async def reset_password(request: web.Request, body) -> web.Response:
token = request.cookies.get('AppCookie')
if not token:
raise web.HTTPForbidden(body=json.dumps(
{'error': 'Access denied for requested resource'}),
content_type='application/json')
user = token_decode(token,
request.app['config']['SECRET_KEY'],
audience='restore_password_coockie')
user_table = get_model_by_name('user')
user_exists = await request.app['pg'].fetchval(
select([exists().where(user_table.c.user_id == user['user_id'])]))
if not user_exists:
raise web.HTTPNotFound(body=json.dumps({'error': 'User not found'}),
content_type='application/json')
user = await request.app['pg'].fetchrow(user_table.update().where(
user_table.c.user_id == user['user_id']).values(**body).returning(
literal_column('*')))
if request.app['config']['AUTO_AUTHENTICATION']:
return await set_authorization_cookie(
user, {'hours': 24}, request.app['config']['SECRET_KEY'])
return web.Response(body=json.dumps({'status': 'ok'}),
content_type='application/json')
async def patch_user(request: web.Request, body) -> web.Response:
user_id = id_validator(request.match_info['user_id'], 'user')
user_table = get_model_by_name('user')
user_exists = await request.app['pg'].fetchval(
select([exists().where(user_table.c.user_id == user_id)]))
if not user_exists:
raise web.HTTPNotFound(body=json.dumps(
{'error': f'User with id={user_id} not found'}),
content_type='application/json')
if request.auth_user['user_id'] != user_id:
raise web.HTTPForbidden(body=json.dumps(
{'error': 'Access denied for requested resource'}),
content_type='application/json')
if not body:
return web.Response(status=200,
content_type='application/json',
body=json.dumps({}))
user = await request.app['pg'].fetchrow(user_table.update().where(
user_table.c.user_id == user_id).values(**body).returning(
literal_column('*')))
result = row_to_dict(user_table, user)
return web.Response(status=200,
content_type='application/json',
body=json.dumps(result))
async def get_all_users(request: web.Request) -> web.Response:
user_table = get_model_by_name('user')
users = await request.app['pg'].fetch(user_table.select())
result = [row_to_dict(user_table, user) for user in users]
return web.Response(status=200,
content_type='application/json',
body=json.dumps(result))
async def forgot_password(request: web.Request, body) -> web.Response:
# check is user exist
user_table = get_model_by_name('user')
user = await request.app['pg'].fetchrow(
user_table.select().where(user_table.c.login == body['login']))
if not user:
raise web.HTTPNotFound(content_type='application/json',
body=json.dumps({'error': 'User not found'}))
# generate token
expiration_time = datetime.utcnow() + timedelta(hours=24)
token = jwt.encode(payload={
'login': user['login'],
'user_id': user['user_id'],
'exp': expiration_time,
'aud': 'restore_password_url'
},
key=request.app['config']['SECRET_KEY']).decode('utf-8')
# generate url
url = '{scheme}://{host}/api/v1/restorepassword/{token}'.format(
scheme=request.scheme,
host=request.app['config']['HOST'] or request.host,
token=token)
data = {
'email_type': 'restore_password',
'to_name': user['login'],
'to_addr': user['email'],
'linc': url,
'subject': 'Restore Password'
}
'''
email = Email(request)
email_resp = await email.send(request.scheme, request.app['config']['EMAIL_SERVICE_HOST'], data={'email_type': 'restore_password',
'to_name': user['login'],
'to_addr': user['email'],
'linc': url,
'subject': 'Restore Password'})
if not email_resp['success']:
raise web.HTTPUnprocessableEntity(content_type='application/json', body=json.dumps({'email_service_error': email_resp['error']}))
'''
# await request.app.rmq.produce(data, request.app['config']['RMQ_PRODUCER_QUEUE'])
await request.app['redis'].rpush('email', json.dumps(data))
return web.Response(status=200,
content_type='application/json',
body=json.dumps({'status': 'ok'}))
async def get_user(request: web.Request) -> web.Response:
user_id = id_validator(request.match_info['user_id'], 'user')
user_table = get_model_by_name('user')
user_exists = await request.app['pg'].fetchval(
select([exists().where(user_table.c.user_id == user_id)]))
if not user_exists:
raise web.HTTPNotFound(body=json.dumps(
{'error': f'User with id={user_id} not found'}),
content_type='application/json')
user = await request.app['pg'].fetchrow(
user_table.select().where(user_table.c.user_id == user_id))
return web.Response(status=200,
content_type='application/json',
body=json.dumps(row_to_dict(user_table, user)))
async def login(request: web.Request, body) -> web.Response:
user_table = get_model_by_name('user')
user = await request.app['pg'].fetchrow(
user_table.select().where(user_table.c.login == body['login']))
if not user:
raise web.HTTPUnauthorized(body=json.dumps(
{'error': 'Invalid username / password combination'}),
content_type='application/json')
if body['password'] == user['password']:
return await set_authorization_cookie_redis(user, {'hours': 24},
request.app['redis'])
raise web.HTTPUnauthorized(body=json.dumps(
{'error': 'Invalid username / password combination'}),
content_type='application/json')
async def create_user(request: web.Request, body) -> web.Response:
user_table = get_model_by_name('user')
login = body['login']
exist = await request.app['pg'].fetchval(
select([exists().where(user_table.c.login == login)]))
if exist:
return web.HTTPConflict(body=json.dumps(
{'error': f'User with login "{login}" already exist'}),
content_type='application/json')
data = await request.app['pg'].fetchrow(
user_table.insert().values(**body).returning(literal_column('*')))
body['user_id'] = data['user_id']
del body['password']
return web.Response(status=201,
content_type='application/json',
body=json.dumps(body))