def get(self): claims = get_jwt_claims() if not claims['is_admin']: return {'message': 'User not authorized to view'} try: data = request.args role_id = data.get("role_id") role_desc = data.get("role_desc") role_name = data.get("role_name") if role_id: roles = UserRoleModel.find_by_role_id(role_id) elif role_name: roles = UserRoleModel.find_by_role_name(role_name) elif role_desc: roles = UserRoleModel.find_by_role_desc(role_desc) else: roles = UserRoleModel.find_all() except: roles = UserRoleModel.find_all() finally: if len(roles) > 0: resp = [] for role in roles: resp.append(role.json()) return resp, 200 return {'message': 'Role not found'}, 404
def json(self): return {"email": self.email, # "status": self.status, \ "first_name": self.first_name, "last_name": self.last_name, \ "gender": self.gender, "mobile": self.mobile, \ "organization_id": self.organization_id, "organization_name": OrganizationModel.find_by_organization_id( self.organization_id).organization_name if OrganizationModel.find_by_organization_id( self.organization_id) else None, "user_role_id": self.user_role_id, "user_role_name": UserRoleModel.find_by_role_id(self.user_role_id).role_name if UserRoleModel.find_by_role_id(self.user_role_id) else None, \ "image": self.image, "type": self.type, \ "authtoken": self.authtoken, "teacher_code": self.teacher_code, \ "bloodgroup": self.bloodgroup}
def fetch_user_role_org(user: UserModel): try: user_role = UserRoleModel.find_by_role_id(user.user_role_id).role_name user_organization = \ OrganizationModel.find_by_organization_id(user.organization_id).organization_name except: user_role = None user_organization = None finally: return {'user_role': user_role, 'user_organization': user_organization}
def post(self): '''Log in user''' try: # Get User-agent and ip address my_ip = request.environ.get('HTTP_X_FORWARDED_FOR') if my_ip is None: ip = request.environ['REMOTE_ADDR'] else: ip = request.environ['HTTP_X_FORWARDED_FOR'] if ip is None or str(ip) == '127.0.0.1'or str(ip) == '172.17.0.1': return{'message': 'This request has been rejected. Please use a recognised device'}, 403 # Compute operating system and location device_operating_system = generate_device_data() if 'error' in device_operating_system.keys(): return {'message': device_operating_system['error']}, 403 device_os = device_operating_system['device_os'] data = api.payload if not data: return {'message': 'No input data detected'}, 400 email = data['email'] this_user = UserModel.fetch_by_email(email) if this_user: if check_password_hash(this_user.password, data['password']): # current_user = user_schema.dump(this_user) # This line would be used if we were outputing the user user_id = this_user.id # fetch User role user_role = UserRoleModel.fetch_by_user_id(user_id) # UserPrivilege.get_privileges(user_id = user_id, role= user_role.role) # privileges = UserPrivilege.privileges privileges = user_role.role.role # Create access token expiry_time = timedelta(minutes=30) my_identity = {'id':this_user.id, 'privileges':privileges} access_token = create_access_token(identity=my_identity, expires_delta=expiry_time, fresh=True) refresh_token = create_refresh_token(my_identity) # Save session info to db new_session_record = SessionModel(user_ip_address=ip, device_operating_system=device_os, user_id=user_id) new_session_record.insert_record() return { 'access_token': access_token, "refresh_token": refresh_token}, 200 if not this_user or not check_password_hash(this_user.password, data['password']): return {'message': 'Could not log in, please check your credentials'}, 400 except Exception as e: print('========================================') print('error description: ', e) print('========================================') return {'message': 'Could not log in user.'}, 500
def delete(self): claims = get_jwt_claims() if not claims['is_super_admin']: return {'message': 'Super Admin privilege required.'}, 412 data = _user_role_parser.parse_args() try: role_name = data["role_name"] except Exception as e: return {"message": f"Role name missing."} user_role = UserRoleModel.find_by_role_name(role_name)[0] if user_role: user_role.delete_from_db() return {'message': 'Role name deleted.'}, 200 return {'message': 'Role name not found.'}, 404
def set_attribute(self, payload): cols = [ 'status', 'first_name', 'last_name', 'gender', 'password', 'mobile', 'designation', 'image', 'type', 'authtoken', 'teacher_code', 'bloodgroup', 'user_role_id', 'organization_id' ] for col in cols: if col in payload.keys(): setattr(self, col, payload[col]) if payload.get('user_role_name'): user_role = UserRoleModel.find_by_role_name( payload['user_role_name']) self.user_role_id = user_role.id if payload.get('organization_name'): organization = OrganizationModel.find_by_organization_name( payload['organization_name']) self.organization_id = organization.id if 'password' in payload.keys(): self.password = md5(str( payload['password']).encode('UTF-8')).hexdigest()
