def post(args):
if not safe_str_cmp(args['password'], args['password_confirmation']):
return {
'success': False,
'errors': {
'password':
['Password and password confirmation do not match']
}
}, 409
user = UserModel.find_by_email(args['email'])
if user:
return {
'success': False,
'error': 'Email has already been taken'
}, 409
is_admin = False
if UserModel.count_all() < 1:
is_admin = True
phone = None
if 'phone' in args:
phone = args['phone']
hashed_password = UserModel.generate_hash(args['password'])
user = UserModel(args['name'], hashed_password, args['email'], phone,
is_admin)
user.save_to_db()
return {'success': True, 'user': user_summary.dump(user).data}, 201
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('resetPasswordHash', help='This field cannot be blank', required=True, type=str)
parser.add_argument('newPassword', help='This field cannot be blank', required=True, type=str)
data = parser.parse_args()
user = UserModel.find_by_reset_password_hash(data['resetPasswordHash'])
if not user:
abort(401, message=RESET_PASSWORD_HASH_INVALID)
now = datetime.now()
hash_age = now - user.reset_password_hash_created
# Hash must be younger then 24 hours
if divmod(hash_age.total_seconds(), 60 * 60 * 24)[0] > 0.0:
abort(401, message=RESET_PASSWORD_HASH_INVALID)
if len(data['newPassword']) < 8:
abort(400, message=PASSWORD_TOO_SHORT)
user.password = UserModel.generate_hash(data['newPassword'])
user.reset_password_hash = None
user.reset_password_hash_created = None
user.persist()
access_token = create_access_token(identity=user.username)
refresh_token = create_refresh_token(identity=user.username)
return AuthResponse(PASSWORD_RESET,
user,
access_token=access_token,
refresh_token=refresh_token), 202
def put(self):
password_parser = reqparse.RequestParser()
password_parser.add_argument('old_password', help='This field cannot be blank', required=True, type=str)
password_parser.add_argument('new_password', help='This field cannot be blank', required=True, type=str)
data = password_parser.parse_args()
user = UserModel.find_by_username(get_jwt_identity())
if UserModel.verify_hash(data['old_password'], user.password):
if len(data['new_password']) < 8:
abort(400, message=PASSWORD_TOO_SHORT)
user.password = UserModel.generate_hash(data['new_password'])
user.persist()
return SimpleMessage(PASSWORD_CHANGED), 201
else:
abort(401, message=OLD_PASSWORD_INCORRECT)
def add_users():
data = request.get_json()
newUser = UserModel(username=data['username'],
password=UserModel.generate_hash(data['password']))
try:
newUser.save_to_db()
return jsonify(
{'message': 'User {} was created'.format(data['username'])})
except SQLException.IntegrityError:
return jsonify({'message': 'This username is already in use'}), 409
except Exception as e:
print('Exception: ', e)
return jsonify({'message': 'Something went wrong'}), 500
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('username', help='This field cannot be blank', required=True, type=str)
parser.add_argument('password', help='This field cannot be blank', required=True, type=str)
parser.add_argument('email', help='This field cannot be blank', required=True, type=str)
data = parser.parse_args()
if UserModel.find_by_username(data['username']):
abort(409, message=USER_ALREADY_EXISTS)
if len(data['username']) < 3:
abort(400, message=USERNAME_TOO_SHORT)
if not re.match(username_regex, data['username']):
abort(400, message=USERNAME_INVALID)
if not re.match(email_regex, data['email']):
abort(400, message=EMAIL_INVALID)
if len(data['password']) < 8:
abort(400, message=PASSWORD_TOO_SHORT)
new_user = UserModel(
username=data['username'],
password=UserModel.generate_hash(data['password']),
email=data['email']
)
new_account_settings = AccountSettingsModel()
try:
new_user.persist()
new_account_settings.user_id = new_user.id
new_account_settings.persist()
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return AuthResponse(
USER_CREATION_SUCCESS,
new_user,
access_token=access_token,
refresh_token=refresh_token), 201
except:
abort(500, message=INTERNAL_SERVER_ERROR)