def create_user():
"""Create a new user."""
# get form info
data = request.json or {}
# check info
error = []
if 'username' not in data:
error.append('username')
if 'password' not in data:
error.append('password')
if 'email' not in data:
error.append('email')
if len(error) > 0:
return jsonify({'message':
'Require {}.'.format(' and '.join(error))}), 400
# check if user existed
if User.filter_by(username=data['username'].strip()).first():
return jsonify({'message': 'Username already exists.'}), 409
# check if email existed
if User.filter_by(email=data['email'].strip()).first():
return jsonify({'message': 'Email has been registered.'}), 409
# create User
user = User(public_id=str(uuid.uuid1()),
username=data['username'].strip(),
email=data['email'].strip())
# password hash
user.set_password(data['password'].strip())
# db commit
user.save()
return jsonify({'message': 'Created a new user.'}), 201
def login():
"""Login."""
# get form info
data = request.json or {}
# check info
error = []
if 'username' not in data:
error.append('username')
if 'password' not in data:
error.append('password')
if len(error) > 0:
return jsonify({'message':
'Require {}.'.format(' and '.join(error))}), 400
# find username
user = User.filter_by(username=data['username'].strip()).first()
if user is None:
return jsonify({'message': 'User does not exist.'}), 404
# verify password
if user.check_password(data['password'].strip()):
response = make_response(jsonify({'message': 'login successful.'}))
# issue token
response.set_cookie('jwt',
user.generate_jwt(),
httponly=True,
max_age=24 * 60**2,
samesite='Lax')
return response, 200
return jsonify({'message': 'Wrong username or password.'}), 401
def delete_user(uuid):
"""Delete user
:uuid: User's public id
:returns: TODO
"""
# get user
user = User.filter_by(public_id=uuid).first()
if not user:
return jsonify({'message': 'User does not exist.'}), 404
# delete user
if 'administrator' in [group.name for group in user.groups]:
return jsonify({'message': 'You cannot delete an admin user.'}), 403
user.delete()
return jsonify({'message': 'User has been deleted.'}), 200
def view_user(uuid):
"""View user information
:uuid: User's public id
:returns: TODO
"""
# find user with uuid
user = User.filter_by(public_id=uuid).first()
if not user:
return jsonify({'message': 'User does not exist.'}), 404
# return user information
return jsonify({
'uuid': user.public_id,
'username': user.username,
'email': user.email,
'nickname': user.nickname,
'groups': [group.name for group in user.groups],
'created_on': user.created_on,
}), 200
