def register(): """Register Form""" logger.info(str(request)) try: username = request.form['username'] password = hashlib.md5(request.form['password'].encode()).hexdigest() email = request.form['email'] if not check_mail(email): return jsonify(result='Registration failed: Not valid email'), 400 data = User.query.filter_by(username=username).first() if data and data.deleted: data.password = hashlib.md5(password.encode()).hexdigest() data.email = email data.deleted = False new_action = Registry(username=username, action='Re-Register') else: new_user = User(username=username, password=password, email=email) new_action = Registry(username=username, action='Register') db.session.add(new_user) db.session.add(new_action) db.session.commit() admin_confirmation(username, email) return jsonify(result='User registered. Keep an eye with your email for knowing when your account is activated') except Exception as e: if str(type(e)).find('IntegrityError') > 0: e = 'User already exists' return jsonify(result=('Registration failed: ' + str(e))), 400
def validate_token(token, request): try: if not token: return 'Login or set a Token access is required' metadata = ast.literal_eval(jwt.JWT(key=key, jwt=token).claims) now = datetime.now() if metadata.get('timeout') >= datetime.timestamp(now): data = User.query.filter_by(username=metadata.get('username'), password=metadata.get('password')).first() else: return 'Token expired' if data is not None: if not isinstance(request, str) and request.data: new_action = Registry(username=metadata.get('username'), action=str(request.method + ' ' + request.path), data=str(request.get_json())) else: new_action = Registry(username=metadata.get('username'), action=str(request.method + ' ' + request.path)) db.session.add(new_action) db.session.commit() pass else: raise Exception() except: return 'No valid Token given'
def validate_user_manually(data): logger.info(str(request)) logger.info("Validating user") try: admin_auth(validate_user) user = data action = "create" email = User.query.filter_by(username=user).first().email logger.info( "The user {}, with mail {} is going to be validated".format( str(data), email)) data = User.query.filter_by(username=user).first() data.active = True data.deleted = False new_action = Registry(username=data.username, action='Activated') db.session.add(new_action) db.session.commit() logger.info("The user {}, with mail {} is validated".format( str(data), email)) notify_user(email, action) logger.info("A notification email is send to {}".format(email)) return jsonify(result='Changes applied') except Exception as e: return jsonify(result=('Validation process interrupted: ' + str(e))), 400
def validate_user(data): logger.info(str(request)) try: metadata = ast.literal_eval(jwt.JWT(key=key, jwt=data).claims) user = metadata['username'] action = metadata['action'] email = User.query.filter_by(username=user).first().email if action == 'delete': Registry.query.filter_by(username=user).delete() User.query.filter_by(username=user).delete() else: data = User.query.filter_by(username=user).first() data.active = True data.deleted = False new_action = Registry(username=data.username, action='Activated') db.session.add(new_action) db.session.commit() notify_user(email, action) return jsonify(result='Changes applied') except Exception as e: return jsonify(result=('Validation process interrupted: ' + str(e))), 400
def change_password(): """change_Password Form""" logger.info(str(request)) try: data = None if request.authorization: name = request.authorization.username passw = hashlib.md5( request.authorization.password.encode()).hexdigest() new_password = hashlib.md5( request.form['password'].encode()).hexdigest() data = User.query.filter_by(username=name, password=passw).first() if data is not None and data.active: data.password = new_password new_action = Registry(username=request.authorization.username, action='ChangePassword') db.session.add(new_action) db.session.commit() return jsonify(result='New password for ' + name) else: return jsonify( result='No user registered/active with that user/password' ), 400 except Exception as e: return jsonify(result=('Change password failed: ' + str(e))), 400
def recover_password(): """change_Password Form""" logger.info(str(request)) email = request.form['email'] if not check_mail(email): return jsonify(result='Not valid email'), 400 new_password = randomPassword() try: data = User.query.filter_by(email=email).first() if data is not None and data.active: with app.app_context(): data.password = hashlib.md5(new_password.encode()).hexdigest() new_action = Registry(username=data.username, action='recoverPassword') db.session.add(new_action) db.session.commit() msg = Message(subject='Password changed', sender=app.config.get('MAIL_USERNAME'), recipients=[email], # replace with your email for testing html=render_template('recover.html', user=data.username, password=new_password)) mail.send(msg) return jsonify(result='New password for ' + email + ' Look your email for getting it.') else: return jsonify(result='No user registered/active with that user/password'), 400 except Exception as e: return jsonify(result=('Change password failed: ' + str(e))), 400
def logic(token): try: session['token'] = token new_action = Registry(username=request.authorization.username, action='LogIn') db.session.add(new_action) db.session.commit() return jsonify(result='Logged') except Exception as e: return jsonify(result=('Login fails: ' + str(e))), 401
def logic(token): try: new_action = Registry(username=request.authorization.username, action='GetToken') db.session.add(new_action) db.session.commit() return jsonify(result=token), 200 except Exception as e: return jsonify(result=('Login fails: ' + str(e))), 400
def delete_account(): """change_Password Form""" logger.info(str(request)) try: data = None if request.authorization: name = request.authorization.username passw = hashlib.md5(request.authorization.password.encode()).hexdigest() data = User.query.filter_by(username=name, password=passw).first() if data is not None and data.active and not data.deleted and data.username != 'Admin': data.active = False data.deleted = True new_action = Registry(username=request.authorization.username, action='account_deleted') db.session.add(new_action) db.session.commit() return jsonify(result=name + ' deleted') else: return jsonify(result='No user registered/active with that user/password'), 400 except Exception as e: return jsonify(result=('Delete account failed: ' + str(e))), 400
def validate_user_manually(data): logger.info(str(request)) try: admin_auth(validate_user) user = data action = "create" email = User.query.filter_by(username=user).first().email data = User.query.filter_by(username=user).first() data.active = True data.deleted = False new_action = Registry(username=data.username, action='Activated') db.session.add(new_action) db.session.commit() notify_user(email, action) return jsonify(result='Changes applied') except Exception as e: return jsonify(result=('Validation process interrupted: ' + str(e))), 400