def get(self): #Check if auth token is in headers authToken = request.headers.get("X-Auth-Token") if not authToken: return apiClient.unAuthorized() #Check if token matches in DB results = authCollection.find_one({"Token": authToken}) logger.info("Auth results: {}".format(results)) #if no token in DB if not results: return apiClient.unAuthorized() #Check if token has expired if TimestampExpired(results['Expires']): logger.info("Auth token expired") return apiClient.unAuthorized() #Find user in users DB user = collection.find_one({"Username" : results['Username']}) #If no user found return 401 if not user: return apiClient.unAuthorized() return apiClient.success({})
def post(self): schema = UserSchema() try: data = json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") try: authUser = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","Token","League","Username","Password","Points","CenterID",)) except ValidationError as err: return err.messages, 404 results = collection.find_one({"Email": authUser['Email']}) if not results: return apiClient.notFound("Email not found") tempToken = GenerateToken(6) tempData = {"Email":authUser['Email'], "Token":tempToken, "Expire":getExpirationTime(hours=1)} if not pendingReset.insert_one(tempData): logger.error("Failed to create temp data") return apiClient.internalServerError() #Send email to reset user password with open(FORGOT_TEMPLATE, 'r') as stream: emailBodyTemplate = stream.read() emailBody = emailBodyTemplate.format(user_email=authUser['Email'],reset_url="http://3.15.199.174:5000/ResetPasswordForm/{}".format(tempToken)) SendEmail(authUser['Email'], "Reset Account Password", emailBody)
def get(self): #Check if auth token is in headers authToken = request.headers.get("X-Auth-Token") if not authToken: return apiClient.unAuthorized() #Use method to get associated username from given token username = Authorization(authToken) #If no token found return error 401 if not username: return apiClient.unAuthorized() #Check for matching username in collection results = collection.find_one({"Username": username}) #If no results return error if not results: return apiClient.notFound("User not found") #Try to delete password and ID keys from dictionary try: del (results['Password'],results['_id'],results['Timestamp'],results['CenterID']) except KeyError: logger.error("Failed to delete keys in dic") return apiClient.internalServerError() return results
def post(self): '''First handle auth token''' #Check if auth token is in headers authToken = request.headers.get("X-Auth-Token") if not authToken: return apiClient.unAuthorized() #Check if token matches in DB results = authCollection.find_one({"Token": authToken}) #If no token in DB if not results: return apiClient.unAuthorized() #Check if auth token is expired if TimestampExpired(results['Expires']): logger.info("Auth token expired") return apiClient.unAuthorized() #Find user in users DB user = collection.find_one({"Username": results['Username']}) #If no user found return 401 if not user: return apiClient.unAuthorized() #If user does not equal admin return 401 if user['Type'] != "Admin": return apiClient.unAuthorized() '''Now handle body''' schema = UserSchema() #Try to load json try: data = json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") #Load data into schema try: checkData = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","Token","League","Username","Password","Points","Email",)) except ValidationError as err: return err.messages, 400 exp = getExpirationTime(hours=checkData['Expires']) insertData = {"Expires": exp, "Name":checkData['Coupon'], "CenterID":checkData['CenterID']} if not couponsCollection.insert_one(insertData): logger.info("Failed to create admin coupon in coupon collection") return apiClient.internalServerError() return apiClient.success({})
def get(self): '''Check Auth Token First''' #Check if auth token is in headers authToken = request.headers.get("X-Auth-Token") if not authToken: return apiClient.unAuthorized() #Check if token matches in DB results = authCollection.find_one({"Token": authToken}) logger.info("Auth results: {}".format(results)) #if no token in DB if not results: return apiClient.unAuthorized() #Check if token has expired if TimestampExpired(results['Expires']): logger.info("Auth token expired") return apiClient.unAuthorized() #Find user in users DB user = collection.find_one({"Username" : results['Username']}) #If no user found return 401 if not user: return apiClient.unAuthorized() coupons = usedCollection.find_one({"Email":user['Email']}) if not coupons: return apiClient.badRequest("No coupons found") #Check to see if cloud coupon was created for center in coupons collection cloudCoupon = couponsCollection.find_one({"CenterID": coupons['CenterID']}) #If cloud coupon is found add it to array list if cloudCoupon: logger.info("Cloud coupon found") coupons['CloudCoupon'] = True else: logger.info("No cloud coupon found") coupons['CloudCoupon'] = False #Try to delete password and ID keys from dictionary try: del (coupons['Email'],coupons['_id'],coupons['CenterID']) except KeyError: logger.error("Failed to delete keys in dic") return apiClient.internalServerError() return coupons
