def put(self):
email = request.form.get('email', None)
old_password = request.form.get('old_password', None)
new_password = request.form.get('new_password', None)
# check password with old_password
if verify_password(email, old_password):
#reset password
user = UserModel.query.filter(UserModel.email == email).first()
try:
user.password = generate_password_hash(new_password)
db.session.commit()
except IntegrityError as e:
field, value = get_exists_error(e)
_return = {
'message': "'" + value + "' is error.",
'field': getattr(form, field).label.text
}
return _return, status.HTTP_400_BAD_REQUEST
return None, status.HTTP_200_OK
else:
_return = {
'message':
'User does not exist or the password does not match.'
}
return _return, status.HTTP_400_BAD_REQUEST
def post(self):
email = request.form.get('email', None)
password = request.form.get('password', None)
if verify_password(email, password):
_return = {'data': token_generate(email=email)}
return _return, status.HTTP_200_OK
else:
_return = {
'message':
'User does not exist or the password does not match.'
}
return _return, status.HTTP_400_BAD_REQUEST
def post(self):
email = request.form.get('email', None)
password = request.form.get('password', None)
if verify_password(email, password):
_return = {
'data': token_generate(email=email)
}
return _return, status.HTTP_200_OK
else:
_return = {
'message': 'User does not exist or the password does not match.'
}
return _return, status.HTTP_400_BAD_REQUEST
def put(self, prefix):
try:
if prefix == 'me':
user_id = token_load_with_auth(request.headers['Authorization'])['user_id']
else:
user_id = int(prefix)
user_query = UserModel.query \
.filter(UserModel.id == user_id)
if token_is_auth(request.headers['Authorization'], user_id):
# user_permission = token_load_with_auth(request.headers['Authorization'])['permission']
# if user_permission != 'ADMIN' and request.form.get('permission') is not None:
# return "You don't have permission.", status.HTTP_401_UNAUTHORIZED
form = userValidate.modificationForm(request.form)
# print(form)
if form.validate():
if user_query.count():
user = user_query.first()
try:
for key, value in request.form.items():
if key == 'change_email':
'''check emaoil'''
check_user_query = UserModel.query.filter(UserModel.email == value).first()
if check_user_query is not None:
_return = {
'message': "'" + value + "' is already exists.",
'field': 'New email'
}
return _return, status.HTTP_400_BAD_REQUEST
'''check password'''
if verify_password(user.email, request.form.get('changeEmailPassword')) is False:
_return = {
'message': "Password is wrong",
'field': 'Password'
}
return _return, status.HTTP_400_BAD_REQUEST
setattr(user, 'email', value)
setattr(user, 'confirmed', False)
else:
if value is not None and value != '':
if key == 'password':
value = generate_password_hash(value)
token_expire_all(user.id)
setattr(user, key, value)
user.updated_at = datetime.datetime.now()
db.session.commit()
except IntegrityError as e:
field, value = get_exists_error(e)
_return = {
'message': "'" + value + "' is already exists.",
'field': {
'label': getattr(form, field).label.text,
'name': field
}
}
return _return, status.HTTP_400_BAD_REQUEST
return None, status.HTTP_200_OK
else:
return "The user does not exist.", status.HTTP_404_NOT_FOUND
for field, errors in form.errors.items():
print(form, field)
for error in errors:
_return = {
'message': error,
'field': getattr(form, field).label.text
}
return _return, status.HTTP_400_BAD_REQUEST
else:
return "You don't have permission.", status.HTTP_401_UNAUTHORIZED
except ValueError:
return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST