db.add(user)
self.db.commit()
return UserSchema().dump(user).data
def test_user_validate_input__fail(self):
wrong_user_data = USER_TEST_DICT.copy()
del wrong_user_data['password'] # missing field validation
wrong_user_data['last_name'] = '' # empty field validation
wrong_user_data['email'] = 'email.is.not' # email validation
post_data = format_jsonapi_request('user', wrong_user_data)
errors = UserSchema.validate_input(post_data)
expected_result = EXPECTED_USERS['user_validate_input__fail']
assert_valid_response(errors, expected_result)
def signup():
""" Create User """
user_data = request.json
schema = UserSchema()
try:
user = schema.load(user_data).data
except ValidationError as err:
response.status = 400
return schema.get_validation_errors(err)
try:
query = User.insert(username=user.username,
password=fn.make_password(
user.password)).execute()
except IntegrityError as err:
return {
"code": "username_already_exist",
"description": "User does not exist"
}
result = schema.dump(user).data
return HTTPResponse(result, status=201)