def post(self): #Load schema schema = UserSchema() try: data = json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") #Load user login data against schema try: check_user = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","Email","League","Token","Points","CenterID",)) except ValidationError as err: return err.messages, 400 #Find user in database with associated username results = collection.find_one({"Username": check_user['Username']}) #Check if no results have been returned if not results: return apiClient.badRequest("Username not found") #Now check password to verify user and login if not VerifyPassword(check_user['Password'], results['Password']): return apiClient.badRequest("Invalid password") #Pass generated token to variable token = GenerateToken(20) #Create timestamp for token ts = datetime.utcnow().isoformat() #Get expiration time for token exp = getExpirationTime(hours=24) #Create insert data dictionary insertData = {} insertData['Username'] = check_user['Username'] insertData['Token'] = token insertData['TimeStamp'] = ts insertData['Expires'] = exp #Inserting data into authCollection if not authCollection.insert_one(insertData): logger.error("Failed to insert data into Auth DB") return apiClient.internalServerError() retData = apiClient._prepareBody({"AuthToken": token, "AccessLevel": results['Type']}) return apiClient.success(retData)
def post(self): schema = UserSchema() try: data = json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") try: resetUser = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","League","Username","Email","Points","CenterID",)) except ValidationError as err: return err.messages, 400 match = re.search("[a-zA-Z0-9_]", resetUser["Password"]) if match: hashedPassword = EncryptPassword(resetUser["Password"]) resetUser.update({'Password' : hashedPassword}) else: return apiClient.badRequest("Not a valid password") token = resetUser['Token'] email = resetAuth(token) if not email: return apiClient.unAuthorized() results = collection.find_one({"Email": email}) if not results: return apiClient.notFound("Email not found") if not collection.update({"Email": results['Email']}, {"$set":{"Password": hashedPassword}}): logger.error("Failed to update user {} with new password".format(results['Email'])) return apiClient.internalServerError() if not pendingReset.delete_one({"Token": token}): logger.error("Failed to delete pending reset request") return apiClient.success("Password has been reset")
def post(self): '''Check auth token first''' #Check if auth token is in headers authToken = request.headers.get("X-Auth-Token") if not authToken: return apiClient.unAuthorized() #Check if token matches in DB results = authCollection.find_one({"Token": authToken}) logger.info("Auth results: {}".format(results)) #if no token in DB if not results: return apiClient.unAuthorized() #Check if token has expired if TimestampExpired(results['Expires']): logger.info("Auth token expired") return apiClient.unAuthorized() #Find user in users DB user = collection.find_one({"Username" : results['Username']}) #If no user found return 401 if not user: return apiClient.unAuthorized() #Check if auth token comes from admin if user['Type'] != "Admin": return apiClient.unAuthorized() '''Now handle body''' #Load schema schema = UserSchema() #Load json try: data = json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") #Load point request against schema try: checkData = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","League","Token","Password","Username","Points",)) except ValidationError as err: return err.messages, 400 #Find coupon in Bogo collection findCoupon = usedCollection.find_one({"Email":checkData['Email']}) #If not found return 400 if not findCoupon: return apiClient.badRequest("Coupon data not found") #Check that center ID matches if findCoupon['CenterID'] != checkData['CenterID']: return apiClient.unAuthorized() #Make coupon list variable