def get_userdata(self, uid):
"""
get all user data from <uid>
populates also uid in data even not stored in db
"""
if not uid:
uid = get_jwt_identity()
return merge_dict(db.hgetall("z:users:{uid}".format(uid=uid)),
{"uid": uid})
def get(self, uid=None):
# method = getattr(self, uid, None)
if uid and not self.is_allowed(uid):
return self.response("not allowed")
rawData = self.get_userdata(uid)
filteredData = filter_dict(rawData, self.exposed_fields)
return jsonify(
merge_dict(filteredData, {
"uid": rawData["uid"],
"msg": "ok"
}))
def post(self, uid=None):
"""
update user data in backend
@return success/failure
"""
rawNewData = request.json or {}
# only exposed data allowed to start, keep password from current data
dataToSave = filter_dict(rawNewData, self.exposed_fields)
# mandatory fields
# TODO check if email is a potential email
err = check_mandatory_fields(dataToSave, "email")
if err:
return make_response(jsonify(err), 422)
if uid and not self.is_allowed(uid):
return self.response("not allowed")
curRawData = self.get_userdata(uid)
dataToSave["uid"] = curRawData.get("uid")
# safety check, should never happen
if not dataToSave["uid"]:
self.response("missing", "uid")
# password handling: keep old one if none given
newPassword = rawNewData.get("password")
if newPassword:
dataToSave["password"] = sha256.hash(newPassword)
else:
dataToSave["password"] = curRawData.get("password")
ret = db.replaceOrInsertUser(args=dict2list(dataToSave)).lower()
if ret == "ok":
return jsonify(
merge_dict(
filter_dict(dataToSave, self.exposed_fields + ["uid"]),
{"msg": "ok"}))
else:
return self.response(*ret.split(":"))
def post(self, id=None):
"""
Create or Update entry
Entry will be replaced, all values must be given
http -F POST :5000/api/v01/stories/a96970f1-fbaa-439c-892a-cec49ea6376d Authorization:"Bearer <jwt>" title=...
"""
rawData = request.json or {}
dataToSave = filter_dict(rawData, self.exposed_fields)
dataToSave["uid"] = get_jwt_identity()
if not id:
now = dt.utcnow()
dataToSave["id"] = str(uuid.uuid4())
dataToSave["created"] = now.strftime(
"%s"
) # add created time of now. Will be updated by media upload
dataToSave["created_human"] = now.strftime('%Y-%m-%d %H:%M:%S')
else:
dataToSave["id"] = id
ret = db.replaceOrInsertStory(args=dict2list(dataToSave)).lower()
del dataToSave["uid"] # do not return user uid
if ret == "ok":
return jsonify(
merge_dict(
dataToSave, {
"msg":
"ok",
"content_url":
ApiStories._get_content_url(dataToSave["id"]),
"detail_url":
ApiStories._get_detail_url(id),
"edit_url":
ApiStories._get_edit_url(id)
}))
else:
# eg "required element:uid,description" -> call as "required element", "uid,description"
return self.response(*ret.split(":"))
def login(self, uid, user=None):
access_token = create_access_token(identity=uid, fresh=True)
refresh_token = create_refresh_token(identity=uid)
user = db.hgetall("z:users:{uid}".format(
uid=uid)) if user == None else user
# store tokens in db for security and logout blacklisting
access_jti = get_jti(encoded_token=access_token)
refresh_jti = get_jti(encoded_token=refresh_token)
db.set("z:tokens:{jti}".format(jti=access_jti), "false",
current_app.config.get("ACCESS_EXPIRES") * 1.2)
db.set("z:tokens:{jti}".format(jti=refresh_jti), "false",
current_app.config.get("REFRESH_EXPIRES") * 1.2)
return jsonify(
merge_dict(
filter_dict(user, self.exposedFields), {
"msg": "ok",
"access_token": access_token,
"refresh_token": refresh_token,
"uid": uid
}))