def auth_login(email: str, password: str) -> dict: """ Given a registered users' email and password and generates a valid token for the user to remain authenticated :param email: the user's email :param password: the user's password :return: dictionary with keys "u_id" and "token" """ # check if email invalid if not check(email): raise InputError(description='error occurred: Email entered is not a valid email') # get user details from database db_connect = DbConnector() db_connect.cursor() sql = "SELECT u_id, password FROM project.user_data WHERE email = (%s)" value = (email,) db_connect.execute(sql, value) ret = db_connect.fetchone() # check if email do not belong to any user if ret is None: raise InputError(description='error occurred: Email entered does not belong to a user') user_uid = ret[0] user_pwd = ret[1] # password if correct hash_password = hashlib.sha256(password.encode()).hexdigest() # if user_pwd != password: if user_pwd != hash_password: raise InputError(description='error occurred: Password is not correct') # generate token token_operation = TokenJwt() user_token = token_operation.encode_token({'u_id': user_uid}) # if not login before, store the token # add token sql = "UPDATE project.user_data set token=(%s) where email=(%s)" value = (user_token, email) db_connect.execute(sql, value) # close database connection db_connect.close() return { 'u_id': user_uid, 'token': user_token }
def check_valid(token): db_connect = DbConnector() db_connect.cursor() sql = "SELECT token FROM project.user_data WHERE token=(%s)" value = (token, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is None: db_connect.close() return False else: db_connect.close() return True
def standup_start(token, channel_id, length): token_operation = TokenJwt() # check if the token is valid if check_valid(token) is False: raise AccessError(description='error occurred: token is not valid') # check channel_id is not valid db_connect = DbConnector() db_connect.cursor() sql = "SELECT channel_id FROM project.channel_data WHERE channel_id=(%s)" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is None: raise InputError( description='error occured: Channel ID is not a valid channel') curr_time = int(time.time()) exist_active = standup_active(token, channel_id)["is_active"] if exist_active is True: raise InputError(description='error occurred:\ An active standup is currently running in this channel' ) finish_time = curr_time + length # get id from token u_id = token_operation.get_uid(token) sql = "INSERT INTO project.active_data (standup_uid, channel_id, time_finish) VALUES (%s,%s,%s)" value = (u_id, channel_id, int(finish_time)) db_connect.execute(sql, value) # time_dict = { # 'standup_uid': u_id, # 'channel_id': channel_id, # 'time_finish': int(finish_time), # 'message': "" # } # ACTIVE_DATA.append(time_dict) time1 = threading.Timer(length, send_standup_message, [channel_id]) time1.start() return {'time_finish': int(finish_time)}
def auth_passwordreset_reset(reset_code: str, new_password: str) -> dict: ''' Given a reset code for a user, set that user's new password to the password provided. :param reset_code: generated random code sent to user :param new_password: user's new password to be reset :return: ''' # check if new password is valid if len(new_password) < 6: raise InputError( description='error occurred: Password entered is less ' 'than 6 characters long') # check if reset code match db_connect = DbConnector() db_connect.cursor() sql = "SELECT u_id FROM project.user_data WHERE reset_code=(%s)" value = (reset_code, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is None: raise InputError( description='error occurred: Reset code entered does not match') # use for sql query u_id = ret[0] # UPDATE new password and remove the reset code from database password = hashlib.sha256(new_password.encode()).hexdigest() sql = "UPDATE project.user_data set password=(%s), reset_code = (%s) WHERE u_id=(%s)" value = (password, None, u_id) db_connect.execute(sql, value) # close database connection db_connect.close() return {}
def user_profile_setemail(token, email): # check if the token is valid if check_valid(token) is False: raise AccessError(description='error occurred: token is not valid') exist_change = False regex = r'^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,3}$' if re.search(regex, email): # check Email entered is valid exist_change = True if exist_change is False: raise InputError( description='error occurred: email entered is not valid') # check email address is independent db_connect = DbConnector() db_connect.cursor() sql = "SELECT email FROM project.user_data WHERE email=(%s);" value = (email, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is not None: raise InputError( description='error occurred: email is already used by another user' ) # get user's u_id from token token_operation = TokenJwt() u_id = token_operation.get_uid(token) sql = "UPDATE project.user_data SET email=(%s) WHERE u_id=(%s)" value = (email, u_id) db_connect.execute(sql, value) db_connect.close() return {}
