def login(request):
data = JSONParser().parse(request)
serializer = account_serializer.LoginRequestSerializer(data=data)
if not serializer.is_valid():
return Response("Invalid input")
crypto = Crypto()
username = serializer.validated_data.get("username")
password = serializer.validated_data.get("password")
user = User.objects.filter(username=username).first()
if user is None:
user_serializer = account_serializer.LoginResponseSerializer(
User(role=-1),
context = { 'is_successful': False,
'message': "Kullanıcı adı ya da şifre yanlış"
}
)
return Response(user_serializer.data)
computed_hash = crypto.getHashedPassword(password, user.password_salt)
if computed_hash == user.password_hash:
user_serializer = account_serializer.LoginResponseSerializer(
user,
context = { 'is_successful': True,
'message': "Giriş başarılı"
}
)
return Response(user_serializer.data)
else :
user_serializer = account_serializer.LoginResponseSerializer(
User(role=-1),
context = { 'is_successful': False,
'message': "Kullanıcı adı ya da şifre yanlış"
}
)
return Response(user_serializer.data)
def vendor_register(request):
validation_result = validate_register_request(request)
serializer = address_serializer.AddressRequestSerializer(data=request.data["address"])
if validation_result[0] is False:
context = {
'successful': False,
'message': validation_result[1]
}
return Response(context)
if not serializer.is_valid():
context = {
'successful': False,
'message': "Invalid Address"
}
return Response(context)
crypto = Crypto()
username = request.data["username"]
salt = crypto.getSalt()
password_hash = crypto.getHashedPassword(request.data["password"], salt)
existing_user = User.objects.filter(username=username).first()
if existing_user is not None:
context = {
'successful': False,
'message': 'Username is already in use'
}
return Response(context)
user = User(username=request.data["username"], email=request.data["email"], password_salt=salt, password_hash=password_hash, role = Role.VENDOR.value)
user.save()
title = serializer.validated_data.get("title")
name = serializer.validated_data.get("name")
surname = serializer.validated_data.get("surname")
address = serializer.validated_data.get("address")
province = serializer.validated_data.get("province")
city = serializer.validated_data.get("city")
country = serializer.validated_data.get("country")
phone = serializer.validated_data.get("phone")
phone_country_code = phone.get("country_code")
phone_number = phone.get("number")
zip_code = serializer.validated_data.get("zip_code")
vendor = Vendor(first_name=request.data["firstname"], last_name=request.data["lastname"], user=user)
address = Address(user=user, title=title, address=address, province=province, city=city, name=name, surname=surname,
country=country, phone_country_code=phone_country_code, phone_number=phone_number, zip_code=zip_code)
vendor.save()
address.save()
context = {
'successful': True,
'message': 'Signup succeeded'
}
return Response(context)
def get_user(id):
ds = get_client()
query = ds.query(kind='User')
query.add_filter('user_id', '=', id)
results = query.fetch()
for i in results:
if from_datastore(i)['user_id'] == id:
return User(id=from_datastore(i)['user_id'],
name=from_datastore(i)['name'],
email=from_datastore(i)['email'],
profile_pic=from_datastore(i)['picture'])
return False
def register(request):
validation_result = validate_register_request(request)
if validation_result[0] is False:
context = {
'successful': False,
'message': validation_result[1]
}
return Response(context)
crypto = Crypto()
username = request.data["username"]
salt = crypto.getSalt()
password_hash = crypto.getHashedPassword(request.data["password"], salt)
existing_user = User.objects.filter(username=username).first()
if existing_user is not None:
context = {
'successful': False,
'message': 'Username is already in use'
}
return Response(context)
user = User(username=request.data["username"], email=request.data["email"], password_salt=salt, password_hash=password_hash, role = Role.CUSTOMER.value)
user.save()
customer = Customer(first_name=request.data["firstname"], last_name=request.data["lastname"], user=user)
customer.save()
context = {
'successful': True,
'message': 'Signup succeeded'
}
to_email = request.data["email"]
current_site = request.META.get('HTTP_REFERER')
verify_message = verify_email.email_send_verify(to_email=to_email, current_site=current_site, user=user)
context = {
'successful': True,
'message': 'Signup succeeded, ' + verify_message
}
return Response(context)
def login():
data = request.get_json()
email = data['email']
