def change_pass_of_client(self, new_pass, logged_user):
validate_client(logged_user)
self.__validate_logged_user(logged_user)
validate_password(new_pass, logged_user.get_username())
self.cursor.execute(UPDATE_PASSWORD_OF_CLIENT,
(encode(new_pass), logged_user.get_id()))
self.db.commit()
def post(self):
"""Register a new user."""
req_body = request.get_json()
not_found = []
required_fields = ("email", "password")
for field in required_fields:
if field not in req_body.keys():
not_found.append(field)
if not_found:
return (
f"Required field(s) not found:"
f" {', '.join(field for field in not_found)}",
400,
)
# Check if email is valid
user_email = req_body["email"]
try:
validate_email(user_email)
except ValidationError:
return "Incorrect format for field: email", 400
# Check if password is secure enough
user_password = req_body["password"]
try:
validate_password(user_password)
except ValidationError:
return (
"Password is not secure enough: include at least one uppercase,"
" one lowercase, one number and one symbol, and keep it between"
" 12 and 255 characters long. Whitespace is not allowed.",
400,
)
salt = generate_random_salt()
hashed_password = hash_password(user_password, salt)
# noinspection PyArgumentList
new_user = User(
email=user_email,
password=hashed_password,
salt=str(salt, encoding=ENCODING),
)
db.session.add(new_user)
try:
db.session.commit()
except IntegrityError:
return {}, 409
apikey = get_or_create_api_key(new_user)
return apikey, 201
def register(username, password):
if not validate_password(username, password):
print("""Invalid password! - 8 symbols, special symbol, capital letter,
number""")
password = getpass.getpass("Enter a new password: "******"""Invalid password! - 8 symbols, special symbol,
capital letter, number""")
password = getpass.getpass("Enter a new password: ")
cursor.execute(INSERT_USER, (username, encode_pass(password)))
conn.commit()
def change_pass(new_pass, logged_user):
if not validate_password(logged_user.get_username(), new_pass):
print("""Invalid password! - 8 symbols, special symbol, capital letter,
number""")
new_pass = getpass.getpass("Enter a new password: "******"""Invalid password! - 8 symbols, special symbol,
capital letter, number""")
new_pass = getpass.getpass("Enter a new password: ")
cursor.execute(UPDATE_PASSWORD,
(encode_pass(new_pass), logged_user.get_id()))
conn.commit()
def patch(self, user):
"""Edit individual fields on a user. Non-admins can only edit some fields on
their own account.
"""
req_data = request.get_json()
invalid_fields = []
modified = 0
for key in req_data:
if not hasattr(user, key) or key in ("id", "salt"):
invalid_fields.append(key)
continue
if not invalid_fields:
if key == "email":
new_email = req_data[key]
try:
validate_email(new_email)
except ValidationError:
return "Invalid format for email address.", 400
user.email = new_email
modified += 1
elif key == "password":
new_password = req_data[key]
try:
validate_password(new_password)
except ValidationError:
return "New password is not secure enough or too long.", 400
new_salt = generate_random_salt()
user.password = hash_password(new_password, new_salt)
user.salt = new_salt
modified += 1
elif key == "lemmas":
lemma_refs = req_data[key]
if isinstance(lemma_refs[0], int):
lemma_filter = Lemma.id.in_(lemma_refs)
else:
lemma_filter = Lemma.content.in_(lemma_refs)
lemmas = Lemma.query.filter(lemma_filter)
user.lemmas.extend(lemmas)
modified += 1
if invalid_fields:
return f"Invalid fields: {', '.join(invalid_fields)}", 400
if not modified:
return "No valid field specified.", 400
db.session.commit()
return {}, 204
def signup_seller():
connection = None
try:
data = request.json
if 'username' not in data:
raise ApiException(400, INVALID_PASSWORD)
if 'password' not in data:
raise ApiException(400, INVALID_INPUT_USERNAME)
if 'koreanBrandName' not in data:
raise ApiException(400, INVALID_INPUT_PASSWORD)
if 'englishBrandName' not in data:
raise ApiException(400, INVALID_INPUT_ENGLISH_BRAND_NAME)
if 'sellerCategoryId' not in data:
raise ApiException(400, INVALID_INPUT_SELLER_CATEGORY)
if 'customerServiceNumber' not in data:
raise ApiException(400, INVALID_INPUT_SERVICE_NUMBER)
if 'userTypeId' not in data:
raise ApiException(400, INVALID_INPUT_USER_TYPE_ID)
if 'phoneNumber' not in data:
raise ApiException(400, INVALID_INPUT_PHONE_NUMBER)
if not validate_password(data['password']):
raise ApiException(400, INVALID_PASSWORD)
seller_info = {
'user_type_id': int(data['userTypeId']),
'username': data['username'],
'korean_brand_name': data['koreanBrandName'],
'english_brand_name': data['englishBrandName'],
'seller_category_id': data['sellerCategoryId'],
'customer_service_number': data['customerServiceNumber'],
'password': data['password'],
'phone_number': data['phoneNumber']
}
connection = connect_db()
seller_service = SellerService()
seller_service.signup_seller(seller_info, connection)
connection.commit()
return {"custom_message": "CREATED SELLER", "result": "POST"}
except ApiException as e:
connection.rollback()
raise e
finally:
if connection:
connection.close()
def sign_up_user():
""" [서비스] 유저 회원가입
Author: Mark Hasung Kim
Returns:
{
"custom_message": "SERVICE_USER_CREATED,
"result": "POST
}
"""
connection = None
try:
data = request.json
if 'username' not in data:
raise ApiException(400, INVALID_INPUT)
if 'email' not in data:
raise ApiException(400, INVALID_INPUT)
if 'password' not in data:
raise ApiException(400, INVALID_INPUT)
if 'userTypeId' not in data:
raise ApiException(400, INVALID_INPUT)
if not validate_password(data['password']):
raise ApiException(400, INVALID_PASSWORD)
if not validate_email(data['email']):
raise ApiException(400, INVALID_EMAIL)
user_info = {
'username': data['username'],
'email': data['email'],
'password': data['password'],
'user_type_id': int(data['userTypeId']),
'phone_number': '',
}
connection = connect_db()
user_service = UserService()
user_service.create_user(user_info, connection)
connection.commit()
return {"custom_message": "SERVICE_USER_CREATED", "result": "POST"}
except ApiException as e:
if connection:
connection.rollback()
raise e
finally:
if connection:
connection.close()
def register_new_client(self, username, password):
validate_username(username)
validate_password(password, username)
self.cursor.execute(ADD_CLIENT, (username, encode(password)))
self.db.commit()
def test_validation(self):
self.assertFalse(validate_password('Tester', '123'))
self.assertFalse(validate_password('Zimbabwe', 'Zimbabwe@21'))
self.assertTrue(validate_password('Tester', 'SDA@224FS2'))
def test_validate_password(self):
self.assertTrue(validate_password("Abc123???", "John"))
self.assertTrue(validate_password("Password1$", "John"))
