def update(userid, user): update_user = User.query.filter(User.userid == userid).one_or_none() user_name = user.get("user_name") email = user.get("email") existing_user = (User.query.filter(User.user_name == user_name).filter( User.email == email).one_or_none()) if update_user is None: abort(404, "User not found for Id: {}".format(userid)) elif existing_user is not None and existing_user.id != userid: abort( 409, "User {user_name} at {email} already exists".format( user_name=user_name, email=email)) else: schema = UserSchema() update = schema.load(user, session=db.session) update.userid = update_user.userid db.session.merge(update) db.session.commit() data = schema.dump(update_user) return data, 200
def create(user): """ This function creates a new person in the people structure based on the passed in person data :param person: person to create in people structure :return: 201 on success, 406 on person exists """ name = User.get("name") existing_user = (User.query.filter(User.name == name).one_or_none()) # Can we insert this person? if existing_user is None: # Create a person instance using the schema and the passed in person schema = UserSchema() new_user = schema.load(user, session=db.session).data # Add the person to the database db.session.add(new_user) db.session.commit() # Serialize and return the newly created person in the response data = schema.dump(new_user).data return data, 201 # Otherwise, nope, person exists already else: abort(409, f"Person {name} exists already")
def update(user_id, user): """ This function updates an existing person in the people structure :param person_id: Id of the person to update in the people structure :param person: person to update :return: updated person structure """ # Get the person requested from the db into session update_user = User.query.filter(User.user_id == user_id).one_or_none() # Did we find an existing person? if update_user is not None: # turn the passed in person into a db object schema = UserSchema() update = schema.load(user, session=db.session).data # Set the id to the person we want to update update.user_id = update_user.user_id # merge the new object into the old and commit it to the db db.session.merge(update) db.session.commit() # return updated person in the response data = schema.dump(update_user).data return data, 200 # Otherwise, nope, didn't find that person else: abort(404, "User not found for Id: {user_id}".format(user_id=user_id))
def post(self): # register user endpoint data = validate_user(request.get_json()) if data['ok']: data = data['data'] # check if user exists user = User.query.filter_by(email=data['email']).first() if user: return { "message" : "Email has already been taken"}, 400 # get password data['password'] = flask_bcrypt.generate_password_hash(data['password']) # find the role of the user role = Role.query.filter_by(name=data['role']).first() del data['role'] # Add a new patient to db user_schema = UserSchema() new_user = user_schema.load(data, session=db.session) role.users.append(new_user) # add new user to their role db.session.add(role) # add user and role db.session.commit() return {}, 200 else: return {'message': 'Please check the fields'}, 400
def update(oid, userDetails): """ Updates an existing user in the user list. :param id: oid of the user to update in the user list :param user: user to update :return: updated user """ app.logger.debug(pformat(userDetails)) if userDetails.get("id") and userDetails.get("id") != oid: abort(400, f"Id {oid} mismatch in path and body") # Admin rights can't be set via POST nor PUT calls (#303) if "isLZAdmin" or "isMCAdmin" in userDetails: abort(400, "Unable to set admin rights in PUT operation.") # Does the user exist in user list? existing_user = db.session.query(User).filter(User.id == oid).one_or_none() # Does user exist? if existing_user is not None: userDetails["id"] = oid schema = UserSchema() update_user = schema.load(userDetails, session=db.session) db.session.merge(update_user) db.session.commit() # return the updted user in the response data = schema.dump(update_user) return data, 200 # otherwise, nope, deployment doesn't exist, so that's an error return abort(404, f"User {oid} not found")
def create(user): schema = UserSchema() new_user = schema.load(user, session=db.session) new_user.password = User.hash(new_user.password) userDB = User.query \ .filter(User.email == new_user.email) \ .one_or_none() if userDB is not None: return Response(status=409) db.session.add(new_user) db.session.commit() access_token = create_access_token(identity=new_user) refresh_token = create_refresh_token(identity=new_user) return Response(response=schema.dump(new_user), status=201, mimetype='application/json')
def create(user): username = user.get('username') password = user.get('password') salt = user.get('salt') existing_user = User.query.filter(User.username == username).one_or_none() if existing_user is None: schema = UserSchema() new_user = schema.load(user, session = db.session) db.session.add(new_user) db.session.commit() return schema.dump(new_user), 201 else: abort(409, 'User {username} exists already'.format(username=username))
