def post_app_keys():
"""Creates a new application key
:returns: JSON string of the new application key's data; status code
:rtype: (str, int)
"""
# pre-validate data
errors = unique({}, AppKey, AppKey.key, request.json.get('key', None))
errors = unique(errors, AppKey, AppKey.application,
request.json.get('application', None))
# validate data
try:
data = AppKeyAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save app key
app_key = AppKey(application=data['application'],
key=data['key'],
status=data['status'],
status_changed_at=datetime.now())
db.session.add(app_key)
db.session.commit()
# response
return jsonify({'app_key': AppKeyAdminSchema().dump(app_key)}), 201
def test_unique_update_no_diff_pass(app, mocker):
test_model = SomeModel()
test_model.name = 'foo'
errors = unique({}, SomeModel, SomeModel.name, 'foo', update=test_model)
assert errors == {}
def post_user():
"""Creates a new user.
:returns: JSON string of the new user's data; status code
:rtype: (str, int)
"""
# pre-validate data
errors = unique({}, User, User.username,
request.json.get('username', None))
errors = unique_email(errors, User, User.email,
request.json.get('email', None))
errors, roles = exists(errors, Role, 'roles',
request.json.get('roles', []))
# validate data
try:
data = UserAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save user
user = User(username=data['username'].lower().strip(),
email=data['email'].lower().strip(),
password=data['password'],
is_verified=data['is_verified'],
status=data['status'],
status_changed_at=datetime.now())
for role in roles:
user.roles.append(role)
# save user profile
if 'profile' in data:
user_profile = UserProfile(
user=user,
first_name=data['profile']['first_name'].strip(),
last_name=data['profile']['last_name'].strip(),
joined_at=data['profile']['joined_at'],
status=data['status'],
status_changed_at=datetime.now())
db.session.add(user_profile)
db.session.add(user)
db.session.commit()
# response
return jsonify({'user': UserAdminSchema().dump(user)}), 201
def test_unique_fail(app, mocker):
# mock db query
query_mock = mocker.patch('flask_sqlalchemy._QueryProperty.__get__')
query_mock.return_value \
.filter.return_value \
.first.return_value = SomeModel()
errors = unique({}, SomeModel, SomeModel.name, 'foo')
assert errors == {'name': ['Value must be unique.']}
def test_unique_pass(app, mocker):
# mock db query
query_mock = mocker.patch('flask_sqlalchemy._QueryProperty.__get__')
query_mock.return_value \
.filter.return_value \
.first.return_value = None
errors = unique({}, SomeModel, SomeModel.name, 'foo')
assert errors == {}
def test_unique_update_diff_pass(app, mocker):
# mock db query
query_mock = mocker.patch('flask_sqlalchemy._QueryProperty.__get__')
query_mock.return_value \
.filter.return_value \
.first.return_value = None
test_model = SomeModel()
test_model.name = 'bar'
errors = unique({}, SomeModel, SomeModel.name, 'foo', update=test_model)
assert errors == {}
def put_role(role_id):
"""Updates an existing role.
:param role_id: ID of role
:type role_id: int
:returns: JSON string of the role's data; status code
:rtype: (str, int)
"""
# get role
role = Role.query.get(role_id)
if role is None:
abort(404)
# pre-validate data
errors = {}
if isinstance(request.json.get('name', None), str):
errors = unique(errors,
Role,
Role.name,
request.json.get('name'),
update=role)
# validate data
try:
data = RoleAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save role
role.name = data['name']
role.is_admin_role = data['is_admin_role']
role.priority = data['priority']
role.login_lockout_policy = data['login_lockout_policy']
role.login_max_attempts = data['login_max_attempts']
role.login_timeframe = data['login_timeframe']
role.login_ban_time = data['login_ban_time']
role.login_ban_by_ip = data['login_ban_by_ip']
role.password_policy = data['password_policy']
role.password_reuse_history = data['password_reuse_history']
role.password_reset_days = data['password_reset_days']
db.session.commit()
# response
return jsonify({'role': RoleAdminSchema().dump(role)}), 200
def post_administrator():
"""Creates a new administrator
:returns: JSON string of the new administrator's data; status code
:rtype: (str, int)
"""
# pre-validate data
errors = unique({}, Administrator, Administrator.username,
request.json.get('username', None))
errors = unique_email(errors, Administrator, Administrator.email,
request.json.get('email', None))
errors, roles = exists(errors, Role, 'roles',
request.json.get('roles', []))
# validate data
try:
data = AdministratorAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save admin
admin = Administrator(username=data['username'].lower().strip(),
email=data['email'].lower().strip(),
first_name=data['first_name'],
last_name=data['last_name'],
password=data['password'],
joined_at=data['joined_at'],
status=data['status'],
status_changed_at=datetime.now())
for role in roles:
admin.roles.append(role)
db.session.add(admin)
db.session.commit()
# response
return jsonify({'administrator':
AdministratorAdminSchema().dump(admin)}), 201
def put_account():
"""Updates the current user's account information.
