def delete(self, id): '''Delete User''' my_user = User.fetch_by_id(id) user = user_schema.dump(my_user) if len(user) == 0: abort(400, 'User does not exist') claims = get_jwt_claims() authorised_user = get_jwt_identity() if claims['is_admin'] or id == authorised_user['id']: User.delete_by_id(id) return {'message': 'User deleted successfuly'}, 200 abort(400, 'You do not have the required permissions to delete this user!')
def put(self, id): '''Update User''' my_user = User.fetch_by_id(id) user = user_schema.dump(my_user) if len(user) == 0: abort(400, 'User does not exist') authorised_user = get_jwt_identity() if id != authorised_user['id']: abort( 400, 'You cannot modify this user! Please log in as this user to modify.' ) # 403 data = api.payload if not data: abort(400, 'No input data detected') email = data['email'].lower() db_user = User.fetch_by_email(email) user_to_check = user_schema.dump(db_user) if len(user_to_check) > 0: if email == user_to_check['email'] and id != user_to_check['id']: abort(400, 'Falied... A user with this email already exists') id_no = data['id_no'] db_user = User.fetch_by_id_no(id_no) user_to_check = user_schema.dump(db_user) if len(user_to_check) > 0: if id_no == user_to_check['email'] and id != user_to_check['id']: abort(400, 'Falied... A user with this email already exists') full_name = data['full_name'].lower() country_code = data['country_code'] phone = data['phone'] User.update_user(id=id, email=email, id_no=id_no, full_name=full_name, country_code=country_code, phone=phone) this_user = User.fetch_by_id_no(id_no) current_user = user_schema.dump(this_user) return {'message': 'User updated', 'user': current_user}, 200
def put(self, id): '''Restore User''' my_user = User.fetch_by_id(id) user = user_schema.dump(my_user) if len(user) == 0: abort(400, 'User does not exist') claims = get_jwt_claims() authorised_user = get_jwt_identity() if claims['is_admin'] or id == authorised_user['id']: is_suspended = 2 try: User.restore(id=id, is_suspended=is_suspended) return {'message': 'User restored successfuly'}, 200 except: return {'message': 'Unable to perform this action'}, 400 abort(400, 'You do not have the required permissions to modify this user!')
def get(self, id): '''Get user item from database''' try: my_user = User.fetch_by_id(id) user = user_schema.dump(my_user) if len(user) == 0: e = BadRequest('User item does not exist') e.data = {'status': '404'} raise e return {'status': 'Match retrieved', 'user': user}, 200 except KeyError as e: api.abort(500, e.__doc__, status="Could not retrieve information", statusCode="500") except Exception as e: api.abort(404, e.__doc__, status="User item does not exist", statusCode="404")
def delete(self, id): '''Delete user item from database''' try: my_user = User.fetch_by_id(id) user = user_schema.dump(my_user) if len(user) == 0: e = BadRequest('User item does not exist') e.data = {'status': '404'} raise e User.delete_by_id(id) return {'status': 'User item has been deleted'} except KeyError as e: api.abort(500, e.__doc__, status="Could not perform this action", statusCode="500") except Exception as e: api.abort(400, e.__doc__, status="Could perform this action", statusCode="400")
def put(self, reset_token): '''Reset User Password''' received_reset_token = reset_token PasswordReset.decode_reset_token(received_reset_token) token = PasswordReset.token # Check for an existing reset_token with is_expired status as False reset_code_record = ChangePasswordToken.fetch_by_reset_code( reset_code=token) if not reset_code_record: abort(400, 'This reset token does not exist') if reset_code_record.is_expired == True: user_id = reset_code_record.user_id is_expired = True user_records = ChangePasswordToken.fetch_all_by_user_id(user_id) record_ids = [] for record in record_ids: record_ids.append(record.id) for record_id in record_ids: ChangePasswordToken.expire_token(id=record_id, is_expired=is_expired) abort( 400, 'Password reset token has already been used. Please request a new password reset.' ) user_id = reset_code_record.user_id is_expired = True user_records = ChangePasswordToken.fetch_all_by_user_id(user_id) record_ids = [] for record in user_records: record_ids.append(record.id) for record_id in record_ids: ChangePasswordToken.expire_token(id=record_id, is_expired=is_expired) data = api.payload if not data: abort(400, 'No input data detected') password = data['password'] hashed_password = generate_password_hash(data['password'], method='sha256') User.update_password(id=user_id, password=hashed_password) this_user = User.fetch_by_id(id=user_id) user = user_schema.dump(this_user) user_id = this_user.id user_role = UserRole.fetch_by_user_id(user_id) UserPrivilege.get_privileges(user_id=user_id, role=user_role.role) privileges = UserPrivilege.privileges expiry_time = timedelta(minutes=30) my_identity = {'id': this_user.id, 'privileges': privileges} access_token = create_access_token(identity=my_identity, expires_delta=expiry_time) refresh_token = create_refresh_token(my_identity) status = { 'message': 'Successfully changed Password', 'access token': access_token, 'refresh token': refresh_token, 'user': user } return status, 200
def put(self, reset_token): '''Reset User Password''' # Get User-agent and ip address, then compute operating system my_ip = request.environ.get('HTTP_X_FORWARDED_FOR') if my_ip is None: ip = my_ip else: ip = request.environ['HTTP_X_FORWARDED_FOR'] user_agent = str(request.user_agent) user_agent_platform = request.user_agent.platform device_os = compute_platform_version(user_agent, user_agent_platform) if device_os is None or ip is None: abort( 400, 'This request has been rejected. Please use a recognised device' ) received_reset_token = reset_token TokenGenerator.decode_token(received_reset_token) token = TokenGenerator.token # Check for an existing reset_token with is_expired status as False reset_code_record = ChangePasswordToken.fetch_by_reset_code( reset_code=token) if not reset_code_record: abort(400, 'This reset token does not exist') if reset_code_record.is_expired == True: user_id = reset_code_record.user_id is_expired = True user_records = ChangePasswordToken.fetch_all_by_user_id(user_id) record_ids = [] for record in record_ids: record_ids.append(record.id) for record_id in record_ids: ChangePasswordToken.expire_token(id=record_id, is_expired=is_expired) abort( 400, 'Password reset token has already been used. Please request a new password reset.' ) user_id = reset_code_record.user_id is_expired = True user_records = ChangePasswordToken.fetch_all_by_user_id(user_id) record_ids = [] for record in user_records: record_ids.append(record.id) for record_id in record_ids: ChangePasswordToken.expire_token(id=record_id, is_expired=is_expired) data = api.payload if not data: abort(400, 'No input data detected') password = data['password'] hashed_password = generate_password_hash(data['password'], method='sha256') User.update_password(id=user_id, password=hashed_password) this_user = User.fetch_by_id(id=user_id) user = user_schema.dump(this_user) user_id = this_user.id user_role = UserRole.fetch_by_user_id(user_id) privileges = user_role.role.role # Create access token expiry_time = timedelta(minutes=30) my_identity = {'id': this_user.id, 'privileges': privileges} access_token = create_access_token(identity=my_identity, expires_delta=expiry_time) refresh_token = create_refresh_token(my_identity) # Save session info to db new_session_record = Session(user_ip_address=ip, device_operating_system=device_os, user_id=user_id, token=access_token) new_session_record.insert_record() status = { 'message': 'Successfully changed Password', 'access token': access_token, 'refresh token': refresh_token, 'user': user } return status, 200