class UsersView(FlaskView):
user_schema = UserSchema(many=False, session=db.session)
user_update_schema = UserSchema(
many=False, session=db.session,
exclude=["name"]) # PATCHing username is not allowed
users_schema = UserSchema(many=True)
def index(self): # list all users
all_users = User.query.all()
return jsonify(self.users_schema.dump(all_users))
def get(self, username: str): # get specific info
u = User.query.find_by(name=username).first()
if u:
return jsonify(self.user_schema.dump(u))
else:
abort(404)
@json_required
def post(self): # register user
try:
u = self.user_schema.load(request.get_json())
except ValidationError as e:
abort(422, str(e))
db.session.add(u)
try:
db.session.commit() # save updated userinfo
except sqlalchemy.exc.IntegrityError as e:
abort(409,
"Database integrity violation (username already taken?)")
return jsonify(self.user_schema.dump(u))
@json_required
def patch(self, username: str): # update user info
u = User.query.filter_by(name=username).first()
if not u:
abort(404)
try:
self.user_update_schema.load(request.get_json(),
instance=u,
partial=True)
except ValidationError as e:
if "name" in e.data:
abort(403, "Username can not be changed")
else:
abort(422, str(e))
db.session.commit() # save updated userinfo
return jsonify(self.user_schema.dump(u))
def post(self):
try:
data = UserSchema().load(request.json)
except ValidationError as e:
return {'error': str(e)}
user = User.objects.create(**data)
return UserSchema().dump(user)
def find_user(user_id):
try:
UserSchema(only=['id']).load({'id': user_id})
except ValidationError as err:
return 'invalid id', 400
found_user = session.query(User).filter(User.id == user_id).one_or_none()
if found_user is None:
return 'user not found', 404
user_schema = UserSchema(exclude=['password_hash'])
user = user_schema.dump(found_user)
return user
def post(self):
user_schema_register = UserRegistrationSchema()
user_json = request.get_json()
try:
user = user_schema_register.load(user_json)
except ValidationError as e:
return e.messages
if UserService.get_by_username(user["username"]):
return {"message": USER_ALREADY_EXISTS}, 400
if UserService.get_by_email(user["email"]):
return {"message": EMAIL_ALREADY_EXISTS}, 400
try:
user = UserService.create(
user["username"],
user["email"],
user["password"],
user["first_name"],
user["last_name"],
)
user_schema = UserSchema()
return user_schema.dump(user), 201
except: # failed to save user to db
traceback.print_exc()
if user:
user.delete()
return {"message": FAILED_TO_CREATE}, 500
def put(self, id):
"""
Update User by id
"""
aps = ApiService()
payload = request.get_json()
return {'data': aps.update_data(User, UserSchema(), payload, id)}
def create_user():
app.logger.info('entered action')
data = request.json
user_schema = UserSchema()
app.logger.info('created schema')
parsed_data = {
'username':
data['username'],
'email':
data['email'],
'password_hash':
bcrypt.generate_password_hash(data['password']).decode('utf-8')
}
if "role" in data:
parsed_data['role'] = data['role']
if not session.query(User).filter(
User.username == parsed_data['username']).one_or_none() is None:
return 'username busy', 400
try:
user = user_schema.load(parsed_data)
except ValidationError as err:
return err.messages, 400
app.logger.info('created user')
session.add(user)
session.commit()
return user_schema.dump(user), 201
def get(self, user_id=None):
if user_id:
data_result = User.objects.get(id=user_id)
else:
data_result = User.objects()
return UserSchema().dump(data_result, many=True)
def post(self):
data = parser.parse_args()
username = data['username']
# Searching user by username
current_user = UserModel.find_by_username(username)
# user does not exists
if not current_user:
return {'message': f'User {username} doesn\'t exist'}, 404
# user exists, comparing password and hash
if UserModel.verify_hash(data['password'], current_user.password):
# generating access token and refresh token
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
user_schema = UserSchema(exclude=['id', 'password'])
user = user_schema.dump(current_user)
return {
'user': f'{user}',
'message': f'Logged in as {username}',
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': "Wrong credentials"}, 404
def get(self):
return jsonResponse(
{
"user":
UserSchema().dump(
User.query.filter_by(id=current_user.id).first())
}, 200)
def on_get(self, req, resp):
user = req.context['user']
user_schema = UserSchema()
result = user_schema.dump(user)
resp.context['result'] = result.data
class UserFriend(Resource):
@marshal_with(UserSchema(many=True), pagination=True)
def get(self, username):
