Exemple #1
0
def me():
    LOGGER.info("called api/1.0/auth/me endpoint ...")
    login = request.args.get('login_token', None)
    if not login:
        abort(400, "login_token should be in url params")

    accounts = app.data.driver.db['persons']
    user = accounts.find_one(
        {"tokens.login": {
            "$elemMatch": {
                "$eq": str(login)
            }
        }})
    if not user:
        error = 'user not loggedin or not registered'
        abort(401, error)
    LOGGER.info("user:{0}".format(user))
    json_user = convert_object_dates_to_string(
        user, ['_id', 'created_date', 'modified_date', 'last_modified_by', ''])
    del_some_keys = delete_some_keys_from_dict(
        json_user, ['password', 'fav_stores', 'fav_coupons'])

    response = jsonify(error='', data=del_some_keys)
    response.status_code = 200
    return response
def email_activation():
    if 'user_id' not in request.json:
        message = "user_id not found in payload"
        abort(400, message)
    if 'token' not in request.json:
        message = "token not found in payload"
        abort(400, message)
    LOGGER.info("payload is:{0}".format(request.json))
    accounts = app.data.driver.db['persons']
    user = accounts.find_one({'_id': ObjectId(str(request.json['user_id']))})
    if not user:
        message = "user not found in database records"
        abort(400, message)
    if user['email_confirmed']:
        message = "email already confirmed."
        abort(400, message)
    user = accounts.find_one({
        '_id': ObjectId(str(request.json['user_id'])),
        "tokens.registration": request.json['token']
    })
    if not user:
        message = "invalid token or user_id."
        abort(400, message)
    LOGGER.info("found user for forgot password:{0}".format(user))
    accounts.update(
        {'_id': ObjectId(str(request.json['user_id']))},
        {"$set": {
            'tokens.registration': "",
            "email_confirmed": True
        }})
    message = "email has been confirmed."
    response = jsonify(error='', data=message)
    response.status_code = 200
    return response
def change_password():
    if 'user_id' not in request.json:
        message = "user_id not found in payload"
        abort(400, message)

    if 'token' not in request.json:
        message = "token not found in payload"
        abort(400, message)

    if 'new_password' not in request.json:
        message = "new_password not found in payload"
        abort(400, message)

    LOGGER.info("payload is:{0}".format(request.json))
    accounts = app.data.driver.db['persons']

    q = {'_id': ObjectId(str(request.json['user_id']))}

    LOGGER.info("find query:{}".format(q))
    user = accounts.find_one(q)

    if user and 'tokens' in user and 'login' in user['tokens'] and user[
            'tokens']['login']:
        if str(user['_id']) != str(request.json['user_id']):
            message = "something went wrong, please login and logout"
            abort(400, message)
    else:
        q.update({"tokens.forgot_password": request.json['token']})
    user = accounts.find_one(q)

    if not user:
        message = "invalid token or user_id."
        abort(400, message)

    LOGGER.info("found user for forgot password:{0}".format(user))
    payload = {
        'password': {
            'password':
            str(generate_password_hash(request.json['new_password'])),
            'password_raw': str(request.json['new_password']),
            'last_password_updated_date': datetime.now()
        }
    }
    accounts.update({'_id': ObjectId(str(user['_id']))},
                    {'$set': {
                        'tokens.forgot_password': ""
                    }})
    accounts.update({'_id': ObjectId(str(user['_id']))}, {'$set': payload})
    response = jsonify(error='',
                       data={
                           "new_password": request.json['new_password'],
                           "message": "password has been changed."
                       })
    response.status_code = 200
    return response
Exemple #4
0
def forgotpassword():
    try:
        if 'email' not in request.json:
            raise ReturnException(message="email not found in payload",
                                  status_code=400)
        LOGGER.info("payload email is:{0}".format(request.json['email']))
        accounts = app.data.driver.db['persons']
        user = accounts.find_one({'email': request.json['email']})
        if not user:
            raise ReturnException(message="email not found in database.",
                                  status_code=400,
                                  payload=request.json)
        LOGGER.info("found user for forgot password:{0}".format(user))
        token = str(uuid.uuid4())
        if user['tokens']['forgot_password']:
            token = str(user['tokens']['forgot_password'])
        LOGGER.info(
            "updating forgot password token:{0} for user id:{1}".format(
                token, user['_id']))
        accounts.update({'_id': ObjectId(str(user['_id']))},
                        {'$set': {
                            'tokens.forgot_password': token
                        }})
        # forgot password email code.
        if send_dl_emails(
                title=CONFIG_DATA['FORGOT_PASSWORD_TITLE'],
                recipients=[request.json['email']],
                sender=CONFIG_DATA['FAB_SUPPORT_TEAM'],
                user_id=str(user['_id']),
                email=user['email'],
                first_name=user['first_name'],
                last_name=user['last_name'],
                token=token,
                server_url=SERVER_URL,
                template=CONFIG_DATA['FORGOT_PASSWORD_EMAIL_TEMPLATE']):
            response = jsonify(error='',
                               data={
                                   "token": token,
                                   "user_id": str(user['_id'])
                               })
            response.status_code = 200
            return response
        else:
            accounts.update({'_id': ObjectId(str(user['_id']))},
                            {'$set': {
                                'tokens.forgot_password': ""
                            }})
            abort(500,
                  "failed to send forgot password email, please try again...")

    except Exception as e:
        LOGGER.error(str(e))
        abort(401, str(e))
def signup():
    items = request.json
    if not isinstance(items, list):
        abort(400, 'payload should be list')
    for payload in items:

        LOGGER.info("signup payload request:{0}".format(payload))
        if 'password' not in payload:
            message = '{0} field not found in input payload'.format(
                'password', payload)
            abort(400, message)
        if 'admin_creation_token' in payload:
            admin_creation_token = payload['admin_creation_token']
            del payload['admin_creation_token']
        else:
            admin_creation_token = None

        payload['password'] = {
            'password': str(generate_password_hash(payload['password'])),
            'password_raw': str(payload['password']),
            'last_password_updated_date': datetime.now()
        }
        payload['tokens'] = {
            'registration': '',
            'login': '',
            'forgot_password': ''
        }
        payload['created_date'] = datetime.now()
        payload['email_confirmed'] = False

        if admin_creation_token and admin_creation_token == PASSWORD_CRYPTION_TOKEN:
            payload['email_confirmed'] = True

        payload['pictures'] = {'thumbnail': '', 'large': '', 'medium': ''}
        payload['modified_date'] = datetime.now()
        payload['status'] = 'active'
        # check logged user can assign role or not otherwise default role will be 'user'
        can_assign = False
        if 'user_level' in payload and 'loggin_token' in payload:
            user = accounts.find_one(
                {"tokens.login": str(payload['login_token'])})
            if user and user['user_level'] in CONFIG_DATA['CREATE_USER_ROLES']:
                can_assign = True
        if not can_assign:
            payload['user_level'] = "user"

        if admin_creation_token and admin_creation_token == PASSWORD_CRYPTION_TOKEN:
            payload['user_level'] = "admin"

        validation = Validations('persons')
        violations = validation.validate_schema(payload, ['default', 'unique'])
        if violations:
            abort(400, str(violations))
        accounts = app.data.driver.db['persons']
        user = accounts.find_one({'email': payload['email']})
        if user:
            abort(400, "email:{0} already exists.".format(user['email']))
        user = accounts.find_one({'mobile_number': payload['mobile_number']})
        if user:
            abort(
                400, "mobile_number:{0} already exists.".format(
                    user['mobile_number']))
        try:
            user_id = str(accounts.insert(payload))
            LOGGER.info("user successfully created:{0}".format(user_id))
            #####################################################################
            # if user creation failed, don't send email and remove created user
            #####################################################################
            if admin_creation_token and admin_creation_token == PASSWORD_CRYPTION_TOKEN:
                if send_admin_emails(
                        title=CONFIG_DATA['ADMIN_CREATION_TITLE'],
                        recipients=[payload['email']],
                        sender=CONFIG_DATA['FAB_SUPPORT_TEAM'],
                        user_id=user_id,
                        email=payload['email'],
                        first_name=payload['first_name'],
                        template=CONFIG_DATA['ADMIN_CREATION_EMAIL_TEMPLATE']):
                    payload['mail_sent'] = True
                    payload['main_sent_error'] = ''
                    payload['is_created'] = True
                    payload['_id'] = str(user_id)
                else:
                    accounts.remove({'_id': ObjectId(user_id)})
                    payload['mail_sent'] = False
                    payload['is_created'] = False
                    payload[
                        'main_sent_error'] = "failed to send registration email, please try again..."
            else:
                ################################################
                # normal user signup not admin
                ################################################
                registration_token = str(uuid.uuid4())
                LOGGER.info(
                    "updating registration token:{0} for user id:{1}".format(
                        registration_token, user_id))
                accounts.update(
                    {'_id': ObjectId(user_id)},
                    {'$set': {
                        'tokens.registration': registration_token
                    }})
                # registration email code.
                if send_dl_emails(
                        title=CONFIG_DATA['REGISTRATION_TITLE'],
                        recipients=[payload['email']],
                        sender=CONFIG_DATA['FAB_SUPPORT_TEAM'],
                        user_id=str(user_id),
                        email=payload['email'],
                        first_name=payload['first_name'],
                        token=registration_token,
                        server_url=SERVER_URL,
                        template=CONFIG_DATA['REGISTRATION_EMAIL_TEMPLATE']):
                    payload['mail_sent'] = True
                    payload['main_sent_error'] = ''
                    payload['is_created'] = True
                    payload['_id'] = str(user_id)
                else:
                    accounts.remove({'_id': ObjectId(user_id)})
                    payload['mail_sent'] = False
                    payload['is_created'] = False
                    payload[
                        'main_sent_error'] = "failed to send registration email, please try again..."
            payload['error'] = ''
            print(payload, '********************')
        except Exception as e:
            accounts.remove({'_id': ObjectId(user_id)})
            LOGGER.error("got exception in signup:{0}".format(e))
            payload['is_created'] = False
            payload['error'] = str(e)
    response = jsonify(errors=[], data=items)
    response.status_code = 201
    return response
def API():
    LOGGER.info("called api/1.0")
    data = {"name": "digital-library-api", "version": "1.0"}
    response = jsonify(data=data)
    response.status_code = 200
    return response
Exemple #7
0
def fallback(dummy):
    LOGGER.info("called dummy end point:{}".format(dummy))
    if dummy == 'admin':
        return app.send_static_file('public/admin/index.html')
    return app.send_static_file('public/customer/index.html')
Exemple #8
0
def admin_fallback(dummy):
    LOGGER.info("called Admin dummy end point:{}".format(dummy))
    return app.send_static_file('public/admin/index.html')
Exemple #9
0
def admin_index():
    LOGGER.info("called ADMIN panel index point")
    return app.send_static_file('public/admin/index.html')
Exemple #10
0
def customer_index():
    LOGGER.info("called Customer panel index point")
    return app.send_static_file('public/customer/index.html')