def put(self): email = request.form.get('email', None) old_password = request.form.get('old_password', None) new_password = request.form.get('new_password', None) # check password with old_password if verify_password(email, old_password): #reset password user = UserModel.query.filter(UserModel.email == email).first() try: user.password = generate_password_hash(new_password) db.session.commit() except IntegrityError as e: field, value = get_exists_error(e) _return = { 'message': "'" + value + "' is error.", 'field': getattr(form, field).label.text } return _return, status.HTTP_400_BAD_REQUEST return None, status.HTTP_200_OK else: _return = { 'message': 'User does not exist or the password does not match.' } return _return, status.HTTP_400_BAD_REQUEST
def post(self): email = request.form.get('email', None) password = request.form.get('password', None) if verify_password(email, password): _return = {'data': token_generate(email=email)} return _return, status.HTTP_200_OK else: _return = { 'message': 'User does not exist or the password does not match.' } return _return, status.HTTP_400_BAD_REQUEST
def post(self): email = request.form.get('email', None) password = request.form.get('password', None) if verify_password(email, password): _return = { 'data': token_generate(email=email) } return _return, status.HTTP_200_OK else: _return = { 'message': 'User does not exist or the password does not match.' } return _return, status.HTTP_400_BAD_REQUEST
def put(self, prefix): try: if prefix == 'me': user_id = token_load_with_auth(request.headers['Authorization'])['user_id'] else: user_id = int(prefix) user_query = UserModel.query \ .filter(UserModel.id == user_id) if token_is_auth(request.headers['Authorization'], user_id): # user_permission = token_load_with_auth(request.headers['Authorization'])['permission'] # if user_permission != 'ADMIN' and request.form.get('permission') is not None: # return "You don't have permission.", status.HTTP_401_UNAUTHORIZED form = userValidate.modificationForm(request.form) # print(form) if form.validate(): if user_query.count(): user = user_query.first() try: for key, value in request.form.items(): if key == 'change_email': '''check emaoil''' check_user_query = UserModel.query.filter(UserModel.email == value).first() if check_user_query is not None: _return = { 'message': "'" + value + "' is already exists.", 'field': 'New email' } return _return, status.HTTP_400_BAD_REQUEST '''check password''' if verify_password(user.email, request.form.get('changeEmailPassword')) is False: _return = { 'message': "Password is wrong", 'field': 'Password' } return _return, status.HTTP_400_BAD_REQUEST setattr(user, 'email', value) setattr(user, 'confirmed', False) else: if value is not None and value != '': if key == 'password': value = generate_password_hash(value) token_expire_all(user.id) setattr(user, key, value) user.updated_at = datetime.datetime.now() db.session.commit() except IntegrityError as e: field, value = get_exists_error(e) _return = { 'message': "'" + value + "' is already exists.", 'field': { 'label': getattr(form, field).label.text, 'name': field } } return _return, status.HTTP_400_BAD_REQUEST return None, status.HTTP_200_OK else: return "The user does not exist.", status.HTTP_404_NOT_FOUND for field, errors in form.errors.items(): print(form, field) for error in errors: _return = { 'message': error, 'field': getattr(form, field).label.text } return _return, status.HTTP_400_BAD_REQUEST else: return "You don't have permission.", status.HTTP_401_UNAUTHORIZED except ValueError: return "Prefix can only be me or a number.", status.HTTP_400_BAD_REQUEST