:returns: JSON string of the user's account information; status code
:rtype: (str, int)
"""
# init vars
user = g.user
# pre-validate data
errors = unique({},
Administrator,
Administrator.username,
request.json.get('username', None),
update=user)
errors = unique_email(errors,
Administrator,
Administrator.email,
request.json.get('email', None),
update=user)
# validate data
try:
data = UserAccountAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save user account
user.username = data['username'].strip()
user.email = data['email'].strip()
user.first_name = data['first_name'].strip()
user.last_name = data['last_name'].strip()
db.session.commit()
# response
return jsonify({'user_account': UserAccountAdminSchema().dump(user)}), 200
def put_app_key(app_key_id):
"""Updates an existing application key
:param app_key_id: ID of application key
:type app_key_id: int
:returns: JSON string of the application key's data; status code
:rtype: (str, int)
"""
# get app key
app_key = AppKey.query.get(app_key_id)
if app_key is None:
abort(404)
# pre-validate data
errors = unique({},
AppKey,
AppKey.key,
request.json.get('key', None),
update=app_key)
# validate data
try:
data = AppKeyAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save app key
app_key.application = data['application']
app_key.key = data['key']
if app_key.status != data['status']:
app_key.status = data['status']
app_key.status_changed_at = datetime.now()
db.session.commit()
# response
return jsonify({'app_key': AppKeyAdminSchema().dump(app_key)}), 200
def post_roles():
"""Creates a new role.
:returns: JSON string of the new role's data; status code
:rtype: (str, int)
"""
# pre-validate data
errors = {}
if isinstance(request.json.get('name', None), str):
errors = unique(errors, Role, Role.name, request.json.get('name'))
# validate data
try:
data = RoleAdminSchema().load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save role
role = Role(name=data['name'],
is_admin_role=data['is_admin_role'],
priority=data['priority'],
login_lockout_policy=data['login_lockout_policy'],
login_max_attempts=data['login_max_attempts'],
login_timeframe=data['login_timeframe'],
login_ban_time=data['login_ban_time'],
login_ban_by_ip=data['login_ban_by_ip'],
password_policy=data['password_policy'],
password_reuse_history=data['password_reuse_history'],
password_reset_days=data['password_reset_days'])
db.session.add(role)
db.session.commit()
# response
return jsonify({'role': RoleAdminSchema().dump(role)}), 201
def put_user(user_id):
"""Updates an existing user.
:param user_id: ID of user
:type user_id: int
:returns: JSON string of the user's data; status code
:rtype: (str, int)
"""
# get user
user = User.query.get(user_id)
if user is None:
abort(404)
# pre-validate data
errors = unique({},
User,
User.username,
request.json.get('username', None),
update=user)
errors = unique_email(errors,
User,
User.email,
request.json.get('email', None),
update=user)
errors, roles = exists(errors, Role, 'roles',
request.json.get('roles', []))
# validate data
try:
if request.json.get('password', None):
data = UserAdminSchema().load(request.json)
else:
data = UserAdminSchema(exclude=('password', )).load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save user
user.username = data['username'].lower().strip()
user.email = data['email'].lower().strip()
user.is_verified = data['is_verified']
if 'password' in data:
user.password = data['password']
user.roles[:] = []
for role in roles:
user.roles.append(role)
if user.status != data['status']:
user.status = data['status']
user.status_changed_at = datetime.now()
# save user profile
if 'profile' in data:
user_profile = user.profile if user.profile else None
if user_profile:
user_profile.first_name = data['profile']['first_name'].strip()
user_profile.last_name = data['profile']['last_name'].strip()
user_profile.joined_at = data['profile']['joined_at']
if user_profile.status != data['status']:
user_profile.status = data['status']
user_profile.status_changed_at = datetime.now()
else:
user_profile = UserProfile(
user_id=user.id,
first_name=data['profile']['first_name'].strip(),
last_name=data['profile']['last_name'].strip(),
joined_at=data['profile']['joined_at'],
status=data['status'],
status_changed_at=datetime.now())
db.session.add(user_profile)
user.profile = user_profile
db.session.commit()
# response
return jsonify({'user': UserAdminSchema().dump(user)}), 200
def put_administrator(administrator_id):
"""Updates an existing administrator
:param administrator_id: ID of administrator
:type administrator_id: int
:returns: JSON string of the administrator's data; status code
:rtype: (str, int)
"""
# get administrator
administrator = Administrator.query.get(administrator_id)
if administrator is None:
abort(404)
# pre-validate data
errors = unique({},
Administrator,
Administrator.username,
request.json.get('username', None),
update=administrator)
errors = unique_email(errors,
Administrator,
Administrator.email,
request.json.get('email', None),
update=administrator)
errors, roles = exists(errors, Role, 'roles',
request.json.get('roles', []))
# validate data
try:
if request.json.get('password', None):
data = AdministratorAdminSchema().load(request.json)
else:
data = AdministratorAdminSchema(exclude=('password', )).load(
request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save administrator
administrator.username = data['username'].lower().strip()
administrator.email = data['email'].lower().strip()
administrator.first_name = data['first_name']
administrator.last_name = data['last_name']
administrator.joined_at = data['joined_at']
if 'password' in data:
administrator.password = data['password']
administrator.roles[:] = []
for role in roles:
administrator.roles.append(role)
if administrator.status != data['status']:
administrator.status = data['status']
administrator.status_changed_at = datetime.now()
db.session.commit()
# response
return jsonify(
{'administrator': AdministratorAdminSchema().dump(administrator)}), 200
def post_user_account_step1():
"""User registration step 1.
