def practitioners_login(*args, **kwargs): if request.method == 'POST': data = json.loads(request.data) user = User.by_email(data['email']) if not user or not user.activated: data.pop('password') response = jsonify( request=data, response={'error': 'Invalid Practitioner'}) response.status_code = 404 return response if not verify_password(data['password'], user.password): data.pop('password') response = jsonify( request=data, response={'error': 'Authentication Failed'}) response.status_code = 401 return response else: data.pop('password') response = jsonify( request=data, response={'secret': user.secret}) response.status_code = 200 return response else: response = jsonify( request=request.json, response={'error': 'This request type not supported'}) response.status_code = 400 return response
def decorated_function(*args, **kwargs): ''' authenticate_request validates the use of the provided credentials. It cycles through a tuple of required_headers and checks the presence of each header for validation. It then validates the licensekey and will allow the consumer to use the decorated handler ''' required_headers = ('datetime', 'body_hash', 'key', 'signature') for header in required_headers: if header not in request.headers: response = jsonify(request=request.json, response={'error': 'Required headers missing'}) response.status_code = 403 return response sent_timestamp = request.headers.get('datetime', '') sent_body_hash = request.headers.get('body_hash', '') sent_key = request.headers.get('key', '') sent_signature = request.headers.get('signature', '') user = User.by_email(sent_key) if not user or not user.active or not user.activated: response = jsonify(request=request.json, response={'error': 'Invalid Practitioner'}) response.status_code = 403 return response recreated_signature = hashlib.sha256(unicode(sent_body_hash + sent_timestamp + user.secret)).hexdigest() if not sent_signature == recreated_signature: response = jsonify(request=request.json, response={'error': 'Invalid Practitioner'}) response.status_code = 403 return response return f(*args, **kwargs)
def teardown_method(self, method): os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db' from cagenix import db from cagenix.users.models import User user = User.by_email('*****@*****.**') if user: db.session.delete(user) db.session.commit()
def practitioners_edit(*args, **kwargs): print request.method if request.method == 'PUT': data = json.loads(request.data) user = User.by_id(kwargs.get('user_id')) if not user or not user.activated: response = jsonify( request=request.json, response={'error': 'Invalid Practitioner.'}) response.status_code = 404 return response user.map_data(data) db.session.add(user) db.session.commit() response = jsonify( request=data, response={ 'practitioner_id': user.id, 'active': user.active } ) response.status_code = 200 return response elif request.method == 'DELETE': data = json.loads(request.data) user = User.by_id(int(kwargs.get('user_id'))) requester = User.by_email(request.headers.get('key')) if user == requester: status = 'Success' status_code = 200 db.session.delete(user) db.session.commit() else: status = 'Not Authorized' status_code = 401 response = jsonify( request=data, response={ 'status': status } ) response.status_code = status_code return response else: print request.method response = jsonify( request=request.json, response={'error': 'This request type not supported'}) response.status_code = 400 return response
def decorated_function(*args, **kwargs): ''' authenticate_request validates the use of the provided credentials. It cycles through a tuple of required_headers and checks the presence of each header for validation. It then validates the licensekey and will allow the consumer to use the decorated handler ''' user = User.by_email(request.args.get('email')) if not user or not user.active or not user.activated: response = jsonify(request=None, response={'error': 'Invalid Practitioner'}) response.status_code = 403 return response query_string = urlparse(request.url).query is_valid_sig, message = check_signature(user.secret, query_string) if not is_valid_sig: response = jsonify(request=None, response={'error': 'Invalid Practitioner'}) response.status_code = 403 return response return f(*args, **kwargs)
def practitioners_create(*args, **kwargs): if request.method == 'POST': data = json.loads(request.data) user = User.by_email(data['email']) if not user or user.activated: response = jsonify( request=request.json, response={'error': 'Practitioner or Activiation Code does not exist.'}) response.status_code = 404 return response if not user.activation_code == data['activation_code']: response = jsonify( request=request.json, response={'error': 'Bad activation code.'}) response.status_code = 401 return response else: user.map_data(data) user.password = encrypt_password(data['password']) user.gen_secret() user.activated = True db.session.add(user) db.session.commit() data.pop('password') response = jsonify( request=data, response={'practitioner_id': user.id}) response.status_code = 201 return response else: response = jsonify( request=request.json, response={'error': 'This request type not supported'}) response.status_code = 400 return response