def bunk_post (self, client):
"""
Log a user in.
@request_param username (str)
@request_param password (str)
@response user_id (int)
"""
password_hash = UserDBModel.hash_password(client.params.get("password"))
username = client.params.get("username")
try:
users_filters = [
["username", "=", username],
["password_hash", "=", password_hash],
["is_deleted", "=", False]
]
users = UserDBModel.filter(users_filters).limit(1)()
if users:
# user loaded
user = users[0]
# update last log in date
user.date_last_log_in = "@NOW()"
user.save()
# store user details in session
client.session["user_id"] = user.user_id
client.session["username"] = user.username
client.session["email"] = user.email
# set session auth roles
self.auth_set_roles((AUTH_ROLE_USER,))
else:
# failed to authenticate
err_code = RESP_ERR_CODE_AUTHENTICATION_FAILED
err_msg = "Login credentials provided failed to authenticate."
return self.respond_error(err_code, err_msg, response_code.HTTP_500)
except Exception, e:
# failed to log user in for unknown reason
err_code = RESP_ERR_CODE_LOGIN_FAILED
err_msg = "User log in failed for unknown reason."
return self.respond_error(err_code, err_msg, response_code.HTTP_500)
def bunk_post (self, client):
"""
Create a user and return user_id.
@request_param username (str)
@request_param password (str)
@request_param email (str)
@response user_id (int)
"""
user = UserDBModel()
user.email = client.params.get("email")
user.password = str(client.params.get("password"))
user.username = client.params.get("username")
if user.validate():
try:
# get db connection and cursor
db = self.get_db()
dbconn = db.get_connection()
dbcurs = dbconn.cursor()
# check if user exists
existing_user = UserDBModel.filter([["username", "=", user.username]])()
if existing_user:
# user exists
err_code = RESP_ERR_CODE_USERNAME_ALREADY_IN_USE
err_msg = "Username already in use."
field_errs = [('username', 'Username already in use. Please select another one.')]
return self.respond_error(err_code, err_msg, response_code.HTTP_409, field_errors=field_errs)
# create user
user.save(connection=dbconn)
# retrieve newely created user_id
dbcurs.execute("SELECT CURRVAL('user_user_id_seq') AS value")
user.user_id = db.fetch_all(dbcurs)[0]["value"]
except Exception, e:
# failed to create user for unknown reason
err_code = RESP_ERR_CODE_USER_CREATION_FAILED
err_msg = "User failed to create for unknown reason."
return self.respond_error(err_code, err_msg, response_code.HTTP_500)
def bunk_get (self, client):
"""
Retrieve details for a user.
@request_param username (str)
@response user_id (int)
@response username (int)
@response email (int)
"""
is_admin = AUTH_ROLE_ADMIN in self.auth_roles
try:
users_filters = [
["username", "=", client.params.get("username")],
["is_deleted", "=", False]
]
users = UserDBModel.filter(users_filters).limit(1)()
if users:
user = users[0]
if is_admin or user.user_id == client.session.get("user_id"):
# build reponse
response = {
"user_id": user.user_id,
"username": user.username,
"email": user.email
}
# return user details
return self.respond(response, response_code.HTTP_200)
else:
# failed to load user
if is_admin:
err_code = RESP_ERR_CODE_USER_DOES_NOT_EXIST
err_msg = "User does not exist."
return self.respond_error(err_code, err_msg, response_code.HTTP_404)
# return access denied message
return self.respond_access_denied()
except Exception, e:
# allow admin failed to log user in for unknown reason
err_code = RESP_ERR_CODE_USER_DETAILS_FAILED
err_msg = "User failed to load for unknown reason."
return self.respond_error(err_code, err_msg, response_code.HTTP_500)
