def practitioners_login(*args, **kwargs):
if request.method == 'POST':
data = json.loads(request.data)
user = User.by_email(data['email'])
if not user or not user.activated:
data.pop('password')
response = jsonify(
request=data,
response={'error': 'Invalid Practitioner'})
response.status_code = 404
return response
if not verify_password(data['password'], user.password):
data.pop('password')
response = jsonify(
request=data,
response={'error': 'Authentication Failed'})
response.status_code = 401
return response
else:
data.pop('password')
response = jsonify(
request=data,
response={'secret': user.secret})
response.status_code = 200
return response
else:
response = jsonify(
request=request.json,
response={'error': 'This request type not supported'})
response.status_code = 400
return response
def decorated_function(*args, **kwargs):
''' authenticate_request validates the use of the provided credentials.
It cycles through a tuple of required_headers and checks the presence
of each header for validation. It then validates the licensekey and
will allow the consumer to use the decorated handler
'''
required_headers = ('datetime', 'body_hash', 'key', 'signature')
for header in required_headers:
if header not in request.headers:
response = jsonify(request=request.json, response={'error': 'Required headers missing'})
response.status_code = 403
return response
sent_timestamp = request.headers.get('datetime', '')
sent_body_hash = request.headers.get('body_hash', '')
sent_key = request.headers.get('key', '')
sent_signature = request.headers.get('signature', '')
user = User.by_email(sent_key)
if not user or not user.active or not user.activated:
response = jsonify(request=request.json, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
recreated_signature = hashlib.sha256(unicode(sent_body_hash + sent_timestamp + user.secret)).hexdigest()
if not sent_signature == recreated_signature:
response = jsonify(request=request.json, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
return f(*args, **kwargs)
def teardown_method(self, method):
os.environ['DATABASE_URL'] = 'sqlite:////tmp/test.db'
from cagenix import db
from cagenix.users.models import User
user = User.by_email('*****@*****.**')
if user:
db.session.delete(user)
db.session.commit()
def practitioners_edit(*args, **kwargs):
print request.method
if request.method == 'PUT':
data = json.loads(request.data)
user = User.by_id(kwargs.get('user_id'))
if not user or not user.activated:
response = jsonify(
request=request.json,
response={'error': 'Invalid Practitioner.'})
response.status_code = 404
return response
user.map_data(data)
db.session.add(user)
db.session.commit()
response = jsonify(
request=data,
response={
'practitioner_id': user.id,
'active': user.active
}
)
response.status_code = 200
return response
elif request.method == 'DELETE':
data = json.loads(request.data)
user = User.by_id(int(kwargs.get('user_id')))
requester = User.by_email(request.headers.get('key'))
if user == requester:
status = 'Success'
status_code = 200
db.session.delete(user)
db.session.commit()
else:
status = 'Not Authorized'
status_code = 401
response = jsonify(
request=data,
response={
'status': status
}
)
response.status_code = status_code
return response
else:
print request.method
response = jsonify(
request=request.json,
response={'error': 'This request type not supported'})
response.status_code = 400
return response
def decorated_function(*args, **kwargs):
''' authenticate_request validates the use of the provided credentials.
It cycles through a tuple of required_headers and checks the presence
of each header for validation. It then validates the licensekey and
will allow the consumer to use the decorated handler
'''
user = User.by_email(request.args.get('email'))
if not user or not user.active or not user.activated:
response = jsonify(request=None, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
query_string = urlparse(request.url).query
is_valid_sig, message = check_signature(user.secret, query_string)
if not is_valid_sig:
response = jsonify(request=None, response={'error': 'Invalid Practitioner'})
response.status_code = 403
return response
return f(*args, **kwargs)
def practitioners_create(*args, **kwargs):
if request.method == 'POST':
data = json.loads(request.data)
user = User.by_email(data['email'])
if not user or user.activated:
response = jsonify(
request=request.json,
response={'error': 'Practitioner or Activiation Code does not exist.'})
response.status_code = 404
return response
if not user.activation_code == data['activation_code']:
response = jsonify(
request=request.json,
response={'error': 'Bad activation code.'})
response.status_code = 401
return response
else:
user.map_data(data)
user.password = encrypt_password(data['password'])
user.gen_secret()
user.activated = True
db.session.add(user)
db.session.commit()
data.pop('password')
response = jsonify(
request=data,
response={'practitioner_id': user.id})
response.status_code = 201
return response
else:
response = jsonify(
request=request.json,
response={'error': 'This request type not supported'})
response.status_code = 400
return response
