def add_new_user(self, username, password, first_name, last_name):
user = User(user_name=username,
first_name=first_name,
last_name=last_name,
permission=Permission.USER.value)
user.hash_password(password)
user_id = self.db_management.add_new_user(user)
return user_id
def get_user_by_id(input_username):
'''
Returns a User object that corresponds to a row entry in the table, by id
Returns None if no such id exists
'''
query = "SELECT * FROM {} WHERE {} = '{}'".format(
user_DAO.table_name, User.username_tname, input_username)
# Get connection
factory = connection_manager()
connection = factory.connection
cursor = connection.cursor()
try:
cursor.execute(query)
result = cursor.fetchone()
if result is None:
return None
else:
username = result[User.username_tname]
name = result[User.name_tname]
email = result[User.email_tname]
last_sign_in = result[User.last_sign_in_tname]
staff_type = result[User.staff_type_tname]
return User(username=username,
name=name,
email=email,
last_sign_in=last_sign_in,
staff_type=staff_type)
except:
raise
finally:
factory.close_all(cursor=cursor, connection=connection)
def post(self):
email = request.form.get('email')
username = request.form.get('username')
if not username:
username = email.split('@')[0]
password1 = request.form.get('password1')
password2 = request.form.get('password2')
if password1 != password2:
return {'res': False}, 400
code = request.form.get('verify')
if not verify_code(code, email):
return {'res': False}, 400
preferences = eval(request.form.get('cat'))
_password = generate_password_hash(password1)
user = User(username=username,
password=_password,
email=email,
visit_time=time_now())
db.session.add(user)
db.session.commit()
user_pre = [int(re.findall(r'[0-9]+', p)[0]) for p in preferences]
for p in user_pre:
pre = UserPre(user=user.id, pre=p)
db.session.add(pre)
db.session.commit()
session['user'] = username
session['id'] = user.id
init_preference(user)
return jsonify({'res': True})
def get_user(self, username):
user_dict = self.db_management.get_user(username)
user = None
if user_dict is not None:
user = User(user_id=user_dict['_id'].binary.hex(),
user_name=user_dict['user_name'],
password=user_dict['password_hash'],
first_name=user_dict['first_name'],
last_name=user_dict['last_name'],
permission=user_dict['permission'])
return user
def authenticate(username, password):
'''
Returns None or User. Authenticates a username and password combination
User: Successfull authentication
None: Wrong username / password
Kyeword arguments:
username -- str
password -- str
'''
# Get connection
factory = connection_manager()
connection = factory.connection
cursor = connection.cursor()
try:
# Check if username exists
query = "SELECT {} FROM {} WHERE {} = '{}'" \
.format(User.encrypted_password_token_tname, user_DAO.table_name, User.username_tname, username)
cursor.execute(query)
result = cursor.fetchone()
if result is None: return None # No username found
# Get salt, Encrypt given password and authenticate
salt = result[User.encrypted_password_token_tname]
encrypted_password = (salt + password).encode('utf-8')
encrypted_password = hashlib.sha512(encrypted_password).hexdigest()
query = "SELECT * FROM {} WHERE {} = '{}' AND {} = '{}'" \
.format(user_DAO.table_name, User.username_tname, username, User.encrypted_password_tname,
encrypted_password)
cursor.execute(query)
result = cursor.fetchone()
if result is None:
return None # Auth failed
else:
username = result[User.username_tname]
name = result[User.name_tname]
email = result[User.email_tname]
last_sign_in = result[User.last_sign_in_tname]
staff_type = result[User.staff_type_tname]
return User(username=username,
name=name,
email=email,
last_sign_in=last_sign_in,
staff_type=staff_type)
except:
raise
finally:
factory.close_all(cursor=cursor, connection=connection)