def post(self):
parser = reqparse.RequestParser()
id = int(requests.get(f"{api_url}/users/count").text)
parser.add_argument('sessionUserID')
parser.add_argument('form')
args = parser.parse_args()
sessionUserID = args['sessionUserID']
formData = args['form']
formDict = Helper.ParseArgs(formData)
try:
usertype = formDict['usertype']
except:
usertype = 'regular_user'
firstname = formDict['firstname']
lastname = formDict['lastname']
email = formDict['email']
time = datetime.now()
year = time.strftime("%Y")[2:4]
month = time.strftime("%m")
username = firstname[0].lower() + lastname.lower() + month + year
avatarlink = formDict['avatarlink']
password_expiration_date = time + timedelta(days=7)
password_Ex = password_expiration_date.strftime('%Y-%m-%d')
if (avatarlink == ''):
avatarlink = 'https://www.jennstrends.com/wp-content/uploads/2013/10/bad-profile-pic-2-768x768.jpeg'
try:
password = formDict['password']
except:
password = Helper.GeneratePassword()
hashed_password = generate_password_hash(password)
engine.execute(
f"""INSERT INTO Users (id, username, email, usertype, firstname, lastname, avatarlink, is_active,
is_password_expired, reactivate_user_date, hashed_password, failed_login_attempts, password_expiration_date)
VALUES ({id}, '{username}', '{email}','{usertype}', '{firstname}', '{lastname}', '{avatarlink}', 1, 0, '1900-01-01', '{hashed_password}', 0,'{password_Ex}');
INSERT INTO Passwords (id, password) VALUES ({id}, '{hashed_password}');"""
)
message = f"User created"
data = {
'SessionUserID': sessionUserID,
'UserID': id,
'AccountNumber': 0,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
msg = Message('Hello from appdomainteam3!', recipients=[email])
msg.body = f"Hello, your login for appdomainteam3 is:\nUsername: {username}\nPassword: {password}"
mail.send(msg)
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('action')
parser.add_argument('journal_id')
parser.add_argument('form')
parser.add_argument('sessionUserID')
args = parser.parse_args()
action = args['action']
journal_ID = args['journal_id']
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
query = f"""UPDATE JournalEntries SET Status = '{action}', Message = '{formDict['message']}' WHERE Journal_ID = {journal_ID}"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Helper.CustomResponse(500, 'SQL Error')
journalEntryDict = requests.get(
f"{api_url}/journals?Journal_ID={journal_ID}").json()
srcAccountDict = requests.get(
f"{api_url}/accounts/{journalEntryDict[0]['SourceAccountNumber']}"
).json()
destAccountDict = requests.get(
f"{api_url}/accounts/{journalEntryDict[0]['DestAccountNumber']}"
).json()
message = f"Journal Entry {action}"
data = {
'SessionUserID': sessionUserID,
'UserID': srcAccountDict['id'],
'AccountNumber': srcAccountDict['AccountNumber'],
'Event': message,
'Amount': 0
}
requests.post(f"{api_url}/events/create", json=data)
message = f"Journal Entry {action}"
data = {
'SessionUserID': sessionUserID,
'UserID': destAccountDict['id'],
'AccountNumber': destAccountDict['AccountNumber'],
'Event': message,
'Amount': 0
}
requests.post(f"{api_url}/events/create", json=data)
return Helper.CustomResponse(200, f"Journal Entry {action}")
def post(self, user_id):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
parser.add_argument('userID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
userID = args['userID']
currentPassword = formDict['currentPassword']
newPassword = formDict['newPassword']
sqlCurrentPassword = requests.get(
f"{api_url}/users/{user_id}").json()[0]['hashed_password']
previousPasswords = requests.get(
f"{api_url}/users/{user_id}/get_passwords").json()
if (check_password_hash(sqlCurrentPassword, currentPassword) == False):
response = Helper.CustomResponse(401,
'Incorrect current password!')
return response
for entry in previousPasswords:
if check_password_hash(entry['password'], newPassword):
response = Helper.CustomResponse(
406, 'New password has been used before!')
return response
newPassword = generate_password_hash(newPassword)
engine.execute(
f"""UPDATE Users SET hashed_password = '******' WHERE id = {user_id}; INSERT INTO Passwords (id, password) VALUES ({user_id}, '{newPassword}');"""
)
message = "User Password Updated"
data = {
'SessionUserID': sessionUserID,
'UserID': userID,
'AccountNumber': 0,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
response = Helper.CustomResponse(200, 'Password has been updated!')
