def extend_session(self, token): secret = get_secret() response = Response(None, 'Operation not built yet.', None, None) decoded = None try: decoded_jwt = jwt.decode(token, secret, algorithms=['HS256']) except Exception as ex: print(ex) response.message = 'Error extending session. Invalid token.' response.error = ex return response expiry = int(get_ttl()) session = self.repository.extend_session(decoded_jwt['id'], expiry) if 'error' in session: if session['error'].CODE == 13: response.message = 'Unauthorizeed. Session expired' response.authorized = False else: response.message = "Error trying to verify session." response.error = { 'message': repr(session['error']), 'stackTrace': traceback.format_exc() } return response if session == 'NOP': return response response.data = session response.message = 'Successfully extended session.' response.authorized = True return response
def get_user_from_session(username, token): valid_user = verify_user(username, None, True) if valid_user.error or 'Operation not' in valid_user.message: return valid_user response = Response() if not valid_user.data: response.message = 'Invalid user. Check username and password.' response.authorized = False return response key = 'customer_{}'.format(valid_user.data['custId']) customer_info = repository.get_object_by_key(key) if ('error' in customer_info and customer_info['error']) or ('result' in customer_info and not customer_info['result']): response.message = '' response.authorized = False response.error = customer_info['error'] return response response.data = { 'userInfo': { 'userId': valid_user.data['userId'], 'username': valid_user.data['username'], 'token': token }, 'customerInfo': customer_info['result'] } response.message = 'Successfully verified and extended session.' response.authorized = True return response
def extend_session(token): secret = get_secret() response = Response() #decoded = None try: decoded_jwt = jwt.decode(token, secret, algorithms=['HS256']) except Exception as ex: print(ex) response.message = 'Error extending session. Invalid token.' response.error = ex return response expiry = int(get_ttl()) session = repository.extend_session(decoded_jwt['id'], expiry) if 'error' in session and session['error']: if session['error']['message'] == 'Document not found.': response.message = 'Unauthorizeed. Session expired' response.authorized = False else: response.message = "Error trying to verify session." response.error = { 'message': repr(session['error']), 'stackTrace': traceback.format_exc() } return response if session == 'NOP': return response response.data = session['session'] response.message = 'Successfully extended session.' response.authorized = True return response
def verify_user(self, username, pw, jwt=None): result = self.repository.get_user_info(username) response = Response(None, 'Operation not built yet.', None, None) if 'error' in result: response.error = result['error'] response.message = 'Could not find user.' return response if result == 'NOP': return response #no password when using JWT, if user is found, consider valid if jwt: response.data = result['user_info'] response.message = 'JWT - no password verification needed.' return response if bcrypt.checkpw(pw, str.encode(result['user_info']['password'])): response.data = result['user_info'] response.message = 'Password verified.' return response
def search_products(product, fuzziness): response = Response() result = repository.search_products(product, fuzziness) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error searching for products.' else: if result == 'NOP': return response response.data = result['products'] response.message = 'Successfully searched for products.' return response
def save_order(order): response = Response() result = repository.save_order(order) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error saving order.' return response if result == 'NOP': return response response.data = result['order'] response.message = 'Successfully saved order.' return response
def delete_order(order_id): response = Response() result = repository.delete_order(order_id) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error retrieving order.' return response if result == 'NOP': return response response.data = result['success'] response.message = 'Successfully deleted order.' return response
def get_new_order(id): response = Response() result = repository.get_new_order(id) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error retrieving customer new/pending order.' return response if result == 'NOP': return response response.data = result['order'] response.message = 'Successfully retrieved customer new/pending order.' return response
def register(self, req): req['password'] = bcrypt.hashpw(str.encode(req['password']), bcrypt.gensalt()).decode() response = Response(None, 'Operation not built yet.', None, None) result = self.repository.create_account(req) if 'error' in result: response.error = result['error'] response.message = 'Error registering customer/user.' else: if result == 'NOP': return response response.data = result['acct'] response.message = 'Successfully registered customer/user.' return response
def update_order(order): response = Response() result = repository.replace_order(order) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error updating order.' return response if result == 'NOP': return response response.data = result['success'] response.message = 'Successfully updated order.' return response
def register(req): req['password'] = bcrypt.hashpw(str.encode(req['password']), bcrypt.gensalt()).decode() response = Response() result = repository.create_account(req) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error registering customer/user.' else: if result == 'NOP': return response response.data = result['acct'] response.message = 'Successfully registered customer/user.' return response
def get_customer(id): response = Response() customer_id = 'customer_{}'.format(id) result = repository.get_customer(customer_id) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error retrieving customer.' return response if result == 'NOP': return response response.data = result['customer'] response.message = 'Successfully retrieved customer.' return response
def create_session(username): response = Response() expiry = int(get_ttl()) session = repository.create_session(username, expiry) if 'error' in session and session['error']: response.message = 'Error creating session.' response.error = session['error'] return response if 'session_id' in session and session['session_id']: response.data = session['session_id'] response.message = 'Session created.' return response
def create_session(self, username): response = Response(None, 'Operation not built yet.', None, None) expiry = int(get_ttl()) session = self.repository.create_session(username, expiry) if 'error' in session: response.message = 'Error creating session.' response.error = session['error'] return response if 'sessionId' in session: response.data = session['sessionId'] response.message = 'Session created.' return response
def save_address(req): response = Response() result = repository.save_address(req['custId'], req['path'], req['address']) if 'error' in result and result['error']: response.error = result['error'] response.message = 'Error saving address.' return response if result == 'NOP': return response response.data = result['success'] response.message = 'Successfully saved address.' return response
def ping(): response = Response() try: ping_resp = repository.ping() if ping_resp['error']: response.message = 'Error trying to ping database.' response.error = ping_resp['error'] return jsonify(attr.asdict(response)), 500 if ping_resp == 'NOP': return jsonify(attr.asdict(response)), 200 response.data = ping_resp['result'] response.message = 'Successfully pinged database.' return jsonify(attr.asdict(response)), 200 except Exception as ex: response.message = 'Error attempting to ping database.' response.error = { 'message': repr(ex), 'stackTrace': traceback.format_exc() } return jsonify(attr.asdict(response)), 500
def login(self, req): valid_user_res = self.verify_user(req['username'], str.encode(req['pw'])) if valid_user_res.error or 'Operation not' in valid_user_res.message: return valid_user_res response = Response(None, 'Operation not built yet.', None, None) if not valid_user_res.data: response.message = 'Invalid user. Check username and password.' response.authorized = False return response key = 'customer_{0}'.format(valid_user_res.data['custId']) customer_info = self.repository.get_object_by_key(key) session_res = self.create_session(req['username']) if session_res.error: return session_res secret = get_secret() encoded_jwt = jwt.encode({'id': session_res.data}, secret, algorithm='HS256') response.data = { 'userInfo': { 'userId': valid_user_res.data['userId'], 'username': valid_user_res.data['username'], 'token': encoded_jwt.decode() }, 'customerInfo': customer_info } response.message = 'Successfully logged in (session created).' response.authorized = True return response
def get_user_from_session(self, jwt): valid_user_res = self.verify_user(jwt['sessionRes'].data['username'], None, True) if valid_user_res.error or 'Operation not' in valid_user_res.message: return valid_user_res response = Response(None, 'Operation not built yet.', None, None) if not valid_user_res.data: response.message = 'Invalid user. Check username and password.' response.authorized = False return response response.data = { 'userInfo': { 'userId': valid_user_res.data['userId'], 'username': valid_user_res.data['username'], 'token': jwt['token'] } } response.message = 'Successfully verified and extended session.' response.authorized = True return response