def login():
logger.log("admin_api", "Logging User In")
logger.debug("admin_api", "User:\n" +request.form['user'])
user = json.loads(request.form['user'])
return user_login.login(user)
def _validate_username(self, username):
logger.debug("Registrar", "Username: "******"\\" in username or " " in username or len(username) < 1 or len(username) > 20 or username == "guest":
logger.log("Registrar", "Invalid Username")
return False
else:
logger.log("Registrar", "Valid Username")
return True
def _valid_user(self, user, password):
'''First make sure that the user isnt a guest (invalid email in the retrieval stage)
Then make sure the password provided matches the password stored in the database'''
logger.log("Login", "Validating User")
return self._check_user_id(user['id']) and self._check_password(user['password'], password)
def _validate_password(self, password):
logger.debug("Registrar", "Password: "******"\\" in password or " " in password or len(password) < 4 or len(password) > 254:
logger.log("Registrar", "Invalid Password")
return False
else:
logger.log("Registrar", "Valid Password")
return True
def _retrieve_user(self, email):
'''Retrieves the user stored in the database with the given email
return as a guest if no matching email is found'''
logger.log("Login", "Retrieving User")
user = json.loads(admin_select.user(email))
return user
def _generate_token(self, user_id, username):
'''Generates a 32 alpha numeric token and attches in to a JSON containg user id and name'''
logger.log("Login", "Generating Token")
token = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(32))
logger.log("Login", "Updating Stored Token")
admin_update.stored_token(user_id, token)
return '{{"id": "{0}", "username": "******", "token" : "{2}"}}'.format(user_id, username, token)
def _validate_email(self, email):
#Check format and Slength of the email
logger.debug("Registrar", "Email: " +email)
if (re.match(r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)", email)
and len(email) <= 254):
logger.log("Registrar", "Valid Email")
return True
else:
logger.log("Registrar", "Invalid Email")
return False
def add_comments(index, new_token = None):
logger.log("blog_api", "Adding A New Comment")
comment = json.loads(request.form['comment'])
user = new_token
response = blog_interface.add_comment_to_post(index, comment, user)
return '{{"response" : "{response}", "token" : {token} }}'.format(
response = response, token = json.dumps(new_token))
def _get_connection_string(self):
'''Reads the api level connection_string.json and create a python json file from the result'''
try:
with open("api/connection_string.json", "r") as connection_file:
connection_string = ''.join(connection_file.readlines())
return json.loads(connection_string)
except:
logger.log("DatabaseConnection", "There was an error with the connection string")
def check_permisions():
try:
user = json.loads(request.form['token'])
except:
logger.log("Application", "Error in check_permissions")
user = json.loads(user_login.guest_user)
check = json.loads(request.form['check'])
return authorize.check(check, user)
def create_post(new_token = None):
logger.log("blog_api", "Creating New Post")
post = json.loads(request.form['post'])
image = request.files['image']
response = blog_interface.create_post(post, image)
return '{{"response" : "{response}", "token" : {token} }}'.format(
response = response, token = json.dumps(new_token))
def modify_post(new_token = None):
logger.log("blog_api", "Modify Post: " + request.form['postId'])
logger.debug("blog_api", "Post Body: " + request.form['body'])
body = json.loads(request.form['body'])
post_id = json.loads(request.form['postId'])
response = blog_interface.modify_post(post_id, body)
return '{{"response" : "{response}", "token" : {token} }}'.format(
response = response, token = json.dumps(new_token))
def login(self, provided):
user = self._retrieve_user(provided['email'])
if self._valid_user(user, provided['password']):
logger.log("Login", "Login Valid")
return self._generate_token(user['id'], user['username'])
else:
logger.log("Login", "Login Invalid")
return self.guest_user
def __call__(self, *args, **kwargs):
logger.log("DatabaseConnection", "Connecting to database")
db = self._connect()
connection_cursor = db.cursor()
try:
query_result = self.function(cursor = connection_cursor, *args, **kwargs)
db.commit();
logger.log("DatabaseConnection", "Query Successful")
except MySQLdb.Error as exception:
db.rollback()
logger.log("DatabaseConnection", "Database Exception: " + str(exception))
message = exception.args[1]
if exception.args[0] == 1062: #Duplicate Entry Error
if "username_UNIQUE" in exception.args[1]:
message = "This username already exists."
elif "email_UNIQUE" in exception.args[1]:
message = "This email is already in use."
return '{{"Error" : "{message}"}}'.format(message = message)
finally:
logger.log("DatabaseConnection", "Closing Database Connection")
db.close()
return query_result
def check_user_status(self, user_token):
logger.log("Login", "Checking User Status")
logger.debug("Login", json.dumps(user_token))
user_id = user_token['id']
token = user_token['token']
stored_token= json.loads(admin_select.stored_token(user_id))
if stored_token['token'] == token:
logger.log("Login", "User is up to date")
new_token = self._generate_token(user_id, user_token['username'])
return new_token
else:
logger.log("Login", "Invalid Token")
return self.guest_user
def register_user(self, user_json):
username = user_json['username']
email = user_json['email']
password = user_json['password']
if self._validate_user(username, email, password):
hashed_password = generate_password_hash(password)
logger.log("Registrar", "New User is Valid")
logger.log("Registrar", "Adding User to Database")
return admin_insert.new_user(username, email, hashed_password)
else:
logger.log("Registrar", "New User is invalid")
return False
def check_action(*args, **kwargs):
logger.log("AuthorizeAction", "Checking for '" +self.purpose +"' authorization")
logger.debug("AuthorizeAction", "Request Token:\n" +request.form['token'])
user = json.loads(request.form['token'])
validated_user = json.loads(self._login.check_user_status(user))
user_id = validated_user['id']
user_permissions = json.loads(admin_select.user_permissions(user_id))
if self._Security_Level[self.purpose] >= int(user_permissions['permissions']):
logger.log("AuthorizeAction", "Authorization Granted")
return function(new_token = validated_user, *args, **kwargs)
else:
logger.log("AuthorizeAction", "Authorization Denied")
return '{{"token" : "{}" }}'.format(validated_user)
def register_user():
logger.log("admin_api", "Registering User")
logger.debug("admin_api", "User:\n" +request.form['user'])
user = json.loads(request.form['user'])
response = registrar.register_user(user)
if response:
try:
if(json.loads(response)['status'] == "Success"):
logger.log("admin_api", "Registration Successful")
return user_login.login(user)
else:
return response
except:
return response
else:
logger.log("admin_api", "Registration Failed")
return '{"status" : "Failure"}'
def _validate_user(self, username, email, password):
logger.log("Registrar", "Validating New User")
return self._validate_username(username) and self._validate_email(email) and self._validate_password(password)
def get_post(index):
logger.log("blog_api", "Retrieving Post With Index " +index)
return blog_interface.retrieve_post(index)
def get_post_headers():
logger.log("blog_api", "Retrieving Post Headers")
return blog_interface.get_headers()