def user_profile(token, u_id): # check if the token is valid if check_valid(token) is False: raise AccessError(description='error occurred: token is not valid') db_connect = DbConnector() db_connect.cursor() sql = "SELECT email, name_first, name_last, handle, \ profile_img_url FROM project.user_data WHERE u_id=(%s);" value = (u_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() # check uid is valid if ret is None: raise InputError( description='error occurred: User with u_id is not a valid user') user_dict = {} # for return email = ret[0] name_first = ret[1] name_last = ret[2] handle_str = ret[3] profile_img_url = ret[4] user_dict['u_id'] = u_id user_dict['email'] = email user_dict['name_first'] = name_first user_dict['name_last'] = name_last user_dict['handle_str'] = handle_str user_dict['profile_img_url'] = profile_img_url # close database connection db_connect.close() return {'user': user_dict}
def standup_send(token, channel_id, message): token_operation = TokenJwt() # check if the token is valid if check_valid(token) is False: raise AccessError(description='error occurred: token is not valid') # check channel id is valid db_connect = DbConnector() db_connect.cursor() sql = "SELECT member FROM project.channel_data WHERE channel_id=(%s);" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is None: raise InputError(description='error occurred: channel is not valid') # get member list member_list = ret[0] # check if the message longer than 1000 if len(message) > 1000: raise InputError(description='Message is more than 1000 characters') exist_active = standup_active(token, channel_id)["is_active"] if not exist_active: raise InputError( description='error occurred: no standup is running in this channel' ) u_id = token_operation.get_uid(token) # check user is valid if u_id not in member_list: raise AccessError( description='error occurred: user is not a member of this channel') # get handle sql = "SELECT handle FROM project.user_data WHERE u_id=(%s)" value = (u_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() handle = ret[0] # get msg from active buffer sql = "SELECT message FROM project.active_data WHERE channel_id=(%s)" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret[0] is not None: message_stand = ret[0] message_stand += "\n" + handle + ": " + message else: message_stand = handle + ": " + message # add to active data sql = "UPDATE project.active_data SET message=(%s) WHERE channel_id=(%s);" value = (message_stand, channel_id) db_connect.execute(sql, value) # close database connection db_connect.close() return {}
def auth_register(email: str, password: str, name_first: str, name_last: str) -> dict: """ Given a user's first and last name, email address, and password, create a new account for them and return a new token for authentication in their session. :param email: user's email :param password: user's password :param name_first: user's first name :param name_last: user's last name :return: dictionary with keys "u_id" and "token" """ # check if email invalid if not check(email): raise InputError(description='error occurred: Email entered is not a valid email') # check if email has already been used db_connect = DbConnector() db_connect.cursor() # connect to database and get cursor sql = "SELECT email from project.user_data WHERE email = %s" value = (email,) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is not None: raise InputError(description='error occurred: Email address is already ' 'being used by another user') # check the length of password if len(password) < 6: raise InputError(description='error occurred: Password entered is less ' 'than 6 characters long') if len(name_first) not in range(1, 51): raise InputError(description='error occurred: first name is not ' 'between 1 and 50 characters inclusively in length') if len(name_last) not in range(1, 51): raise InputError(description='error occurred: last name is not ' 'between 1 and 50 characters inclusively in length') # generate u_id for the new user sql = "INSERT INTO project.user_data (email) VALUES (%s)" value = (email,) db_connect.execute(sql, value) sql = "SELECT u_id FROM project.user_data WHERE email=(%s)" value = (email,) db_connect.execute(sql,value) ret = db_connect.fetchone() user_uid = ret[0] # sql = "SELECT COUNT(*) FROM project.user_data" # db_connect.execute(sql) # ret = db_connect.fetchone() # user_uid = ret[0] + 1 # print(user_uid) # generate a handle for the new user # which contains the first letter of the name_first by default # cut off the part where exceeds 20 handle = (name_first[0] + name_last).lower() if len(handle) > 20: handle = handle[0:20] # check if it is unique otherwise sql = "SELECT handle from project.user_data WHERE handle=%s" value = (handle,) db_connect.execute(sql, value) ret = db_connect.fetchone() # if it exceeds 20, cutoff the extra part from the original handle and remain user_uid # add user_uid at the end of the handle if ret is not None: if len(handle + str(user_uid)) > 20: handle = handle[0:(20 - len(str(user_uid)))] + str(user_uid) else: handle = handle + str(user_uid) # generate the token token_operation = TokenJwt() token = token_operation.encode_token({'u_id': user_uid}) # hashing the password hash_password = hashlib.sha256(password.encode()).hexdigest() # add user in database sql = ''' UPDATE project.user_data set password=(%s), name_first=(%s), name_last=(%s), token=(%s), handle=(%s) WHERE email=(%s) ''' value = (hash_password, name_first, name_last, token, handle, email) db_connect.execute(sql, value) if user_uid == 1: sql = "INSERT INTO project.flockr_data (owner) VALUES ('{%s}')" value = [user_uid] db_connect.execute(sql, value) db_connect.close() return { 'u_id': user_uid, 'token': token }
