def get(self):
#Check if auth token is in headers
authToken = request.headers.get("X-Auth-Token")
if not authToken:
return apiClient.unAuthorized()
#Check if token matches in DB
results = authCollection.find_one({"Token": authToken})
logger.info("Auth results: {}".format(results))
#if no token in DB
if not results:
return apiClient.unAuthorized()
#Check if token has expired
if TimestampExpired(results['Expires']):
logger.info("Auth token expired")
return apiClient.unAuthorized()
#Find user in users DB
user = collection.find_one({"Username" : results['Username']})
#If no user found return 401
if not user:
return apiClient.unAuthorized()
return apiClient.success({})
def post(self):
schema = UserSchema()
try:
data = json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
try:
authUser = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","Token","League","Username","Password","Points","CenterID",))
except ValidationError as err:
return err.messages, 404
results = collection.find_one({"Email": authUser['Email']})
if not results:
return apiClient.notFound("Email not found")
tempToken = GenerateToken(6)
tempData = {"Email":authUser['Email'],
"Token":tempToken,
"Expire":getExpirationTime(hours=1)}
if not pendingReset.insert_one(tempData):
logger.error("Failed to create temp data")
return apiClient.internalServerError()
#Send email to reset user password
with open(FORGOT_TEMPLATE, 'r') as stream:
emailBodyTemplate = stream.read()
emailBody = emailBodyTemplate.format(user_email=authUser['Email'],reset_url="http://3.15.199.174:5000/ResetPasswordForm/{}".format(tempToken))
SendEmail(authUser['Email'], "Reset Account Password", emailBody)
def get(self):
#Check if auth token is in headers
authToken = request.headers.get("X-Auth-Token")
if not authToken:
return apiClient.unAuthorized()
#Use method to get associated username from given token
username = Authorization(authToken)
#If no token found return error 401
if not username:
return apiClient.unAuthorized()
#Check for matching username in collection
results = collection.find_one({"Username": username})
#If no results return error
if not results:
return apiClient.notFound("User not found")
#Try to delete password and ID keys from dictionary
try:
del (results['Password'],results['_id'],results['Timestamp'],results['CenterID'])
except KeyError:
logger.error("Failed to delete keys in dic")
return apiClient.internalServerError()
return results
def post(self):
'''First handle auth token'''
#Check if auth token is in headers
authToken = request.headers.get("X-Auth-Token")
if not authToken:
return apiClient.unAuthorized()
#Check if token matches in DB
results = authCollection.find_one({"Token": authToken})
#If no token in DB
if not results:
return apiClient.unAuthorized()
#Check if auth token is expired
if TimestampExpired(results['Expires']):
logger.info("Auth token expired")
return apiClient.unAuthorized()
#Find user in users DB
user = collection.find_one({"Username": results['Username']})
#If no user found return 401
if not user:
return apiClient.unAuthorized()
#If user does not equal admin return 401
if user['Type'] != "Admin":
return apiClient.unAuthorized()
'''Now handle body'''
schema = UserSchema()
#Try to load json
try:
data = json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
#Load data into schema
try:
checkData = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","Token","League","Username","Password","Points","Email",))
except ValidationError as err:
return err.messages, 400
exp = getExpirationTime(hours=checkData['Expires'])
insertData = {"Expires": exp,
"Name":checkData['Coupon'],
"CenterID":checkData['CenterID']}
if not couponsCollection.insert_one(insertData):
logger.info("Failed to create admin coupon in coupon collection")
return apiClient.internalServerError()
return apiClient.success({})
def get(self):
'''Check Auth Token First'''
#Check if auth token is in headers
authToken = request.headers.get("X-Auth-Token")
if not authToken:
return apiClient.unAuthorized()
#Check if token matches in DB
results = authCollection.find_one({"Token": authToken})
logger.info("Auth results: {}".format(results))
#if no token in DB
if not results:
return apiClient.unAuthorized()
#Check if token has expired
if TimestampExpired(results['Expires']):
logger.info("Auth token expired")
return apiClient.unAuthorized()
#Find user in users DB
user = collection.find_one({"Username" : results['Username']})
#If no user found return 401
if not user:
return apiClient.unAuthorized()
coupons = usedCollection.find_one({"Email":user['Email']})
if not coupons:
