def updatePassword():
# Takes in a json of the form {email : '', password : ''}
# Validate that the user calling this has access
# Either that they are the same user or that they are an admin
if request.json is None:
abort(400)
for x in ['email', 'password']:
if x not in request.json:
abort(400)
emailSess = mailsane.normalize(session['email'])
if emailSess.error:
abort(400)
email = mailsane.normalize(request.json['email'])
if email.error:
abort(400)
if dbworker.validateAccess(dbworker.userTypeMap['admin']):
pass
else:
abort(401)
if dbworker.getUser(str(email)) is None:
abort(404)
dbworker.setPassword(str(email), request.json['password'])
return jsonify({'success': True})
def removeStudent():
"""
Takes in a JSON of the structure {'email', 'classId'}
Removes <email> from <classId> as a student
Returns {'success' : Boolean}
"""
if not dbworker.validateAccess(dbworker.userTypeMap['admin']):
abort(403)
if request.json is None or 'email' not in request.json or 'classId' not in request.json:
abort(400)
email = mailsane.normalize(request.json['email'])
if email.error:
abort(400)
convClassId = ObjectId(request.json['classId'])
try:
validate(instance=request.json, schema=SchemaFactory.move_user)
except exceptions.ValidationError:
abort(400)
us = dbworker.getUser(str(email))
cl = dbworker.getClass(convClassId)
if us is None or cl is None:
abort(404)
if us['userType'] not in [dbworker.userTypeMap['student']]:
abort(400)
return jsonify(
{'success': dbworker.removeStudent(convClassId, str(email))})
def createUser():
"""
Takes in a JSON of the structure
{
"email": "*****@*****.**",
"password": "******",
"userType": 1,
"firstName": "Test",
"lastName": "Admin",
"phoneNumber": "555-555-5555",
"birthday": "YYYY-MM-DD",
"parentEmail" : "",
"parentName" : ""
}
Returns {'success' : Boolean}
"""
if not dbworker.validateAccess(dbworker.userTypeMap['admin']):
abort(403)
if request.json is None:
abort(400)
for x in [
'email', 'password', 'userType', 'firstName', 'lastName',
'phoneNumber', 'birthday', 'parentEmail', 'parentName'
]:
if x not in request.json:
abort(400)
email = mailsane.normalize(request.json['email'])
if email.error:
abort(400)
# Verify no duplicate email here or in the dbworker method
# likely better to do it there
parentEmail = mailsane.normalize(request.json['parentEmail'])
if parentEmail.error:
abort(400)
try:
validate(instance=request.json, schema=SchemaFactory.create_user)
except exceptions.ValidationError:
abort(400)
if dbworker.getUser(str(email)) is not None:
abort(400)
dbworker.createUser(
str(email), str(parentEmail), request.json['firstName'],
request.json['lastName'], request.json['password'],
request.json['userType'], request.json['phoneNumber'],
datetime.datetime.strptime(request.json['birthday'],
'%Y-%m-%d'), request.json['parentName'])
return jsonify({'success': True})
def addSampleUser(username):
if not ENABLE_DEBUG_ROUTES:
abort(404)
email = mailsane.normalize(username + '@mcode.club')
if email.error:
abort(400)
if dbworker.getUser(str(username + '@mcode.club')) is not None:
abort(400)
dbworker.createUser(str(email), str(email), 'Sample', 'User',
'I love rock and roll', 1, '647-111-1111',
datetime.datetime.strptime('1970-01-01',
'%Y-%m-%d'), 'Parent Name')
return username
def getStudentReport(class_id, email):
"""
Return a report for a student for a specific class.
