def create_user(username, password):
"""Creates a user with hashed password in the database
:return: user object
"""
user = User(username=username)
user.hash_password(password)
db.session.add(user)
db.session.commit()
return user
def post(self):
if request.headers['content-type'] == 'application/json':
args = self.reqparse.parse_args()
username = args['username']
password = args['password']
if User.query.filter_by(username=username).first() is not None:
return Response(status=403) # existing user
user = User(username=username)
user.hash_password(password)
db.session.add(user)
db.session.commit()
return {'user': marshal(user, USER_FIELDS)}, 201
else:
return Response(status=400) # invalid request type
def post(self):
username = request.json.get('username')
password = request.json.get('password')
user = User.get_user_by_name(username)
if user and user.verify_password(password):
token = user.generate_auth_token()
print token
return jsonify({'token': token})
return '', 401
def post(self):
username = request.json.get('username')
password = request.json.get('password')
user = User.get_user_by_name(username)
if user and user.verify_password(password):
token = user.generate_auth_token()
print token
return jsonify({'token': token})
return '', 401
def verify_password(username_or_token, password):
# first tyr to authenticate by token
user = User.virify_auth_token(username_or_token)
if not user:
# try to authenticate by token
user = User.query.filter_by(username=username_or_token).first()
# user = User.get_user_by_name(username_or_token)
if not user or not user.verify_password(password):
return False
g.user = user
return True
def verify_password(username_or_token, password):
# first tyr to authenticate by token
user = User.virify_auth_token(username_or_token)
if not user:
# try to authenticate by token
user = User.query.filter_by(username=username_or_token).first()
# user = User.get_user_by_name(username_or_token)
if not user or not user.verify_password(password):
return False
g.user = user
return True
def verify_password(username_or_token, password):
"""Callback for Flask-HTTPAuth to verify given password for username
or auth token
If password (for username) or auth token is verified,
the user object is stored on g.user global
"""
# try to authenticate by token first
user = User.verify_auth_token(username_or_token)
if not user:
# try to authenticate with username/password
user = User.query.filter_by(username=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
def post(self):
if request.form:
username = request.json.get('username')
password = request.json.get('password')
phone = request.json.get('phone')
email = request.json.get('email')
company = request.json.get('company')
if username is None or password is None:
abort(400) # missing arguments
if User.query.filter_by(username=username).first() is not None:
abort(400) # existing user
user = User(username=username, password=password)
db.session.add(user)
db.session.commit()
return user, 201
else:
abort(400)
def get(self):
users = User.get_user_list()
return users
def get(self, id):
users = User.get(id)
return users
def test_created_user_is_not_admin(self):
user = User(username='******')
user.hash_password('password')
db.session.add(user)
db.session.commit()
self.assertFalse(user.admin)
def get(self):
users = User.get_user_list()
return users
def get(self, id):
users = User.get(id)
return users