def put(self, public_id):
selectQuery = users_tbl.select(users_tbl.c.public_id == public_id)
result = list(selectQuery.execute())
if not result:
return ({"message": "no such public_id exists, token not changed"})
if result:
_id = result[0][0]
#public_id = result[0][1]
company = result[0][2]
#token = result[0][3]
active = result[0][4]
new_public_id = str(uuid.uuid4())
new_token = str(
jwt.encode({
"public_id": public_id
},
APP_SECRET_KEY,
algorithm='HS256').decode("UTF-8"))
update_statement = users_tbl.update().where(
users_tbl.c.public_id == public_id).values(
public_id=new_public_id, token=new_token)
update_statement.execute()
return ({
"message": "successfully updated user with new token",
"public_id": new_public_id,
"company": company,
"token": new_token,
"active": active
})
def post(self, company):
#add users to the table unless they already exist
try:
selectQuery = users_tbl.select(users_tbl.c.company == company)
result = list(selectQuery.execute())
if result:
return ({
"message":
"company already exists under that name pick a new one"
})
public_id = str(uuid.uuid4())
#public_id = "818fb7e6-7074-4730-8bd8-cba675535280"
token = str(
jwt.encode({
"public_id": public_id
},
APP_SECRET_KEY,
algorithm='HS256').decode("UTF-8"))
users_tbl.insert().execute(public_id=public_id,
token=token,
company=company)
return ({
"message": "successfully created a new user",
"company": company,
"public_id": public_id,
"token": token
}, 201)
except:
return ({"message": "unable to update database"}, 500)
def decorated(*args, **kwargs):
token = None
if "x-access-token" not in request.headers:
return ({"message": "x-access-token is missing from header"})
if "x-access-token" in request.headers:
token = request.headers["x-access-token"]
else:
return ({"message": "token is missing"}, 401)
if not token:
return ({"message": "token is missing"}, 401)
try:
data = jwt.decode(token, app.config["SECRET_KEY"])
public_id = data['public_id']
try:
selectQuery = users_tbl.select(
users_tbl.c.public_id == public_id)
result = list(selectQuery.execute())
if result[0][2] == "admin":
return f(*args, **kwargs)
else:
return ({"message": "forbidden not admin"}, 403)
except Exception as e:
return ({"message": str(e)}, 500)
except:
return ({"message": "token is invalid"}, 401)
def get(self, public_id):
selectQuery = users_tbl.select(users_tbl.c.public_id == public_id)
result = list(selectQuery.execute())
if result:
_id = result[0][0]
public_id = result[0][1]
company = result[0][2]
token = result[0][3]
active = result[0][4]
return ({
"company": company,
"public_id": public_id,
"token": token,
"active": active
})
else:
return ({"message": "no such public_id exists in the database"})
def decorated(*args, **kwargs):
token = None
if "x-access-token" not in request.headers:
return ({"message": "x-access-token is missing from header"})
if "x-access-token" in request.headers:
token = request.headers["x-access-token"]
else:
return ({"message": "token is missing"}, 401)
if not token:
return ({"message": "token is missing"}, 401)
try:
data = jwt.decode(token, app.config["SECRET_KEY"])
public_id = data['public_id']
try:
selectQuery = users_tbl.select(
users_tbl.c.public_id == public_id)
result = list(selectQuery.execute())
if result:
if result[0][4] == True:
return f(*args, **kwargs)
else:
return ({
"message": "you are not an activated user"
}, 401)
else:
return ({"message": "public_id not found"}, 401)
except:
return ({
"message":
"an error occured and your token may or may not be valid"
}, 500)
except:
return ({"message": "token is invalid"}, 401)