def put(self, user_id):
"""Updates a single user"""
post_data = request.get_json()
email = post_data.get("email")
res = {"status": False, "message": "Invalid payload"}
user = get_user_by_id(user_id)
if user is None:
api.abort(404, "Resource not found", status=False)
if email is None:
return res, 400
valid_email = EMAIL_REGEX.match(email)
if valid_email is None:
res["message"] = "Please provide a valid email address"
return res, 400
else:
updated_user = update_user(user, email)
res["status"] = True
res["message"] = "User successfully updated."
res["user"] = updated_user.to_json()
return res, 200
def get(self):
"""Get user status"""
auth_header = request.headers.get("Authorization")
res = {"status": False, "message": "Invalid payload."}
if auth_header:
try:
access_token = auth_header.split(" ")
if len(access_token) > 1:
access_token = auth_header.split(" ")[1]
resp = User.decode_token(access_token)
user = get_user_by_id(resp)
else:
res["message"] = "Invalid header."
return res, 401
if not user:
res["message"] = "Invalid token. Please login."
return res, 401
return user.to_json(), 200
except jwt.ExpiredSignatureError:
res["message"] = "Signature expired. Please login again."
return res, 401
except jwt.InvalidTokenError:
res["message"] = "Invalid token. Please login again."
return res, 401
else:
res["message"] = "Access token required."
return res, 403
def post(self):
"""Refresh token"""
post_data = request.get_json()
refresh_token = post_data.get("refresh_token")
res = {"status": False, "message": "Invalid payload."}
if refresh_token is None:
return res, 400
try:
resp = User.decode_token(refresh_token)
user = get_user_by_id(resp)
if not user:
res["message"] = "Invalid token."
return res, 400
access_token = user.encode_token(user.id, "access")
refresh_token = user.encode_token(user.id, "refresh")
res = {
"access_token": access_token.decode(),
"refresh_token": refresh_token.decode(),
}
return res, 200
except jwt.ExpiredSignatureError:
res["message"] = "Signature expired. Please login again."
return res, 401
except jwt.InvalidTokenError:
res["message"] = "Invalid token. Please login again."
return res, 401
def get(self, user_id):
"""Returns a single user"""
user = get_user_by_id(user_id)
if user is None:
api.abort(404, "Resource not found", status=False)
else:
return user, 200
def delete(self, user_id):
"""Deletes a single user"""
user = get_user_by_id(user_id)
if user is None:
api.abort(404, "Resource not found", status=False)
else:
delete_user(user)
return {
"status": True,
"message": "User was deleted.",
"user": user.to_json(),
}
def test_update_user_with_password(test_app, test_db, add_user):
# check password is NOT updated when updating user
password_one = "password"
password_two = "something"
user = add_user("*****@*****.**", password_one)
assert bcrypt.check_password_hash(user.password, password_one)
client = test_app.test_client()
res = client.put(
f"/users/{user.id}",
data=json.dumps({"email": "*****@*****.**", "password": password_two}),
content_type="application/json",
)
assert res.status_code == 200
user = get_user_by_id(user.id)
assert bcrypt.check_password_hash(user.password, password_one)
assert not bcrypt.check_password_hash(user.password, password_two)