def post(self):
"""
POST /login
Expected: AuthDto.credentials
"""
user = UserService.get_by_username(request.json.get("username"))
if user is None:
return self.format_failure(401, "Login Failed")
password_valid = user.verify_password(request.json.get("password"))
if not password_valid:
return self.format_failure(401, "Login Failed")
access, refresh = generate_jwt_keypair(user.id, user.tribe_id,
user.role)
return self.format_success(
200, {
"user": user.dictionary,
"tokens": {
"access": access,
"refresh": refresh
}
})
def post(self):
"""
POST /auth/authorize
Refresh Token required in Authorization header
generates an Access Token from a Refresh Token
"""
token = request.headers.get("Authorization")
if token is None:
return self.format_failure(400, "No Authorization Header provided")
error, _ = validate_refresh_token(token)
if error is not None:
return self.format_failure(401, error)
if "Bearer " in token:
token = token.split(" ").pop()
existing_token = get_refresh_token(token)
if existing_token is None:
return self.format_failure(401, "Invalid Token")
if existing_token.revoked:
return self.format_failure(401, "Token Revoked")
user = UserService.get_by_id(int(existing_token.user_id))
if user is None:
return self.format_failure(
404, "User associated with token does not exist")
access_token = generate_access_token(user.id, user.tribe_id, user.role)
return self.format_success(200, {"token": access_token})
def post(self):
post_data = request.json
resp = UserService.add_to_recommend_list(post_data)
if resp[1] != 200:
return abort(403, resp[0])
else:
return resp
def get(self, user_id: str):
"""
GET /user/<user_id>
Returns a User if found
"""
user = UserService.get_by_public_id(user_id)
if user is None:
return self.format_failure(404, "User not found")
return self.format_success(200, {"user": user.dictionary})
def delete(self, user_id: str):
"""
DELETE /user/<user_id>
Deletes a User
"""
user = UserService.get_by_public_id(user_id)
if user is None:
return self.format_failure(404, "User not found")
user.delete()
return self.format_success(204)
def wrapper(*args, **kwargs):
user_id = kwargs.get("user_id")
user = UserService.get_by_public_id(user_id)
jwt = kwargs.get("jwt")
if user is None:
return Resource.format_failure(404, "User not found")
# Admin has superuser rights
if user.role == UserRoles.ADMIN:
return wrapped_func(*args, **kwargs, user=user)
# TribeAdmin has superuser rights over their tribe
# TODO: Tribeadmin edit logic
if jwt.get("user_id") != user.id:
return Resource.format_failure(
401, "You are not authorized to perform this action")
return wrapped_func(*args, **kwargs, user=user)
def postvalidation(self):
"""
Ensure that the username is unique and the tribe exists if provided
"""
existing_user = UserService.get_by_username(
request.json.get("username"))
if existing_user is not None:
self.add_error("username", "Username already exists")
return
tribe_id = request.json.get("tribe_id")
if tribe_id is None:
self.lookup_cache.add("tribe", None)
return
tribe = TribeService.get_by_public_id(tribe_id)
if tribe is None:
self.add_error("tribe_id", "Tribe not found")
self.lookup_cache.add("tribe", tribe)
def post(self):
post_data = request.json
return UserService.save_user_payment(data=post_data)
def post(self):
update_dict = request.json
return UserService.update_user_info(update_dict)
def get(self):
return UserService.get_user_feed()
def get(self):
# Fetching the user id
return UserService.get_by_id(id=request.args.get('id'))
def get(self, username):
resp = UserService.get_seen_list(username)
if resp[1] != 200:
return abort(403, resp[0])
else:
return resp
def get(self, username):
# Fetching the user id
return UserService.get_by_username(username)
def get(self, username):
resp = UserService.get_user_posts(username)
if resp[1] != 200:
return abort(403, resp[0])
else:
return resp
def get(self):
return UserService.get_user_payment()
def get(self):
return UserService.get_user_tags()
def get(self, id):
# Fetching the user id
return UserService.get_by_id(id=id)