def api_token_redeem(): try: auth_token = request.form["auth_token"] token_code = request.form["token_code"] except KeyError as e: raise APIMissingField(e.args[0]) caller = get_user_from_token(auth_token) conn = engine.connect() query = sql.select([Token]).where(Token.code == token_code).limit(1) res = conn.execute(query) try: token = res.fetchall()[0] except IndexError: raise APIInvalidField("token_code", 200) query1 = sql.update(Token).where(Token.id == token.id).values({ Token.redeemed: True, Token.redeemer: caller.id }) query2 = sql.update(User).where(User.id == caller.id).values({ User.credits: caller.credits + token.value }) res1 = conn.execute(query1) res2 = conn.execute(query2) if res1.inserted_primary_key and res2.inserted_primary_key: return make_response(jsonify({ "status": "success", "message": "Token successfully redeemed", "new_balance": caller.credits + token.value }))
def api_user_create(): try: auth_token = request.form["auth_token"] user_first_name = request.form["user_first_name"] user_last_name = request.form["user_last_name"] user_other_names = request.form["user_other_names"] or None user_email = request.form["user_email"] or None user_username = request.form["user_first_name"] user_password = request.form["user_password"] or gen_password(8) user_rank = request.form["rank"] if "" in (user_first_name, user_last_name, user_username, user_password, user_rank): raise KeyError except KeyError as e: raise APIMissingField(e.args[0]) caller = get_user_from_token(auth_token) if caller.rank != "admin": return make_response( jsonify({ "status": "failed", "message": "You do not have a high enough rank to create users." })) conn = engine.connect() query = sql.insert( User, { User.first_name: user_first_name, User.last_name: user_last_name, User.other_names: user_other_names, User.email: user_email, User.username: user_username, User.pass_hash: crypt_hash(user_password), User.rank: user_rank }) res = conn.execute(query) if res.inserted_primary_key: return make_response( jsonify({ "status": "success", "message": "User created", "user_id": res.inserted_primary_key })) else: return make_response( jsonify({ "status": "failed", "message": "Unknown error" }))
def api_user_create(): try: auth_token = request.form["auth_token"] user_first_name = request.form["user_first_name"] user_last_name = request.form["user_last_name"] user_other_names = request.form["user_other_names"] or None user_email = request.form["user_email"] or None user_username = request.form["user_first_name"] user_password = request.form["user_password"] or gen_password(8) user_rank = request.form["rank"] if "" in (user_first_name, user_last_name, user_username, user_password, user_rank): raise KeyError except KeyError as e: raise APIMissingField(e.args[0]) caller = get_user_from_token(auth_token) if caller.rank != "admin": return make_response(jsonify({ "status": "failed", "message": "You do not have a high enough rank to create users." })) conn = engine.connect() query = sql.insert(User, { User.first_name: user_first_name, User.last_name: user_last_name, User.other_names: user_other_names, User.email: user_email, User.username: user_username, User.pass_hash: crypt_hash(user_password), User.rank: user_rank }) res = conn.execute(query) if res.inserted_primary_key: return make_response(jsonify({ "status": "success", "message": "User created", "user_id": res.inserted_primary_key })) else: return make_response(jsonify({ "status": "failed", "message": "Unknown error" }))
def api_user_login_test(): try: token = request.form["auth_token"] except KeyError as e: raise APIMissingField(e.args[0]) try: user = get_user_from_token(token) return make_response(jsonify({ "status": "success", "message": "auth_token is valid. Logged in as %s." % " ".join((user.first_name, user.last_name)) }), 200) except AuthTokenInvalid: return make_response(jsonify({ "status": "failed", "message": "auth_token is invalid" }), 200)
def get_user(user_id=None, required=True): if user_id is None: auth_token = request.cookies.get("auth_token") if auth_token is None: if required: raise RequiresLogin() else: return None try: caller = get_user_from_token(auth_token) except AuthTokenInvalid: if required: raise RequiresLogin() else: return None return caller else: return get_user_from_id(user_id)