password = data['password']
user = User.authenticate(email, password)
if user:
access_token = create_access_token(
user.id, fresh=True, expires_delta=timedelta(seconds=900))
refresh_token = create_refresh_token(user.id)
access_jti = get_jti(encoded_token=access_token)
refresh_jti = get_jti(encoded_token=refresh_token)
jwt_revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2)
jwt_revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2)
return jsonify(error=False,
access_token=access_token,
refresh_token=refresh_token), 201
else:
return jsonify(error=True, message="Invalid Details."), 401
def authenticate(self, request):
auth_header = request.headers.get('Authorization')
if not auth_header:
user = User(role=0)
return (user, None)
try:
access_token = auth_header.split(' ')[1]
payload = jwt.decode(
access_token, settings.SECRET_KEY, algorithms=['HS256'])
except jwt.InvalidSignatureError:
raise exceptions.AuthenticationFailed('invalid signature')
except jwt.ExpiredSignatureError:
raise exceptions.AuthenticationFailed('token expired')
except IndexError:
raise exceptions.AuthenticationFailed("invalid format")
user = User.objects.filter(pk=payload['id']).first()
if user is None:
raise exceptions.AuthenticationFailed('user not found')
return(user, None)
def build_user(userdata, access_token):
'''building User model'''
user = None
firstName = ''
lastName = ''
try:
email = userdata['email']
if userdata['given_name'] is not None:
firstName = userdata['given_name']
if userdata['family_name'] is not None:
lastName = userdata['family_name']
if userdata['email'] is not None:
user = User(first_name=firstName,
last_name=lastName,
email=email,
access_token=access_token,
token_last_update=datetime.utcnow())
except Exception as e:
''' todo: write exception to logger'''
user = None
return user
def setUp(self):
""" SetUp method .This method is run before each test.It is where all variables for tests are declared
and values set. It is important for setting the state ypour testing for in the application.
"""
#Declaring testing client
self.client = app.test_client()
db.init_app(app)
db.drop_all()
db.create_all()
#Declaring User details to use for testing
password = "******"
self.user = {
"username": "******",
"email": "*****@*****.**",
"password": password
}
#hashing the users password for better security
password_hash = generate_password_hash(password, method='sha256')
#Saving the users deatils in the database
user = User("david",
"*****@*****.**",
password=password_hash,
user_date_stamp=str(datetime.datetime.now()))
db.session.add(user)
db.session.commit()
#declaring a sample of invalid data
self.invalid_data = {}
#User details for login
self.user_details = {"username": "******", "password": "******"}
#Declaring a sample category for testing
self.category = {
"category_title": "breakfast",
"category_description": "First meal of the morning"
}
#saving a sample category in the database
category = Category("1", "breakfast", "First meal of the morning",
"*****@*****.**", "2017-12-02 13:39:25.892164")
db.session.add(category)
db.session.commit()
#Declaring a second sample category for testing
self.category2 = {
"category_title": "Drinks",
"category_description": "Taken 30 minutes before and after food."
}
#saving a second sample category in the database
category2 = Category("30", "Drinks",
"Taken 30 minutes before and after food.",
"*****@*****.**", "2017-12-02 13:39:25.892164")
db.session.add(category)
db.session.commit()
#Declaring a sample recipe for testing
self.recipe = {
"recipe_title": "rolex",
"recipe_description": "1.Obtain eggs"
}
#saving a second sample recipe in the database
recipe = Recipe("1", "rolex", "1.Obtain eggs", "1", "*****@*****.**",
"2017-12-02 13:39:25.892164", "False")
db.session.add(recipe)
db.session.commit()
#User details for login and generating a token
self.user_logins = {"username": "******", "password": "******"}
response = self.client.post(
"/login",
data=json.dumps(self.user_logins),
headers={"Content-Type": "application/json"})
token = json.loads(response.data.decode())["token"]
self.headers = {"x-access-token": token}
def create_user():
if not request.json:
return jsonify({
"Status": "Fail",
"message ": "Invalid Data Submitted"
}), 400
user_info = request.get_json()
username = user_info.get("username")
email = user_info.get("email")
password = user_info.get("password")
#Checking if all fields are filled.
if isinstance(username, int):
return jsonify({
"Status": "Fail",
"message": "Please ensure you have input String"
}), 400
#Checking if all fields are filled.
