コード例 #1
0
    def post(self):
        '''Register User'''
        data = api.payload
        if not data:
            abort(400, 'No input data detected')

        email = data['email'].lower()
        user = User.fetch_by_email(email)
        if user:
            abort(400, 'Falied... A user with this email already exists')

        id_no = data['id_no']
        user = User.fetch_by_id_no(id_no)
        if user:
            abort(400, 'Falied... A user with this ID number already exists')

        full_name = data['full_name'].lower()
        hashed_password = generate_password_hash(data['password'],
                                                 method='sha256')

        new_user = User(email=email,
                        id_no=id_no,
                        full_name=full_name,
                        country_code=data['country_code'],
                        phone=data['phone'],
                        password=hashed_password)
        new_user.insert_record()

        user = user_schema.dump(data)

        this_user = User.fetch_by_email(email)

        UserPrivilege.generate_user_role(user_id=this_user.id)
        user_id = UserPrivilege.user_id
        role = UserPrivilege.role
        new_user_role = UserRole(user_id=user_id, role=role)
        new_user_role.insert_record()

        privileges = UserPrivilege.privileges
        expiry_time = timedelta(minutes=30)
        my_identity = {'id': this_user.id, 'privileges': privileges}
        access_token = create_access_token(identity=my_identity,
                                           expires_delta=expiry_time)
        refresh_token = create_refresh_token(my_identity)
        return {
            'message': 'Success',
            'access token': access_token,
            "refresh_token": refresh_token,
            'user': user
        }, 201
コード例 #2
0
    def put(self, id):
        '''Update User'''
        my_user = User.fetch_by_id(id)
        user = user_schema.dump(my_user)
        if len(user) == 0:
            abort(400, 'User does not exist')

        authorised_user = get_jwt_identity()
        if id != authorised_user['id']:
            abort(
                400,
                'You cannot modify this user! Please log in as this user to modify.'
            )  # 403

        data = api.payload
        if not data:
            abort(400, 'No input data detected')

        email = data['email'].lower()

        db_user = User.fetch_by_email(email)
        user_to_check = user_schema.dump(db_user)
        if len(user_to_check) > 0:
            if email == user_to_check['email'] and id != user_to_check['id']:
                abort(400, 'Falied... A user with this email already exists')

        phone = data['phone']
        db_user = User.fetch_by_phone(phone)
        user_to_check = user_schema.dump(db_user)
        if len(user_to_check) > 0:
            if phone == user_to_check['phone'] and id != user_to_check['id']:
                abort(400, 'Falied... A user with this email already exists')

        first_name = data['first_name'].lower()
        last_name = data['last_name'].lower()

        User.update(id=id,
                    email=email,
                    first_name=first_name,
                    last_name=last_name,
                    phone=phone)

        this_user = User.fetch_by_email(email)
        current_user = user_schema.dump(this_user)

        return {'message': 'User updated', 'user': current_user}, 200
コード例 #3
0
    def post(self):
        '''Log in user'''
        # Get User-agent and ip address
        my_ip = request.environ.get('HTTP_X_FORWARDED_FOR')
        if my_ip is None:
            ip = request.environ['REMOTE_ADDR']
        else:
            ip = request.environ['HTTP_X_FORWARDED_FOR']

        if ip is None or str(ip) == '127.0.0.1'or str(ip) == '172.17.0.1':
            abort(400, 'This request has been rejected. Please use a recognised device')