couponsRedeemed = findCoupon['Used'] #Make coupon name variable couponName = checkData['Coupon'] #Make sure coupon exists in crons and coupon collections if not cronCollection.find_one({"Name": couponName}): if not couponsCollection.find_one({"Name": couponName}): return apiClient.badRequest("Coupon not available") #If coupon has been used return 400 if couponName in couponsRedeemed: return apiClient.badRequest("Sorry... This coupon has already been redeemed") else: #Update collection for used coupon if not usedCollection.update({"Email":findCoupon['Email']}, {"$push": {"Used": couponName}}): logger.error("Failed to update coupon after being used") return apiClient.internalServerError() return apiClient.success({})
def post(self): '''Check auth token first''' #Check if auth token is in headers authToken = request.headers.get("X-Auth-Token") if not authToken: return apiClient.unAuthorized() #Check if token matches in DB results = authCollection.find_one({"Token": authToken}) logger.info("Auth results: {}".format(results)) #if no token in DB if not results: return apiClient.unAuthorized() #Check if token has expired if TimestampExpired(results['Expires']): logger.info("Auth token expired") return apiClient.unAuthorized() #Find user in users DB user = collection.find_one({"Username" : results['Username']}) #If no user found return 401 if not user: return apiClient.unAuthorized() #Check if auth token comes from admin if user['Type'] != "Admin": return apiClient.unAuthorized() '''Now handle body''' #Load schema schema = UserSchema() #Load json try: data = json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") #Load point request against schema try: checkData = schema.load(data, partial=("Fname","Lname","Birthdate","Phone","League","Token","Password","Username",)) except ValidationError as err: return err.messages, 400 #Find user in user collection findUser = collection.find_one({"Email":checkData['Email']}) #Otherwise return 400 if not findUser: return apiClient.badRequest("User account not found") if checkData['CenterID'] != findUser['CenterID']: return apiClient.unAuthorized() #Create point variables newPts = checkData['Points'] currentPts = findUser['Points'] #Add points resultPts = currentPts + newPts #Results cannot be less than zero return 400 if resultPts < 0: return apiClient.badRequest("User does not have enough points") #Update user collection in DB with new point value if not collection.update({"Email": findUser['Email']}, {"$set":{"Points": resultPts}}): logger.error("Failed to update user {} with new points".format(findUser['Email'])) return apiClient.internalServerError()
def post(self): #Load schema schema = UserSchema() #Try to load json data try: data=json.loads(request.data) except Exception as e: return apiClient.badRequest("Invalid json") #Create new user by loading data from dictionary into UserSchema try: new_user = schema.load(data, partial=("Token","Points",)) except ValidationError as err: return err.messages, 400 #Now validate formatting of user data with validate_Data method try: UserSchema.validate_Data(new_user) except ValidationError as err: return err.messages, 400 #Check to see if username is taken if collection.find_one({"Username": new_user['Username']}): return apiClient.badRequest("Username already in use") #Check if user exists in DB if collection.find_one({"Email": new_user['Email']}): return apiClient.badRequest("You already have an account") else: if re.search("@{}$".format(ADMIN_USERS), new_user['Email']): logger.info("Setting {} as admin".format(new_user['Email'])) new_user['Type'] = "Admin" else: new_user['Type'] = "User" new_user['Points'] = 0 #Create timestamp ts = datetime.utcnow().isoformat() #Create expiration time for entry and update new_user exp = getExpirationTime(hours=2) #Generate tempToken tempToken = GenerateToken(6) new_user.update(TempToken = tempToken, Timestamp = ts, Expires = exp) #Insert new user into temp DB if not tempCollection.insert_one(new_user): logger.error("Falied to create user {} in temp DB".format(new_user['Email'])) return apiClient.internalServerError() #Send email to verify user account with open(VERIFY_EMAIL_TEMPLATE, 'r') as stream: emailBodyTemplate = stream.read() emailBody = emailBodyTemplate.format(fname=new_user['Fname'], verify_url="http://3.15.199.174:5000/VerifyUser/{}".format(tempToken)) SendEmail(new_user['Email'], "Verification", emailBody) logger.info("User {} added to temp Db and emailed verification token".format(new_user['Email'])) return apiClient.success("Please check email for verification code")