def register():
if request.method == 'POST':
# Get params
email = request.form.get('email')
password = request.form.get('password')
password_confirm = request.form.get('password_confirm')
first_name = request.form.get('first_name')
last_name = request.form.get('last_name')
# Check password
if password != password_confirm:
flash('Password does not match', 'danger')
return render_template('user/register.html')
# Checks integrity
if User.find_one({'email': email, 'enabled': True}) is None:
# Creates user
user = User(email=email,
first_name=first_name,
last_name=last_name)
user.hash_password(password)
user.create()
# Persists it
db.session.commit()
else:
flash('The email is not available', 'danger')
return render_template('user/register.html')
def delete():
current_user = User.find_one({'id': session.get('user_id')})
current_user.soft_delete()
session.clear()
db.session.commit()
flash('Yout account has been delete', 'info')
return redirect(url_for('home.list_publish_articles'))
def register_user():
# Gets params
email = request.json.get('email')
password = request.json.get('password')
password_confirm = request.json.get('password_confirm')
first_name = request.json.get('first_name')
last_name = request.json.get('last_name')
# Checks password
if password != password_confirm:
abort(409, Response('Passwords do not match'))
# Checks integrity
user_to_check = User.find_one({'email': email, 'enabled': True})
if user_to_check is None:
# Creates user
user = User(email=email, first_name=first_name, last_name=last_name)
user.hash_password(password)
user.create()
# Persists it
db.session.commit()
message = user_schema.dump(user)
code = 200
else:
message = '{} email is not available'.format(email)
code = 409
return message, code
def login():
response = dict()
email = request.json.get('email')
password = request.json.get('password')
user = User.find_one({'email': email, 'enabled': True})
if user.verify_password(password):
# Creates session and persists it in Redis
access_token = create_access_token(user.id)
refresh_token = create_refresh_token(user.id)
access_jti = get_jti(encoded_token=access_token)
refresh_jti = get_jti(encoded_token=refresh_token)
redis.set(access_jti, 'false',
ConfigJWT.JWT_ACCESS_TOKEN_EXPIRES * 1.2)
redis.set(refresh_jti, 'false',
ConfigJWT.JWT_REFRESH_TOKEN_EXPIRES * 1.2)
response['access_token'] = access_token
response['refresh_token'] = refresh_token
response['expires_in'] = datetime.now(
) + ConfigJWT.JWT_ACCESS_TOKEN_EXPIRES
code = 201
else:
response['message'] = 'unauthorized'
code = 401
return response, code
def update_profile():
current_user = User.find_one({'id': get_jwt_identity()})
current_user.email = request.get_json().get('email', current_user.email)
current_user.first_name = request.get_json().get('first_name', current_user.first_name)
current_user.last_name = request.get_json().get('last_name', current_user.last_name)
current_user.update()
return user_schema.dump(current_user), 200
def update_password():
if request.method == 'POST':
if request.form.get("password") == request.form.get("password_confirm"):
current_user = User.find_one({'id': session.get('user_id')})
current_user.hash_password(request.form.get("password"))
current_user.update()
db.session.commit()
flash('Password updated', 'error')
return redirect(url_for('profile.details'))
else:
flash('Password does not match', 'error')
return redirect(url_for('profile.update_password'))
return render_template('profile/edit_password.html')
def delete_profile():
current_user = User.find_one({'id': get_jwt_identity()})
if current_user.verify_password(request.get_json().get('password')):
# TODO: Remove tokens in redis
current_user.soft_delete()
message = 'ok'
code = 200
else:
message = 'password incorrect'
code = 401
return message, code
def update_password():
current_user = User.find_one({'id': get_jwt_identity()})
if request.get_json().get('password') == request.get_json().get('password_confirm'):
current_user.hash_password(request.get_json().get('password'))
current_user.update()
message = 'ok'
code = 200
else:
message = 'password does not match'
code = 409
return message, code
def update_details():
current_user = User.find_one({'id': session.get('user_id')})
if request.method == 'POST':
email = request.form.get("email")
first_name = request.form.get("first_name")
last_name = request.form.get("last_name")
if email == current_user.email or User.is_email_available(email):
current_user.first_name = first_name
current_user.last_name = last_name
current_user.email = email
current_user.update()
session['user_name'] = first_name
db.session.commit()
return redirect(url_for('profile.details'))
else:
flash('Email is not available', 'error')
return render_template('profile/edit.html', current_user=current_user)
def unfollow_product(product_id):
current_user = User.find_one({'id': get_jwt_identity()})
relation = UserToProduct.find_one({
'product_id': product_id,
'user_id': current_user.id
})
if relation is not None:
relation.delete()
db.session.commit()
message = 'ok'
code = 200
else:
message = 'not found'
code = 404
return message, code
def login():
next_url = request.args.get('next') or request.form.get('next')
if request.method == 'POST' and request.form.get(
'email') and request.form.get('password'):
email = request.form.get('email')
password = request.form.get('password')
user = User.find_one({'email': email, 'enabled': True})
if user is not None and user.verify_password(password):
session['logged_in'] = True
session['user_id'] = user.id
session['user_name'] = user.first_name
session.permanent = True # TODO: Use cookie to store session.
# session.set_cookie('user_id', user.id)
session['is_admin'] = user.is_admin()
flash('You are now logged in.', 'success')
return redirect(next_url or url_for('home.list_publish_articles'))
else:
flash('Incorrect email or password.', 'danger')
return render_template('auth/login.html', next_url=next_url)
def follow_product():
current_user = User.find_one({'id': get_jwt_identity()})
url = request.get_json().get('url')
trigger = request.get_json().get('trigger', -1)
# Check product
product = Product.find_one({'url': url})
if product is None:
name, current_price = Product.extract_data(url)
product = Product(name=name, price=current_price, url=url)
product.create()
# Create relationship
current_user.follow_product(product_id=product.id,
difference_trigger=trigger)
db.session.commit()
return product_schema.dump(product), 200
def details():
return render_template('profile/details.html', current_user=User.find_one({'id': session.get('user_id')}))
def restore(user_id):
user = User.find_one({'id': user_id})
user.restore()
db.session.commit()
return 200
def delete(user_id):
user = User.find_one({'id': user_id})
user.soft_delete()
db.session.commit()
return '', 204
def retrieve_profile():
return user_schema.dump(User.find_one({'id': get_jwt_identity()})), 200