def send_email(username):
if request.method == 'POST':
mailaddr = apiDB.getEmail(username)
print(username)
print(mailaddr)
mailkey = URLSafeTimedSerializer(
'blowfish'
) #TODO move this to a secure position (encrypted perhaps)
token = mailkey.dumps(username, salt='email-confirm')
sendMail(
'Verification Code', mailaddr,
"<a href=http://127.0.0.1:3864/confirm_email/" + token +
">Follow this link for account activation</a>")
apiLog.logInfo("Sent email verification to {}".format(mailaddr))
return flask.jsonify(
json.dumps({
"Success": True,
"Status": 'Sent verification code'
})), 200
else:
apiLog.logError("Failed to send email verification")
return flask.jsonify(
json.dumps({
"Success": False,
"Status": 'Failed to send verification code'
})), 400
def OneTimeCode(passcode):
try:
mailkey = URLSafeTimedSerializer('onetimeblow') #TODO move this to a secure position (encrypted perhaps)
username = mailkey.loads(passcode, salt='oneblowfish',max_age=180)
print(username) #TODO a request that changes emailVerify boolean to true and compare username to database
#apiLog.logInfo("OTP verified for {}", username)
return flask.jsonify(json.dumps({"Success":True, "Status":'Passed OTP', "JWT":str(issueJWT(username).decode("UTF-8"))})),200
except Exception as e:
print(e)
apiLog.logError("Failed to verify OTP")
return flask.jsonify(json.dumps({"Success":False, "Status":e})),400
def processData():
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check the jwt (DONE)
if allowAccess(['Staff', 'Permission_Admin'], request) == True:
Data = apiDB.MenuUser()
apiLog.logInfo("{} accessed database".format(username))
#TODO record log
return flask.jsonify(Data), 200
elif allowAccess(['Client'], request) == True:
Data = {}
Data[username] = username
return flask.jsonify(Data), 200
else:
apiLog.logError("{} raised {}".format(username, response["Error"]))
return flask.jsonify(response), 400
def getData(patientusername):
#TODO check jwt check role
response = checkJWT(request.headers["JWT"])
if response["Success"] == False:
apiLog.logError(response["Error"])
return flask.jsonify(response), 400
username = response["username"]
role = apiDB.getrole(username)
if role == "Client" and patientusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return "unauthorized access", 400
User = apiDB.getUser(patientusername)
if User == False:
return "No Such user", 400
apiLog.logInfo("{} accessed {}'s data".format(username, patientusername))
return flask.jsonify(User), 200
def getData(patientusername):
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check jwt check role
if allowAccess(['Staff','Permission_Admin','Client'],request) == True:
if patientusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return flask.jsonify(json.dumps(response["Error"])),400
#response = checkJWT(request.headers["JWT"])
#if response["Success"] == False:
#apiLog.logError(response["Error"])
#return flask.jsonify(json.dumps(response)),400
#username = response["username"]
#role = apiDB.getrole(username)
#if role == "Client" and patientusername != username:
#apiLog.logWarn("{} unauthorized access".format(username))
#return flask.jsonify(json.dumps(response["Error"])),400
User = apiDB.getUser(patientusername)
print(User)
apiLog.logInfo("{} accessed {}'s data".format(username, patientusername))
return flask.jsonify(json.dumps(User)),200
else:
apiLog.logError(response["Error"])
return flask.jsonify(json.dumps(response)),400
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check the jwt (DONE)
if allowAccess(['Staff','Permission_Admin'],request) == True:
Data = apiDB.MenuUser()
apiLog.logInfo("{} accessed database".format(username))
#TODO record log
return flask.jsonify(json.dumps(Data)),200
else:
if allowAccess(['Client'],request) == True:
#TODO log
Data={}
Data[username] = username
return flask.jsonify(Data),200
else:
apiLog.logError("{} raised {}".format(username, response["Error"]))
return flask.jsonify(json.dumps(response)),400
@app.route("/data/<string:patientusername>", methods=["GET"])
def getData(patientusername):
response = checkJWT(request.headers["JWT"])
username = response["username"]
#TODO check jwt check role
if allowAccess(['Staff','Permission_Admin','Client'],request) == True:
if patientusername != username:
apiLog.logWarn("{} unauthorized access".format(username))
return flask.jsonify(json.dumps(response["Error"])),400
#response = checkJWT(request.headers["JWT"])
#if response["Success"] == False:
#apiLog.logError(response["Error"])
#return flask.jsonify(json.dumps(response)),400