Exemple #1
0
def create_user():
    """
    Creates and adds a new user

    :return: dict
    """
    data = request.get_json()

    username = data.get("username")
    if Account.find(username):
        return {"error": "User already exists"}, 403

    # print("================================")
    # print(request.data)
    # print("================================")
    # print(request.get_json())
    encrypted_password = encrypt_password(data["password"])

    user = Account(
        extl_ref_id=data.get("extl_ref_id"),
        first_name=data.get("first_name"),
        last_name=data.get("last_name"),
        username=data.get("username"),
        password=encrypted_password,
    )

    user.save()
    login_user(user, remember=True)

    return {
        "status": "success",
        "user": user.get_dict(),
        "token": user.serialize_token(),
    }
Exemple #2
0
def delete_user(username):
    user = Account.find(username)

    if not user:
        return {"error": "No user found"}, 404

    user.delete()

    return {"status": "success", "user": user.get_dict()}
Exemple #3
0
def posts(username):
    account = Account.find(username)

    if not account:
        abort(404, '')

    page = request.args.get('page', 1, type=int)
    posts = account.get_posts(page=page)
    return render_template('/pages/posts.html', account=account, posts=posts)
Exemple #4
0
def recover_account():
    account = Account.find(request.form.get('identity'))

    if account:
        reset_token = account.serialize_token()
        BlogEmail.send_password_recovery_email(account, reset_token)

        return redirect(url_for('main.recover_account'))

    flash('Account does not exist', 'danger')
    return redirect(url_for('main.login_page'))
Exemple #5
0
def get_user(username):
    """
    Get a single user

    :param username: Unique username
    :return: dict
    """
    user = Account.find(username)

    if not user:
        return {"error": "No user found"}, 404

    return {"user": user.get_dict()}
Exemple #6
0
def login():
    account = Account.find(request.form.get('identity'))
    if account and password_decrypt(request.form.get('password'), account.password):
        if account.is_active() and login_user(account, remember=True):
            account.update_activity_tracking(request.remote_addr)
            next_url = request.args.get('next')
            if next_url:
                return redirect(urljoin(request.host_url, next_url))
            return redirect(url_for('main.home'))
        else:
            flash('That account is disabled', 'danger')
    else:
        flash('Identity or password is incorrect', 'danger')

    return redirect(url_for('main.login_page'))
Exemple #7
0
    def test_update_user(self, users):
        """
        Update a user
        """
        old_pass = Account.find("admin").password

        data = {"username": "******", "password": "******"}

        response, token = self.login()
        response = self.client.put(url_for("v1.update_user", username="******"),
                                   json=data,
                                   headers={'x-access-token': token})
        actual_data = json.loads(response.get_data(as_text=True))
        new_pass = actual_data["user"]["password"]

        assert response.status_code == 200
        assert actual_data["status"] == "success"
        assert actual_data["user"]["username"] == "@dmin"
        assert old_pass != new_pass
Exemple #8
0
def update_user(username):
    user = Account.find(username)

    if not user:
        return {"error": "No user found"}, 404

    data = request.get_json()

    if "old_pass" in data.keys() and "new_pass" in data.keys():
        if decrypt_password(data["old_pass"], user.password):
            setattr(user, "password", encrypt_password(data["new_pass"]))
        else:
            return {"error": "Current password is incorrect"}, 401

    for key, value in data.items():
        if hasattr(user, key):
            setattr(user, key, value)

    user.save()

    return {"status": "success", "user": user.get_dict()}
Exemple #9
0
def login():
    auth = request.get_json()

    if not auth or not auth.get("identity") or not auth.get("password"):
        return {"error": "Could not verify"}, 401

    user = Account.find(auth.get("identity"))

    if not user:
        return {"error": "No user found"}, 404

    if decrypt_password(auth.get("password"), user.password):
        if user.is_active():
            login_user(user, remember=True)
            return {
                "status": "success",
                "user": user.get_dict(),
                "token": user.serialize_token(),
            }
        else:
            return {"error": "Account is inactive"}, 401
    else:
        return {"error": "Invalid credentials provided"}, 401