def create(user): """ This function creates a new person in the people structure based on the passed in person data :param person: person to create in people structure :return: 201 on success, 406 on person exists """ user_email = user.get("user_email") user_name = user.get("user_name") user_fingerprint = user.get("user_fingerprint") user_register_ip = user.get("user_register_ip") existing_user = (User.query.filter(User.user_email == user_email).filter( User.user_name == user_name).one_or_none()) # Can we insert this person? if existing_user is None: # Create a person instance using the schema and the passed in person schema = UserSchema() new_user = schema.load(user, session=db.session).data #lets add additional information in registration new_user.user_email = user_email new_user.user_fingerprint = user_fingerprint new_user.user_register_ip = user_register_ip new_user.user_name = user_name # Add the person to the database db.session.add(new_user) db.session.commit() # Serialize and return the newly created person in the response data = schema.dump(new_user).data return data, 201 # Otherwise, nope, person exists already else: abort(409, "User {user_email} exists already".format(user_email=user_email))
def create(userDetails): """ Creates a new user in the user list. based on the passed in user data :param user: user to create in user structure :return: 201 on success, 406 on user exists """ # Remove id as it's created automatically if "id" in userDetails: del userDetails["id"] # abort if these fields are set if "showWelcome" in userDetails: abort(400, "Unable to set isWelcome in POST operation.") # Admin rights can't be set via POST nor PUT calls (#303) if "isLZAdmin" or "isMCAdmin" in userDetails: abort(400, "Unable to set admin rights in POST operation.") # Does the user exist already? existing_user = (db.session.query(User).filter( User.email == userDetails["email"]).one_or_none()) if existing_user is None: schema = UserSchema() if "IsActive" not in userDetails: userDetails["isActive"] = 1 new_user = schema.load(userDetails, session=db.session) db.session.add(new_user) db.session.commit() # Serialize and return the newly created deployment # in the response data = schema.dump(new_user) return data, 201 # Otherwise, it already exists, that's an error return abort(406, "User already exists")
def update(id, user): update_user = User.query.filter(User.id == id).one_or_none() if update_user is None: abort( 404, "User not found for Id: {id}".format(id=id), ) else: schema = UserSchema() update = schema.load(user, session=db.session) update.id = update_user.id db.session.merge(update) db.session.commit() data = schema.dump(update_user) return data, 200
def create(user): ''' Creates a new user. :param user: str :return: dict, 201 - in case of success ''' username = user.get('username') exisiting_user = (User.query.filter( User.username == username).one_or_none()) if exisiting_user: abort(409, 'Found existing user with username: {}'.format(username)) # create new user schema = UserSchema() new_user = schema.load(user, session=db.session) db.session.add(new_user) db.session.commit() data = schema.dump(new_user) return data, 201
def create(user): """ This function creates a new entry in the default structure based on the passed in user id data :param user_name: user name to create in user structure :param display_name: display name for the user :param company: the user company :param thumbnail: string url to the thumbnail image :return: 201 on success, 406 on default exists """ user_name = user.get("user_name") existing = (User.query.filter(User.user_name == user_name).one_or_none()) # Can we insert this person? if existing is None: # Create a person instance using the schema and the passed in person schema = UserSchema() users = schema.load(user, session=db.session).data # Add the person to the database db.session.add(users) db.session.commit() # Serialize and return the newly created person in the response data = schema.dump(users).data return data, 201 # Otherwise, nope, person exists already else: abort( 409, "User {user_name} exists already".format(user_name=user_name), )
def create_user(user): userName = USER.get("userName") userFirst = USER.get("userFirst") userLast = USER.get("userLast") userPhone = USER.get("userPhone") userEmail = USER.get("userEmail") userAddress = USER.get("userAddress") userAddress2 = USER.get("userAddress2") userState = USER.get("userState") userZip = USER.get("userZip") existing_user = (User.query.filter(User.userName == userName).filter( User.userFirst == userFirst).filter(User.userLast == userLast).filter( User.userPhone == userPhone).filter( User.userEmail == userEmail).filter( User.userAddress == userAddress).filter( User.userAddress2 == userAddress2).filter( User.userState == userState).filter( User.userZip == userZip).one_or_none()) if existing_user is None: schema = UserSchema() new_user = schema.load(user, session=db.session).data db.session.add(new_user) db.session.commit() data = schema.dump(new_user).data return data, 201 else: abort( 409, "{UserName} already exists".format(UserName=userName), )
def update(user_id, user): ''' Updates user with given id. :param user_id: integer :param user: object :return: dict, 200 - in case of success ''' update_user = User.query.filter(User.user_id == user_id).one_or_none() if not update_user: abort(404, 'Failed to find user with id: {}'.format(user_id)) # retrieve user object from database schema = UserSchema() update = schema.load(user, session=db.session) # update user update.user_id = update_user.user_id db.session.merge(update) db.session.commit() data = schema.dump(update_user) return data, 200
