Esempio n. 1
0
def create_user():
    """Create a new user."""
    # get form info
    data = request.json or {}
    # check info
    error = []
    if 'username' not in data:
        error.append('username')
    if 'password' not in data:
        error.append('password')
    if 'email' not in data:
        error.append('email')
    if len(error) > 0:
        return jsonify({'message':
                        'Require {}.'.format(' and '.join(error))}), 400
    # check if user existed
    if User.filter_by(username=data['username'].strip()).first():
        return jsonify({'message': 'Username already exists.'}), 409
    # check if email existed
    if User.filter_by(email=data['email'].strip()).first():
        return jsonify({'message': 'Email has been registered.'}), 409
    # create User
    user = User(public_id=str(uuid.uuid1()),
                username=data['username'].strip(),
                email=data['email'].strip())
    # password hash
    user.set_password(data['password'].strip())
    # db commit
    user.save()

    return jsonify({'message': 'Created a new user.'}), 201
Esempio n. 2
0
def login():
    """Login."""
    # get form info
    data = request.json or {}
    # check info
    error = []
    if 'username' not in data:
        error.append('username')
    if 'password' not in data:
        error.append('password')
    if len(error) > 0:
        return jsonify({'message':
                        'Require {}.'.format(' and '.join(error))}), 400
    # find username
    user = User.filter_by(username=data['username'].strip()).first()
    if user is None:
        return jsonify({'message': 'User does not exist.'}), 404
    # verify password
    if user.check_password(data['password'].strip()):
        response = make_response(jsonify({'message': 'login successful.'}))
        # issue token
        response.set_cookie('jwt',
                            user.generate_jwt(),
                            httponly=True,
                            max_age=24 * 60**2,
                            samesite='Lax')
        return response, 200
    return jsonify({'message': 'Wrong username or password.'}), 401
Esempio n. 3
0
def delete_user(uuid):
    """Delete user

    :uuid: User's public id
    :returns: TODO

    """
    # get user
    user = User.filter_by(public_id=uuid).first()
    if not user:
        return jsonify({'message': 'User does not exist.'}), 404
    # delete user
    if 'administrator' in [group.name for group in user.groups]:
        return jsonify({'message': 'You cannot delete an admin user.'}), 403
    user.delete()
    return jsonify({'message': 'User has been deleted.'}), 200
Esempio n. 4
0
def view_user(uuid):
    """View user information

    :uuid: User's public id
    :returns: TODO

    """
    # find user with uuid
    user = User.filter_by(public_id=uuid).first()
    if not user:
        return jsonify({'message': 'User does not exist.'}), 404
    # return user information
    return jsonify({
        'uuid': user.public_id,
        'username': user.username,
        'email': user.email,
        'nickname': user.nickname,
        'groups': [group.name for group in user.groups],
        'created_on': user.created_on,
    }), 200