def update_user_password(u_id):
if not request.json:
abort(400)
if 'password' not in request.json.keys():
return missing_keys_envelop()
try:
user = db_session.query(User).filter(User.id == u_id).one()
if user is None:
return record_notfound_envelop()
hashed_pass = hash_password(request.json['password'].encode())
old_hashed_pass = user.password
if old_hashed_pass == hashed_pass:
return jsonify({
'message': 'Please dont\'t use old password',
'status': 'fail'
})
else:
user.password = hashed_pass
db_session.add(user)
db_session.commit()
except NoResultFound as e:
return record_notfound_envelop()
except Exception as e:
return fatal_error_envelop()
else:
return record_updated_envelop('Password updated Successfully')
def register_user():
'''This view register the user by generating ht access token with the given role'''
if request.args and request.args['action'] == 'register':
#check if all key existst
if not set(
request.json.keys()) == {'user_name', 'password', 'role_id'}:
return jsonify({'message': 'missing keys'})
#lower case the user_name
if any(
len(val.strip()) < 5 for val in request.json.values()
if isinstance(val, str)):
return jsonify({'message': 'Not adequate length of values'})
#lower case the user_name
user_name = request.json['user_name'].strip().lower()
role_id = request.json['role_id']
hashed_pass = hash_password(request.json['password'].encode())
#get the user access_token
user_access_token = gen_access_token(role_id, user_name)
user = User(user_name=user_name,
password=hashed_pass,
role_id=role_id,
access_token=user_access_token.decode('utf-8'))
try:
db_session.add(user)
db_session.commit()
except IntegrityError as ie:
#hadle the error here
return record_exists_envelop()
else:
return jsonify({
'message': 'user_added_successfully',
'access_token': user_access_token.decode('utf-8')
})
elif request.args['action'] == 'login':
if request.json:
if not set(request.json.keys()) == {'user_name', 'password'}:
return jsonify({'message': 'missing keys'})
else:
return jsonify({'message': 'json object'})
user_name = request.json['user_name']
password = request.json['password']
#now hass the password
hashed_pass = hash_password(password)
#get the user from the users for the password and user name
try:
user = db_session.query(User).filter(
User.user_name == user_name).one()
if not user:
return record_notfound_envelop('User doesn\'t exists')
#if there is user check for the password
if hashed_pass == user.password:
return record_json_envelop({
'access_token': user.access_token,
'activate': user.activate,
'role_id': user.role_id,
'permissions': user.role.to_dict()
})
else:
return record_notfound_envelop('Password doesn\'t match')
except NoResultFound as e:
return record_notfound_envelop('User doesn\'t exists')
###to register the user with the employee
elif request.args['action'] == 'registeruserforemployee':
if not request.args.get('e_id', None):
return 'please send the e_id'
e_id = int(request.args['e_id'])
if not set(
request.json.keys()) == {'user_name', 'password', 'role_id'}:
return jsonify({'message': 'missing keys'})
#lower case the user_name
if any(
len(val.strip()) < 5 for val in request.json.values()
if isinstance(val, str)):
return jsonify({'message': 'Not adequate length of values'})
#lower case the user_name
user_name = request.json['user_name'].strip().lower()
role_id = request.json['role_id']
hashed_pass = hash_password(request.json['password'].encode())
#get the user access_token
user_access_token = gen_access_token(role_id, user_name)
user = User(user_name=user_name,
password=hashed_pass,
role_id=role_id,
access_token=user_access_token.decode('utf-8'))
try:
emp = db_session.query(Employee).filter(Employee.id == e_id).one()
db_session.add(user)
emp.user = user
db_session.add(emp)
db_session.commit()
except IntegrityError as ie:
#hadle the error here
return record_exists_envelop()
except NoResultFound as e:
return record_notfound_envelop()
else:
return jsonify({
'message': 'user_added_successfully',
'access_token': user_access_token.decode('utf-8'),
'status': 'success'
})
def update_user(u_id):
if not request.json:
abort(400)
if request.args.get('action') == 'update_activation':
try:
db_session.query(User).filter(User.id == u_id).update(request.json)
db_session.commit()
except NoResultFound as e:
return result_notfound_envelop()
except Exception as e:
return fatal_error_envelop()
else:
return record_updated_envelop(request.json)
if not request.args.get('action') == 'update_role':
if 'password' not in request.json.keys():
return missing_keys_envelop()
try:
user = db_session.query(User).filter(User.id == u_id).one()
if user is None:
return record_notfound_envelop()
result, err = validate_password(request.json.get('password'),
user.user_name)
print(result)
if result == False:
return jsonify({'message': err, 'status': 'fail'})
print('GOt here ----------')
hashed_pass = hash_password(
request.json['password'].strip().encode())
old_hashed_pass = user.password
if old_hashed_pass == hashed_pass:
return jsonify({
'message': 'Please dont\'t use old password',
'status': 'fail'
})
else:
user.password = hashed_pass
if request.args.get('by') == 'user':
user.password_changed = True
db_session.add(user)
db_session.commit()
except NoResultFound as e:
return record_notfound_envelop()
except Exception as e:
return fatal_error_envelop()
else:
return record_updated_envelop('Password updated Successfully.')
#update the role
if 'role_id' not in request.json:
return missing_keys_envelop()
try:
user = db_session.query(User).filter(User.id == u_id).one()
if user is None:
return record_notfound_envelop()
user.role_id = int(request.json['role_id'])
db_session.add(user)
db_session.commit()
except NoResultFound as e:
return record_notfound_envelop()
except Exception as e:
raise
return fatal_error_envelop()
else:
return record_updated_envelop('Role updated successfully.')
