def update_role(u_id, role):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u.access == USER_ACCESS[role]:
abort(409, 'User already has that role')
u.access = USER_ACCESS[role]
def get_avatar(u_id):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u.avatar is None:
return None
return join(config.avatars.DIRECTORY, f'avatar{u_id}.{u.avatar.ext}')
def self_delete(u_id, password):
with get_session() as s:
u = User.get_or_404(s, u_id)
opw = str(password).encode('utf-8')
pw = str(u.password).encode('utf-8')
if not bcrypt.checkpw(opw, pw):
abort(422, 'Invalid password')
u.status = 'deleted'
def close_all_sessions(u_id, password):
with get_session() as s:
u = User.get_or_404(s, u_id)
opw = str(password).encode('utf-8')
pw = str(u.password).encode('utf-8')
if not bcrypt.checkpw(opw, pw):
abort(422, 'Invalid password')
u.cookie_id = uuid.uuid4()
return u
def update_avatar(u_id, file):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u.avatar:
delete_avatar(u_id)
ext = files.get_ext(file.filename)
files.save(file, f'avatar{u_id}.{ext}', config.avatars)
s.add(Avatar(u_id=u_id, ext=ext))
def ban_user(u_id):
with get_session() as s:
u = User.get_or_404(s, u_id)
if (u.has_access('moderator')
or not current_user.has_access('moderator')):
abort(403)
if u.status == 'banned':
abort(409, 'User has already banned')
u.status = 'banned'
def change_password(u_id, old_password, new_password):
with get_session() as s:
u = User.get_or_404(s, u_id)
opw = str(old_password).encode('utf-8')
npw = str(new_password).encode('utf-8')
pw = str(u.password).encode('utf-8')
if not bcrypt.checkpw(opw, pw):
abort(422, 'Invalid password')
if bcrypt.checkpw(npw, pw):
abort(422, 'Old and new passwords are equal')
npw = bcrypt.hashpw(npw, bcrypt.gensalt())
u.password = npw.decode('utf-8')
u.cookie_id = uuid.uuid4()
return u
def update(u_id, new_data):
with get_session() as s:
u = User.get_or_404(s, u_id)
if u_id != current_user.id and not current_user.has_access(
'moderator'):
abort(403)
for param, value in new_data.items():
if param == 'tags':
if not current_user.has_access('moderator'):
abort(403, 'You cant change tags')
u.tags = s.query(Tag).filter(Tag.name.in_(value)).all()
elif param == 'interests':
u.interests = s.query(Tag).filter(Tag.name.in_(value)).all()
else:
setattr(u, param, value)
def register_user(data):
with get_session() as s:
user = s.query(User).filter(User.email == data['email']).one_or_none()
# checking unique link
while True:
confirmation_link = nanoid.generate(size=50)
exists = s.query(User).filter(
User.confirmation_link == confirmation_link).one_or_none()
if not exists:
break
pw = bcrypt.hashpw(
str(data['password']).encode('utf-8'),
bcrypt.gensalt()).decode('utf-8')
if user:
if user.status == 'deleted':
user.password = pw
user.name = data['name']
user.surname = data['surname']
user.status = config.DEFAULT_USER_STATUS
user.confirmation_link = confirmation_link
elif user.status == 'banned':
abort(409, 'User with this email was banned')
else:
abort(409, 'Trying to register existing user')
else:
user = User(email=data['email'],
name=data['name'],
surname=data['surname'],
password=pw,
confirmation_link=confirmation_link)
s.add(user)
if config.DEFAULT_USER_STATUS == 'unconfirmed':
util.send_email(data['email'], confirmation_link)
logging.info('Registering new user [{}]'.format(data['email']))
def get(u_id):
with get_session() as s:
u = User.get_or_404(s, u_id)
return u.as_dict()