def user_statistics_by_username_get(username) -> Response: """ Get exercise statistics for a user. :param username: Username that uniquely identifies a user. :return: A response object for the GET API request. """ user: User = UserDao.get_user_by_username(username=username) # If the user cant be found, try searching the email column in the database if user is None: email = username user: User = UserDao.get_user_by_email(email=email) # If the user still can't be found, return with an error code if user is None: response = jsonify({ 'self': f'/v2/users/statistics/{username}', 'stats': None, 'error': 'there is no user with this username' }) response.status_code = 400 return response response = jsonify({ 'self': f'/v2/users/statistics/{username}', 'stats': compile_user_statistics(user, username) }) response.status_code = 200 return response
def POST(self): postData = web.input() username = postData["username"] password = postData["password"] log = login(username, password) loginResult = log.main() # 调后台接口 # 返回值为bool型变量判断是否绑定成功 #flag = False render = web.template.render( configfile.getConfig("web", "Templates_Path")) if (loginResult == None): errMsg = "用户名和密码可能错误" return render.error(errMsg) else: binding = UserDao() flag = binding.insertOrUpdateUser(postData) if flag: return render.success() else: errMsg = "用户已绑定" return render.error(errMsg)
def user_lookup_by_username_get(username: str) -> Response: """ Check if a user exists based on its username or email. :param username: Username that uniquely identifies a user. :return: A response object for the GET API request. """ existing_user: User = UserDao.get_user_by_username(username=username) # If the user cant be found, try searching the email column in the database if existing_user is None: email = username existing_user: User = UserDao.get_user_by_email(email=email) # If the user still can't be found, return with an error code if existing_user is None: response = jsonify({ 'self': f'/v2/users/lookup/{username}', 'exists': False, 'error': 'There is no user with this username or email.' }) response.status_code = 400 return response else: response = jsonify({ 'self': f'/v2/users/lookup/{username}', 'exists': True }) response.status_code = 200 return response
def jiebang(self): fromUser = self.xml.find("FromUserName").text user = UserDao() flag = user.deleteUser(fromUser) if (flag == True): resultStr = '解绑成功' else: resultStr = '解绑失败,您未绑定' return resultStr
def GET(self): getData = web.input() render = web.template.render( configfile.getConfig("web", "Templates_Path")) name = getData['openid'] user = UserDao() flag = user.selectUserFlag(name) if (flag == 3): errMsg = '您已绑定' return render.error(errMsg) return render.bangding(name)
def bangding(self): fromUser = self.xml.find("FromUserName").text user = UserDao() flag=user.selectUserFlag(fromUser) if(flag!=3): data = "<a href='http://xiwai.chdbwtx.cn/binding?openid=%s'>绑定</a>"%fromUser else: userInfo=user.selectUserInfoByOpenid(fromUser) username=userInfo[0] password=userInfo[1] data='您已绑定,您的绑定信息为\n用户名:{username}\n密 码:{password}'.format(username=username,password=password) return data
def checkUserName(request): print("asdfasdf") dictObj = json.loads(request.body.decode('utf-8')) userName = dictObj['userName'] userDao = UserDao() result = userDao.findUserByUserName([userName]) rDict = {} if result: rDict['result'] = 1 else: rDict['result'] = 0 return HttpResponse(json.dumps(rDict), content_type='application/json') pass
def user_by_username_get(username) -> Response: """ Retrieve a user based on its username. :param username: Username that uniquely identifies a user. :return: A response object for the GET API request. """ user: User = UserDao.get_user_by_username(username=username) # If the user cant be found, try searching the email column in the database if user is None: email = username user: User = UserDao.get_user_by_email(email=email) # If the user still can't be found, return with an error code if user is None: response = jsonify({ 'self': f'/v2/users/{username}', 'user': None, 'error': 'there is no user with this username' }) response.status_code = 400 return response else: user_dict: dict = UserData(user).__dict__ if user_dict.get('member_since') is not None: user_dict['member_since'] = str(user_dict['member_since']) if user_dict.get('last_signin') is not None: user_dict['last_signin'] = str(user_dict['last_signin']) if user_dict.get('profilepic') is not None: try: user_dict['profilepic'] = user_dict['profilepic'].decode( 'utf-8') except AttributeError: pass response = jsonify({ 'self': f'/v2/users/{username}', 'user': user_dict }) response.status_code = 200 return response
