def logout():
if request.method == "DELETE":
empty = make_response({})
empty.set_cookie('authorization', '')
return empty, 204
elif request.method == 'GET':
auth_token = request.cookies.get('authorization')
if auth_token:
_log.debug(auth_token)
_log.debug(User)
_log.debug(User.decode_auth_token(auth_token))
return jsonify(
db.get_user_by_id(User.decode_auth_token(auth_token))), 200
else:
return {}, 401
def login(username):
'''handles requests to login and sets the cookies'''
_log.debug("%s is logging in", username)
if request.method == "POST":
_log.debug(request.get_json())
_log.debug(request.path)
password = request.get_json()["password"]
user = db.login(username, password)
if user:
# Generate our token
user_dict = user.to_dict()
auth_token = user.encode_auth_token()
response = make_response(jsonify(user_dict))
response.set_cookie('authorization', auth_token.decode())
return response, 200
return {}, 400
if request.method == "DELETE":
_log.debug("Deleting user: %s", username)
user = db.get_user_by_username(username)
if user:
auth_token = request.cookies.get("authorization")
sender = db.get_user_by_id(User.decode_auth_token(auth_token))
if sender and (sender.usertype == "admin"
or sender.usertype == "moderator"):
db.delete_user_by_id(user._id)
return "User Deleted", 200
return "Only an Admin or Moderator can delete a user", 401
return {}, 400
else:
return {}, 501
def update_usertype(username):
if request.method == "POST":
_log.debug("Updating user:%s usertype", username)
user = db.get_user_by_username(username)
if user:
auth_token = request.cookies.get("authorization")
sender = db.get_user_by_id(User.decode_auth_token(auth_token))
_log.debug(user._id)
_log.debug(request.get_json())
#sender = db.get_user_by_username("admin")
if sender and (sender.usertype == "admin"
or sender.usertype == "moderator"):
db.update_usertype(user._id, request.get_json()["usertype"])
return "Usertype updated", 200
return "Only an Admin can edit usertype", 401
return {}, 400
return {}, 501