return response
def post(self, user_id):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
parser.add_argument('userID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
userID = args['userID']
reactivateUserDate = formDict['deactivate']
if reactivateUserDate == '':
reactivateUserDate = '1900-01-01'
active = False
if (datetime.strptime(reactivateUserDate, '%Y-%m-%d') <
datetime.now()):
active = True
email = formDict['email']
usertype = formDict['usertype']
firstname = formDict['firstname']
lastname = formDict['lastname']
avatarlink = formDict['avatarlink']
if (avatarlink == ''):
avatarlink = 'https://www.jennstrends.com/wp-content/uploads/2013/10/bad-profile-pic-2-768x768.jpeg'
engine.execute(
f"""UPDATE Users SET email = '{email}', usertype = '{usertype}', firstname = '{firstname}', lastname = '{lastname}',
avatarlink = '{avatarlink}', is_active = '{active}', reactivate_user_date = '{reactivateUserDate}' WHERE id = '{user_id}';"""
)
message = f"User profile updated"
data = {
'SessionUserID': sessionUserID,
'UserID': userID,
'AccountNumber': 0,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
response = Response(f"'{username}' updated\n" + json.dumps(args),
status=200,
mimetype='application/json')
return response
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
username = formDict['username']
email = formDict['email']
response = requests.get(f"{api_url}/users/{username}")
if (response.status_code != 200):
return Response("No user with that username!",
status=404,
mimetype='application/json')
if (response.json()[0]['email'] != email):
return Response(
f"Email does not match email on file for {username}!",
status=406,
mimetype='application/json')
id = response.json()[0]['id']
password = Helper.GeneratePassword()
msg = Message('Hello from appdomainteam3!', recipients=[email])
msg.body = f"Hello, your login for appdomainteam3 is:\nUsername: {username}\nPassword: {password}"
mail.send(msg)
password = generate_password_hash(password)
engine.execute(
f"""UPDATE Users SET hashed_password = '******' WHERE id = {id}; INSERT INTO Passwords (id, password) VALUES ({id}, '{password}');"""
)
message = 'Used forgot password function'
data = {
'SessionUserID': sessionUserID,
'UserID': id,
'AccountNumber': 0,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
return Response(f"Temporary password sent!",
status=200,
mimetype='application/json')
def post(self, account_number):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
parser.add_argument('userID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
userID = args['userID']
accountName = formDict['accountName']
accountDesc = formDict['accountDesc']
normalSide = formDict['normalSide']
category = formDict['category']
subcategory = formDict['subcategory']
accountOrder = formDict['accountOrder']
comment = formDict['comment']
query = f"""UPDATE Accounts SET AccountName = '{accountName}', AccountDesc = '{accountDesc}', NormalSide = '{normalSide}', Category = '{category}', Subcategory = '{subcategory}', AccountOrder = {accountOrder}, Comment = '{comment}' WHERE AccountNumber = {account_number}"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Response("SQL Error",
status=500,
mimetype='application/json')
message = f"Account updated"
data = {
'SessionUserID': sessionUserID,
'UserID': userID,
'AccountNumber': account_number,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
response = Helper.CustomResponse(200, 'Account Edited Successfully!')
return response
def post(self, username):
parser = reqparse.RequestParser()
parser.add_argument('form')
parser.add_argument('sessionUserID')
args = parser.parse_args()
formDict = Helper.ParseArgs(args['form'])
sessionUserID = args['sessionUserID']
if formDict['accountHolderUsername'] != None:
user = formDict['accountHolderUsername']
else:
user = username
response = requests.get(f"{api_url}/users/{user}")
if response.status_code == 404:
return (response.json())
user = response.json()[0]
id = user['id']
accountName = formDict['accountName']
accountDesc = formDict['accountDesc']
normalSide = formDict['normalSide']
category = formDict['category']
subcategory = 'None'
balance = 0
creationDate = datetime.now().strftime('%Y-%m-%d %H:%M:%S')
accountOrder = 1
statement = 'None'
comment = 'None'
accountNumber = Helper.GenerateAccountNumber(api_url)
isActive = 1
response = Helper.CheckForDuplicateAccountName(id, accountName,
api_url)
if response.status_code != 200:
return response
query = f"""INSERT INTO Accounts VALUES ({id}, '{accountName}', {accountNumber}, '{accountDesc}', '{normalSide}',
'{category}', '{subcategory}', {balance}, '{creationDate}', {accountOrder},
'{statement}', '{comment}', {isActive})"""
try:
engine.execute(query)
except Exception as e:
print(e)
return Response("SQL Error",
status=500,
mimetype='application/json')
message = f"Account created"
data = {
'SessionUserID': sessionUserID,
'UserID': id,
'AccountNumber': accountNumber,
'Amount': 0,
'Event': message
}
requests.post(f"{api_url}/events/create", json=data)
email = user['email']
msg = Message('Account Creation Notice', recipients=[email])
msg.body = f"Hello,\nThank you for opening a {category} account with us!"
mail.send(msg)
response = Helper.CustomResponse(200, 'Account Created!')
return response