Expected json is {"email": [email protected], "classId":"5e5ab2f6e7179a5e7ee4e81b"}
"""
# try:
# validate(instance={"email":email, "classId":class_id}, schema=SchemaFactory.report_student)
# except exceptions.ValidationError:
# abort(400)
email = mailsane.normalize(email)
if email.error:
abort(400)
if not dbworker.validateAccessList(
[dbworker.userTypeMap['admin'], dbworker.userTypeMap['instructor']]):
abort(403)
# Must first convert classId string in to a ObjectId before executing query
convClassId = ObjectId(class_id)
# Verify: 'email' is an existing user in DB and 'convClassId' is the idea of an existing class
us = dbworker.getUser(str(email))
cl = dbworker.getClass(convClassId)
if us is None or cl is None:
abort(404)
if us['userType'] != dbworker.userTypeMap['student']:
abort(400)
filt = {"classId": convClassId, "studentEmail": str(email)}
proj = {'_id': 0}
report = dbworker.getStudentReport(filt=filt, proj=proj)
if report is None:
abort(400)
# Must convert ObjectId 'classId' into a string before responding
report['classId'] = str(report['classId'])
return jsonify({"report": report})
def checkEmail():
"""
Takes in a json of the form {'email' : email_address}
Returns a json of the form {'message' : error_message, 'valid' : Boolean}
'message' will refer to the specific reason an email address is invalid
"""
if request.json is None or 'email' not in request.json:
abort(400)
# Use the verification library to check that it is a valid email
address = mailsane.normalize(request.json['email'])
if address.error:
return jsonify({'message': str(address), 'valid': False})
if dbworker.getUser(str(address)) is None:
return jsonify({'message': 'Email address not found', 'valid': False})
return jsonify({'message': None, 'valid': True})
def getUser():
"""
Takes in a JSON of {'email'}
Returns {'result' : {user information, no id or password}, 'success' : True}
This method is not just usable by admins, but by instructors
"""
if dbworker.validateAccessList(
[dbworker.userTypeMap['admin'], dbworker.userTypeMap['instructor']]):
pass
else:
abort(403)
if request.json is None or 'email' not in request.json:
abort(400)
email = mailsane.normalize(request.json['email'])
if email.error:
abort(400)
u = dbworker.getUser(str(email))
if u is None:
abort(405)
u.pop('password')
u.pop('_id')
now = datetime.datetime.now()
bday = now
if 'birthday' in u:
bday = u['birthday']
delta = now - bday
age = int(delta.total_seconds() / (31536000))
u['age'] = age
return jsonify({'result': u, 'success': True})
def editUser():
"""
Takes in a json of the form
{'currentEmail' : email, 'newAttributes' : {...}}
It can change any attribute that is not the email
"""
sys.stderr.write(str(request.json) + '\n')
if not dbworker.validateAccess(dbworker.userTypeMap['admin']):
abort(403)
if request.json is None or 'currentEmail' not in request.json or 'newAttributes' not in request.json:
abort(400)
email = mailsane.normalize(request.json['currentEmail'])
if email.error:
abort(400)
if dbworker.getUser(str(email)) is None:
abort(404)
if request.json['newAttributes'] == {} or 'email' in request.json[
'newAttributes'] or '_id' in request.json['newAttributes']:
# No changes requested or an attempt was made to change the email or _id
abort(400)
# Validate that all the changes made are valid
# ie. ban changes to any invalid attributes
try:
validate(instance=request.json, schema=SchemaFactory.edit_user)
except exceptions.ValidationError:
abort(400)
if 'birthday' in request.json[
'newAttributes'] or 'password' in request.json['newAttributes']:
# Convert birthday from string to datetime object
# See https://stackoverflow.com/questions/969285/how-do-i-translate-an-iso-8601-datetime-string-into-a-python-datetime-object
correctedTime = None
try:
if 'birthday' in request.json['newAttributes']:
correctedTime = datetime.datetime.strptime(
request.json['newAttributes']['birthday'],
"%Y-%m-%dT%H:%M:%S.%fZ")
except:
abort(400)
correctedDict = {}
for x in request.json['newAttributes']:
if x == 'birthday':
correctedDict['birthday'] = correctedTime
elif x == 'password':
dbworker.setPassword(str(email),
request.json['newAttributes']['password'])
else:
correctedDict[x] = request.json['newAttributes'][x]
dbworker.editUser(str(email), correctedDict)
else:
dbworker.editUser(str(email), request.json['newAttributes'])
return jsonify({'success': True})