return apiClient.badRequest("No coupons found")
#Check to see if cloud coupon was created for center in coupons collection
cloudCoupon = couponsCollection.find_one({"CenterID": coupons['CenterID']})
#If cloud coupon is found add it to array list
if cloudCoupon:
logger.info("Cloud coupon found")
coupons['CloudCoupon'] = True
else:
logger.info("No cloud coupon found")
coupons['CloudCoupon'] = False
#Try to delete password and ID keys from dictionary
try:
del (coupons['Email'],coupons['_id'],coupons['CenterID'])
except KeyError:
logger.error("Failed to delete keys in dic")
return apiClient.internalServerError()
return coupons
def post(self):
#Load schema
schema = UserSchema()
try:
data = json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
#Load user login data against schema
try:
check_user = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","Email","League","Token","Points","CenterID",))
except ValidationError as err:
return err.messages, 400
#Find user in database with associated username
results = collection.find_one({"Username": check_user['Username']})
#Check if no results have been returned
if not results:
return apiClient.badRequest("Username not found")
#Now check password to verify user and login
if not VerifyPassword(check_user['Password'], results['Password']):
return apiClient.badRequest("Invalid password")
#Pass generated token to variable
token = GenerateToken(20)
#Create timestamp for token
ts = datetime.utcnow().isoformat()
#Get expiration time for token
exp = getExpirationTime(hours=24)
#Create insert data dictionary
insertData = {}
insertData['Username'] = check_user['Username']
insertData['Token'] = token
insertData['TimeStamp'] = ts
insertData['Expires'] = exp
#Inserting data into authCollection
if not authCollection.insert_one(insertData):
logger.error("Failed to insert data into Auth DB")
return apiClient.internalServerError()
retData = apiClient._prepareBody({"AuthToken": token, "AccessLevel": results['Type']})
return apiClient.success(retData)
def post(self):
schema = UserSchema()
try:
data = json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
try:
resetUser = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","League","Username","Email","Points","CenterID",))
except ValidationError as err:
return err.messages, 400
match = re.search("[a-zA-Z0-9_]", resetUser["Password"])
if match:
hashedPassword = EncryptPassword(resetUser["Password"])
resetUser.update({'Password' : hashedPassword})
else:
return apiClient.badRequest("Not a valid password")
token = resetUser['Token']
email = resetAuth(token)
if not email:
return apiClient.unAuthorized()
results = collection.find_one({"Email": email})
if not results:
return apiClient.notFound("Email not found")
if not collection.update({"Email": results['Email']}, {"$set":{"Password": hashedPassword}}):
logger.error("Failed to update user {} with new password".format(results['Email']))
return apiClient.internalServerError()
if not pendingReset.delete_one({"Token": token}):
logger.error("Failed to delete pending reset request")
return apiClient.success("Password has been reset")
def post(self):
'''Check auth token first'''
#Check if auth token is in headers
authToken = request.headers.get("X-Auth-Token")
if not authToken:
return apiClient.unAuthorized()
#Check if token matches in DB
results = authCollection.find_one({"Token": authToken})
logger.info("Auth results: {}".format(results))
#if no token in DB
if not results:
return apiClient.unAuthorized()
#Check if token has expired
if TimestampExpired(results['Expires']):
logger.info("Auth token expired")
return apiClient.unAuthorized()
#Find user in users DB
user = collection.find_one({"Username" : results['Username']})
#If no user found return 401
if not user:
return apiClient.unAuthorized()
#Check if auth token comes from admin
if user['Type'] != "Admin":
return apiClient.unAuthorized()
'''Now handle body'''
#Load schema
schema = UserSchema()
#Load json
try:
data = json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
#Load point request against schema
try:
checkData = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","League","Token","Password","Username","Points",))
except ValidationError as err:
return err.messages, 400
#Find coupon in Bogo collection
findCoupon = usedCollection.find_one({"Email":checkData['Email']})
#If not found return 400
if not findCoupon:
return apiClient.badRequest("Coupon data not found")
#Check that center ID matches
if findCoupon['CenterID'] != checkData['CenterID']:
return apiClient.unAuthorized()
#Make coupon list variable
