def create_user(): """ Creates and adds a new user :return: dict """ data = request.get_json() username = data.get("username") if Account.find(username): return {"error": "User already exists"}, 403 # print("================================") # print(request.data) # print("================================") # print(request.get_json()) encrypted_password = encrypt_password(data["password"]) user = Account( extl_ref_id=data.get("extl_ref_id"), first_name=data.get("first_name"), last_name=data.get("last_name"), username=data.get("username"), password=encrypted_password, ) user.save() login_user(user, remember=True) return { "status": "success", "user": user.get_dict(), "token": user.serialize_token(), }
def delete_user(username): user = Account.find(username) if not user: return {"error": "No user found"}, 404 user.delete() return {"status": "success", "user": user.get_dict()}
def posts(username): account = Account.find(username) if not account: abort(404, '') page = request.args.get('page', 1, type=int) posts = account.get_posts(page=page) return render_template('/pages/posts.html', account=account, posts=posts)
def recover_account(): account = Account.find(request.form.get('identity')) if account: reset_token = account.serialize_token() BlogEmail.send_password_recovery_email(account, reset_token) return redirect(url_for('main.recover_account')) flash('Account does not exist', 'danger') return redirect(url_for('main.login_page'))
def get_user(username): """ Get a single user :param username: Unique username :return: dict """ user = Account.find(username) if not user: return {"error": "No user found"}, 404 return {"user": user.get_dict()}
def login(): account = Account.find(request.form.get('identity')) if account and password_decrypt(request.form.get('password'), account.password): if account.is_active() and login_user(account, remember=True): account.update_activity_tracking(request.remote_addr) next_url = request.args.get('next') if next_url: return redirect(urljoin(request.host_url, next_url)) return redirect(url_for('main.home')) else: flash('That account is disabled', 'danger') else: flash('Identity or password is incorrect', 'danger') return redirect(url_for('main.login_page'))
def test_update_user(self, users): """ Update a user """ old_pass = Account.find("admin").password data = {"username": "******", "password": "******"} response, token = self.login() response = self.client.put(url_for("v1.update_user", username="******"), json=data, headers={'x-access-token': token}) actual_data = json.loads(response.get_data(as_text=True)) new_pass = actual_data["user"]["password"] assert response.status_code == 200 assert actual_data["status"] == "success" assert actual_data["user"]["username"] == "@dmin" assert old_pass != new_pass
def update_user(username): user = Account.find(username) if not user: return {"error": "No user found"}, 404 data = request.get_json() if "old_pass" in data.keys() and "new_pass" in data.keys(): if decrypt_password(data["old_pass"], user.password): setattr(user, "password", encrypt_password(data["new_pass"])) else: return {"error": "Current password is incorrect"}, 401 for key, value in data.items(): if hasattr(user, key): setattr(user, key, value) user.save() return {"status": "success", "user": user.get_dict()}
def login(): auth = request.get_json() if not auth or not auth.get("identity") or not auth.get("password"): return {"error": "Could not verify"}, 401 user = Account.find(auth.get("identity")) if not user: return {"error": "No user found"}, 404 if decrypt_password(auth.get("password"), user.password): if user.is_active(): login_user(user, remember=True) return { "status": "success", "user": user.get_dict(), "token": user.serialize_token(), } else: return {"error": "Account is inactive"}, 401 else: return {"error": "Invalid credentials provided"}, 401