コード例 #1
0
    def get(self):
        # Get token as params from the url
        token = request.args.get('emailtoken')
        # Decode the token by calling the decode_email_token method
        email = User.decode_email_token(token)
        # search through the database to find email
        user = User.query.filter_by(email=email).first()

        # If user is not yet confirm then confirm User
        if user.confirmed == False:
            try:
                user.confirmed = True
                user.confirmed_on_date = datetime.now()
                user.save()
                response = jsonify({
                    'message': 'Your have confirmed your accounts. Thanks!'
                })
                response.status_code = 200
                return response
            except Exception as e:
                # An error occured, therefore return a string message containing the error
                response = jsonify({
                    'message': str(e),
                })
                response.status_code = 500
                return response

        # If user is already confirmed return a message to the user
        else:
            response = jsonify({
                'message': 'This Account has already been confirmed.'
            })
            response.status_code = 409
            return response
コード例 #2
0
    def post(self):
        # Get all required variables from the user
        password_token = request.args.get('resettoken')
        password = request.form.get('password')
        confirm_password = request.form.get('confirm_password')

        # Validates User input
        if password == None or password == '':
            response = jsonify({'message': "This field is required."})
            response.status_code = 400
            return response
        if confirm_password == None or confirm_password == '':
            response = jsonify({'message': "This field is required."})
            response.status_code = 400
            return response

        if password != confirm_password:
            response = jsonify({
                'message':
                'Oops! Sorry. The passwords you inputted are not the same.'
            })
            response.status_code = 400
            return response
        if password_token == None or password_token == '':
            response = jsonify(
                {'message': 'You are not authorise to view this page.'})
            response.status_code = 403
            return response
        # Decode the token that is passed in the password reset link
        password_token_decode = User.decode_email_token(password_token)

        # Find user with the email in the database
        user = User.query.filter_by(email=password_token_decode).first()

        # Hash the new password gotten from user
        hash_password = user.generate_password_hash(password)

        # Check if the hash password is the same with password provided
        check_password_validity = user.check_password_validation(
            hash_password.decode(), password)

        if user and check_password_validity:
            # If all conditions are met update the user details with the new password
            user.password = hash_password.decode()
            user.save()
            # respond with a success message
            response = jsonify({
                'message':
                'Password successfully updated, you can now login with your new password.'
            })
            response.status_code = 200
            return response
        else:
            # else return an error message
            response = jsonify({'message': 'Invalid Token.'})
            response.status_code = 500
            return response
コード例 #3
0
    def test_email_already_confirmed(self):
        """Test for email already confirmed by user"""
        email_token = User.generate_email_token(self,
                                                email='*****@*****.**')

        email_res = self.client().get(
            '/api/auth/email-confirmation/?emailtoken=' + email_token.decode())

        # Get the results returned in json format
        result = json.loads(email_res.data.decode())
        # assert that this response must contain an error message
        # and an error status code 409(Conflit)
        self.assertEqual(result['message'],
                         "This Account has already been confirmed.")
        self.assertEqual(email_res.status_code, 409)
コード例 #4
0
    def setUp(self):
        """Set up test variables."""
        self.app = create_app(config_name="testing")
        # initialize the test client
        self.client = self.app.test_client
        # This is the user test json data with a predefined email and password
        self.user_data = {
            "email": "*****@*****.**",
            "password": "******",
            "username": "******",
            "phone_number": "09067582433",
            "confirm_password": "******"
        }
        # This is the user test json data with a predefined email, password and confirmed = True
        self.confirmed_user_data = {
            "email": "*****@*****.**",
            "password": "******",
            "username": "******",
            "phone_number": "09067582777",
            "confirm_password": "******"
        }

        with self.app.app_context():
            # Create all tables
            db.session.close()
            db.drop_all()
            db.create_all()
            user_1 = User(email="*****@*****.**",
                          password="******",
                          username="******",
                          phone_number="09067582999",
                          confirmed=False,
                          firstname='',
                          lastname='')
            user_2 = User(email="*****@*****.**",
                          password="******",
                          username="******",
                          phone_number="09067582777",
                          confirmed=True,
                          firstname='',
                          lastname='')

            user_1.save()
            user_2.save()
コード例 #5
0
    def post(self):
        """Handle POST request URL -----> /api/auth/login"""
        try:
            # Get the user object using the email (unique to every user)
            email = request.form.get('email').lstrip()
            password = request.form.get('password')

            if email == '' or password == '':
                response = jsonify({'message': 'This field is required.'})
                response.status_code = 400
                return response

            if validate_email(email) == False:
                response = jsonify({'message': 'Invalid Email Inputed'})
                response.status_code = 400
                return response

            # Try to authenticate the found user using their password
            password_hash = User.generate_password_hash(self, password)

            user = User.query.filter_by(email=email).first()