def put(self): claims = get_jwt_claims() if not claims['is_super_admin']: return {'message': 'Super Admin privilege required.'}, 412 data = _user_role_parser.parse_args() for key in data.keys(): if str(data[key]).lower() in ('none', 'null', ''): data[key] = None try: role_name = data["role_name"] except Exception as e: return {"message": f"Role name required. {repr(e)}"} user_role = UserRoleModel.find_by_role_name(role_name)[0] if user_role: user_role.set_attribute(data) else: user_role = UserRoleModel(**data) user_role.save_to_db() return user_role.json(), 201
def post(self): claims = get_jwt_claims() if not claims['is_super_admin']: return {'message': 'Super Admin privilege required.'}, 412 data = _user_role_parser.parse_args() try: role_name = data["role_name"] except Exception as e: return {'message': f"Role name missing. {repr(e)}"} if UserRoleModel.find_by_role_name(role_name): return {'message': f"Role name already exists."}, 400 user_role = UserRoleModel(**data) try: user_role.save_to_db() except Exception as e: return { "message": f"An error occurred inserting the role. Error: {repr(e)}" }, 500 return user_role.json(), 201
def post(self): '''Register User''' try: # Get User-agent and ip address my_ip = request.environ.get('HTTP_X_FORWARDED_FOR') if my_ip is None: ip = request.environ['REMOTE_ADDR'] else: ip = request.environ['HTTP_X_FORWARDED_FOR'] if ip is None or str(ip) == '127.0.0.1' or str(ip) == '172.17.0.1': return { 'message': 'This request has been rejected. Please use a recognised device' }, 403 # Compute operating system device_operating_system = generate_device_data() if 'error' in device_operating_system.keys(): return {'message': device_operating_system['error']}, 403 device_os = device_operating_system['device_os'] data = api.payload if not data: return {'message': 'No input data detected'}, 400 email = data['email'].lower() user = UserModel.fetch_by_email(email) if user: return { 'message': 'Falied... A user with this email already exists' }, 400 phone = data['phone'] user = UserModel.fetch_by_phone(phone) if user: return { 'message': 'Falied... A user with this phone number already exists' }, 400 full_name = data['full_name'].lower() hashed_password = generate_password_hash(data['password'], method='sha256') # Save user to db new_user = UserModel(full_name=full_name, phone=phone, email=email, password=hashed_password) new_user.insert_record() # user = user_schema.dump(data) # This line would be used if we were outputing the user this_user = UserModel.fetch_by_email(email) UserPrivilege.generate_user_role(user_id=this_user.id) user_id = UserPrivilege.user_id role = UserPrivilege.role # Ensure all roles are saved to the db before registering the role to user db_roles = UserRoleModel.fetch_all() all_privileges = UserPrivilege.all_privileges if len(db_roles) == 0: for key, value in all_privileges.items(): new_role = RoleModel(role=value) new_role.insert_record() # Link role to user new_user_role = UserRoleModel(user_id=user_id, role_id=role) new_user_role.insert_record() # Create access token privileges = UserPrivilege.privileges # privileges = user_role.role.role expiry_time = timedelta(minutes=30) # hours=1 my_identity = {'id': this_user.id, 'privileges': privileges} access_token = create_access_token(identity=my_identity, expires_delta=expiry_time, fresh=True) refresh_token = create_refresh_token(my_identity) # Save session info to db new_session_record = SessionModel( user_ip_address=ip, device_operating_system=device_os, user_id=user_id) new_session_record.insert_record() return { 'access token': access_token, "refresh_token": refresh_token }, 201 except Exception as e: print('========================================') print('error description: ', e) print('========================================') return {'message': 'Could not register user.'}, 500
def put(self, reset_token: str): '''Reset User Password''' # Get User-agent and ip address try: my_ip = request.environ.get('HTTP_X_FORWARDED_FOR') if my_ip is None: ip = request.environ['REMOTE_ADDR'] else: ip = request.environ['HTTP_X_FORWARDED_FOR'] if ip is None or str(ip) == '127.0.0.1' or str(ip) == '172.17.0.1': return { 'message': 'This request has been rejected. Please use a recognised device' }, 403 # Compute operating system device_operating_system = generate_device_data() if 'error' in device_operating_system.keys(): return {'message': device_operating_system['error']}, 403 device_os = device_operating_system['device_os'] received_reset_token = reset_token TokenGenerator.decode_token(received_reset_token) token = TokenGenerator.token # Check for an existing reset_token with is_expired status as False reset_code_record = PasswordResetModel.fetch_by_reset_code( reset_code=token) if not reset_code_record: return {'message': 'This reset token does not exist'}, 404 if reset_code_record.is_expired == True: user_id = reset_code_record.user_id is_expired = True user_records = PasswordResetModel.fetch_by_user_id(user_id) record_ids = [] for record in user_records: record_ids.append(record.id) for record_id in record_ids: PasswordResetModel.expire_token(id=record_id, is_expired=is_expired) return { 'message': 'Password reset token has already been used. Please request a new password reset.' }, 403 user_id = reset_code_record.user_id is_expired = True user_records = PasswordResetModel.fetch_by_user_id(user_id) record_ids = [] for record in user_records: record_ids.append(record.id) for record_id in record_ids: PasswordResetModel.expire_token(id=record_id, is_expired=is_expired) data = api.payload if not data: return {'message': 'No input data detected'}, 400 password = data['password'] hashed_password = generate_password_hash(data['password'], method='sha256') UserModel.update_password(id=user_id, password=hashed_password) this_user = UserModel.fetch_by_id(id=user_id) # user = user_schema.dump(this_user) # This line would be used if we were outputing the user user_id = this_user.id # fetch User role user_role = UserRoleModel.fetch_by_user_id(user_id) privileges = user_role.role.role # Create access token expiry_time = timedelta(minutes=30) my_identity = {'id': this_user.id, 'privileges': privileges} access_token = create_access_token(identity=my_identity, expires_delta=expiry_time, fresh=True) refresh_token = create_refresh_token(my_identity) # Save session info to db new_session_record = SessionModel( user_ip_address=ip, device_operating_system=device_os, user_id=user_id) new_session_record.insert_record() # Record this event in user's logs log_method = 'put' log_description = 'Password reset' auth_token = {"Authorization": "Bearer %s" % access_token} record_user_log(auth_token, log_method, log_description) return { 'access_token': access_token, "refresh_token": refresh_token }, 200 except Exception as e: print('========================================') print('error description: ', e) print('========================================') return {'message': 'Could not reset password.'}, 500
def find_by_any(cls, **kwargs): cols = [ 'id', 'email', 'status', 'first_name', 'last_name', 'gender', 'mobile', 'designation', 'type', 'teacher_code', 'bloodgroup', 'organization_id', 'user_role_id', 'organization_name', 'user_role_name' ] filter_str = 'cls.query' if 'id' in kwargs.keys(): filter_str = filter_str + '.filter_by(_id="' + str( kwargs['id']) + '")' if 'email' in kwargs.keys(): filter_str = filter_str + '.filter_by(email="' + str( kwargs['email']) + '")' if 'status' in kwargs.keys(): filter_str = filter_str + '.filter_by(status="' + str( kwargs['status']) + '")' if 'first_name' in kwargs.keys(): filter_str = filter_str + '.filter_by(first_name="' + str( kwargs['first_name']) + '")' if 'last_name' in kwargs.keys(): filter_str = filter_str + '.filter_by(last_name="' + str( kwargs['last_name']) + '")' if 'gender' in kwargs.keys(): filter_str = filter_str + '.filter_by(gender="' + str( kwargs['gender']) + '")' if 'mobile' in kwargs.keys(): filter_str = filter_str + '.filter_by(mobile="' + str( kwargs['mobile']) + '")' if 'designation' in kwargs.keys(): filter_str = filter_str + '.filter_by(designation="' + str( kwargs['designation']) + '")' if 'type' in kwargs.keys(): filter_str = filter_str + '.filter_by(type="' + str( kwargs['type']) + '")' if 'teacher_code' in kwargs.keys(): filter_str = filter_str + '.filter_by(teacher_code="' + str( kwargs['teacher_code']) + '")' if 'bloodgroup' in kwargs.keys(): filter_str = filter_str + '.filter_by(bloodgroup="' + str( kwargs['bloodgroup']) + '")' if 'organization_id' in kwargs.keys(): filter_str = filter_str + '.filter_by(organization_id="' + str( kwargs['organization_id']) + '")' if 'user_role_id' in kwargs.keys(): filter_str = filter_str + '.filter_by(user_role_id="' + str( kwargs['user_role_id']) + '")' if 'user_role_name' in kwargs.keys(): user_role = UserRoleModel.find_by_role_name( kwargs['user_role_name']) if user_role: user_role_id = user_role[0].id filter_str = filter_str + '.filter_by(user_role_id="' + str( user_role_id) + '")' if 'organization_name' in kwargs.keys(): organization = OrganizationModel.find_by_organization_name( kwargs['organization_name']) if organization: organization_id = organization[0].id filter_str = filter_str + '.filter_by(organization_id="'\ + str(organization_id) + '")' filter_str = filter_str + '.all()' return eval(filter_str)