def channel_invite(token: str, channel_id: int, u_id: int) -> dict: """ Invites a user (with user id u_id) to join a channel with ID channel_id. Once invited the user is added to the channel immediately :param token: token of user who try to invite user :param channel_id: the id of channel which the user will be invited in :param u_id: uid of user who has been invited to join the channel :return: if it can successfully invite somebody to this channel, it will return an empty dictionary """ token_operation = TokenJwt() # check if the token is valid if check_valid(token) is False: raise AccessError(description='error occurred: token is not valid') # check if channel id is valid db_connect = DbConnector() db_connect.cursor() sql = "SELECT channel_id FROM project.channel_data WHERE channel_id = (%s)" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is None: raise InputError( description= 'error occurred: channel_id does not refer to a valid channel') # check if uid is valid sql = "SELECT u_id FROM project.user_data WHERE u_id = (%s)" value = (u_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() if ret is None: raise InputError( description='error occurred: u_id does not refer to a valid user') # check if the authorised user( is a member of the channel) authorised_uid = token_operation.get_uid(token) sql = "SELECT member, owner FROM project.channel_data WHERE channel_id =(%s)" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() member_list = ret[0] owner_list = ret[1] if authorised_uid not in member_list: raise AccessError(description='error occurred: the authorised user ' 'is not a member of the channel') # get flockr owner list sql = "SELECT owner FROM project.flockr_data;" db_connect.execute(sql) ret = db_connect.fetchone() flockr_list = ret[0] # if no error, add the user to the channel if u_id not in member_list: sql = "UPDATE project.channel_data SET member=(%s), owner=(%s) WHERE channel_id=(%s);" # if invite flockr, flockr will be owner if u_id in flockr_list: member_list.append(u_id) owner_list.append(u_id) value = (member_list, owner_list, channel_id) else: member_list.append(u_id) value = (member_list, owner_list, channel_id) db_connect.execute(sql, value) db_connect.close() return {}
def channel_messages(token: str, channel_id: int, start: int): """ Given a Channel with ID channel_id that the authorised user is part of, return up to 50 messages between index "start" and "start + 50" :param token: the authorised user's token :param channel_id: the channel ID :param start: the start number :return: dictionary of messages as required """ token_operation = TokenJwt() # check if the token is valid if check_valid(token) is False: raise AccessError(description='error occurred: token is not valid') # start = int(start) # channel_id = int(channel_id) db_connect = DbConnector() db_connect.cursor() sql = "SELECT member FROM project.channel_data WHERE channel_id=(%s)" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() # check channel_id is valid if ret is None: raise InputError(description='error occurred: channel id is not valid') member_list = ret[0] # get user's u_id from token u_id = token_operation.get_uid(token) # check u_id is a member for the channel if u_id not in member_list: raise AccessError( description='Authorised user is not a member of channel') # check start valid sql = "SELECT COUNT(*) FROM project.message_data WHERE channel_id=(%s)" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchone() total_message = ret[0] # start is greater than the total number of messages if start > total_message: raise InputError(description='error occurred: start is greater than ' 'the total number of messages') # determine end retuen_end = -1 if total_message > start + 50: end = start + 50 retuen_end = end else: end = total_message # store all the required messages msg = [] sql = "SELECT * FROM project.message_data WHERE channel_id=(%s) ORDER BY time_created DESC" value = (channel_id, ) db_connect.execute(sql, value) ret = db_connect.fetchall() for detail in ret: react_uid = detail[6] if u_id in react_uid: react_cond = True else: react_cond = False msg.append({ 'message_id': detail[0], 'channel_id': detail[1], 'time_created': detail[3], 'u_id': detail[4], 'message': detail[2], 'is_pinned': detail[5], 'reacts': [{ 'is_this_user_reacted': react_cond, 'react_id': 1, 'u_ids': react_uid }] }) # close database connection db_connect.close() return {'messages': msg, 'start': start, 'end': retuen_end}