def api_cv_id_password(current_user: User, user_id: int) -> Tuple[dict, int]:
# CHANGE YOUR PASSWORD
if not current_user.admin and current_user.id != int(user_id):
return error_response('not authorized', 401, None)
json_data = request.get_json()
try:
old_password_from_json = json_data['old_password']
new_password_from_json = json_data['new_password']
except KeyError as ex:
return error_response('bad input data', 400, ex)
session = get_session()
cv_being_updated = session.query(User).get(user_id)
if cv_being_updated is None:
return error_response('bad input data', 404, None)
if check_password_hash(cv_being_updated.password, old_password_from_json):
cv_being_updated.password = generate_password_hash(
new_password_from_json, method='sha256', salt_length=8)
session.commit()
return jsonify(cv_being_updated.object_as_dict()), 200
return error_response('bad input data', 400, None)
def api_cv_id_put(current_user: User, user_id: int) -> Tuple[dict, int]:
# UPDATE CV OF ID [id] WITH JSON DATA
if not current_user.admin and current_user.id != int(user_id):
return error_response('not authorized', 401, None)
json_data = request.get_json()
session = get_session()
cv_being_updated = session.query(User).get(user_id)
if cv_being_updated is None:
return error_response('bad input data', 400, None)
cv_being_updated.username = json_data['username']
cv_being_updated.firstname = json_data['firstname']
cv_being_updated.lastname = json_data['lastname']
replace_experience_with_json(cv_being_updated, json_data)
try:
replace_skills_with_json(session, cv_being_updated, json_data)
session.commit()
except IntegrityError as ex:
return error_response('bad input data', 400, ex)
return jsonify(cv_being_updated.object_as_dict()), 200
def api_cv_get() -> Tuple[dict, int]:
# GET ALL CVs
session = get_session()
all_db_records = [user.object_as_dict() for user in session.query(User)]
return jsonify(all_db_records), 200
def api_cv_id_get(user_id: int) -> Tuple[dict, int]:
# GET ONE CV OF ID [id]
session = get_session()
one_db_record = session.query(User).get(user_id)
try:
response = jsonify(one_db_record.object_as_dict()), 200
return response
except AttributeError:
return make_response('', 404)
def api_cv_stats_count() -> Tuple[dict, int]:
# GET COUNT OF USERS WITH PROVIDED SKILL SET
json_data = request.get_json()
session = get_session()
sql = SQL_COUNT.format(subs=create_param_subs(json_data))
params = parse_params(json_data)
result = session.execute(sql, params).scalar()
return jsonify({'number_of_users_with_skill_set': result}), 200
def api_cv_id_delete(current_user: User, user_id: int) -> Tuple[dict, int]:
# DELETE CV OF ID [id]
if not current_user.admin:
return error_response('not authorized', 401, None)
session = get_session()
cv_to_be_deleted = session.query(User).get(user_id)
if cv_to_be_deleted is not None:
session.delete(cv_to_be_deleted)
session.commit()
return jsonify({}), 204
else:
return error_response('bad input data', 404, None)
def api_cv_stats() -> Tuple[dict, int]:
# GET CVs OF USERS WITH PROVIDED SKILL SET
json_data = request.get_json()
session = get_session()
sql = SQL_STATS.format(subs=create_param_subs(json_data))
params = parse_params(json_data)
result = session.execute(sql, params).fetchall()
users_with_skill_set = [{
'firstname': user.firstname,
'lastname': user.lastname
} for user in result]
return jsonify(users_with_skill_set), 200
def api_cv_post(current_user: User) -> Tuple[dict, int]:
# ADD NEW CV BASED ON JSON DATA
if not current_user.admin:
return error_response('not authorized', 401, None)
session = get_session()
try:
json_data = request.get_json()
except BadRequest as ex:
return error_response('bad input data', 400, ex)
new_cv = User()
try:
new_cv.username = json_data['username']
new_cv.password = json_data.get('password', '')
if new_cv.password != '':
new_cv.password = generate_password_hash(new_cv.password,
method='sha256',
salt_length=8)
new_cv.admin = False
new_cv.firstname = json_data['firstname']
new_cv.lastname = json_data['lastname']
replace_skills_with_json(session, new_cv, json_data)
replace_experience_with_json(new_cv, json_data)
except (KeyError, TypeError, AttributeError) as ex:
return error_response('bad input data', 400, ex)
except OperationalError as ex:
return error_response('db error', 500, ex)
session.add(new_cv)
try:
session.commit()
except (DataError, IntegrityError) as ex:
return error_response('bad input data', 400, ex)
return jsonify(new_cv.object_as_dict()), 201
def login() -> Tuple[dict, int]:
auth = request.authorization
if not auth or not auth.username or not auth.password:
return error_response('not authorized', 401, None)
session = get_session()
user = session.query(User).filter_by(username=auth.username).first()
if not user:
return error_response('not authorized', 401, None)
if check_password_hash(user.password, auth.password):
token = jwt.encode(
{
'username': user.username,
'exp':
datetime.datetime.utcnow() + datetime.timedelta(minutes=30)
}, os.environ['SECRET_KEY'])
return jsonify({'token': token.decode('UTF-8')})
return error_response('not authorized', 401, None)
def extract_user():
token = request.headers.get('Authorization')
if not token:
raise MissingTokenError
try:
token = token.split(' ')[1]
data = jwt.decode(token, os.environ['SECRET_KEY'])
except (DecodeError, KeyError, IndexError):
raise InvalidTokenError
except ExpiredSignatureError:
raise ExpiredTokenError
session = get_session()
try:
current_user = session.query(User).filter_by(
username=data['username']).one()
except NoResultFound:
raise InvalidTokenError
return current_user
