def facebook_login(): ''' logs in user using fb_access_token returning the corresponding JWT if user does not exist registers/creates a new one''' post_data = request.get_json() if not post_data: raise InvalidPayload() fb_access_token = post_data.get('fb_access_token') if not fb_access_token: raise InvalidPayload() try: graph = GraphAPI(fb_access_token) profile = graph.get("me?fields=id,name,email,link") except Exception: raise UnauthorizedException() fb_user = User.first(User.fb_id == profile['id']) if not fb_user: # Not an existing user so get info, register and login user = User.first(User.email == profile['email']) code = 200 with session_scope(db.session) as session: if user: user.fb_access_token = fb_access_token user.fb_id = profile['id'] else: # Create the user and insert it into the database user = User(email=profile['email'], fb_id=profile['id'], fb_access_token=fb_access_token) session.add(user) code = 201 # generate auth token auth_token = user.encode_auth_token() return { 'status': 'success', 'message': 'Successfully facebook registered.', 'auth_token': auth_token.decode() }, code else: auth_token = fb_user.encode_auth_token() with session_scope(db.session): fb_user.fb_access_token = fb_access_token return { 'status': 'success', 'message': 'Successfully facebook login.', 'auth_token': auth_token.decode() }
def add_user(_): post_data = request.get_json() if not post_data: raise InvalidPayload() username = post_data.get('username') email = post_data.get('email') password = post_data.get('password') try: user = User.first(or_(User.username == username, User.email == email)) if not user: userModel = User(username=username, email=email, password=password) db.session.add(userModel) db.session.commit() response_object = { 'status': 'success', 'message': f'{email} was added!' } return response_object, 201 else: raise BusinessException( message='Sorry. That email or username already exists.') except (exc.IntegrityError, ValueError): db.session.rollback() raise InvalidPayload()
def set_standalone_user(user_id: int): ''' changes user password when logged in''' post_data = request.get_json() if not post_data: raise InvalidPayload() username = post_data.get('username') pw_old = post_data.get('old_password') pw_new = post_data.get('new_password') if not username or not pw_old or not pw_new: raise InvalidPayload() # fetch the user data user = User.get(user_id) if not user.fb_id: raise NotFoundException( message='Must be a facebook user login. Please try again.') # fetch the user data user = User.get(user_id) if not bcrypt.check_password_hash(user.password, pw_old): raise NotFoundException(message='Invalid password. Please try again.') if not User.first(User.username == username): with session_scope(db.session): user.username = username user.password = bcrypt.generate_password_hash( pw_new, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode() return { 'status': 'success', 'message': 'Successfully changed password.', } else: raise BusinessException( message= 'Sorry. That username already exists, choose another username')
def register_user(): # get post data post_data = request.get_json() if not post_data: raise InvalidPayload() username = post_data.get('username') email = post_data.get('email') password = post_data.get('password') if not password or not username or not email: raise InvalidPayload() # check for existing user user = User.first(or_(User.username == username, User.email == email)) if not user: # add new user to db new_user = User(username=username, email=email, password=password) with session_scope(db.session) as session: session.add(new_user) # need another scope if not new_user does not exists yet with session_scope(db.session) as session: token = new_user.encode_email_token() new_user.email_token_hash = bcrypt.generate_password_hash( token, current_app.config.get('BCRYPT_LOG_ROUNDS')).decode() if not current_app.testing: from project.api.common.utils.mails import send_registration_email send_registration_email(new_user, token.decode()) # save the device if all(x in request.headers for x in [ Constants.HttpHeaders.DEVICE_ID, Constants.HttpHeaders.DEVICE_TYPE ]): device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID) device_type = request.headers.get( Constants.HttpHeaders.DEVICE_TYPE) with session_scope(db.session): Device.create_or_update(device_id=device_id, device_type=device_type, user=user) # generate auth token auth_token = new_user.encode_auth_token() return { 'status': 'success', 'message': 'Successfully registered.', 'auth_token': auth_token.decode() }, 201 else: # user already registered, set False to device.active if Constants.HttpHeaders.DEVICE_ID in request.headers: device_id = request.headers.get(Constants.HttpHeaders.DEVICE_ID) device = Device.first_by(device_id=device_id) if device: with session_scope(db.session): device.active = False raise BusinessException(message='Sorry. That user already exists.')