def post(self): data = request.get_json() if data is None: error(400, "No json data in request body") check_data_fields(data, ["email", "password"]) user_db_result = user_db_util.read( g.database, user_db_util.identify_by_email(g.database, data["email"])) if not user_db_result or not check_password_hash( user_db_result["hashed_password"], data["password"]): error(401, "Invalid username or password") user = from_dict(data_class=User, data=user_db_result) User.login_user(user) response = make_response() if user.admin: response.set_cookie( "is_admin", expires=time.time() + 365 * 24 * 60 * 60, # type: ignore # 1 year lifetime matches flask login cookie ) return response, 200
def test_get_missing_user(self): email = "*****@*****.**" user_result = user.read(self.database, user.identify_by_email(self.database, email)) assert user_result is None
def put_from_user_id(user_id): user_db_data = user_db_util.read(g.database, user_id) if not user_db_data: error(404, "User id not recognized.") if not current_user.is_admin and current_user.user_id != user_id: error(403, "Logged in user not admin and doesn't match requested user id.") data = request.get_json() if data is None: error(400, "No json data in request body") if not any([ key in data.keys() for key in ["email", "name", "group_name", "password", "admin"] ]): error( 400, "Json data must define one or more of: \ email, name, group_name, password, admin", ) if ("admin" in data.keys()) and (data["admin"] is True) and (not current_user.is_admin): error(403, "Logged in user can not grant self admin privileges.") if "password" in data.keys() and len(data["password"]) > 0: if len(data["password"]) < 8: error(422, "New password is less than 8 characters long.") data["hashed_password"] = generate_password_hash(data["password"]) try: update_user_result = user_db_util.update(g.database, user_id, data) except UniqueViolation: error(422, "User with that email address already exists") if update_user_result is None: # Returns None if the user doesn't exist. We already checked this, # but if it still fails, throw 404 error(404, "User id not recognized") response_data = { "user_id": update_user_result["user_id"], "email": update_user_result["email"], "admin": update_user_result["admin"], "name": update_user_result["name"], "group_name": update_user_result["group_name"], "timestamp": update_user_result["date_modified"], } return jsonify(response_data), 200
def post(self): data = request.get_json() if data is None: error(400, "No json data in request body") check_data_fields(data, ["email", "password"]) user_db_result = user_db_util.read(g.database, user_db_util.identify_by_email(g.database, data["email"])) if not user_db_result or not check_password_hash(user_db_result["hashed_password"], data["password"]): error(401, "Invalid username or password") user = from_dict(data_class=User, data=user_db_result) User.login_user(user) return jsonify({})
def test_get_user(self): email = "*****@*****.**" name = "Ima Test" group_name = "Ima Test Group" hashed_password = '******' admin = True self.create_example_user(email=email) user_result = user.read(self.database, user.identify_by_email(self.database, email)) self.verify_user_data(user_result["email"], user_result["name"], user_result["group_name"], user_result["hashed_password"], user_result["admin"])
def get_from_user_id(user_id): user_db_data = user_db_util.read(g.database, user_id) if not user_db_data: error(404, "User id not recognized") if not current_user.is_admin and current_user.user_id != user_id: error(403, "Logged in user not admin and doesn't match requested user id.") response_data = { "user_id": user_db_data["user_id"], "email": user_db_data["email"], "name": user_db_data["name"], "group_name": user_db_data["group_name"], "admin": user_db_data["admin"], "timestamp": user_db_data["date_created"]} return jsonify(response_data), 201
def __user_loader(user_id): user_db_result = user_db_util.read(g.database, user_id) return from_dict(data_class=User, data=user_db_result)