def post(self): claims = get_jwt_claims() if 'admin' not in claims['roles']: return { 'message': 'You dont have persmision to perform this operation' }, 401 data = parser.parse_args() if not data['username'] or not data['password']: return { 'message': 'Imposible to perform operation... missing parameters' }, 400 user = UserModel.find_by_username(data['username']) if not user: return { 'message': 'User {} doesn\'t exists'.format(data['username']) }, 401 user.password = UserModel.generate_hash(data['password']) try: user.save_to_db() return { 'message': 'Password for user {} successfully changed'.format( user.username) } except: return {'message': 'Something went wrong'}, 500
def delete(self, username): current_username = get_jwt_identity() if username == current_username: return { 'message': 'Request user cant ask for deleting himself' }, 403 claims = get_jwt_claims() if 'admin' not in claims['roles']: return { 'message': 'You dont have persmision to perform this operation' }, 401 user_to_delete = UserModel.find_by_username(username) if not user_to_delete: return {'message': 'User {} doesn\'t exists'.format(username)}, 401 try: user_to_delete.delete_me() return {'messages': 'User {} deleted'.format(username)} except: return { 'message': 'Something went wrong width delete process' }, 500
def get(self): current_username = get_jwt_identity() user = UserModel.find_by_username(current_username) ret_user = { 'username': user.username, 'firstName': user.firstName, 'lastName': user.lastName, 'roles': [role.role_name for role in user.roles] } return ret_user
def put(self): current_username = get_jwt_identity() claims = get_jwt_claims() data = parser.parse_args() if not data['username']: return {'message': 'Missing parameters'}, 403 if data['username'] != current_username and 'admin' not in claims[ 'roles']: return { 'message': 'You dont have persmision to perform this operation' }, 401 user_to_edit = UserModel.find_by_username(data['username']) if not user_to_edit: return { 'message': 'User {} doesn\'t exists'.format(data['username']) }, 401 if 'admin' in claims['roles'] and data['username'] != current_username: user_to_edit.roles = [] try: user_to_edit.save_to_db except: return { 'message': 'Something went wrong trying to save roles' }, 500 for role in data['roles']: user_to_edit_role = RoleModel.find_by_role_name(role) if user_to_edit_role: user_to_edit.roles.append(user_to_edit_role) user_to_edit.firstName = data['firstName'] user_to_edit.lastName = data['lastName'] try: user_to_edit.save_to_db() return { 'message': 'User {} was edited'.format(user_to_edit.username) } except: return {'message': 'Something went wrong'}, 500
def post(self): data = parser.parse_args() current_user = UserModel.find_by_username(data['username']) if not current_user: return { 'message': 'User {} doesn\'t exists'.format(data['username']) }, 401 if UserModel.verify_hash(data['password'], current_user.password): access_token = create_access_token(identity=current_user) refresh_token = create_refresh_token(identity=current_user) return { 'message': 'Logged in as {}'.format(current_user.username), 'access_token': access_token, 'refresh_token': refresh_token } else: return {'message': 'Wrong credentials'}, 401
def post(self): data = parser.parse_args() if not data['username'] or not data['password'] or not data[ 'old_password']: return { 'message': 'Imposible to perform operation... missing parameters' }, 400 current_username = get_jwt_identity() if current_username != data['username']: return {'message': 'Not matching username'}, 400 user = UserModel.find_by_username(current_username) if not user: return { 'message': 'User {} doesn\'t exists'.format(current_username) }, 401 if not UserModel.verify_hash(data['old_password'], user.password): return {'message': 'Current password doesn\'t match'}, 403 user.password = UserModel.generate_hash(data['password']) try: user.save_to_db() return { 'message': 'Password for user {} successfully changed'.format( user.username) } except: return {'message': 'Something went wrong'}, 500
def post(self): claims = get_jwt_claims() if 'admin' not in claims['roles']: return { 'message': 'You dont have persmision to perform this operation' }, 401 data = parser.parse_args() if UserModel.find_by_username(data['username']): return { 'message': 'User {} already exists'.format(data['username']) } new_user = UserModel(username=data['username'], password=UserModel.generate_hash( data['password']), firstName=data['firstName'], lastName=data['lastName']) for role in data['roles']: new_user_role = RoleModel.find_by_role_name(role) if new_user_role: new_user.roles.append(new_user_role) try: new_user.save_to_db() # access_token = create_access_token(identity=new_user) # refresh_token = create_refresh_token(identity=new_user) return { 'message': 'User {} was created'.format(new_user.username) # 'access_token': access_token, # 'refresh_token': refresh_token } except: return {'message': 'Something went wrong'}, 500
def post(self): username = get_jwt_identity() user = UserModel.find_by_username(username) access_token = create_access_token(identity=user) return {'access_token': access_token}