def update_user_password(u_id): if not request.json: abort(400) if 'password' not in request.json.keys(): return missing_keys_envelop() try: user = db_session.query(User).filter(User.id == u_id).one() if user is None: return record_notfound_envelop() hashed_pass = hash_password(request.json['password'].encode()) old_hashed_pass = user.password if old_hashed_pass == hashed_pass: return jsonify({ 'message': 'Please dont\'t use old password', 'status': 'fail' }) else: user.password = hashed_pass db_session.add(user) db_session.commit() except NoResultFound as e: return record_notfound_envelop() except Exception as e: return fatal_error_envelop() else: return record_updated_envelop('Password updated Successfully')
def register_user(): '''This view register the user by generating ht access token with the given role''' if request.args and request.args['action'] == 'register': #check if all key existst if not set( request.json.keys()) == {'user_name', 'password', 'role_id'}: return jsonify({'message': 'missing keys'}) #lower case the user_name if any( len(val.strip()) < 5 for val in request.json.values() if isinstance(val, str)): return jsonify({'message': 'Not adequate length of values'}) #lower case the user_name user_name = request.json['user_name'].strip().lower() role_id = request.json['role_id'] hashed_pass = hash_password(request.json['password'].encode()) #get the user access_token user_access_token = gen_access_token(role_id, user_name) user = User(user_name=user_name, password=hashed_pass, role_id=role_id, access_token=user_access_token.decode('utf-8')) try: db_session.add(user) db_session.commit() except IntegrityError as ie: #hadle the error here return record_exists_envelop() else: return jsonify({ 'message': 'user_added_successfully', 'access_token': user_access_token.decode('utf-8') }) elif request.args['action'] == 'login': if request.json: if not set(request.json.keys()) == {'user_name', 'password'}: return jsonify({'message': 'missing keys'}) else: return jsonify({'message': 'json object'}) user_name = request.json['user_name'] password = request.json['password'] #now hass the password hashed_pass = hash_password(password) #get the user from the users for the password and user name try: user = db_session.query(User).filter( User.user_name == user_name).one() if not user: return record_notfound_envelop('User doesn\'t exists') #if there is user check for the password if hashed_pass == user.password: return record_json_envelop({ 'access_token': user.access_token, 'activate': user.activate, 'role_id': user.role_id, 'permissions': user.role.to_dict() }) else: return record_notfound_envelop('Password doesn\'t match') except NoResultFound as e: return record_notfound_envelop('User doesn\'t exists') ###to register the user with the employee elif request.args['action'] == 'registeruserforemployee': if not request.args.get('e_id', None): return 'please send the e_id' e_id = int(request.args['e_id']) if not set( request.json.keys()) == {'user_name', 'password', 'role_id'}: return jsonify({'message': 'missing keys'}) #lower case the user_name if any( len(val.strip()) < 5 for val in request.json.values() if isinstance(val, str)): return jsonify({'message': 'Not adequate length of values'}) #lower case the user_name user_name = request.json['user_name'].strip().lower() role_id = request.json['role_id'] hashed_pass = hash_password(request.json['password'].encode()) #get the user access_token user_access_token = gen_access_token(role_id, user_name) user = User(user_name=user_name, password=hashed_pass, role_id=role_id, access_token=user_access_token.decode('utf-8')) try: emp = db_session.query(Employee).filter(Employee.id == e_id).one() db_session.add(user) emp.user = user db_session.add(emp) db_session.commit() except IntegrityError as ie: #hadle the error here return record_exists_envelop() except NoResultFound as e: return record_notfound_envelop() else: return jsonify({ 'message': 'user_added_successfully', 'access_token': user_access_token.decode('utf-8'), 'status': 'success' })
def update_user(u_id): if not request.json: abort(400) if request.args.get('action') == 'update_activation': try: db_session.query(User).filter(User.id == u_id).update(request.json) db_session.commit() except NoResultFound as e: return result_notfound_envelop() except Exception as e: return fatal_error_envelop() else: return record_updated_envelop(request.json) if not request.args.get('action') == 'update_role': if 'password' not in request.json.keys(): return missing_keys_envelop() try: user = db_session.query(User).filter(User.id == u_id).one() if user is None: return record_notfound_envelop() result, err = validate_password(request.json.get('password'), user.user_name) print(result) if result == False: return jsonify({'message': err, 'status': 'fail'}) print('GOt here ----------') hashed_pass = hash_password( request.json['password'].strip().encode()) old_hashed_pass = user.password if old_hashed_pass == hashed_pass: return jsonify({ 'message': 'Please dont\'t use old password', 'status': 'fail' }) else: user.password = hashed_pass if request.args.get('by') == 'user': user.password_changed = True db_session.add(user) db_session.commit() except NoResultFound as e: return record_notfound_envelop() except Exception as e: return fatal_error_envelop() else: return record_updated_envelop('Password updated Successfully.') #update the role if 'role_id' not in request.json: return missing_keys_envelop() try: user = db_session.query(User).filter(User.id == u_id).one() if user is None: return record_notfound_envelop() user.role_id = int(request.json['role_id']) db_session.add(user) db_session.commit() except NoResultFound as e: return record_notfound_envelop() except Exception as e: raise return fatal_error_envelop() else: return record_updated_envelop('Role updated successfully.')