def userlogin(request): userName = request.POST.get('userName', '') userPwd = request.POST.get('userPwd', '') remeberme = request.POST.get('remeberme', '') #密码加密处理 userPwd = hashlib.md5(userPwd.encode(encoding='utf-8')).hexdigest() userDao = UserDao() result = userDao.loginParams([userName, userPwd]) userDao.close() if result and result[0]['role'] == 2: user = {} user['userName'] = userName user['userId'] = result[0]['userid'] user['userPic'] = result[0]['userpic'] user['Role'] = result[0]['role'] request.session['user'] = user return render(request, 'user/index.html') else: return redirect('/ulogin/') pass
def __updateScore(self, flag): user = UserDao() userInfo = user.selectUserInfoByOpenid(self.openidStr) username = userInfo[0] password = userInfo[1] user = Score(username, password) scoreStr = user.parseScorePage() if (scoreStr != None): if (flag == 0): return self.__insertScore(scoreStr) else: scoreInfo = self.session.query(Scores).filter_by( openid=self.openidStr).first() scoreInfo.score = scoreStr scoreInfo.updateTime = datetime.datetime.now().date() self.session.commit() logger.info("用户" + self.openidStr + "成绩更新成功") return True else: logger.error("用户" + self.openidStr + "成绩查询失败") return False
def GET(self): render = web.template.render( configfile.getConfig("web", "Templates_Path")) getData = web.input() openid = getData['openid'] user = UserDao() flag = user.selectUserFlag(openid) if (flag != 3): errMsg = '您未绑定' return render.error(errMsg) score = ScoreDao(openid) scoreStr = score.selectScore() # 调取后台接口,获取成绩的数据 if (scoreStr == 2): errMsg = '网络繁忙,稍后再试' return render.error(errMsg) else: data = json.loads(scoreStr) # data = [ # { # 'name':'数学', # 'zuizhong':'89', # 'xuefen':'2.1', # 'jidian':'254' # }, # { # 'name':'数学', # 'zuizhong':'89', # 'xuefen':'2.1', # 'jidian':'254' # } # ] return render.detail(data)
def chengji(self): fromUser = self.xml.find("FromUserName").text user = UserDao() flag = user.selectUserFlag(fromUser) if (flag != 3): data = '您未绑定' return data score = ScoreDao(fromUser) scoreStr = score.selectScore() # 调取后台接口,获取成绩的数据 if (scoreStr == 2): data = '网络繁忙,稍后再试' return data else: data = '' jidian = 0.0 datascore = json.loads(scoreStr) for score in datascore: jidian += float(score['jidian']) data += score['name']+":\n"+\ "成绩:"+score['zuizhong']+"\n\n" data += "平均绩点:" + str(round(jidian / len(datascore), 1)) + "\n" data += "<a href='http://xiwai.chdbwtx.cn/Score?openid=%s'>详细成绩</a>" % fromUser return data
def user_update_last_login_by_username_put(username) -> Response: """ Change the last login date of a user with a given username. :param username: Username that uniquely identifies a user. :return: A response object for the PUT API request. """ jwt_claims: dict = get_claims(request) jwt_username = jwt_claims.get('sub') if username == jwt_username: current_app.logger.info(f'User {jwt_username} logged in.') else: current_app.logger.info( f'User {jwt_username} is not authorized to update the last login date of user {username}.' ) response = jsonify({ 'self': f'/v2/users/{username}/update_last_login', 'last_login_updated': False, 'error': f'User {jwt_username} is not authorized to update the last login date of user {username}.' }) response.status_code = 400 return response last_login_updated: bool = UserDao.update_user_last_login(username) if last_login_updated: response = jsonify({ 'self': f'/v2/users/{username}/update_last_login', 'last_login_updated': True }) response.status_code = 200 return response else: response = jsonify({ 'self': f'/v2/users/{username}/update_last_login', 'last_login_updated': False, 'error': 'an unexpected error occurred updating the users last login date' }) response.status_code = 500 return response
