async def reset_password(request: web.Request, body) -> web.Response: token = request.cookies.get('AppCookie') if not token: raise web.HTTPForbidden(body=json.dumps( {'error': 'Access denied for requested resource'}), content_type='application/json') user = token_decode(token, request.app['config']['SECRET_KEY'], audience='restore_password_coockie') user_table = get_model_by_name('user') user_exists = await request.app['pg'].fetchval( select([exists().where(user_table.c.user_id == user['user_id'])])) if not user_exists: raise web.HTTPNotFound(body=json.dumps({'error': 'User not found'}), content_type='application/json') user = await request.app['pg'].fetchrow(user_table.update().where( user_table.c.user_id == user['user_id']).values(**body).returning( literal_column('*'))) if request.app['config']['AUTO_AUTHENTICATION']: return await set_authorization_cookie( user, {'hours': 24}, request.app['config']['SECRET_KEY']) return web.Response(body=json.dumps({'status': 'ok'}), content_type='application/json')
async def patch_user(request: web.Request, body) -> web.Response: user_id = id_validator(request.match_info['user_id'], 'user') user_table = get_model_by_name('user') user_exists = await request.app['pg'].fetchval( select([exists().where(user_table.c.user_id == user_id)])) if not user_exists: raise web.HTTPNotFound(body=json.dumps( {'error': f'User with id={user_id} not found'}), content_type='application/json') if request.auth_user['user_id'] != user_id: raise web.HTTPForbidden(body=json.dumps( {'error': 'Access denied for requested resource'}), content_type='application/json') if not body: return web.Response(status=200, content_type='application/json', body=json.dumps({})) user = await request.app['pg'].fetchrow(user_table.update().where( user_table.c.user_id == user_id).values(**body).returning( literal_column('*'))) result = row_to_dict(user_table, user) return web.Response(status=200, content_type='application/json', body=json.dumps(result))
async def get_all_users(request: web.Request) -> web.Response: user_table = get_model_by_name('user') users = await request.app['pg'].fetch(user_table.select()) result = [row_to_dict(user_table, user) for user in users] return web.Response(status=200, content_type='application/json', body=json.dumps(result))
async def forgot_password(request: web.Request, body) -> web.Response: # check is user exist user_table = get_model_by_name('user') user = await request.app['pg'].fetchrow( user_table.select().where(user_table.c.login == body['login'])) if not user: raise web.HTTPNotFound(content_type='application/json', body=json.dumps({'error': 'User not found'})) # generate token expiration_time = datetime.utcnow() + timedelta(hours=24) token = jwt.encode(payload={ 'login': user['login'], 'user_id': user['user_id'], 'exp': expiration_time, 'aud': 'restore_password_url' }, key=request.app['config']['SECRET_KEY']).decode('utf-8') # generate url url = '{scheme}://{host}/api/v1/restorepassword/{token}'.format( scheme=request.scheme, host=request.app['config']['HOST'] or request.host, token=token) data = { 'email_type': 'restore_password', 'to_name': user['login'], 'to_addr': user['email'], 'linc': url, 'subject': 'Restore Password' } ''' email = Email(request) email_resp = await email.send(request.scheme, request.app['config']['EMAIL_SERVICE_HOST'], data={'email_type': 'restore_password', 'to_name': user['login'], 'to_addr': user['email'], 'linc': url, 'subject': 'Restore Password'}) if not email_resp['success']: raise web.HTTPUnprocessableEntity(content_type='application/json', body=json.dumps({'email_service_error': email_resp['error']})) ''' # await request.app.rmq.produce(data, request.app['config']['RMQ_PRODUCER_QUEUE']) await request.app['redis'].rpush('email', json.dumps(data)) return web.Response(status=200, content_type='application/json', body=json.dumps({'status': 'ok'}))
async def get_user(request: web.Request) -> web.Response: user_id = id_validator(request.match_info['user_id'], 'user') user_table = get_model_by_name('user') user_exists = await request.app['pg'].fetchval( select([exists().where(user_table.c.user_id == user_id)])) if not user_exists: raise web.HTTPNotFound(body=json.dumps( {'error': f'User with id={user_id} not found'}), content_type='application/json') user = await request.app['pg'].fetchrow( user_table.select().where(user_table.c.user_id == user_id)) return web.Response(status=200, content_type='application/json', body=json.dumps(row_to_dict(user_table, user)))
async def login(request: web.Request, body) -> web.Response: user_table = get_model_by_name('user') user = await request.app['pg'].fetchrow( user_table.select().where(user_table.c.login == body['login'])) if not user: raise web.HTTPUnauthorized(body=json.dumps( {'error': 'Invalid username / password combination'}), content_type='application/json') if body['password'] == user['password']: return await set_authorization_cookie_redis(user, {'hours': 24}, request.app['redis']) raise web.HTTPUnauthorized(body=json.dumps( {'error': 'Invalid username / password combination'}), content_type='application/json')
async def create_user(request: web.Request, body) -> web.Response: user_table = get_model_by_name('user') login = body['login'] exist = await request.app['pg'].fetchval( select([exists().where(user_table.c.login == login)])) if exist: return web.HTTPConflict(body=json.dumps( {'error': f'User with login "{login}" already exist'}), content_type='application/json') data = await request.app['pg'].fetchrow( user_table.insert().values(**body).returning(literal_column('*'))) body['user_id'] = data['user_id'] del body['password'] return web.Response(status=201, content_type='application/json', body=json.dumps(body))