if not (username and email and password):
return jsonify({
"Status":
"Fail",
"message":
"Please ensure you have input all the required fields"
}), 400
#Checking to see if the email is valid
if not validate_email(email):
return jsonify({
"Status": "Fail",
"message": "Please input correct email"
}), 400
#Checking for Special character in the name and email
if not re.match("^[A-Za-z0-9_-]*$", username) or not re.match(
"^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$",
email):
return jsonify({
"Status":
"Fail",
"message":
"Please ensure you have not input special characters"
}), 400
#Checking if email already exists
email_already_exists = db.session.query(
db.exists().where(User.email == email)).scalar()
if email_already_exists:
return jsonify({
"Status":
"Fail",
"message":
"This email has already been used to register"
}), 400
#Checking to make sure no empty strings are sent
if username == "" or email == "" or password == "":
return jsonify({
"Status":
"Fail",
"message":
"Please ensure you have input all your details"
}), 400
hashed_password = generate_password_hash(password, method="sha256")
new_user = User(username=username,
email=email,
password=hashed_password,
user_date_stamp=str(datetime.datetime.now()))
#Saving new user
db.session.add(new_user)
db.session.commit()
return jsonify({
"Status": "Success",
"message": "New user has been created!"
}), 201
def register():
data = request.get_json()
f_name = data['f_name']
s_name = data['s_name']
email = data['email'].lower()
password = data['password']
domain = data['domain'].lower()
if not re.fullmatch(r'[^@]+@[^@]+\.[^@]+', email) or \
len(password) < 8 or \
len(password) > 25 or \
not f_name.isalnum() or \
not s_name.isalnum() or \
not re.search(r'\d+', password) or \
not re.search(r'[A-Z]+', password):
return jsonify(error=True,
message='Invalid Details. Please Try again'), 400
if not domain.isalnum():
return jsonify(
error=True,
message='Your domain can only contain letters and numbers!'), 400
user = User.query.filter_by(domain=domain).first()
if user is None:
users = User.query.all()
if len(users) < 25:
user = User(domain=domain,
email=email,
f_name=f_name,
s_name=s_name,
password=generate_password_hash(password),
account_type=4)
user.add()
user = User.query.filter_by(domain=domain).first()
mailer = MailService(
current_app,
('Fareed From Kreoh', current_app.config['MAIL_USERNAME']),
user.id)
mailer.send_welcome_message()
access_token = create_access_token(
user.id, fresh=True, expires_delta=timedelta(seconds=900))
refresh_token = create_refresh_token(user.id)
access_jti = get_jti(encoded_token=access_token)
refresh_jti = get_jti(encoded_token=refresh_token)
jwt_revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2)
jwt_revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2)
return jsonify(error=False,
access_token=access_token,
refresh_token=refresh_token), 201
else:
return jsonify(
error=True,
message=
"You've just missed out! The early access is currently full!"
), 400
else:
return jsonify(error=True, message="unable to create user"), 400
def callback():
# Get authorization code Google sent back to you
code = request.args.get("code")
# Find out what URL to hit to get tokens that allow you to ask for
# things on behalf of a user
google_provider_cfg = get_google_provider_cfg()
token_endpoint = google_provider_cfg["token_endpoint"]
# Prepare and send request to get tokens! Yay tokens!
token_url, headers, body = client.prepare_token_request(
token_endpoint,
authorization_response=fix_http(request.url),
redirect_url=fix_http(request.base_url),
code=code,
)
token_response = requests.post(
token_url,
headers=headers,
data=body,
auth=(os.environ['GOOGLE_CLIENT_ID'],
os.environ['GOOGLE_CLIENT_SECRET']),
)
# Parse the tokens!
client.parse_request_body_response(json.dumps(token_response.json()))
# Now that we have tokens (yay) let's find and hit URL
# from Google that gives you user's profile information,
# including their Google Profile Image and Email
userinfo_endpoint = google_provider_cfg["userinfo_endpoint"]
uri, headers, body = client.add_token(userinfo_endpoint)
userinfo_response = requests.get(uri, headers=headers, data=body)
# We want to make sure their email is verified.
# The user authenticated with Google, authorized our
# app, and now we've verified their email through Google!
if userinfo_response.json().get("email_verified"):
unique_id = userinfo_response.json()["sub"]
users_email = userinfo_response.json()["email"]
picture = userinfo_response.json()["picture"]
users_name = userinfo_response.json()["given_name"]
else:
return "User email not available or not verified by Google.", 400
# Create a user in our db with the information provided
# by Google
user = User(id=unique_id,
name=users_name,
email=users_email,
profile_pic=picture)
# Doesn't exist? Add to database
if not get_user(unique_id):
create_user(user)
# Begin user session by logging the user in
login_user(user)
session['user'] = user.convert_to_dict()
# Send user back to homepage
try:
return_url = session['url'] or "/"
except KeyError as e:
print(e)
return_url = '/'
return redirect(return_url)
def create(self, validated_data):
user = User()
user.username = validated_data.get('username')
user.password = validated_data.get('password')
user.save()
return user