def update_user(userID, userName): update_users = User.query.filter(User.userID == userID).one_or_none() if update_users is not None: schema = UserSchema() update = schema.load(userName, session=db.session).data update.userID = update_users.userID db.session.merge(update) db.session.commit() data = schema.dump(update_users).data return data, 200 else: abort( 404, "User not found for ID: {userID}".format(userID=userID), )
def create(user): id = user.get('id') if User.query.get(id) is not None: abort(409, f'id {id} is already used') pseudo = user.get('pseudo') existing_user = User.query \ .filter(User.pseudo == pseudo) \ .one_or_none() if existing_user is None: schema = UserSchema() #user.password_hash = user.set_password(self, user.password_hash) new_user = schema.load(user, session=db.session) db.session.add(new_user) db.session.commit() return schema.dump(new_user), 201 else: abort(409, f'User {pseudo} exists already')
def post(self): # register user endpoint data = validate_user(request.get_json()) if data["ok"]: data = data["data"] # check if user exists user = User.query.filter_by(email=data["email"]).first() if user: return {"message": "Email has already been taken"}, 400 # get password data["password"] = flask_bcrypt.generate_password_hash(data["password"]) # find the role of the user role = Role.query.filter_by(name=data["role"]).first() if ( role and data["role"] == "ADMIN" and data["healthFacilityName"] == "Null" ): data["healthFacilityName"] = None del data["role"] # Add a new user to db user_schema = UserSchema() new_user = user_schema.load(data, session=db.session) role.users.append(new_user) # add new user to their role db.session.add(role) # add user and role db.session.commit() return new_user.id, 201 else: return {"message": "Please check the fields"}, 400
def update(user_name, user): """ This function updates an existing user in the structure :param user_name: id of the user to update in the default structure :param user: user to update :return: updated default structure """ # Get the person requested from the db into session update = User.query.filter(User.user_name == user_name).one_or_none() # Did we find a user? if update is not None: # turn the passed in person into a db object schema = UserSchema() updates = schema.load(user, session=db.session).data # Set the id to the person we want to update updates.user_name = user_name # merge the new object into the old and commit it to the db db.session.merge(updates) db.session.commit() # return updated person in the response data = schema.dump(updates).data return data, 200 # Otherwise, nope, didn't find that person else: abort( 404, "User not found for Id: {user_name}".format(user_name=user_name), )
def update_user(user_id, user): """ @route: /api/v1/user/:id @method: PUT @return: updated user """ update_user = User.query.filter(User.id == user_id).one_or_none() # Get existing person to avoid duplicate record after update email = user.get('email') existing_user = User.query.filter(User.email == email).one_or_none() # Check if the user to update exist if update_user is None: abort( 404, "Couldn't find any user with the ID: {user_id}".format( user_id=user_id)) # If the update create a duplicate of a existing user elif (existing__user is not None and existing_user.id != user_id): abort(409, "User with {email} exists already".format(email=email)) else: # turn the passed into user into a db object schema = UserSchema() update = schema.load(user, session=db.session) # Set the id to the user we want to update update.id = update_user.id # Merge the new object into the old and commit to db db.session.merge(update) db.session.commit() # return updated user in the sponse data = schema.dump(update_user) return data, 200
def check_credentials(login_details): """ Responds to a request for /api/login. :return: json string of user details """ authorization = connexion.request.headers.get("Authorization") if authorization: logger.debug("Authorization: %s", authorization) token = authorization.split(" ")[1] claims = security.decode_token(token) logger.debug("Claims: %s", claims) existing_user = ( db.session.query(User) .filter(User.email == claims.get("email")) .one_or_none() ) if not existing_user: userDetails = { "email": claims.get("email"), "firstName": claims.get("given_name"), "lastName": claims.get("family_name"), } with db_session() as dbs: schema = UserSchema() new_user = schema.load(userDetails, session=dbs) dbs.add(new_user) login_details["username"] = claims.get("email") login_details["password"] = os.environ.get("EC_PASSWORD", pw_backup) logger.info( "Login Details: {}".format(pformat(ModelTools.redact_dict(login_details))) ) username = login_details.get("username") password = login_details.get("password") is_active_user = False with db_session() as dbs: user = ( dbs.query(User).filter(User.email == username, User.isActive).one_or_none() ) if user: is_active_user = True is_valid_password = False if os.environ.get("EC_PASSWORD", pw_backup) == password: is_valid_password = True schema = ExtendedLoginSchema(many=False) if is_active_user and is_valid_password: logger.debug("LOGIN accepted!") teams_resp = team.read_list_by_user_id(user.id) if teams_resp[1] == HTTPStatus.OK: user.teams = teams_resp[0] else: logger.info("No teams found for user {user.id}") data = schema.dump(user) return data, 200 logger.warning("LOGIN FAILED!") abort(401, "Unauthorised! {}".format(ModelTools.redact_dict(login_details)))