            # The condition below checks if user exists and if the password validation returns True
            if user and user.check_password_validation(user.password,
                                                       password):
                # Generate the access token. This will be used as the authorisation header
                access_token = user.generate_token(user.id)
                if access_token:
                    response = jsonify({
                        'message': 'Welcome! You are now logged in.',
                        'access_token': access_token.decode(),
                        'email_validation': user.confirmed
                    })
                    response.status_code = 200
                    return response
            else:
                # User does not exist. Therefore, return an error message to the user
                response = jsonify(
                    {'message': 'Invalid credentials, Please try again.'})
                response.status_code = 401
                return response
        except Exception as e:
            # Create a response containing a string error message
            response = jsonify({'message': str(e)})
            response.status_code = 500
            return response
コード例 #6
0
    def test_for_resend_email_confirm_link(self):
        """Test for resend email confirmation mail when user request for it"""
        self.user_data['email'] = '*****@*****.**'
        res = self.client().post('/api/auth/reverify-email',
                                 data=self.user_data)
        email_token = User.generate_email_token(self, email=self.user_data)

        # Get the results returned in json format
        result = json.loads(res.data.decode())

        # assert that this response must contain an response
        # and a status code 200(Success)
        self.assertEqual(
            result['message'],
            'An email confirmation link has been sent to this email: %s' %
            ("*****@*****.**"))
        self.assertEqual(res.status_code, 200)
コード例 #7
0
    def test_email_confirmation_route_valid_token(self):
        """Test for email confirmation mail been sent"""
        self.email_user_data = {
            "email": "*****@*****.**",
            "password": "******",
            "username": "******",
            "phone_number": "09067582555",
            "confirm_password": "******"
        }
        res = self.client().post('/api/auth/signup', data=self.email_user_data)

        email_token = User.generate_email_token(self, email='*****@*****.**')

        email_res = self.client().get(
            '/api/auth/email-confirmation/?emailtoken=' + email_token.decode())

        # Get the results returned in json format
        result = json.loads(email_res.data.decode())

        # assert that this response must contain an error message
        # and an error status code 200(Successful)
        self.assertEqual(result['message'],
                         "Your have confirmed your accounts. Thanks!")
        self.assertEqual(email_res.status_code, 200)
コード例 #8
0
    def post(self):
        email_input = request.form.get('email').lstrip()
        email = email_input.lower()

        # Remove whitespaces from left and right
        username_input = request.form.get('username').lstrip()
        username = username_input.lower()

        password = request.form.get('password')
        confirm_password = request.form.get('confirm_password')

        phone_number = request.form.get('phone_number').lstrip()
        firstname = request.form.get('firstname')
        lastname = request.form.get('lastname')
        confirmed = False

        # validate email as a valid email address without using regex
        is_valid = validate_email(email)

        # validate user inputs
        if email == '' or password == '' or phone_number == '' or username == '':
            response = jsonify({'message': 'This field is required.'})
            response.status_code = 400
            return response
        if len(password) < 6:
            response = jsonify(
                {'message': 'Password should be greater than 6 characters'})
            response.status_code = 400
            return response
        if password != confirm_password:
            response = jsonify({
                'message':
                'Oops! Sorry. The passwords you inputted are not the same.'
            })
            response.status_code = 400
            return response

        # This validate if what is inputed are all numbers
        if phone_number.isnumeric() == False:
            response = jsonify(
                {'message': 'Phone numbers must all contain numbers'})
            response.status_code = 400
            return response
        if len(phone_number) < 8:
            response = jsonify({
                'message':
                'Phone number should be greater than 8 characters'
            })
            response.status_code = 400
            return response
        if len(username) < 2:
            response = jsonify(
                {'message': 'Username should be greater than 2 characters'})
            response.status_code = 400
            return response
        if is_valid == False:
            response = jsonify({'message': 'Invalid Email Inputed'})
            response.status_code = 400
            return response
        else:

            password_hash = User.generate_password_hash(self, password)

            # Find user email in the database
            user = User.query.filter_by(email=email,
                                        phone_number=phone_number).first()

            # If User is not found do this
            if user == None:
                try:
                    # Register the user
                    email = email
                    password = password_hash
                    phone_number = phone_number
                    firstname = firstname
                    lastname = lastname
                    confirmed = confirmed
                    user = User(email=email,
                                password=password,
                                phone_number=phone_number,
                                firstname=firstname,
                                lastname=lastname,
                                username=username,
                                confirmed=confirmed)
                    user.save()

                    # Generate Authentication token for the user using the user_id
                    access_token = user.generate_token(user.id)

                    auth_user_email = user.generate_email_token(user.email)

                    confirm_url = 'http://%s/api/auth/email-confirmation/?emailtoken=%s' % (
                        os.getenv('HOST_URL'), auth_user_email.decode())

                    html = email_template(confirm_url)

                    subject = "Please confirm your mail"

                    send_email(user.email, subject, html)

                    response = jsonify({
                        'email':
                        user.email,
                        'password':
                        user.password,
                        'username':
                        user.username,
                        'access_token':
                        access_token.decode(),
                        'email_validation':
                        user.confirmed,
                        'message':
                        'Registration Successful. An email has been sent to this email: '
                        + user.email +
                        '. Please confirm your email to proceed.'
                    })

                    # return a response notifying the user that they registered
                    response.status_code = 201
                    return response

                except Exception as e:
                    # An error occured, therefore return a string message containing the error
                    response = jsonify({
                        'message': str(e),
                    })
                    response.status_code = 409
                    return response
            else:
                # There is an existing user. We don't want to register users twice
                # Return a message to the user telling them that the email, username or phone number is been used by another user
                response = jsonify({
                    'message':
                    'Email or phone number is already been used by an existing user. Please try again.'
                })

                response.status_code = 409
                return response