def facebook_login():
''' logs in user using fb_access_token returning the corresponding JWT
if user does not exist registers/creates a new one'''
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
fb_access_token = post_data.get('fb_access_token')
if not fb_access_token:
raise InvalidPayload()
try:
graph = GraphAPI(fb_access_token)
profile = graph.get("me?fields=id,name,email,link")
except Exception:
raise UnauthorizedException()
fb_user = User.first(User.fb_id == profile['id'])
if not fb_user:
# Not an existing user so get info, register and login
user = User.first(User.email == profile['email'])
code = 200
with session_scope(db.session) as session:
if user:
user.fb_access_token = fb_access_token
user.fb_id = profile['id']
else:
# Create the user and insert it into the database
user = User(email=profile['email'],
fb_id=profile['id'],
fb_access_token=fb_access_token)
session.add(user)
code = 201
# generate auth token
auth_token = user.encode_auth_token()
return {
'status': 'success',
'message': 'Successfully facebook registered.',
'auth_token': auth_token.decode()
}, code
else:
auth_token = fb_user.encode_auth_token()
with session_scope(db.session):
fb_user.fb_access_token = fb_access_token
return {
'status': 'success',
'message': 'Successfully facebook login.',
'auth_token': auth_token.decode()
}
def add_user(_):
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
try:
user = User.first(or_(User.username == username, User.email == email))
if not user:
userModel = User(username=username, email=email, password=password)
db.session.add(userModel)
db.session.commit()
response_object = {
'status': 'success',
'message': f'{email} was added!'
}
return response_object, 201
else:
raise BusinessException(
message='Sorry. That email or username already exists.')
except (exc.IntegrityError, ValueError):
db.session.rollback()
raise InvalidPayload()
def set_standalone_user(user_id: int):
''' changes user password when logged in'''
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
username = post_data.get('username')
pw_old = post_data.get('old_password')
pw_new = post_data.get('new_password')
if not username or not pw_old or not pw_new:
raise InvalidPayload()
# fetch the user data
user = User.get(user_id)
if not user.fb_id:
raise NotFoundException(
message='Must be a facebook user login. Please try again.')
# fetch the user data
user = User.get(user_id)
if not bcrypt.check_password_hash(user.password, pw_old):
raise NotFoundException(message='Invalid password. Please try again.')
if not User.first(User.username == username):
with session_scope(db.session):
user.username = username
user.password = bcrypt.generate_password_hash(
pw_new, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode()
return {
'status': 'success',
'message': 'Successfully changed password.',
}
else:
raise BusinessException(
message=
'Sorry. That username already exists, choose another username')
def register_user():
# get post data
post_data = request.get_json()
if not post_data:
raise InvalidPayload()
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
if not password or not username or not email:
raise InvalidPayload()
# check for existing user
user = User.first(or_(User.username == username, User.email == email))
if not user:
# add new user to db
new_user = User(username=username, email=email, password=password)
with session_scope(db.session) as session:
session.add(new_user)
# need another scope if not new_user does not exists yet
with session_scope(db.session) as session:
token = new_user.encode_email_token()
new_user.email_token_hash = bcrypt.generate_password_hash(
token, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode()
if not current_app.testing:
from project.api.common.utils.mails import send_registration_email
send_registration_email(new_user, token.decode())
# save the device
if all(x in request.headers for x in [
Constants.HttpHeaders.DEVICE_ID,
Constants.HttpHeaders.DEVICE_TYPE
]):
device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID)
device_type = request.headers.get(
Constants.HttpHeaders.DEVICE_TYPE)
with session_scope(db.session):
Device.create_or_update(device_id=device_id,
device_type=device_type,
user=user)
# generate auth token
auth_token = new_user.encode_auth_token()
return {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token.decode()
}, 201
else:
# user already registered, set False to device.active
if Constants.HttpHeaders.DEVICE_ID in request.headers:
device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID)
device = Device.first_by(device_id=device_id)
if device:
with session_scope(db.session):
device.active = False
raise BusinessException(message='Sorry. That user already exists.')