deckbox_crawler = DeckboxCrawler(username)
user_friends = deckbox_crawler.getUserFriends()
return user_friends
async def login(
name: str = Body(...),
password: str = Body(...),
):
async with database.transaction():
query = users.select().where(users.c.name == name)
user = await database.fetch_one(query)
if not user:
raise HTTPException(
status_code=404,
detail=f"User with name: '{name}' not found",
)
if not check_hash(hash_code=user['hash_code'], code=password):
raise HTTPException(
status_code=403,
detail=f"Incorrect username or password",
)
token = jwt.encode(
{
'id':
user['id'],
'exp':
datetime.utcnow() + timedelta(seconds=int(config.JWT_EXPIRE))
},
config.JWT_SALT,
algorithm='HS512')
return LoginSchema(user=UserSchema(
id=user['id'],
name=user['name'],
),
token=token)
class UserView(MethodView):
user_schema = UserSchema()
@login_required
def search(self):
from flask_login import current_user
return self.user_schema.dump(current_user), 200
def mutate(self, info, email: str, password: str):
db_user = crud.get_user_by_email(Session, email=email)
if db_user:
raise GraphQLError("Email ya esta registrado")
schema_user = UserSchema(email=email, password=password)
user_create = crud.create_user(Session, schema_user)
dict_user = {'id': user_create.id, 'email': user_create.email}
return CreateUser(user=User(**dict_user))
def get_user_by_id():
user = auth.current_user()
try:
user = session.query(User).filter_by(id=user.id).one()
except:
return jsonify(constants.USER_NOT_FOUND), 404
return jsonify(UserSchema().dump(user)), 200
def get_all_users():
try:
users = session.query(User).all()
except:
users = []
users_dto = UserSchema(many=True)
return jsonify(users_dto.dump(users)), 200
def create(self):
schema = UserSchema()
# Load user data
user = schema.load_data(request.form)
# Add to database
db.session.add(user)
db.session.commit()
# Return success
return jsonify(schema.dump_data(user))
def update(self, id):
schema = UserSchema()
# Load update data, then find and update user
update_data = schema.load_data(request.form)
user = User.query.get(id)
user.update_fields(update_data)
db.session.commit()
# Return success
return jsonify(schema.dump_data(user))
def register_user():
data = request.json
if request.method == 'POST':
user_data = {
'username':
data['username'],
'firstname':
data['firstname'],
'lastname':
data['lastname'],
'email':
data['email'],
'password':
bcrypt.generate_password_hash(data['password']).decode('utf-8'),
'phone':
data['phone']
}
user_reply = session.query(User).filter(
User.username == data['username']).one_or_none()
if user_reply is None:
user = UserSchema().load(user_data)
session.add(user)
session.commit()
else: # pragma: no cover
return "This username is not available"
token = create_access_token(identity=user.username)
return jsonify(access_token=token), 200
if request.method == 'PUT':
if not get_jwt_identity(): # pragma: no cover
abort(401, 'You need to log in')
user = session.query(User).filter(
User.username == data['username']).one_or_none()
if user.username != get_jwt_identity(): # pragma: no cover
abort(403, 'You can only change your own account details')
username = data['username']
password = bcrypt.generate_password_hash(
data['password']).decode('utf-8')
email = data['email']
if user is None: # pragma: no cover
abort(404, 'User does not exist')
else:
user.username = username
user.password = password
user.email = email
session.add(user)
session.commit()
token = create_access_token(identity=username)
return jsonify(access_token=token), 200
def login_user(self, user_data):
user = self.db.query(UserModel).filter_by(
username=user_data.get("username")).first()
if not user:
raise NotFound('Order with id {} not found'.format(
user_data.get("username")))
if not check_password_hash(user.password, user_data.get("password")):
raise ValueError
schemas = UserSchema()
return schemas.dump(user).data
def create_user(self, user_data):
if self.db.query(UserModel).filter_by(
username=user_data.get("username")).first():
raise ValueError
schemas = CreateUserSchema()
user_dict = schemas.load(user_data).data
user = schemas.make_user(user_dict)
user.password = generate_password_hash(user.password)
self.db.add(user)
self.db.commit()
return UserSchema().dump(user).data
class User(Resource):
@marshal_with(UserSchema())
def get(self, username):
deckbox_crawler = DeckboxCrawler(username)
user_profile = deckbox_crawler.getUserProfile()
user_sets = deckbox_crawler.getUserSets()
return {
**user_profile,
"sets": user_sets
}
def validate_email(form, field):
email_validator = forms.validators.Email(
message='That\'s not a valid email address.'
)
email_validator(form, field)
found_user = mongo.db.users.find_one({'email': field.data})
if not found_user:
raise forms.ValidationError(
f'User with email {field.data} not found'
)
session['user_json'] = UserSchema().dumps(found_user)
def validate_update(data, user_id):
# got_id = data['id']
found_user = session.query(User).filter(User.id == user_id).one_or_none()
if found_user is None:
raise ValidationError(message='invalid id')
username = data['username']
username_user = session.query(User).filter(
User.username == username).one_or_none()
if found_user.username != username and not username_user is None:
raise ValidationError(message='username is busy')
user_data = {'username': data['username'], 'email': data['email']}
schema = UserSchema()
schema.load(user_data)
def user_detail(user_id):
try:
user = session.query(User).filter(User.id == user_id).one()
except NoResultFound:
raise
if request.method == 'GET':
schema = UserSchema()
data = schema.dump(user).data
return Response(response=json.dumps({"data": data}),
status=200,
mimetype="application/json")
if request.method == 'PUT':
args = parse_args(UserSchema(dump_only=(
"account",
"password",
)))
user.nickname = args['nickname'] if args['nickname'] else user.nickname
session.commit()
return Response(status=200, mimetype="application/json")
if request.method == 'DELETE':
session.delete(user)
session.commit()
return Response(status=204, mimetype="application/json")
class Users(MethodView):
@user_api.response(UserSchema(many=True))
def get(self):
"""List users"""
return UserRepository.all()
@user_api.arguments(UserFullSchema)
@user_api.response(UserSchema, code=201)
def post(self, new_data):
"""Add a new user"""
result, created = UserRepository.create(**new_data)
if not created:
abort(409, message="User already exists.")
return result
async def on_post(self, req, resp):
"""Creates User Account"""
request_media = await req.media(format='json')
email_address = request_media['email']
if not (get_db_data('users', filter_by={'email': email_address})):
api_key = generate_api_key()
request_media['api_key'] = api_key
user_data = update_db_data('users', request_media, upsert=True)
resp.media = UserSchema().dump(user_data)
self.confirmation_email(resp.media[0])
else:
resp.text = f'Email Account {email_address} already exists'
resp.status_code = 400
def create_user():
"""Creates a new user"""
data = request.get_json()
try:
UserSchema().load(data)
except ValidationError as err:
return err.messages, 400
if db.users.find_one({"phone_number": data['phone_number']}) is None:
db.users.insert_one({"first_name": data['first_name'], "last_name": data['last_name'],
"date_of_birth": data['date_of_birth'], "phone_number": data['phone_number']})
return jsonify(success=True), 201
else:
return jsonify(error="Phone number already registered."), 409
def on_get(self, req, resp):
session = req.context['session']
query = req.params.get('query', '')
user_schema = UserSchema(many=True)
users = session.query(User).\
filter(or_(
User.last_name.ilike('%' + query + '%'),
User.first_name.ilike('%' + query + '%'),
)).\
limit(100).\
all()
result = user_schema.dump(users)
resp.context['result'] = result.data
def edit_user(user_id):
data = request.json
try:
validate_update(data, user_id)
except ValidationError as err:
return jsonify(err.messages), 400
found_user = session.query(User).filter(User.id == user_id).one_or_none()
if auth.current_user().id != found_user.id:
return "no permission", 403
found_user.username = data['username']
found_user.email = data['email']
# found_user.role = data['role']
session.commit()
return_schema = UserSchema(exclude=['password_hash'])
return_user = return_schema.dump(found_user)
return return_user