def users_get() -> Response: """ Retrieve all the users in the database. :return: A response object for the GET API request. """ all_users: list = UserDao.get_users() if all_users is None: response = jsonify({ 'self': '/v2/users', 'users': None, 'error': 'an unexpected error occurred retrieving users' }) response.status_code = 500 return response else: user_dicts = [] for user in all_users: user_dict = UserData(user).__dict__ user_dict['this_user'] = f'/v2/users/{user_dict["username"]}' if user_dict.get('member_since') is not None: user_dict['member_since'] = str(user_dict['member_since']) if user_dict.get('last_signin') is not None: user_dict['last_signin'] = str(user_dict['last_signin']) if user_dict.get('profilepic') is not None: try: user_dict['profilepic'] = user_dict['profilepic'].decode( 'utf-8') except AttributeError: pass user_dicts.append(user_dict) response = jsonify({'self': '/v2/users', 'users': user_dicts}) response.status_code = 200 return response
def user_by_username_delete(username) -> Response: """ Hard delete an existing user with a given username. :param username: Username that uniquely identifies a user. :return: A response object for the DELETE API request. """ is_deleted = UserDao.delete_user(username=username) if is_deleted: response = jsonify({ 'self': f'/v2/users/{username}', 'deleted': True, }) response.status_code = 204 return response else: response = jsonify({ 'self': f'/v2/users/{username}', 'deleted': False, 'error': 'failed to delete the user' }) response.status_code = 500 return response
def reNewUser(request): #普通的表单项 userName = request.POST.get('userName', '') userPwd = request.POST.get('userPwd', '') userPhone = request.POST.get('userPhone', '') userIntro = request.POST.get('userIntro', '') userPicPath = "" #保存路径 print(userName) print(userPwd) print(userPhone) print(userIntro) #加密密码 userPwd = hashlib.md5(userPwd.encode(encoding='utf-8')).hexdigest() #文件上传 if request.POST: fileObj = request.FILES.get('userPic', None) if fileObj: print("pic成功") userPicPath = '/static/upload/' + fileObj.name print(userPicPath) filePath = os.path.join(os.getcwd(), 'static/upload/' + fileObj.name) with open(filePath, 'wb+') as fp: for chunk in fileObj.chunks(): fp.write(chunk) userDao = UserDao() result = userDao.createUser( [userName, userPwd, userPhone, userPicPath, userIntro]) userDao.commit() userDao.close() #如果写入成功 跳转到登陆页 if result == 1: return render(request, 'admin/login.html', {'success': 1}) pass else: return render(request, 'newuser.html', {'success': 0})
def user_by_username_soft_delete(username) -> Response: """ Soft delete an existing user with a given username. :param username: Username that uniquely identifies a user. :return: A response object for the DELETE API request. """ jwt_claims: dict = get_claims(request) jwt_username = jwt_claims.get('sub') if username == jwt_username: current_app.logger.info( f'User {jwt_username} is soft deleting their user.') else: current_app.logger.info( f'User {jwt_username} is not authorized to soft delete user {username}.' ) response = jsonify({ 'self': f'/v2/users/soft/{username}', 'deleted': False, 'error': f'User {jwt_username} is not authorized to soft delete user {username}.' }) response.status_code = 400 return response existing_user: User = UserDao.get_user_by_username(username=username) if existing_user is None: response = jsonify({ 'self': f'/v2/users/soft/{username}', 'deleted': False, 'error': 'there is no existing user with this username' }) response.status_code = 400 return response # Update the user model to reflect the soft delete existing_user.deleted = True existing_user.deleted_date = datetime.now() existing_user.deleted_app = 'saints-xctf-api' existing_user.modified_date = datetime.now() existing_user.modified_app = 'saints-xctf-api' is_deleted: bool = UserDao.soft_delete_user(existing_user) if is_deleted: response = jsonify({ 'self': f'/v2/users/soft/{username}', 'deleted': True, }) response.status_code = 204 return response else: response = jsonify({ 'self': f'/v2/users/soft/{username}', 'deleted': False, 'error': 'failed to soft delete the user' }) response.status_code = 500 return response
