def register():
"""Register Form"""
logger.info(str(request))
try:
username = request.form['username']
password = hashlib.md5(request.form['password'].encode()).hexdigest()
email = request.form['email']
if not check_mail(email):
return jsonify(result='Registration failed: Not valid email'), 400
data = User.query.filter_by(username=username).first()
if data and data.deleted:
data.password = hashlib.md5(password.encode()).hexdigest()
data.email = email
data.deleted = False
new_action = Registry(username=username, action='Re-Register')
else:
new_user = User(username=username, password=password, email=email)
new_action = Registry(username=username, action='Register')
db.session.add(new_user)
db.session.add(new_action)
db.session.commit()
admin_confirmation(username, email)
return jsonify(result='User registered. Keep an eye with your email for knowing when your account is activated')
except Exception as e:
if str(type(e)).find('IntegrityError') > 0:
e = 'User already exists'
return jsonify(result=('Registration failed: ' + str(e))), 400
def validate_token(token, request):
try:
if not token:
return 'Login or set a Token access is required'
metadata = ast.literal_eval(jwt.JWT(key=key, jwt=token).claims)
now = datetime.now()
if metadata.get('timeout') >= datetime.timestamp(now):
data = User.query.filter_by(username=metadata.get('username'), password=metadata.get('password')).first()
else:
return 'Token expired'
if data is not None:
if not isinstance(request, str) and request.data:
new_action = Registry(username=metadata.get('username'),
action=str(request.method + ' ' + request.path),
data=str(request.get_json()))
else:
new_action = Registry(username=metadata.get('username'),
action=str(request.method + ' ' + request.path))
db.session.add(new_action)
db.session.commit()
pass
else:
raise Exception()
except:
return 'No valid Token given'
def validate_user_manually(data):
logger.info(str(request))
logger.info("Validating user")
try:
admin_auth(validate_user)
user = data
action = "create"
email = User.query.filter_by(username=user).first().email
logger.info(
"The user {}, with mail {} is going to be validated".format(
str(data), email))
data = User.query.filter_by(username=user).first()
data.active = True
data.deleted = False
new_action = Registry(username=data.username, action='Activated')
db.session.add(new_action)
db.session.commit()
logger.info("The user {}, with mail {} is validated".format(
str(data), email))
notify_user(email, action)
logger.info("A notification email is send to {}".format(email))
return jsonify(result='Changes applied')
except Exception as e:
return jsonify(result=('Validation process interrupted: ' +
str(e))), 400
def validate_user(data):
logger.info(str(request))
try:
metadata = ast.literal_eval(jwt.JWT(key=key, jwt=data).claims)
user = metadata['username']
action = metadata['action']
email = User.query.filter_by(username=user).first().email
if action == 'delete':
Registry.query.filter_by(username=user).delete()
User.query.filter_by(username=user).delete()
else:
data = User.query.filter_by(username=user).first()
data.active = True
data.deleted = False
new_action = Registry(username=data.username, action='Activated')
db.session.add(new_action)
db.session.commit()
notify_user(email, action)
return jsonify(result='Changes applied')
except Exception as e:
return jsonify(result=('Validation process interrupted: ' +
str(e))), 400
def change_password():
"""change_Password Form"""
logger.info(str(request))
try:
data = None
if request.authorization:
name = request.authorization.username
passw = hashlib.md5(
request.authorization.password.encode()).hexdigest()
new_password = hashlib.md5(
request.form['password'].encode()).hexdigest()
data = User.query.filter_by(username=name, password=passw).first()
if data is not None and data.active:
data.password = new_password
new_action = Registry(username=request.authorization.username,
action='ChangePassword')
db.session.add(new_action)
db.session.commit()
return jsonify(result='New password for ' + name)
else:
return jsonify(
result='No user registered/active with that user/password'
), 400
except Exception as e:
return jsonify(result=('Change password failed: ' + str(e))), 400
def recover_password():
"""change_Password Form"""
logger.info(str(request))
email = request.form['email']
if not check_mail(email):
return jsonify(result='Not valid email'), 400
new_password = randomPassword()
try:
data = User.query.filter_by(email=email).first()
if data is not None and data.active:
with app.app_context():
data.password = hashlib.md5(new_password.encode()).hexdigest()
new_action = Registry(username=data.username, action='recoverPassword')
db.session.add(new_action)
db.session.commit()
msg = Message(subject='Password changed',
sender=app.config.get('MAIL_USERNAME'),
recipients=[email], # replace with your email for testing
html=render_template('recover.html',
user=data.username, password=new_password))
mail.send(msg)
return jsonify(result='New password for ' + email + ' Look your email for getting it.')
else:
return jsonify(result='No user registered/active with that user/password'), 400
except Exception as e:
return jsonify(result=('Change password failed: ' + str(e))), 400
def logic(token):
try:
session['token'] = token
new_action = Registry(username=request.authorization.username, action='LogIn')
db.session.add(new_action)
db.session.commit()
return jsonify(result='Logged')
except Exception as e:
return jsonify(result=('Login fails: ' + str(e))), 401
def logic(token):
try:
new_action = Registry(username=request.authorization.username, action='GetToken')
db.session.add(new_action)
db.session.commit()
return jsonify(result=token), 200
except Exception as e:
return jsonify(result=('Login fails: ' + str(e))), 400
def delete_account():
"""change_Password Form"""
logger.info(str(request))
try:
data = None
if request.authorization:
name = request.authorization.username
passw = hashlib.md5(request.authorization.password.encode()).hexdigest()
data = User.query.filter_by(username=name, password=passw).first()
if data is not None and data.active and not data.deleted and data.username != 'Admin':
data.active = False
data.deleted = True
new_action = Registry(username=request.authorization.username, action='account_deleted')
db.session.add(new_action)
db.session.commit()
return jsonify(result=name + ' deleted')
else:
return jsonify(result='No user registered/active with that user/password'), 400
except Exception as e:
return jsonify(result=('Delete account failed: ' + str(e))), 400
def validate_user_manually(data):
logger.info(str(request))
try:
admin_auth(validate_user)
user = data
action = "create"
email = User.query.filter_by(username=user).first().email
data = User.query.filter_by(username=user).first()
data.active = True
data.deleted = False
new_action = Registry(username=data.username, action='Activated')
db.session.add(new_action)
db.session.commit()
notify_user(email, action)
return jsonify(result='Changes applied')
except Exception as e:
return jsonify(result=('Validation process interrupted: ' + str(e))), 400
