def update_user_password(id):
response = {'status': '', 'message': '', 'payload': []}
data = request.get_json()
if id != current_user.id:
raise UnauthorizedError(
"Can't modify the password for a different user than yourself.")
# input validation
request_types = {
'password': ['str'],
'newpassword': ['str'],
}
validate_request_data(data, request_types)
if len(data['newpassword']) < 8:
raise InputError("Password length must be greater than 8.")
if not any(x.isupper() for x in data['newpassword']):
raise InputError("Password must contain a capital letter.")
if not any(x.lower() for x in data['newpassword']):
raise InputError("Password must contain a lowercase letter.")
if not any(x.isdigit() for x in data['newpassword']):
raise InputError("Password must contain a number.")
query = User.find_by_id(id)
if not User.verify_hash(data['password'], query.password):
raise UnauthorizedError("Password Invalid")
query.password = User.generate_hash(data['newpassword'])
query.req_pass_reset = False
db.session.commit()
response['message'] = 'Password changed'
create_log(current_user, 'modify', 'User changed password for User',
'ID: ' + str(id))
return jsonify(response), 201
def create_user():
response = {'status': 'ok', 'message': '', 'payload': []}
data = request.get_json()
# input validation
request_types = {
'username': ['str'],
'password': ['str'],
'email': ['str'],
'initials': ['str'],
'first_name': ['str'],
'last_name': ['str'],
'role': ['str']
}
validate_request_data(data, request_types)
# PASSWORD STRENGTH CHECKING
if len(data['password']) < 8:
raise InputError("Password length must be greater than 8.")
if not any(x.isupper() for x in data['password']):
raise InputError("Password must contain a capital letter.")
if not any(x.lower() for x in data['password']):
raise InputError("Password must contain a lowercase letter.")
if not any(x.isdigit() for x in data['password']):
raise InputError("Password must contain a number.")
# Length checking
if len(data['username']) < 1 or len(data['username']) > 64:
raise InputError(
'Username must be greater than 1 character and no more than 64')
if len(data['password']) < 8 or len(data['password']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
if len(data['email']) < 1 or len(data['email']) > 128:
raise InputError(
'Password must be greater than 8 character and no more than 128')
if not re.match(r".*\@.+(?:\..+)+", data['email']):
raise InputError('E-mail must be of a valid e-mail format.')
if len(data['initials']) < 1 or len(data['initials']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
if len(data['first_name']) < 1 or len(data['first_name']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
if len(data['last_name']) < 1 or len(data['last_name']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
# check if this username exists
check = User.query.filter_by(username=data['username']).first()
if check:
raise InputError('Username {} already exists.'.format(
data['username']))
# check if this email exists
check = User.query.filter_by(email=data['email']).first()
if check:
raise InputError('User email {} already exists.'.format(data['email']))
# check if these initials exist
check = User.query.filter_by(initials=data['initials']).first()
if check:
raise InputError('User initials {} already exist.'.format(
data['initials']))
# ENUM check
if data['role'] not in Roles.__members__:
raise InputError('Specified role does not exists')
# INSERT user
new_user = User(
username=data['username'],
password=User.generate_hash(data['password']),
email=data['email'],
initials=data['initials'].upper(),
first_name=data['first_name'],
last_name=data['last_name'],
role=data['role'],
)
db.session.add(new_user)
db.session.flush()
db.session.commit()
response['message'] = 'Created user {}'.format(data['username'])
response['payload'] = [User.find_by_id(new_user.id).serialize]
create_log(current_user, 'modify', 'User created a new User',
'New Username: '******'username']))
return jsonify(response), 201
def update_user(id):
response = {'status': 'ok', 'message': '', 'payload': []}
data = request.get_json()
# input validation
request_types = {
'username': ['str'],
'email': ['str'],
'initials': ['str'],
'first_name': ['str'],
'last_name': ['str'],
'role': ['str']
}
validate_request_data(data, request_types)
if len(data['username']) < 1 or len(data['username']) > 64:
raise InputError(
'Username must be greater than 1 character and no more than 64')
if len(data['email']) < 1 or len(data['email']) > 128:
raise InputError(
'Password must be greater than 8 character and no more than 128')
if not re.match(r".*\@.+(?:\..+)+", data['email']):
raise InputError('E-mail must be of a valid e-mail format.')
if len(data['initials']) < 1 or len(data['initials']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
if len(data['first_name']) < 1 or len(data['first_name']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
if len(data['last_name']) < 1 or len(data['last_name']) > 128:
raise InputError(
'Password must be greater than 1 character and no more than 128')
# UPDATE user
query = User.find_by_id(id)
if not query:
raise NotFoundError('User ID {} does not exist.'.format(id))
# check if data already exists
check = User.query.filter_by(username=data['username']).filter(
User.id != id).first()
if check:
raise InputError('Username {} already exists.'.format(
data['username']))
# check if this email exists
check = User.query.filter_by(email=data['email']).filter(
User.id != id).first()
if check:
raise InputError('User email {} already exists.'.format(data['email']))
# check if these initials exist
check = User.query.filter_by(initials=data['initials']).filter(
User.id != id).first()
if check:
raise InputError('User initials {} already exist.'.format(
data['initials']))
# update user data
query.username = data['username']
query.email = data['email']
query.initials = data['initials'].upper()
query.first_name = data['first_name']
query.last_name = data['last_name']
if data['role'] not in Roles.__members__:
raise InputError('Specified role does not exists')
query.role = data['role']
db.session.commit()
response['message'] = 'Updated user with id {}'.format(id)
response['payload'] = [User.find_by_id(id).serialize]
create_log(current_user, 'modify', 'User updated a User',
'Updated Username: '******'username']))
return jsonify(response), 201
