def api_deactivate_account(): """ De-activate an user. @TODO: should change expiration date too? :rtype: Response :return the success or failed in json format """ user_id = utils.get_safe_int(request.form.get("user_id")) user = UserEntity.get_by_id(user_id) user = UserEntity.update(user, active=False) LogEntity.account_modified(session["uuid"], "User deactivated: {}".format(user)) return utils.jsonify_success({"message": "User deactivated."})
def api_extend_account(): """ Change the `User.usrAccessExpiresAt` to today's date + 180 days :rtype: Response :return the success or failed in json format """ user_id = request.form.get("user_id") today_plus_180 = utils.get_expiration_date(180) user = UserEntity.get_by_id(user_id) user = UserEntity.update(user, access_expires_at=today_plus_180) # @TODO: add dedicated log type LogEntity.account_modified(session["uuid"], "Updated expiration date to {}. {}".format(today_plus_180, user.email)) return utils.jsonify_success({"message": "Updated expiration date to {}".format(today_plus_180)})
def api_deactivate_account(): """ De-activate an user. @TODO: should change expiration date too? :rtype: Response :return the success or failed in json format """ user_id = utils.get_safe_int(request.form.get('user_id')) user = UserEntity.get_by_id(user_id) user = UserEntity.update(user, active=False) LogEntity.account_modified(session['uuid'], "User deactivated: {}".format(user)) return utils.jsonify_success({"message": "User deactivated."})
def api_expire_account(): """ Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time effectively blocking the user access. :rtype: Response :return the success or failed in json format """ user_id = utils.get_safe_int(request.form.get("user_id")) user = UserEntity.get_by_id(user_id) today = datetime.today() today_start = datetime(today.year, today.month, today.day) user = UserEntity.update(user, access_expires_at=today_start) # @TODO: add dedicated log type LogEntity.account_modified(session["uuid"], "User access was expired. {}".format(user.email)) return utils.jsonify_success({"message": "User access was expired."})
def api_verify_email(): """ @TODO: add counter/log to track failed attempts :rtype: Response :return the success or failed in json format """ if "POST" == request.method: token = utils.clean_str(request.form.get("tok")) else: token = utils.clean_str(request.args.get("tok")) if not token: return utils.jsonify_error({"message": "No token specified."}) try: email = utils.get_email_from_token(token, app.config["SECRET_KEY"], app.config["SECRET_KEY"]) except Exception as exc: # @TODO: add dedicated log type app.logger.error("api_verify_email: {}".format(exc.message)) return utils.jsonify_error({"message": exc.message}) app.logger.debug("Decoded email from token: {}".format(email)) user = UserEntity.query.filter_by(email=email).first() if user is None: app.logger.error("Attempt to verify email with incorrect token: {}".format(token)) return utils.jsonify_error({"message": "Sorry."}) user = UserEntity.update(user, email_confirmed_at=datetime.today()) app.logger.debug("Verified token {} for user {}".format(token, user.email)) # @TODO: add dedicated log type LogEntity.account_modified(session["uuid"], "Verified token {} for user {}".format(token, user.email)) return utils.jsonify_success({"message": "Email was verified for {}.".format(email)})
def api_send_verification_email(): """ Send Verification Email to the `user_id` specified in the request :rtype: Response :return the success or failed in json format """ passed, errors = check_email_config() if not passed: app.logger.warn(" ".join(errors)) return utils.jsonify_error( {"message": "Unable to send email due to configuration errors."}) user_id = utils.get_safe_int(request.form.get('user_id')) user = UserEntity.get_by_id(user_id) try: emails.send_verification_email(user) return utils.jsonify_success( {"message": "Verification email was sent."}) except Exception as exc: details = "Connection config: {}/{}:{}".format( app.config['MAIL_USERNAME'], app.config['MAIL_SERVER'], app.config['MAIL_PORT']) app.logger.debug(details) return utils.jsonify_error( {"message": "Unable to send email due: {} {}".format(exc, details)})
def api_save_user(): """ Save a new user to the database """ email = request.form["email"] first = request.form["first"] last = request.form["last"] minitial = request.form["minitial"] roles = request.form.getlist("roles[]") email_exists = False try: existing_user = UserEntity.query.filter_by(email=email).one() email_exists = existing_user is not None except: pass if email_exists: return utils.jsonify_error({"message": "Sorry. This email is already taken."}) # @TODO: fix hardcoded values # salt, hashed_pass = generate_auth(app.config['SECRET_KEY'], password) added_date = datetime.today() access_end_date = utils.get_expiration_date(180) user = UserEntity.create( email=email, first=first, last=last, minitial=minitial, added_at=added_date, modified_at=added_date, access_expires_at=access_end_date, password_hash="", ) user_roles = [] try: for role_name in roles: role_entity = RoleEntity.query.filter_by(name=role_name).one() user_roles.append(role_entity) except Exception as exc: app.logger.debug("Problem saving user: {}".format(exc)) [user.roles.append(rol) for rol in user_roles] user = UserEntity.save(user) app.logger.debug("saved user: {}".format(user)) LogEntity.account_created(session["uuid"], user) return utils.jsonify_success({"user": user.serialize()})