def user_by_username_put(username) -> Response: """ Update an existing user with a given username. :param username: Username that uniquely identifies a user. :return: A response object for the PUT API request. """ old_user: User = UserDao.get_user_by_username(username=username) if old_user is None: response = jsonify({ 'self': f'/v2/users/{username}', 'updated': False, 'user': None, 'error': 'there is no existing user with this username' }) response.status_code = 400 return response jwt_claims: dict = get_claims(request) jwt_username = jwt_claims.get('sub') if username == jwt_username: current_app.logger.info( f'User {jwt_username} is updating their user details.') else: current_app.logger.info( f'User {jwt_username} is not authorized to update user {username}.' ) response = jsonify({ 'self': f'/v2/users/{username}', 'updated': False, 'user': None, 'error': f'User {jwt_username} is not authorized to update user {username}.' }) response.status_code = 400 return response user_data: dict = request.get_json() new_user = User(user_data) if new_user != old_user: is_updated = UserDao.update_user(username, new_user) if is_updated: updated_user = UserDao.get_user_by_username(username) updated_user_dict: dict = UserData(updated_user).__dict__ if updated_user_dict.get('profilepic') is not None: try: updated_user_dict['profilepic'] = updated_user_dict[ 'profilepic'].decode('utf-8') except AttributeError: pass response = jsonify({ 'self': f'/v2/users/{username}', 'updated': True, 'user': updated_user_dict }) response.status_code = 200 return response else: response = jsonify({ 'self': f'/v2/users/{username}', 'updated': False, 'user': None, 'error': 'the user failed to update' }) response.status_code = 500 return response else: response = jsonify({ 'self': f'/v2/users/{username}', 'updated': False, 'user': None, 'error': 'the user submitted is equal to the existing user with the same username' }) response.status_code = 400 return response
def user_post() -> Response: """ Create a new user. :return: A response object for the POST API request. """ user_data: dict = request.get_json() def create_validation_error_response(message: str): """ Reusable 400 HTTP error response for the users POST request. :param message: Message sent in the response JSON's 'error' field. :return: An HTTP response object. """ error_response = jsonify({ 'self': f'/v2/users', 'added': False, 'user': None, 'error': message }) error_response.status_code = 400 return error_response if user_data is None: return create_validation_error_response( "The request body isn't populated.") user_to_add = User(user_data) if None in [ user_to_add.username, user_to_add.first, user_to_add.last, user_to_add.password, user_to_add.activation_code, user_to_add.email ]: return create_validation_error_response( "'username', 'first', 'last', 'email', 'password', and 'activation_code' are required fields" ) if len(user_to_add.password) < 6: return create_validation_error_response( "Password must contain at least 6 characters.") username_pattern = re.compile('^[a-zA-Z0-9]+$') if not username_pattern.match(user_to_add.username): return create_validation_error_response( "Username can only contain Roman characters and numbers.") email_pattern = re.compile( '^(([a-zA-Z0-9_.-])+@([a-zA-Z0-9_.-])+\\.([a-zA-Z])+([a-zA-Z])+)?$') if not email_pattern.match(user_to_add.email): return create_validation_error_response( "The email address is invalid.") # Passwords must be hashed before stored in the database password = user_to_add.password hashed_password = flask_bcrypt.generate_password_hash(password).decode( 'utf-8') user_to_add.password = hashed_password activation_code_count = CodeDao.get_code_count( activation_code=user_to_add.activation_code) if activation_code_count == 1: now = datetime.now() user_to_add.member_since = now.date() user_to_add.created_date = now user_to_add.last_signin = now user_to_add.created_app = 'saints-xctf-api' user_to_add.created_user = None user_to_add.modified_date = None user_to_add.modified_app = None user_to_add.modified_user = None user_to_add.deleted_date = None user_to_add.deleted_app = None user_to_add.deleted_user = None user_to_add.deleted = False # First, add the user since its activation code is valid. UserDao.add_user(user_to_add) # Second, set the initial team and group for the user. code: Code = ActivationCodeDao.get_activation_code( user_to_add.activation_code) initial_group_id = int(code.group_id) initial_group: Group = GroupDao.get_group_by_id(initial_group_id) initial_team: Team = TeamDao.get_team_by_group_id(initial_group_id) TeamMemberDao.set_initial_membership( username=user_to_add.username, team_name=initial_team.name, group_id=initial_group_id, group_name=initial_group.group_name) # Third, remove the activation code so it cant be used again. CodeDao.remove_code(code) added_user = UserDao.get_user_by_username(user_to_add.username) if added_user is None: response = jsonify({ 'self': '/v2/users', 'added': False, 'user': None, 'error': 'An unexpected error occurred creating the user.' }) response.status_code = 500 return response else: response = jsonify({ 'self': '/v2/users', 'added': True, 'user': UserData(added_user).__dict__, 'new_user': f'/v2/users/{added_user.username}' }) response.status_code = 201 return response else: current_app.logger.error( 'Failed to create new User: The Activation Code does not exist.') response = jsonify({ 'self': '/v2/users', 'added': False, 'user': None, 'error': 'The activation code is invalid or expired.' }) response.status_code = 400 return response
def getUserList(request): userDao = UserDao() # 获取查询条件 userName = request.POST.get('userName', '') userPhone = request.POST.get('userPhone', '') userState = request.POST.get('userState', '') pageSize = request.POST.get('pageSize', '0') currentPage = request.POST.get('currentPage', '0') userId = request.POST.get('userId', '') print(userId) opr = request.POST.get('opr', '') if pageSize == "0" or pageSize == "": pageSize = "3" if currentPage == "0" or currentPage == "": currentPage = "1" print(type(pageSize)) params = { 'userName': userName, 'userPhone': userPhone, 'userState': userState, 'pageSize': int(pageSize), 'currentPage': int(currentPage) } if opr == 'delUser': result = userDao.removeUser(userId) params['result'] = result #查询用户的个人信息 if opr == 'update': uUser = userDao.findUserByUserId([userId]) return render(request, 'admin/sysmgr/updateuser.html', { 'params': params, 'uUser': uUser }) pass #提交用户的个人信息 if opr == 'submitUpdate': print("修改") print(userId) userIntro = request.POST.get('userIntro', '') # 文件上传 userPicPath = "" if request.POST: fileObj = request.FILES.get('userPic', None) if fileObj: userPicPath = '/static/upload/' + fileObj.name filePath = os.path.join(os.getcwd(), 'static/upload/' + fileObj.name) with open(filePath, 'wb+') as fp: for chunk in fileObj.chunks(): fp.write(chunk) result = userDao.updateUser( [userPhone, userPicPath, userIntro, userId]) pass counts = userDao.findUserCounts(params) totalePage = counts // int(pageSize) if counts % int( pageSize) == 0 else counts // int(pageSize) + 1 params['counts'] = counts params['totalPage'] = totalePage #计算两个值 startRow startRow = (int(currentPage) - 1) * int(pageSize) params['startRow'] = startRow userList = userDao.findPageUserList(params) userDao.commit() userDao.close() return render(request, 'admin/sysmgr/userinfo.html', { 'userList': userList, 'params': params })
def user_snapshot_by_username_get(username) -> Response: """ Get a snapshot with information about a user with a given username. :param username: Username that uniquely identifies a user. :return: A response object for the GET API request. """ user: User = UserDao.get_user_by_username(username=username) # If the user cant be found, try searching the email column in the database if user is None: email = username user: User = UserDao.get_user_by_email(email=email) # If the user still can't be found, return with an error code if user is None: response = jsonify({ 'self': f'/v2/users/snapshot/{username}', 'user': None, 'error': 'there is no user with this username' }) response.status_code = 400 return response else: user_dict: dict = UserData(user).