def user_update_id(user_id, token_payload, **kwargs):
# Validate incoming json
if not (2 <= len(kwargs.keys()) <= len(user_replace_dict.keys())):
abort(400, 'Invalid arguments')
# Could not find user
req_user = User.query.get(UUID(int=user_id))
if req_user is None:
abort(400, 'User with id {} does not exist'.format(repr(user_id)))
# validate that the token came form the correct user
if not check_token_sub(token_payload, req_user):
abort(403, 'Token subject could not be verified')
new_username = kwargs.get('new_username')
if new_username is not None:
if new_username == '':
abort(400, 'Field new_username cannot be empty')
req_user.username = new_username
new_password = kwargs.get('new_password')
if new_password is not None:
if new_password == '':
abort(400, 'Field new_password cannot be empty')
req_user.set_password(new_password)
db.session.commit()
return jsonify(status='OK')
def user_read_id(user_id):
token = request.args.get('token')
if token is None:
# validate that user exists
req_user = User.query.get(UUID(int=user_id))
if req_user is None:
abort(400, 'User {} does not exist'.format(repr(user_id)))
# Unvalidated GET method. Exclude any sensitive data(if any)
return UserSchema().jsonify(req_user)
else:
token_payload = check_token(current_app.config.get('PUBLIC_KEY'),
token)
# validate that user exists
req_user = User.query.get(UUID(int=user_id))
if req_user is None:
abort(400, 'User {} does not exist'.format(repr(user_id)))
# validate that the token came form the correct user
if not check_token_sub(token_payload, req_user):
abort(403, 'Token subject could not be verified')
# Validated GET method should return both public and sensitive data
return UserSchema().jsonify(req_user)
def user_del_id(user_id, token_payload, **kwargs):
# Validate incoming json
if kwargs.keys() != user_delete_dict.keys():
abort(400, 'Invalid arguments')
# Could not find user
req_user = User.query.get(UUID(int=user_id))
if req_user is None:
abort(400, 'User with id {} does not exist'.format(repr(user_id)))
# validate that the token came form the correct user
if not check_token_sub(token_payload, req_user):
abort(403, 'Token subject could not be verified')
db.session.delete(req_user)
db.session.commit()
return jsonify(status='OK')
def user_replace_id(user_id, token_payload, **kwargs):
# Validate incoming json
if kwargs.keys() != user_replace_dict.keys():
abort(400, 'Invalid arguments')
new_username = kwargs.get('new_username')
new_password = kwargs.get('new_password')
# Check if json fields are not empty
if new_username == '':
abort(400, 'Field new_username cannot be empty')
if new_password == '':
abort(400, 'Field new_password cannot be empty')
# Could not find user
req_user = User.query.get(UUID(int=user_id))
if req_user is None:
abort(400, 'User {} does not exist'.format(repr(user_id)))
# validate that the token came form the correct user
if not check_token_sub(token_payload, req_user):
abort(403, 'Token subject could not be verified')
# Username has not changed
if req_user.username == new_username:
abort(
400, "Users username has not changed please user this endpoint "
"for replacing resource not updating it")
req_user.username = new_username
req_user.set_password(new_password)
db.session.commit()
return jsonify(status='OK')