def edit_password(id):
json_data = request.get_json()
user = Users.find_by_id(id)
if user:
hashed_old_password = hashlib.md5(json_data['old_password'].encode('utf-8')).hexdigest()
hashed_new_password = hashlib.md5(json_data['new_password'].encode('utf-8')).hexdigest()
if hashed_old_password == user.password:
user.password = hashed_new_password
else:
return {"msg": "error, passwords isn't correct."}
else:
return {"msg": "usr not found"}, 404
return {"msg": "Password updated correctly."}
def __init__(self, username, email, password, phone, surename, gendre):
self.username = username
self.email = email
self.password = hashlib.md5(password.encode('utf-8')).hexdigest()
self.phone = phone
self.surename = surename
self.gendre = gendre
def login():
if request.method == 'POST':
if not request.form['id'] or not request.form['password']:
return render_template('login.html', valid_fields='Campos vacios')
else:
user = User.query.filter_by(id=request.form['id']).first()
if user is None:
return render_template('login.html',
valid_fields='Usuario inexistente')
else:
form_password = hashlib.md5(
bytes(request.form['password'],
encoding='utf-8')).hexdigest()
if not form_password == user.password:
return render_template(
'login.html', valid_fields='Contraseña incorrecta')
else:
login_user(user)
if user.type_user == 'Mozo':
return redirect(url_for('order'))
elif user.type_user == 'Cocinero':
return redirect(url_for('token'))
else:
return render_template('login.html', valid_fields='')
def add_photo(photo_upload):
filename = photo_upload.filename
ext_type = filename.split('.')[-1]
storage_file_name = '{}.{}'\
.format(
hashlib.md5(filename.split('.')[0].encode('utf-8')).hexdigest(),
ext_type
)
image_path = os.path.join(os.path.abspath('static'), 'img',
storage_file_name)
thumbnail_path = os.path.join(os.path.abspath('static'), 'img/thumbnail',
storage_file_name)
pic = Image.open(photo_upload)
pic.save(image_path) # original image
outputsize = (200, 200)
pic.thumbnail(outputsize)
pic.save(thumbnail_path) # thumbnail for index page
return storage_file_name
def post(self):
"""
Do the login to the application. Let the identification and create a jwt token with user info
"""
result = dict()
result['token'] = ''
auth = request.authorization
if not auth or not auth.username or not auth.password:
return result, 401
print('authorization', auth)
loginUser = auth.username
phrase = auth.password
user = login(loginUser)
if not user:
return result, 401
phrase = hashlib.md5(phrase.encode())
print(phrase.hexdigest(), '==', user.phrase)
if (user.phrase == phrase.hexdigest()):
print("Pass verification, preparing token")
token = jwt.encode(
{
'id':
user.idusuari,
'username':
user.dsusuari,
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}, settings.SECRET_KEY)
jwtToken = token.decode('UTF-8')
result['token'] = jwtToken
return result, 201
print("Pass failed")
return result, 401
def set_passowrd(self, password):
self.password = hashlib.md5(password.encode('utf-8')).hexdigest()
def password_check(self, password):
if self.password == hashlib.md5(password.encode('utf-8')).hexdigest():
return True