__dict__ if user_dict.get('member_since') is not None: user_dict['member_since'] = str(user_dict['member_since']) if user_dict.get('last_signin') is not None: user_dict['last_signin'] = str(user_dict['last_signin']) if user_dict.get('profilepic') is not None: try: user_dict['profilepic'] = user_dict['profilepic'].decode( 'utf-8') except AttributeError: pass username = user_dict['username'] groups: ResultProxy = GroupMemberDao.get_user_groups(username=username) group_list = [] for group in groups: group_dict = { 'id': group['id'], 'group_name': group['group_name'], 'group_title': group['group_title'], 'status': group['status'], 'user': group['user'] } newest_log: Column = GroupDao.get_newest_log_date( group['group_name']) group_dict['newest_log'] = newest_log['newest'] newest_message = GroupDao.get_newest_message_date( group['group_name']) group_dict['newest_message'] = newest_message['newest'] group_list.append(group_dict) user_dict['groups'] = group_list forgot_password_codes: ResultProxy = ForgotPasswordDao.get_forgot_password_codes( username=username) forgot_password_list = [] for forgot_password_code in forgot_password_codes: forgot_password_list.append({ 'forgot_code': forgot_password_code['forgot_code'], 'username': forgot_password_code['username'], 'expires': forgot_password_code['expires'], 'deleted': forgot_password_code['deleted'], }) user_dict['forgotpassword'] = forgot_password_list flairs: List[Flair] = FlairDao.get_flair_by_username(username=username) flair_dicts = [] for flair in flairs: flair_dicts.append(FlairData(flair).__dict__) user_dict['flair'] = flair_dicts notifications: ResultProxy = NotificationDao.get_notification_by_username( username=username) notification_dicts = [] for notification in notifications: notification_dicts.append({ 'notification_id': notification['notification_id'], 'username': notification['username'], 'time': notification['time'], 'link': notification['link'], 'viewed': notification['viewed'], 'description': notification['description'] }) user_dict['notifications'] = notification_dicts stats = compile_user_statistics(user, username) user_dict['statistics'] = stats response = jsonify({ 'self': f'/v2/users/snapshot/{username}', 'user': user_dict }) response.status_code = 200 return response
def forgot_password_post(username) -> Response: """ Create a new forgot password code for a specific user. :param username: Uniquely identifies a user. :return: JSON with the resulting Forgot Password object and relevant metadata. """ user: User = UserDao.get_user_by_username(username=username) # If the user cant be found, try searching the email column in the database if user is None: email = username user: User = UserDao.get_user_by_email(email=email) if user is None: response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'created': False, 'error': 'There is no user associated with this username/email.' }) response.status_code = 400 return response code = generate_code(length=8) expires = datetime.now() + timedelta(hours=2) new_forgot_password = ForgotPassword({ 'forgot_code': code, 'username': user.username, 'expires': expires }) new_forgot_password.created_date = datetime.now() new_forgot_password.created_app = 'saints-xctf-api' new_forgot_password.created_user = None new_forgot_password.modified_date = None new_forgot_password.modified_app = None new_forgot_password.modified_user = None new_forgot_password.deleted_date = None new_forgot_password.deleted_app = None new_forgot_password.deleted_user = None new_forgot_password.deleted = False forgot_password_inserted = ForgotPasswordDao.add_forgot_password_code( new_forgot_password) if forgot_password_inserted: new_forgot_password = ForgotPasswordDao.get_forgot_password_code(code) async def send_forgot_password_email(): async with aiohttp.ClientSession() as session: async with session.post( url= f"{current_app.config['FUNCTION_URL']}/email/forgot-password", json={ 'to': user.email, 'code': new_forgot_password.forgot_code, 'username': user.username, 'firstName': user.first, 'lastName': user.last }) as response: response_body = await response.json() if not response_body.get('result'): current_app.logger.error( 'Failed to send the activation code to the user') abort(424) asyncio.run(send_forgot_password_email()) response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'created': True }) response.status_code = 201 return response else: response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'created': False, 'error': 'An unexpected error occurred while creating the new forgot password code.' }) response.status_code = 500 return response
