def post(self):
args = register_parser.parse_args()
failed_msg = validate_registration(args)
if failed_msg:
return {'message': failed_msg}, 422
new_username = args['username'].lower()
new_email = args['email'].lower()
try:
cursor = mysql.get_db().cursor()
username = username_exists(cursor, new_username)
email = email_exists(cursor, new_email)
except OperationalError as e:
return error_resp(e)
if username or email:
return {
'message':
f'{"username " if username else "email "}'
'already exist'
}, 409
pwd_hash = bcrypt.generate_password_hash(
args['password'].encode('utf-8'))
try:
sql = '''
INSERT INTO user (username, password)
VALUES (%s, %s)
'''
cursor.execute(sql, (new_username, pwd_hash))
new_user_id = cursor.lastrowid
sql = '''
INSERT INTO email (address, user_id)
VALUES (%s, %s)
'''
cursor.execute(sql, (new_email, new_user_id))
new_email_id = cursor.lastrowid
sql = '''
INSERT INTO user_primary_email (user_id, email_id)
VALUES (%s, %s)
'''
cursor.execute(sql, (new_user_id, new_email_id))
mysql.get_db().commit()
except OperationalError as e:
return error_resp(e)
mail_disabled = True # disable mail sending
if not mail_disabled:
email = '*****@*****.**' # temporary recipient
token = generate_email_token(email)
url = request.url_root + f'confirm-email/{token}'
send_confirmation_email(url, email)
return {
'message': f'user {new_username} registered',
'username': new_username,
'email': new_email
}
def delete(self):
user = get_jwt_identity()
if not is_admin(user):
return {'message': 'unauthorized user'}, 401
aid = self.del_parser.parse_args()['id']
self.db = mysql.get_db()
return self.delete_announcement(aid)
def post(self):
user = get_jwt_identity()
if not is_admin(user):
return {'message': 'unauthorized user'}, 401
args = self.ano_parser.parse_args()
title = args['title']
body = args['body']
uid = user['id']
self.db = mysql.get_db()
return self.make_announcement(uid, title, body)
def post(self):
args = login_parser.parse_args()
if len(args['userid']) > 100:
return {
'message':
'username or email should be '
'less than 100 characters'
}, 400
try:
cursor = mysql.get_db().cursor()
sql = '''
SELECT user.id, password, username FROM user JOIN email
ON user.id = email.user_id
WHERE email.address = %s or user.username = %s
'''
cursor.execute(sql, (args['userid'], args['userid']))
result = cursor.fetchone()
except OperationalError as e:
return error_resp(e)
if not result:
return ({'message': 'incorrect userid/password combination'}, 409)
user_id, password, username = result
if bcrypt.check_password_hash(password.decode('utf-8'),
args['password']):
access_token = create_access_token(identity=user_id)
refresh_token = create_refresh_token(identity=user_id)
resp_body = {
'message': f'username {username} '
f'logged in successfully'
}
resp = jsonify(resp_body)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
return ({'message': 'incorrect userid/password combination'}, 409)
def get(self):
current_user = get_jwt_identity()
try:
cursor = mysql.get_db().cursor()
sql = '''
SELECT username, password, address FROM email
JOIN user_primary_email
ON email.user_id = user_primary_email.user_id
JOIN user
ON email.user_id = user.id
WHERE user.id = %s
'''
cursor.execute(sql, (current_user, ))
username, password, address = cursor.fetchone()
sql = '''
SELECT address, confirmed FROM email
WHERE user_id = %s
'''
cursor.execute(sql, (current_user, ))
emails = cursor.fetchall()
except OperationalError as e:
return error_resp(e)
email_list = [{
'email': email,
'confirmed': bool(confirmed)
} for email, confirmed in emails]
return {
'username': username,
'primary_email': address,
'all_email': email_list,
'hashed_password': password.decode('utf-8')
}
def post(self):
args = self.admin_parser.parse_args()
admin = args['admin_user']
password = args['admin_password']
return self.login(mysql.get_db(), admin, password)
def post(self):
args = self.reg_parser.parse_args()
username = args['login']
password = args['password']
return self.register(mysql.get_db(), username, password)
def _get_db_conn(self):
try:
return mysql.get_db()
except OperationalError as e:
print(e)
return abort(500)
def get(self):
self.db = mysql.get_db()
return self.get_announcement()