:returns: JSON string of the user's account information; status code
:rtype: (str, int)
"""
# pre-validate data
errors = unique({}, User, User.username,
str(request.json.get('username')).lower().strip()
if request.json.get('username', None) else None)
errors = unique_email(
errors, User, User.email,
str(request.json.get('email')).lower().strip() if request.json.get(
'email', None) else None)
errors, tos = exists(errors,
TermsOfService,
'tos_id',
request.json.get('tos_id', None),
missing_error="Please agree to the terms of service.")
if (request.json.get('password', None)
and request.json.get('password2', None)):
if request.json.get('password') != request.json.get('password2'):
errors['password2'] = ["Passwords must match."]
# validate data
try:
data = UserAccountSchema(exclude=(
'first_name',
'last_name',
)).load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save user
user = User(username=data['username'].lower().strip(),
email=data['email'].lower().strip(),
password=data['password'],
is_verified=False,
status=User.STATUS_ENABLED,
status_changed_at=datetime.now())
user_role = Role.query.filter(Role.name == 'USER').first()
if user_role:
user.roles.append(user_role)
db.session.add(user)
# save user terms of service
user_tos = UserTermsOfService(user=user,
terms_of_service=tos,
accept_date=datetime.now(),
ip_address=request.environ.get(
'HTTP_X_REAL_IP', request.remote_addr))
db.session.add(user_tos)
# save password history
pass_history = UserPasswordHistory(user=user,
password=user.password,
set_date=datetime.now())
db.session.add(pass_history)
db.session.commit()
# prep output
output = {
'id': user.id,
'username': user.username,
'email': user.email,
'password_changed_at': user.password_changed_at,
'is_verified': user.is_verified,
'first_name': None,
'last_name': None,
'joined_at': None,
}
# response
return jsonify({'user_account': UserAccountSchema().dump(output)}), 201
def put_user_account():
"""Updates the current user's account information.
:returns: JSON string of the user's account information; status code
:rtype: (str, int)
"""
# init vars
user = g.user
user_profile = user.profile if user.profile else None
# pre-validate data
errors = unique({},
User,
User.username,
str(request.json.get('username')).lower().strip()
if request.json.get('username', None) else None,
update=user)
errors = unique_email(errors,
User,
User.email,
str(request.json.get('email')).lower().strip()
if request.json.get('email', None) else None,
update=user)
# validate data
try:
data = UserAccountSchema(exclude=(
'password',
'password2',
'tos_id',
)).load(request.json)
except ValidationError as err:
errors = dict(list(errors.items()) + list(err.messages.items()))
# return any errors
if errors:
return jsonify({"error": errors}), 400
# save user
user.username = data['username'].lower().strip()
user.email = data['email'].lower().strip()
# save user profile
if user_profile:
user_profile.first_name = data['first_name'].strip()
user_profile.last_name = data['last_name'].strip()
else:
user_profile = UserProfile(user_id=user.id,
first_name=data['first_name'].strip(),
last_name=data['last_name'].strip(),
joined_at=datetime.now(),
status=UserProfile.STATUS_ENABLED,
status_changed_at=datetime.now())
db.session.add(user_profile)
db.session.commit()
# prep output
output = {
'id': user.id,
'username': user.username,
'email': user.email,
'password_changed_at': user.password_changed_at,
'is_verified': user.is_verified,
'first_name': user_profile.first_name if user_profile else None,
'last_name': user_profile.last_name if user_profile else None,
'joined_at': user_profile.joined_at if user_profile else None,
}
# response
return jsonify({'user_account': UserAccountSchema().dump(output)}), 200