def api_user_login_test(): try: token = request.form["auth_token"] except KeyError as e: raise APIMissingField(e.args[0]) try: user = get_user_from_token(token) return make_response( jsonify({ "status": "success", "message": "auth_token is valid. Logged in as %s." % " ".join( (user.first_name, user.last_name)) }), 200) except AuthTokenInvalid: return make_response( jsonify({ "status": "failed", "message": "auth_token is invalid" }), 200)
def api_token_redeem(): try: auth_token = request.form["auth_token"] token_code = request.form["token_code"] except KeyError as e: raise APIMissingField(e.args[0]) caller = get_user_from_token(auth_token) conn = engine.connect() query = sql.select([Token]).where(Token.code == token_code).limit(1) res = conn.execute(query) try: token = res.fetchall()[0] except IndexError: raise APIInvalidField("token_code", 200) query1 = sql.update(Token).where(Token.id == token.id).values({ Token.redeemed: True, Token.redeemer: caller.id }) query2 = sql.update(User).where(User.id == caller.id).values( {User.credits: caller.credits + token.value}) res1 = conn.execute(query1) res2 = conn.execute(query2) if res1.inserted_primary_key and res2.inserted_primary_key: return make_response( jsonify({ "status": "success", "message": "Token successfully redeemed", "new_balance": caller.credits + token.value }))
def api_token_add(): try: auth_token = request.form["auth_token"] token_value = request.form["token_value"] except KeyError as e: raise APIMissingField(e.args[0]) try: token_code = request.form["token_code"] except KeyError as e: token_code = None try: token_number = request.form["token_number"] except KeyError as e: token_number = 1 caller = get_user_from_token(auth_token) token_number = min(100, int(token_number)) if token_number == 0: raise APIInvalidField("token_number") if caller.rank != "admin": if caller.credits < token_value * token_number: raise APIInvalidUsage( "Not enough credits") # TODO: add better error tokens = [] if token_number == 1 and token_code: if re.match("[^A-Z0-9]", token_code) or len(token_code) != 10: token_code = gen_password(10) tokens.append({ "code": token_code, "value": token_value, "creator": caller.id, "redeemed": False }) else: for token in range(token_number): tokens.append({ "code": gen_password(10), "value": token_value, "creator": caller.id, "redeemed": False }) pprint(tokens) conn = engine.connect() query1 = sql.insert(Token, tokens) res = conn.execute(query1) if res.inserted_primary_key: if caller.rank != "admin": query = sql.update(User).where(User.id == caller.id).values( {User.credits: caller.credits - token_number * token_code}) res = conn.execute(query) return make_response( jsonify({ "status": "success", "message": "%s codes have been generated with a value of %s credits." % (str(token_number), str(token_value)), "tokens": list({ "code": x["code"], "value": x["value"] } for x in tokens) }))
def api_token_add(): try: auth_token = request.form["auth_token"] token_value = request.form["token_value"] except KeyError as e: raise APIMissingField(e.args[0]) try: token_code = request.form["token_code"] except KeyError as e: token_code = None try: token_number = request.form["token_number"] except KeyError as e: token_number = 1 caller = get_user_from_token(auth_token) token_number = min(100, int(token_number)) if token_number == 0: raise APIInvalidField("token_number") if caller.rank != "admin": if caller.credits < token_value * token_number: raise APIInvalidUsage("Not enough credits") # TODO: add better error tokens = [] if token_number == 1 and token_code: if re.match("[^A-Z0-9]", token_code) or len(token_code) != 10: token_code = gen_password(10) tokens.append({ "code": token_code, "value": token_value, "creator": caller.id, "redeemed": False }) else: for token in range(token_number): tokens.append({ "code": gen_password(10), "value": token_value, "creator": caller.id, "redeemed": False }) pprint(tokens) conn = engine.connect() query1 = sql.insert(Token, tokens) res = conn.execute(query1) if res.inserted_primary_key: if caller.rank != "admin": query = sql.update(User).where(User.id == caller.id).values({ User.credits: caller.credits - token_number*token_code }) res = conn.execute(query) return make_response(jsonify({ "status": "success", "message": "%s codes have been generated with a value of %s credits." % ( str(token_number), str(token_value) ), "tokens": list({"code": x["code"], "value": x["value"]} for x in tokens) }))