def api_save_user(): """ Save a new user to the database """ email = request.form['email'] first = request.form['first'] last = request.form['last'] minitial = request.form['minitial'] roles = request.form.getlist('roles[]') email_exists = False try: existing_user = UserEntity.query.filter_by(email=email).one() email_exists = existing_user is not None except: pass if email_exists: return utils.jsonify_error( {'message': 'Sorry. This email is already taken.'}) # @TODO: fix hardcoded values # salt, hashed_pass = generate_auth(app.config['SECRET_KEY'], password) added_date = datetime.today() access_end_date = utils.get_expiration_date(180) user = UserEntity.create(email=email, first=first, last=last, minitial=minitial, added_at=added_date, modified_at=added_date, access_expires_at=access_end_date, password_hash="") user_roles = [] try: for role_name in roles: role_entity = RoleEntity.query.filter_by(name=role_name).one() user_roles.append(role_entity) except Exception as exc: app.logger.debug("Problem saving user: {}".format(exc)) [user.roles.append(rol) for rol in user_roles] user = UserEntity.save(user) app.logger.debug("saved user: {}".format(user)) LogEntity.account_created(session['uuid'], user) return utils.jsonify_success({'user': user.serialize()})
def api_extend_account(): """ Change the `User.usrAccessExpiresAt` to today's date + 180 days :rtype: Response :return the success or failed in json format """ user_id = request.form.get('user_id') today_plus_180 = utils.get_expiration_date(180) user = UserEntity.get_by_id(user_id) user = UserEntity.update(user, access_expires_at=today_plus_180) # @TODO: add dedicated log type LogEntity.account_modified(session['uuid'], "Updated expiration date to {}. {}".format( today_plus_180, user.email)) return utils.jsonify_success( {"message": "Updated expiration date to {}".format(today_plus_180)})
def api_expire_account(): """ Change the `User.usrAccessExpiresAt` to today's date and 00:00:00 time effectively blocking the user access. :rtype: Response :return the success or failed in json format """ user_id = utils.get_safe_int(request.form.get('user_id')) user = UserEntity.get_by_id(user_id) today = datetime.today() today_start = datetime(today.year, today.month, today.day) user = UserEntity.update(user, access_expires_at=today_start) # @TODO: add dedicated log type LogEntity.account_modified(session['uuid'], "User access was expired. {}".format(user.email)) return utils.jsonify_success({"message": "User access was expired."})
def create_sample_data(self): """ Add some data """ # == Create users added_date = datetime.today() access_end_date = utils.get_expiration_date(180) user = UserEntity.create(email="*****@*****.**", first="First", last="Last", minitial="M", added_at=added_date, modified_at=added_date, email_confirmed_at=added_date, access_expires_at=access_end_date) # == Create roles role_admin = RoleEntity.create(name=ROLE_ADMIN, description='role') role_tech = RoleEntity.create(name=ROLE_TECHNICIAN, description='role')
def api_send_verification_email(): """ @TODO: Send Verification Email to user_id :rtype: Response :return the success or failed in json format """ user_id = utils.get_safe_int(request.form.get("user_id")) user = UserEntity.get_by_id(user_id) try: emails.send_verification_email(user) return utils.jsonify_success({"message": "Verification email was sent."}) except Exception as exc: details = "Connection config: {}/{}:{}".format( app.config["MAIL_USERNAME"], app.config["MAIL_SERVER"], app.config["MAIL_PORT"] ) app.logger.debug(details) return utils.jsonify_error({"message": "Unable to send email due: {} {}".format(exc, details)})
def test_user(self): """ verify save and find operations """ added_date = datetime.today() access_end_date = utils.get_expiration_date(180) user = UserEntity.create(email="*****@*****.**", first="", last="", minitial="", added_at=added_date, modified_at=added_date, access_expires_at=access_end_date) self.assertEqual(1, user.id) self.assertEqual("*****@*****.**", user.email) with self.assertRaises(NoResultFound): UserEntity.query.filter_by(email="[email protected]").one() found = UserEntity.query.filter_by(email="*****@*****.**").one() self.assertIsNotNone(found) # two unbound objects ... role_admin = self.get_role(ROLE_ADMIN) role_tech = self.get_role(ROLE_TECHNICIAN) # save them to the database... db.session.add(role_admin) db.session.add(role_tech) db.session.commit() saved_role = RoleEntity.query.filter_by(name=ROLE_ADMIN).one() self.assertEqual(1, saved_role.id) # ...then use them user.roles.append(role_admin) user.roles.append(role_tech) user_roles = UserRoleEntity.query.all() self.assertEqual(2, len(user_roles)) user_role = UserRoleEntity.get_by_id(1) self.assertEqual(1, user_role.id) self.assertEqual(ROLE_ADMIN, user_role.role.name)
def api_verify_email(): """ @TODO: add counter/log to track failed attempts :rtype: Response :return the success or failed in json format """ if 'POST' == request.method: token = utils.clean_str(request.form.get('tok')) else: token = utils.clean_str(request.args.get('tok')) if not token: return utils.jsonify_error({'message': 'No token specified.'}) try: email = utils.get_email_from_token(token, app.config["SECRET_KEY"], app.config["SECRET_KEY"]) except Exception as exc: # @TODO: add dedicated log type app.logger.error("api_verify_email: {}".format(exc.message)) return utils.jsonify_error({'message': exc.message}) app.logger.debug("Decoded email from token: {}".format(email)) user = UserEntity.query.filter_by(email=email).first() if user is None: app.logger.error("Attempt to verify email with incorrect token: {}" .format(token)) return utils.jsonify_error({'message': 'Sorry.'}) user = UserEntity.update(user, email_confirmed_at=datetime.today()) app.logger.debug("Verified token {} for user {}".format(token, user.email)) # @TODO: add dedicated log type LogEntity.account_modified(session['uuid'], "Verified token {} for user {}".format( token, user.email)) return utils.jsonify_success( {"message": "Email was verified for {}.".format(email)})
def load_user(user_id): """Return the user from the database""" return UserEntity.get_by_id(user_id)