couponsRedeemed = findCoupon['Used']
#Make coupon name variable
couponName = checkData['Coupon']
#Make sure coupon exists in crons and coupon collections
if not cronCollection.find_one({"Name": couponName}):
if not couponsCollection.find_one({"Name": couponName}):
return apiClient.badRequest("Coupon not available")
#If coupon has been used return 400
if couponName in couponsRedeemed:
return apiClient.badRequest("Sorry... This coupon has already been redeemed")
else:
#Update collection for used coupon
if not usedCollection.update({"Email":findCoupon['Email']}, {"$push": {"Used": couponName}}):
logger.error("Failed to update coupon after being used")
return apiClient.internalServerError()
return apiClient.success({})
def post(self):
'''Check auth token first'''
#Check if auth token is in headers
authToken = request.headers.get("X-Auth-Token")
if not authToken:
return apiClient.unAuthorized()
#Check if token matches in DB
results = authCollection.find_one({"Token": authToken})
logger.info("Auth results: {}".format(results))
#if no token in DB
if not results:
return apiClient.unAuthorized()
#Check if token has expired
if TimestampExpired(results['Expires']):
logger.info("Auth token expired")
return apiClient.unAuthorized()
#Find user in users DB
user = collection.find_one({"Username" : results['Username']})
#If no user found return 401
if not user:
return apiClient.unAuthorized()
#Check if auth token comes from admin
if user['Type'] != "Admin":
return apiClient.unAuthorized()
'''Now handle body'''
#Load schema
schema = UserSchema()
#Load json
try:
data = json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
#Load point request against schema
try:
checkData = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","League","Token","Password","Username",))
except ValidationError as err:
return err.messages, 400
#Find user in user collection
findUser = collection.find_one({"Email":checkData['Email']})
#Otherwise return 400
if not findUser:
return apiClient.badRequest("User account not found")
if checkData['CenterID'] != findUser['CenterID']:
return apiClient.unAuthorized()
#Create point variables
newPts = checkData['Points']
currentPts = findUser['Points']
#Add points
resultPts = currentPts + newPts
#Results cannot be less than zero return 400
if resultPts < 0:
return apiClient.badRequest("User does not have enough points")
#Update user collection in DB with new point value
if not collection.update({"Email": findUser['Email']}, {"$set":{"Points": resultPts}}):
logger.error("Failed to update user {} with new points".format(findUser['Email']))
return apiClient.internalServerError()
def post(self):
#Load schema
schema = UserSchema()
#Try to load json data
try:
data=json.loads(request.data)
except Exception as e:
return apiClient.badRequest("Invalid json")
#Create new user by loading data from dictionary into UserSchema
try:
new_user = schema.load(data, partial=("Token","Points",))
except ValidationError as err:
return err.messages, 400
#Now validate formatting of user data with validate_Data method
try:
UserSchema.validate_Data(new_user)
except ValidationError as err:
return err.messages, 400
#Check to see if username is taken
if collection.find_one({"Username": new_user['Username']}):
return apiClient.badRequest("Username already in use")
#Check if user exists in DB
if collection.find_one({"Email": new_user['Email']}):
return apiClient.badRequest("You already have an account")
else:
if re.search("@{}$".format(ADMIN_USERS), new_user['Email']):
logger.info("Setting {} as admin".format(new_user['Email']))
new_user['Type'] = "Admin"
else:
new_user['Type'] = "User"
new_user['Points'] = 0
#Create timestamp
ts = datetime.utcnow().isoformat()
#Create expiration time for entry and update new_user
exp = getExpirationTime(hours=2)
#Generate tempToken
tempToken = GenerateToken(6)
new_user.update(TempToken = tempToken, Timestamp = ts, Expires = exp)
#Insert new user into temp DB
if not tempCollection.insert_one(new_user):
logger.error("Falied to create user {} in temp DB".format(new_user['Email']))
return apiClient.internalServerError()
#Send email to verify user account
with open(VERIFY_EMAIL_TEMPLATE, 'r') as stream:
emailBodyTemplate = stream.read()
emailBody = emailBodyTemplate.format(fname=new_user['Fname'], verify_url="http://3.15.199.174:5000/VerifyUser/{}".format(tempToken))
SendEmail(new_user['Email'], "Verification", emailBody)
logger.info("User {} added to temp Db and emailed verification token".format(new_user['Email']))
return apiClient.success("Please check email for verification code")