def update_user(): user_uuid = request.form.get("uuid", None) name = str(request.form.get("name", None)) user_hash = Encryption.encrypt_password( str(request.form.get("password", None))) email = str(request.form.get("email", None)) birthdate = str(request.form.get("birthdate", None)) if not data_validation.validate_uuid(user_uuid): return return_json(success=False, error="Invalid user UUID") if user_db.get_user(uuid=user_uuid)[0] is False: return return_json(success=False, error="User not found") if not data_validation.validate_email(email): return return_json(success=False, error="Invalid email") if not data_validation.validate_birthdate(birthdate)[0]: return return_json( success=False, error=data_validation.validate_birthdate(birthdate)[1]) c_user = user_db.get_user(uuid=user_uuid)[1] c_user.name = name c_user.user_hash = user_hash if c_user.email != email: c_user.email = email c_user.is_verified = False c_user.birthdate = birthdate user_db.update_user(c_user) return return_json( success=True, data={"message": "User {0} updated".format(c_user.uuid)})
def register_user(): name = str(request.form.get("name", None)) user_hash = Encryption.encrypt_password( str(request.form.get("password", None))) email = str(request.form.get("email", None)) birthdate = str(request.form.get("birthdate", None)).replace( "-", "/") # IOS uses '-' instead of '/' if name is None or email is None or name is None: return return_json(success=False, error="Fields empty") if not data_validation.validate_email(email): return return_json(success=False, error="Invalid email") if not data_validation.validate_birthdate(birthdate)[0]: return return_json(success=False, error="Invalid birthdate:" + data_validation.validate_birthdate(birthdate)[1]) res = user_db.insert_user(name, user_hash, email, birthdate) if not res[0]: return return_json(success=False, error="User already exists") user_uuid = res[1] expenses_db.create_expenses(user_uuid) schedule_db.create_schedule(user_uuid) hygiene_db.create_hygiene(user_uuid) token = token_generator.generate_confirm_token(email) send_confirmation_mail(name, email, token) return return_json(success=True)
class UserAuthentication: def __init__(self, database): self.database = database self.encryption = Encryption() def identify_user(self, operation, username, password): """Chooses whether login of register operation will be performed with username and password. """ if operation == 'login': return self.login_user(username, password) elif operation == 'register': return self.register_user(username, password) def register_user(self, username, password): """Checks if there is no user in database with username, then encrypts password and adds entry to the database. :return register status modified with self.auth_output """ if self.database.check_user(username): return self.auth_output(False, f'"{username}" is already taken') else: self.database.add_user(username, self.encryption.encrypt_password(password)) return self.auth_output(True, f'"{username}" is now registered') def login_user(self, username, password): """Checks if user with username in database, compares password with the encrypted one from database entry. :return login status modified with self.auth_output """ if self.database.check_user(username): user_password = self.database.get_password(username) if self.encryption.check_password(password, user_password): return self.auth_output(True, f'"{username}", login success') else: return self.auth_output(False, 'Wrong password') else: return self.auth_output(False, f'No such user - "{username}"') def already_logged(self): return self.auth_output(False, 'Such user is already logged in') @staticmethod def auth_output(flag: bool, message: str): """ :param flag: boolean login/register success status :param message: verbal description of flag :return flag and message as one dictionary """ logging.info(message) return {'flag': flag, 'verbose': message}
def add_user(): if request.method == "GET": return render_template('users/user_add.html') name = str(request.form.get("name", None)) pw1 = request.form.get("password", None) pw2 = request.form.get("confirm_password", None) user_hash = Encryption.encrypt_password( str(request.form.get("password", None)) ) email = str(request.form.get("email", None)) birthdate = str(request.form.get("birthdate", None)).replace( "-", "/") # IOS uses '-' instead of '/' if name is None or email is None or name is None: return render_template('users/user_add.html', error="Fields empty") if pw1 != pw2: return render_template('users/user_add.html', error="Passwords don't match") if not data_validation.validate_email(email): return render_template('users/user_add.html', error="Invalid mail") if not data_validation.validate_birthdate(birthdate)[0]: return render_template('users/user_add.html', error="Invalid birthdate:" + data_validation.validate_birthdate(birthdate)[1]) res = user_db.insert_user(name, user_hash, email, birthdate) if not res[0]: return render_template('users/user_add.html', error="User already exists") user_uuid = res[1] expenses_db.create_expenses(user_uuid) schedule_db.create_schedule(user_uuid) hygiene_db.create_hygiene(user_uuid) token = generate_confirm_token(email) mail.send_confirmation_mail(name, email, token) return return_message("Succes", "User added!", 2, url_for('admin_blueprint.get_users'))