def post(self, request): try: try: request.data["token"] request.data["password"] except KeyError: return Response({"error": "Some data is missing"}, status=status.HTTP_400_BAD_REQUEST) token = request.data["token"] jwt_decode_handler = api_settings.JWT_DECODE_HANDLER try: token_info = jwt_decode_handler(token) except: return Response({"error": "Token Expired"}, status=status.HTTP_401_UNAUTHORIZED) try: user = User.objects.get(username=token_info["username"]) except User.DoesNotExist: return Response({"error": "token is wrong"}, status=status.HTTP_401_UNAUTHORIZED) try: user.set_password(request.data["password"]) user.save() except Exception as e: return Response({"error": "Please try again later"}, status=status.HTTP_503_SERVICE_UNAVAILABLE) return Response({"done": "Password is Changed"}, status=status.HTTP_200_OK) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request): if TokenVerify(request): try: id = get_user_ID(request) serializer = FAQSerializer(data=request.data) if (serializer.is_valid()): serializer.save() log( user=User.objects.get(id=id), action="Added FAQ", ) return Response(serializer.data, status=status.HTTP_201_CREATED) else: log( user=User.objects.get(id=id), action="Tried to add FAQ", ) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), id) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def get(self, request, id): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) # TargetUser = User.objects.filter(id = id).first() profile = Profile.objects.get(user=id) user_dictionary = {} user_dictionary["name"] = profile.name user_dictionary["phone"] = profile.mobile user_dictionary["college_id"] = profile.college_id user_dictionary["email"] = profile.user.email user_dictionary["group"] = profile.user.groups.all().first( ).name log( user=User.objects.get(id=I), action="Viewed one user", ) return Response(user_dictionary) except ObjectDoesNotExist: return Response({"msg": "This user doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, pk): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) teams = Team.objects.get(id=pk) for i in teams.achievement.all(): ach = Achievement.objects.get(id=i.id) teams.achievement.remove(ach) ach.delete() teams.delete() log( user=User.objects.get(id=I), action="Deleted a team", ) return Response({"msg": "Deleted successfully!"}, status=status.HTTP_200_OK) except ObjectDoesNotExist: return Response({"msg": "This team doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "Token Invalid"}, status=status.HTTP_400_BAD_REQUEST)
def put(self, request, id): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) user = User.objects.get(pk=id) updated_group = Group.objects.get(name=request.data['group']) print(user) user.groups.clear() user.groups.add(updated_group) log( user=User.objects.filter(id=I).first(), action="Updated a user", ) return Response( {"msg": "User Group Permissions SUccessfully Updated"}, status=status.HTTP_202_ACCEPTED) except ObjectDoesNotExist: return Response({"msg": "This user doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: serializer = UsersSignUpSerializer(data=request.data) if serializer.is_valid(): try: serializer.validated_data["email"] serializer.validated_data["password"] except KeyError: return Response({"error": "Some data is missing"}, status=status.HTTP_400_BAD_REQUEST) try: user = User.objects.get( email=serializer.validated_data["email"]) except User.DoesNotExist: try: user = User.objects.create_user( username=serializer.validated_data['email'], email=serializer.validated_data['email']) defaultGroup = Group.objects.get( name='Waiting Verification') user.set_password( serializer.validated_data['password']) defaultGroup.user_set.add(user) user.save() jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user, 'false') token = jwt_encode_handler(payload) return Response({"token": token}, status=status.HTTP_201_CREATED) except: return Response( {"error": "Please try again later"}, status=status.HTTP_503_SERVICE_UNAVAILABLE) else: if user.email != user.username: return Response( {"error": "User exists as social account."}, status=status.HTTP_406_NOT_ACCEPTABLE) else: return Response({"error": "User exists before."}, status=status.HTTP_406_NOT_ACCEPTABLE) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def BackEndPermissionVerifier(request): auth = get_authorization_header(request).split() token = auth[1] secret = SECRET_KEY # the secret key from the settings payload = jwt.decode(token, secret) try: if payload['position'] == 'IT -SeniorOfficer': return True else: return False except: log_errors(str(ex), id) return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def TokenVerify(request): try: try: auth = get_authorization_header(request).split() token = auth[1] secret = SECRET_KEY # the secret key from the settings jwt.decode(token, secret) return True except: return False except Exception as ex: log_errors(str(ex), id) return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): if TokenVerify(request) and BackEndPermissionVerifier(request): try: id = get_user_ID(request) serializer = TeamSerializer(data=request.data) if serializer.is_valid(): serializer.save() else: log( user=User.objects.get(id=id), action="Tried to add a team", ) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) teams = Team.objects.last() #achievement = {} #name of the obj (JSON)-----DICTIONARY achievement = request.data[ "achievement"] #field inside the dic , put data inside it key=value for single_achievement in achievement: single_achievement = AchievementSerializer( data=single_achievement) if single_achievement.is_valid(): single_achievement.save() teams.achievement.add(Achievement.objects.last()) else: return Response(single_achievement.errors, status=status.HTTP_400_BAD_REQUEST) image = request.data["image"] for single_image in image: single_image = ImageSerializer(data=single_image) if single_image.is_valid(): single_image.save() teams.image.add(Image.objects.last()) else: return Response(single_image.errors, status=status.HTTP_400_BAD_REQUEST) log( user=User.objects.get(id=id), action="Added a team", ) return Response(serializer.data, status=status.HTTP_201_CREATED) except Exception as ex: log_errors(str(ex), id) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "Token Invalid"}, status=status.HTTP_400_BAD_REQUEST)
def get(self, request): if TokenVerify(request): try: id = get_user_ID(request) groups = Group.objects.all() serializer = GroupSerializer(groups, many=True) return Response(serializer.data, status=status.HTTP_201_CREATED) except Exception as ex: log_errors(str(ex), id) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def get(self, request): try: serializer = UsersSignInSerializer(data=request.data) if serializer.is_valid(): try: if User.objects.get( username=serializer.validated_data["username"]): return Response({"exists": "true"}, status=status.HTTP_200_OK) except: return Response({"exists": "false"}, status=status.HTTP_404_NOT_FOUND) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request): try: serializer = UsersSignInSerializer(data=request.data) if serializer.is_valid(): try: serializer.validated_data["email"] serializer.validated_data["password"] serializer.validated_data["remember_me"] except KeyError: return Response({"error": "Some data is missing"}, status=status.HTTP_400_BAD_REQUEST) try: user = User.objects.get( username=serializer.validated_data["email"]) except User.DoesNotExist: return Response( { "Error": "Please Sign up first", "error": "Email/Password is incorrect" }, status=status.HTTP_401_UNAUTHORIZED) else: if authenticate( username=user.username, password=serializer.validated_data["password"]): remember_me = serializer.validated_data["remember_me"] jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user, remember_me) token = jwt_encode_handler(payload) return Response({"token": token}, status=status.HTTP_201_CREATED) else: return Response( { "Error": "Password provided is wrong", "error": "Email/Password is incorrect" }, status=status.HTTP_401_UNAUTHORIZED) else: return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def post(self, request): try: try: #check that the email recieved successfully request.data["email"] except KeyError: return Response({"error": "some data is missing"}, status=status.HTTP_400_BAD_REQUEST) try: #check that a user with that email already exist user = User.objects.get(email=request.data["email"]) if user.email != user.username: return Response( {"error": "Can't reset a social account password"}, status=status.HTTP_401_UNAUTHORIZED) except User.DoesNotExist: return Response({"error": "Email doesn't exist"}, status=status.HTTP_401_UNAUTHORIZED) # try: # #check that the email inserted is not a social account email. # # IF that line " SocialUsers.objects.get(user=user) " execute successfully , then there is a social account for this email # # and that we can't do anything about it's password. # # ELSE it triggers DoesNotExist Exception that is to be handled below # user = User.objects.get(user=user) # return Response({"error": "Can't reset a social account password"}, status=status.HTTP_401_UNAUTHORIZED) else: # At this point, we are sure that this email belongs to a normal account # generate token to login jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user, 2) token = jwt_encode_handler(payload) # prepare the link to be sent in order for the user to use to change the password reset_password_link = "http://http://localhost:4200/auth/change-password/" + token + "/" # prepare the email content to be sent. email_content = "Click on This link to Proceed:<br><br>" + "<a href=" + reset_password_link + ">Reset Password</a><br><br>ASU Racing Team" return Response( {"success": "Email sent: " + reset_password_link}, status=status.HTTP_200_OK) # return sendRTMail(sender = settings.EMAIL_HOST_USER, receiverList = [user.email],subject ='Password Reset',content = email_content ) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def put(self, request, id): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) image = {} news = NewsFeed.objects.get(id=id) image["image"] = request.data["image"] if (image["image"] != ""): image = ImageSerializer(data=image) if image.is_valid(): image.save() news.image.add(Image.objects.last().id) else: return Response(image.errors, status=status.HTTP_400_BAD_REQUEST) else: request.data.pop('image', None) serializer = NewsFeedSerializer(news, data=request.data) if serializer.is_valid(): serializer.save() log( user=User.objects.get(id=I), action="Updated a newsfeed", ) return Response(serializer.data, status=status.HTTP_201_CREATED) else: log( user=User.objects.get(id=I), action="Tried to update newfeed", ) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: return Response({"msg": "This news doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: if 'provider' in request.data and 'email' in request.data and 'social_id' in request.data: try: user = User.objects.get(email=request.data['email']) except User.DoesNotExist: # Create new account with social data user = User.objects.create_user( username=(request.data['provider'] + '-' + request.data['social_id']), email=request.data["email"], password=password_generator(length=8)) my_group = Group.objects.get(name='Waiting Verification') my_group.user_set.add(user) else: if user.username == user.email: #Not a social account return Response( { "error": "The Email exist as a normal account, Please Login with your email and password" }, status=status.HTTP_401_UNAUTHORIZED) #Social account registered before username_temp = user.username provider, socialid = username_temp.split('-') if provider != request.data[ 'provider'] and socialid != request.data['social_id']: return Response({'error': 'Some Data Missing'}, status=status.HTTP_400_BAD_REQUEST) jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler(user, 'false') token = jwt_encode_handler(payload) return Response({"token": token}, status=status.HTTP_201_CREATED) else: return Response({'error': 'Some Data Missing'}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def delete(self, request, id): if TokenVerify(request): try: I = get_user_ID(request) FAQ.objects.get(id=id).delete() log( user=User.objects.get(id=I), action="Deleted a FAQ", ) return Response({"msg": "Deleted successfully"}, status=status.HTTP_200_OK) except ObjectDoesNotExist: return Response({"msg": "This FAQ doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def delete(self, request, id): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) Event.objects.get(id=id).delete() log( user=User.objects.get(id=I), action="Deleted an event", ) return Response({"msg": "Deleted successfully"}, status=status.HTTP_200_OK) except ObjectDoesNotExist: return Response({"msg": "This event doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "Token Invalid"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): if TokenVerify(request) and BackEndPermissionVerifier(request): #to be able to send images , we must first check if image is valid , then save that image , and we will then obtain it from the #image table try: id = get_user_ID(request) image = {} image["image"] = request.data["image"] image = ImageSerializer(data=image) if image.is_valid(): image.save() else: return Response(image.errors, status=status.HTTP_400_BAD_REQUEST) serializer = EventSerializer(data=request.data) if serializer.is_valid(): serializer.validated_data["image"] = [ Image.objects.last().id ] serializer.save() log( user=User.objects.get(id=id), action="Added an event", ) return Response(serializer.data, status=status.HTTP_201_CREATED) else: log( user=User.objects.get(id=id), action="Tried to add an event", ) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), id) return Response({"msg": "An error has happened!"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "Token Invalid"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): if TokenVerify(request) and BackEndPermissionVerifier(request): try: id = get_user_ID(request) image = {} image["image"] = request.data["image"] image = ImageSerializer(data=image) if image.is_valid(): image.save() else: return Response(image.errors, status=status.HTTP_400_BAD_REQUEST) serializer = HighlightSerializer(data=request.data) if serializer.is_valid(): serializer.validated_data["image"] = [ Image.objects.last().id ] serializer.save() log( user=User.objects.get(id=id), action="Added a highlight", ) return Response(serializer.data, status=status.HTTP_201_CREATED) else: log( user=User.objects.get(id=id), action="Tried to add a highlight", ) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), id) return Response({"msg": "Error"}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: # return Response({"Token Validation": "False"}, status=status.HTTP_400_BAD_REQUEST) return Response({"msg": "Token Invalid"}, status=status.HTTP_400_BAD_REQUEST)
def get(self, request): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) profiles = Profile.objects.all() user_list = [] for i in profiles: user_dictionary = {} #key + value user_dictionary["id"] = i.user.id user_dictionary["email"] = i.user.email user_dictionary["name"] = i.name user_dictionary["phone"] = i.mobile user_dictionary["college_id"] = i.college_id user_dictionary["group"] = i.user.groups.all().first().name user_list.append(user_dictionary) return Response(user_list) except Exception as ex: log_errors(str(ex), I) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "unauthorized"}, status=status.HTTP_400_BAD_REQUEST)