        # Compute operating system and location
        device_operating_system = generate_device_data()
        if 'error' in device_operating_system.keys():
            abort(400, device_operating_system['error'])
        device_os = device_operating_system['device_os']

        device_location_data = generate_location_data(str(ip))
        if 'error' in device_location_data.keys():
            abort(400, device_location_data['error'])
        ip = device_location_data['ip']
        location = device_location_data['location']

        data = api.payload
        if not data:
            abort(400, 'No input data detected')

        email = data['email']
        this_user = User.fetch_by_email(email)
        if this_user:
            if check_password_hash(this_user.password, data['password']):
                current_user = user_schema.dump(this_user)
                user_id = this_user.id
                # fetch User role
                user_role = UserRole.fetch_by_user_id(user_id)
                # UserPrivilege.get_privileges(user_id = user_id, role= user_role.role)
                # privileges = UserPrivilege.privileges
                privileges = user_role.role.role
                # Create access token
                expiry_time = timedelta(minutes=30)
                my_identity = {'id':this_user.id, 'privileges':privileges}
                access_token = create_access_token(identity=my_identity, expires_delta=expiry_time)
                refresh_token = create_refresh_token(my_identity)
                # Save session info to db
                new_session_record = Session(user_ip_address=ip, location=location, device_operating_system=device_os, user_id=user_id, token=access_token)    
                new_session_record.insert_record()
                return {'message': 'User logged in', 'user': current_user, 'access_token': access_token, "refresh_token": refresh_token}, 200
        if not this_user or not check_password_hash(this_user.password, data['password']):
            return {'message': 'Could not log in, please check your credentials'}, 400
コード例 #4
0
    def post(self):
        '''Register User'''
        # Get User-agent and ip address
        my_ip = request.environ.get('HTTP_X_FORWARDED_FOR')
        if my_ip is None:
            ip = request.environ['REMOTE_ADDR']
        else:
            ip = request.environ['HTTP_X_FORWARDED_FOR']

        if ip is None or str(ip) == '127.0.0.1' or str(ip) == '172.17.0.1':
            abort(
                400,
                'This request has been rejected. Please use a recognised device'
            )

        # Compute operating system and location
        device_operating_system = generate_device_data()
        if 'error' in device_operating_system.keys():
            abort(400, device_operating_system['error'])
        device_os = device_operating_system['device_os']

        device_location_data = generate_location_data(str(ip))
        if 'error' in device_location_data.keys():
            abort(400, device_location_data['error'])
        ip = device_location_data['ip']
        location = device_location_data['location']

        data = api.payload
        if not data:
            abort(400, 'No input data detected')

        email = data['email'].lower()
        user = User.fetch_by_email(email)
        if user:
            abort(400, 'Falied... A user with this email already exists')

        phone = data['phone']
        user = User.fetch_by_phone(phone)
        if user:
            abort(400,
                  'Falied... A user with this phone number already exists')

        first_name = data['first_name'].lower()
        last_name = data['last_name'].lower()
        hashed_password = generate_password_hash(data['password'],
                                                 method='sha256')
        # Save user to db
        new_user = User(first_name=first_name,
                        last_name=last_name,
                        phone=phone,
                        email=email,
                        password=hashed_password)
        new_user.insert_record()

        user = user_schema.dump(data)

        this_user = User.fetch_by_email(email)

        UserPrivilege.generate_user_role(user_id=this_user.id)
        user_id = UserPrivilege.user_id
        role = UserPrivilege.role
        # Ensure all roles are saved to the db before registering the role to user
        db_roles = UserRole.fetch_all()
        all_privileges = UserPrivilege.all_privileges
        if len(db_roles) == 0:
            for key, value in all_privileges.items():
                new_role = Role(role=value)
                new_role.insert_record()
        # Link role to user
        new_user_role = UserRole(user_id=user_id, role_id=role)
        new_user_role.insert_record()
        # Create access token
        privileges = UserPrivilege.privileges
        expiry_time = timedelta(minutes=30)
        my_identity = {'id': this_user.id, 'privileges': privileges}
        access_token = create_access_token(identity=my_identity,
                                           expires_delta=expiry_time)
        refresh_token = create_refresh_token(my_identity)
        # Save session info to db
        new_session_record = Session(user_ip_address=ip,
                                     location=location,
                                     device_operating_system=device_os,
                                     user_id=user_id,
                                     token=access_token)
        new_session_record.insert_record()
        return {
            'message': 'Success',
            'access token': access_token,
            "refresh_token": refresh_token,
            'user': user
        }, 201