def forgot_password():
data = request.get_json()
# TODO: check MissingFieldException and add field validations here
user = User.query.filter_by(email=data['email']).first()
if user is None:
return SuccessResponse(
{}, 200
) # Return success response to prevent check used email through forgot password
reset_token = reset_token_action.generate_reset_token(user)
email_service.send_forgot_password_email(reset_token)
return SuccessResponse({}, 200)
def create():
data = request.get_json()
validate_data = permission_schema.load(data)
permission = permission_action.create(validate_data)
result = permission_schema.dump(permission)
return SuccessResponse(result, 200)
def update_user_profile():
user_id = g.payload['sub']
data = request.get_json()
validate_data = user_profile_schema.load(data)
user = user_action.update(user_id=user_id, value=validate_data)
return SuccessResponse(user, 200)
def check_email_exist():
data = request.get_json()
exist = User.query.filter_by(email=data['email']).scalar()
if exist:
raise DuplicateException()
return SuccessResponse(False, 200)
def logout():
payload = g.payload
if 'session' in payload:
session_action.remove_session(payload['custom:session'])
blacklist_token_action.add(payload['jti'])
return SuccessResponse({}, 200)
def update_user_thumbnail():
user_id = g.payload['sub']
files = request.files.getlist('file')
if not files or len(files) <= 0:
raise ValidationError('Missing thumbnail')
thumbnail = user_action.upload_user_profile(user_id=user_id, file=files[0])
user_action.update(user_id, {'avatar': thumbnail})
return SuccessResponse(thumbnail, 200)
def register():
data = request.get_json()
user = user_action.register(data)
session = session_action.generate_session(user)
access_token = session_action.generate_access_token(user)
return SuccessResponse(
{
'access_token': access_token,
'refresh_token': session.token,
'user': user_response_schema.dump(user)
}, 200)
def reset_password():
data = request.get_json()
reset_token = reset_token_action.check_reset_token(
email=data['email'], token=data['reset_code'])
if reset_token is None:
raise MissingFieldException('reset_token')
user = User.query.filter_by(email=data['email']).first()
user_action.update(user_id=user.id, value={'password': data['password']})
return SuccessResponse({}, 200)
def generate_access_token():
data = request.get_json()
if ('refresh_token' not in data) or ('user_id' not in data):
raise UnauthorizedException()
user = User.query.get(data['user_id'])
if user is None:
raise UnauthorizedException()
access_token = session_action.regenerate_access_token(
data['refresh_token'], user)
return SuccessResponse({
'access_token': access_token,
}, 200)
def login():
data = request.get_json()
user = user_action.login(data['email'], data['password'])
if user is None:
raise UnauthorizedException()
session = session_action.generate_session(user)
access_token = session_action.generate_access_token(user, session)
return SuccessResponse(
{
'access_token': access_token,
'refresh_token': session.token,
'user': user_response_schema.dump(user)
}, 200)
def login_with_google():
data = request.get_json()
if 'access_token' in data:
access_token = data['access_token']
else:
raise MissingFieldException('access_token')
google_user = google_service.get_logged_in_user(access_token)
user = User.query.filter_by(google_id=google_user['id']).first()
if user is None:
if 'email' not in google_user:
raise BadRequestException(code=ErrorCode.NO_VALID_EMAIL)
user = User.query.filter_by(email=google_user['email']).first()
if user is None:
user = user_action.register({
'email': google_user['email'],
'name': google_user['name'],
'google_id': google_user['id'],
'full_name': google_user['name']
})
avatar = user_action.upload_user_profile(
user_id=user.id, url=google_user['picture'])
user_action.update(user_id=user.id, value={'avatar': avatar})
else:
avatar = user_action.upload_user_profile(
user_id=user.id,
url=google_user['picture'],
target_url=user.avatar)
user_action.update(user_id=user.id,
value={
'google_id': google_user['id'],
'avatar': avatar
})
session = session_action.generate_session(user)
access_token = session_action.generate_access_token(user, session)
return SuccessResponse(
{
'access_token': access_token,
'refresh_token': session.token,
'user': user_response_schema.dump(user)
}, 200)
def update_user_credentials():
user_id = g.payload['sub']
validated_json = user_credential_post_schema.load(request.get_json())
user_action.update_credential(user_id, **validated_json)
return SuccessResponse({}, 200)
def get_user_profile():
user_id = g.payload['sub']
profile = user_action.get_user_profile(user_id)
return SuccessResponse(profile, 200)
def check_reset_code():
data = request.get_json()
is_valid = reset_token_action.check_reset_token(email=data['email'],
token=data['reset_code'])
return SuccessResponse(is_valid, 200)
def delete(permission_id):
permission_action.delete(permission_id)
return SuccessResponse(None, 200)
def get_all():
permissions = permission_action.get_all()
result = permission_schemas.dump(permissions)
return SuccessResponse(result, 200)