def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
secret = request.json.get('secret', None)
role = 'admin'
if secret != 'iniSECret':
return {'message': 'Permission denied'}, 500
if User.find_by_username(username):
return {'message': 'Admin already exists: {}'.format(username)}
username = username
password = User.generate_hash(password)
try:
new_user = User(username, password, role)
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
return {
'message': 'Admin created: {}'.format(username),
'access_token': access_token,
'refresh_token': refresh_token
}
except Exception as e:
return {'message': e}, 500
def user_add():
if request.method == 'POST':
try:
username = request.form.get('username')
password = User.generate_hash(request.form.get('password'))
is_admin = request.form.get('is-admin')
if is_admin:
new_user = User(username, password, role='admin')
else:
new_user = User(username, password)
db.session.add(new_user)
db.session.commit()
return redirect(url_for('admin.users'))
except IntegrityError:
db.session.rollback()
flash('ERROR! username ({}) already exists.'.format(username),
'error')
return render_template('user_add.html')
def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
if User.find_by_username(username):
return {'message': 'User already exists: {}'.format(username)}
username = username
password = User.generate_hash(password)
try:
new_user = User(username, password)
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
return {
'message': 'User created: {}'.format(username),
'access_token': access_token,
'refresh_token': refresh_token
}
except Exception as e:
return {'message': e}, 500