def forgot_password_get(username) -> Response: """ Retrieve an existing forgot password code for a specific user. :param username: Uniquely identifies a user. :return: JSON with the resulting Forgot Password object and relevant metadata. """ user: User = UserDao.get_user_by_username(username=username) # If the user cant be found, try searching the email column in the database if user is None: email = username user: User = UserDao.get_user_by_email(email=email) if user is None: response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'forgot_password_codes': [], 'error': 'There is no user associated with this username/email.' }) response.status_code = 400 return response jwt_claims: dict = get_claims(request) jwt_username = jwt_claims.get('sub') if user.username == jwt_username: current_app.logger.info( f'User {jwt_username} is accessing their forgot password codes.') else: current_app.logger.info( f'User {jwt_username} is not authorized to access forgot password codes for user {user.username}.' ) response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'created': False, 'error': f'User {jwt_username} is not authorized to access forgot password codes for user {user.username}.' }) response.status_code = 400 return response forgot_password_codes: ResultProxy = ForgotPasswordDao.get_forgot_password_codes( username=user.username) if forgot_password_codes is None: response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'forgot_password_codes': [], 'error': 'This user has no forgot password codes.' }) response.status_code = 400 return response else: forgot_password_list = [] for code in forgot_password_codes: fpw = ForgotPasswordData(None) fpw.forgot_code = code[0] fpw.username = code[1] fpw.expires = code[2] fpw.deleted = code[3] forgot_password_list.append(fpw.__dict__) response = jsonify({ 'self': f'/v2/forgot_password/{username}', 'forgot_password_codes': forgot_password_list, }) response.status_code = 200 return response
def user_change_password_by_username_put(username) -> Response: """ Change the password of a user with a given username. :param username: Username that uniquely identifies a user. :return: A response object for the GET API request. """ # Request should use the following pattern: {"forgot_password_code": "...", "new_password": "******"} request_dict: dict = request.get_json() forgot_password_code: str = request_dict.get('forgot_password_code') new_password: str = request_dict.get('new_password') if forgot_password_code is None or new_password is None: response = jsonify({ 'self': f'/v2/users/{username}/change_password', 'password_updated': False, 'forgot_password_code_deleted': False, 'error': "'forgot_password_code' and 'new_password' are required fields." }) response.status_code = 500 return response forgot_password_code_info: ForgotPassword = ForgotPasswordDao.get_forgot_password_code( forgot_password_code) if not forgot_password_code_info: response = jsonify({ 'self': f'/v2/users/{username}/change_password', 'password_updated': False, 'forgot_password_code_deleted': False, 'error': "This forgot password code is invalid." }) response.status_code = 500 return response if forgot_password_code_info.username != username: response = jsonify({ 'self': f'/v2/users/{username}/change_password', 'password_updated': False, 'forgot_password_code_deleted': False, 'error': "This forgot password code does not belong to the specified user." }) response.status_code = 500 return response hashed_password = flask_bcrypt.generate_password_hash(new_password).decode( 'utf-8') password_updated: bool = UserDao.update_user_password( username, hashed_password) if password_updated: code_deleted: bool = ForgotPasswordDao.delete_forgot_password_code( code=forgot_password_code) response = jsonify({ 'self': f'/v2/users/{username}/change_password', 'password_updated': True, 'forgot_password_code_deleted': code_deleted }) response.status_code = 200 return response else: response = jsonify({ 'self': f'/v2/users/{username}/change_password', 'password_updated': False, 'forgot_password_code_deleted': False, 'error': 'an unexpected error occurred changing passwords' }) response.status_code = 500 return response