class UserResource(Base, AccountResource): def __init__(self): super(UserResource, self).__init__() self.user_schema = UserSchema() self.users_schema = UserSchema(many=True) self.per_page = 20 # TODO: move fix num to config file self.fields = [('username', True), ('password', True), ('email', True), ('role', True)] self.token_data = ['username', 'password'] def validate_permission(self, user, action): username = user['username'] users = User.query user = User.query.filter_by(username=username).first() if user: return True # account = Account.query.filter_by(id=user.account_id).first() # # TODO: validate_token and below: # # role = Role.query.filter_by(id=account.role_id).first() # # if role.role_name == action: # return True return False def get(self): """ Get a list of users filterd by ( id, username, email, sort_name, sort_order, limit, role_name ) """ _, error = self.get_usertoken_data(request.args.get('token', '')) if not error: user_id = int(request.args.get('user_id', 0)) username = request.args.get('username', '') email = request.args.get('email', '') sort_name = request.args.get('sort_name', '') # column name to filter sort_order = request.args.get('sort_order', '') # asc | desc limit = request.args.get('limit', None) role_name = request.args.get('role', '') users = User.query.join(Account, Account.id == User.account_id).join( Role, Role.id == Account.role_id) if users and user_id: users = users.filter_by(id=user_id) elif users and email: users = users.filter_by(email=email) elif users and username: users = users.filter_by(username=username) else: if users and role_name: users = users.filter(Role.role_name == role_name) if users and sort_name: users = users.order_by( text(f'user.{sort_name} {sort_order}')) else: users = users.order_by(User.id.desc()) total_pages, total_items, limit, users = self.get_pages_data( users, int(request.args.get('page', 1)), limit) result = self.users_schema.dump(users) for user in result: account = Account.query.filter_by( id=user['account_id']).first() role = Role.query.filter_by(id=account.role_id).first() user['role'] = role.role_name return response(200, data={ 'users': result, 'totalPages': total_pages, 'totalItems': total_items, 'perPage': limit }) return error def post(self): """ Register a new user if curr_user has permission :param requests: {token: curr_user_token , new_user:{username, password, email, role}} :return: {id, json web token} """ json_data, error = get_data(request) if not error: data, error = validate_json_payload(json_data, [('token', True), ('new_user', True)]) if not error: token_data, error = self.get_usertoken_data(data['token']) curr_user = token_data['username'] _, error = validate_json_payload(data['new_user'], self.fields) if not error: new_user = data['new_user'] del token_data, data if self.validate_permission(curr_user, 'create_new_user'): error = self._validate_data( username=new_user['username'], password=new_user['password'], email=new_user['email'], role_name=new_user['role']) if not error: new_user['password'] = hash_password( new_user['password']) token = gen_token({ key: new_user[key] for key in self.token_data }) try: role = Role.query.filter_by( role_name=new_user['role']).first() account_data = self.account_schema.load({ 'password': new_user['password'], 'role_id': role.id }) user_data = self.user_schema.load({ 'username': new_user['username'], 'email': new_user['email'] }) except marshmallow.exceptions.ValidationError as errors: return response(400, str(errors)) new_account = Account(**account_data) new_user = User(**user_data) error = new_account.save() if not error: new_user.account_id = new_account.id error = new_user.save() if not error: return response(200, data={ 'id': new_user.id, 'token': token }) else: return response(400, 'Current user don\'t has permission') return error def put(self): """ Update data to new user and return new token :return: {id, json web token} """ json_data, error = get_data(request) if not error: data, error = validate_json_payload(json_data, [('token', True), ('new_user', True)]) if not error: curr_user, error = self.get_usertoken_data(data['token']) # curr_user = token_data['username'] _, error = validate_json_payload( data['new_user'], [('username', True)] + [(field, False) for field, _ in self.fields[1:]]) if not error: update_user = data['new_user'] del data if self.validate_permission(curr_user, 'update_new_user'): if self._validate_user(update_user['username']): error = self._validate_data( password=update_user['password'] if 'password' in update_user.keys() else None, email=update_user['email'] if 'email' in update_user.keys() else None, role_name=update_user['role'] if 'role' in update_user.keys() else None) if not error: if 'password' in update_user.keys(): update_user['password'] = hash_password( update_user['password']) token = gen_token({ key: update_user[key] for key in self.token_data }) user = User.query.filter_by( username=update_user['username']).first() account = Account.query.filter_by( id=user.account_id).first() if 'email' in update_user.keys(): user.email = update_user['email'] user.last_update = dt.now().strftime( '%Y-%m-%d %H:%M:%S') error = user.save() if not error: if 'role' in update_user.keys(): role = Role.query.filter_by( role_name=update_user['role'] ).first() account.role_id = role.id if 'password' in update_user.keys(): account.password = update_user[ 'password'] error = account.save() if not error: return response(200, data={ 'id': account.id, 'token': token }) else: return response(400, 'Current user don\'t has permission') return error