def post(self, request): try: serializer = SocialSerializer1(data=request.data) social_serializer_username = SocialSerializer2(data=request.data) if serializer.is_valid() and social_serializer_username.is_valid(): #new user try: social_serializer_username.validated_data["email"] except KeyError: return Response({"error": "Some data is missing"}, status=status.HTTP_400_BAD_REQUEST) try: #1)checking whether the account already exists as a SOCIAL USER or not ? user = User.objects.get( password=serializer.validated_data["password"]) except Exception as e: #1.1)No it doesn't exist as a socialUser , then check the normal user table try: user = User.objects.get( username=social_serializer_username. validated_data["username"]) except User.DoesNotExist: try: #1.1.1) not Found in any of the 2 tables (SocialUsers and User), then add this Social Account user = User.objects.create_user( username=social_serializer_username. data['username'], password=serializer.validated_data['password'], email=serializer.validated_data['email']) serializer.save() # return Response(status=status.HTTP_200_OK) my_group = Group.objects.get(name='Default') my_group.user_set.add(user) except Exception as e: print(e) # return Response({"error": "Please try again later","content":str(e)}, status=status.HTTP_503_SERVICE_UNAVAILABLE) jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler( user, serializer.validated_data["remember_me"]) token = jwt_encode_handler(payload) return Response({"token": token}, status=status.HTTP_201_CREATED) else: #1.1.2) exists as a normal user account, so won't be created again return Response( { "error": "The Account Already Exists, you should login using your Email" }, status=status.HTTP_401_UNAUTHORIZED) else: #1.2)YES that account already exist so, won't created again. jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler( user.user, serializer.validated_data["remember_me"]) token = jwt_encode_handler(payload) return Response({"token": token}, status=status.HTTP_201_CREATED) elif serializer.is_valid( ) and not social_serializer_username.is_valid(): #existing user try: user = User.objects.get( password=serializer.validated_data["password"]) except User.DoesNotExist: print("error") # return Response({"error": "Social account doesn't exist, Please sign up first"}, status=status.HTTP_401_UNAUTHORIZED) else: if serializer.validated_data["email"] == user.email: jwt_payload_handler = api_settings.JWT_PAYLOAD_HANDLER jwt_encode_handler = api_settings.JWT_ENCODE_HANDLER payload = jwt_payload_handler( user.user, serializer.validated_data["remember_me"]) token = jwt_encode_handler(payload) return Response({"token": token}, status=status.HTTP_201_CREATED) else: return Response({"Error": "Social provider is wrong"}, status=status.HTTP_401_UNAUTHORIZED) else: # wrong data #collect errors in data submitted to be sent to client side. social_serializer_username.is_valid() serializer.is_valid() errors = serializer.errors errors.update(social_serializer_username.errors) return Response(errors, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), 1) return Response("An error has happened!", status=status.HTTP_500_INTERNAL_SERVER_ERROR)
def put(self, request, pk): if TokenVerify(request) and BackEndPermissionVerifier(request): try: I = get_user_ID(request) teams = Team.objects.get(id=pk) achievements = request.data["achievement"] for single_achievement in achievements: if (Achievement.objects.filter( id=single_achievement["id"]).exists()): ach = Achievement.objects.get( id=single_achievement["id"]) if (single_achievement["image"] == ""): single_achievement.pop('image', None) single_achievement = AchievementSerializer( ach, data=single_achievement) if single_achievement.is_valid(): single_achievement.save() else: return Response(single_achievement.errors, status=status.HTTP_400_BAD_REQUEST) else: single_achievement = AchievementSerializer( data=single_achievement) if single_achievement.is_valid(): single_achievement.save() teams.achievement.add(Achievement.objects.last()) else: return Response(single_achievement.errors, status=status.HTTP_400_BAD_REQUEST) images = request.data["image"] for i in teams.image.all(): teams.image.remove(i) i.delete() for single_image in images: single_image = ImageSerializer(data=single_image) if single_image.is_valid(): single_image.save() teams.image.add(Image.objects.last()) else: return Response(single_image.errors, status=status.HTTP_400_BAD_REQUEST) serializer = TeamSerializer(teams, data=request.data) if serializer.is_valid(): serializer.save() log( user=User.objects.get(id=I), action="Updated a team", ) return Response(serializer.data, status=status.HTTP_201_CREATED) else: log( user=User.objects.get(id=I), action="Tried to update a team", ) return Response(serializer.errors, status=status.HTTP_400_BAD_REQUEST) except ObjectDoesNotExist: return Response({"msg": "This team doesn't exist"}, status=status.HTTP_400_BAD_REQUEST) except Exception as ex: log_errors(str(ex), 1) return Response({"msg": "An error has happened! "}, status=status.HTTP_500_INTERNAL_SERVER_ERROR) else: return Response({"msg": "Token Invalid"}, status=status.HTTP_400_BAD_REQUEST)