def batches_post():
try:
json = new_batch_schema(request.json)
except MultipleInvalid as e:
return problem.invalid_params_response(e)
batch = Batch.from_json(json)
existing_batch = db.batch.find_one({"_id": batch.id})
if existing_batch:
return problem.duplicate_resource_response("id")
if batch.sku_id:
existing_sku = db.sku.find_one({"_id": batch.sku_id})
if not existing_sku:
return problem.invalid_params_response(
problem.missing_resource_param_error(
"sku_id", "must be an existing sku id"))
admin_increment_code("BAT", batch.id)
db.batch.insert_one(batch.to_mongodb_doc())
# Add text index if not yet created
# TODO: This should probably be turned into a global flag
if "name_text" not in db.batch.index_information().keys():
db.sku.create_index([("name", TEXT)])
return BatchEndpoint.from_batch(batch).created_success_response()
def sku_patch(id):
try:
json = sku_patch_schema.extend({"id": prefixed_id("SKU",
id)})(request.json)
except MultipleInvalid as e:
return problem.invalid_params_response(e)
existing = Sku.from_mongodb_doc(db.sku.find_one({"_id": id}))
if not existing:
return problem.invalid_params_response(
problem.missing_resource_param_error("id"))
if "owned_codes" in json:
db.sku.update_one({"_id": id},
{"$set": {
"owned_codes": json["owned_codes"]
}})
if "associated_codes" in json:
db.sku.update_one(
{"_id": id},
{"$set": {
"associated_codes": json["associated_codes"]
}})
if "name" in json:
db.sku.update_one({"_id": id}, {"$set": {"name": json["name"]}})
if "props" in json:
db.sku.update_one({"_id": id}, {"$set": {"props": json["props"]}})
updated_sku = Sku.from_mongodb_doc(db.sku.find_one({"_id": id}))
return SkuEndpoint.from_sku(updated_sku).updated_success_response()
def batch_patch(id):
try:
# must be batch patch, where json["id"] is prefixed and equals id
json = batch_patch_schema.extend({"id": All(prefixed_id("BAT"),
id)})(request.json)
forced = forced_schema(request.args).get("force")
except MultipleInvalid as e:
return problem.invalid_params_response(e)
existing_batch = Batch.from_mongodb_doc(db.batch.find_one({"_id": id}))
if not existing_batch:
return problem.missing_batch_response(id)
if json.get("sku_id"):
existing_sku = db.sku.find_one({"_id": json['sku_id']})
if not existing_sku:
return problem.invalid_params_response(
problem.missing_resource_param_error(
"sku_id", "must be an existing sku id"))
if (existing_batch.sku_id and "sku_id" in json
and existing_batch.sku_id != json["sku_id"] and not forced):
return problem.dangerous_operation_unforced_response(
"sku_id",
"The sku of this batch has already been set. Can not change without force=true."
)
if "props" in json.keys():
db.batch.update_one({"_id": id}, {"$set": {"props": json['props']}})
if "name" in json.keys():
db.batch.update_one({"_id": id}, {"$set": {"name": json['name']}})
if "sku_id" in json.keys():
db.batch.update_one({"_id": id}, {"$set": {"sku_id": json['sku_id']}})
if "owned_codes" in json.keys():
db.batch.update_one({"_id": id},
{"$set": {
"owned_codes": json['owned_codes']
}})
if "associated_codes" in json.keys():
db.batch.update_one(
{"_id": id},
{"$set": {
"associated_codes": json['associated_codes']
}})
updated_batch = Batch.from_mongodb_doc(db.batch.find_one({"_id": id}))
return BatchEndpoint.from_batch(updated_batch).redirect_response(False)
def users_post():
try:
json = new_user_schema(request.get_json())
except MultipleInvalid as e:
return problem.invalid_params_response(e)
existing_user = db.user.find_one({"_id": json["id"]})
if existing_user:
return problem.duplicate_resource_response("id")
derived_shadow_id = hashlib.sha256(
(str(time.time()) + str(json['id'])).encode("utf-8"))
clipped_shadow_id = base64.encodebytes(
derived_shadow_id.digest()).decode("ascii")[:16]
salt = os.urandom(64)
user_data = UserData(
fixed_id=json['id'],
shadow_id=clipped_shadow_id,
password_hash=hashlib.pbkdf2_hmac("sha256",
json['password'].encode("utf-8"),
salt, 100000),
password_salt=salt,
name=json['name'],
active=True,
)
db.user.insert_one(user_data.to_mongodb_doc())
return Profile.from_user_data(user_data).created_success_response()
def user_patch(id):
try:
patch = user_patch_schema(request.get_json())
except MultipleInvalid as e:
return problem.invalid_params_response(e)
existing = UserData.from_mongodb_doc(db.user.find_one({"_id": id}))
if not existing:
return problem.invalid_params_response(
problem.missing_resource_param_error("id", "user does not exist"),
status_code=404)
if "name" in patch:
db.user.update_one({"_id": id}, {"$set": {"name": patch["name"]}})
if "password" in patch:
set_password_dangerous(id, patch["password"])
return Profile.from_user_data(existing).updated_success_response()
def bin_patch(id):
try:
json = bin_patch_schema(request.json)
except MultipleInvalid as e:
return problem.invalid_params_response(e)
existing = Bin.from_mongodb_doc(db.bin.find_one({"_id": id}))
if existing is None:
problem.missing_bin_response(id)
if "props" in json.keys():
db.bin.update_one({"_id": id}, {"$set": {"props": json['props']}})
return BinEndpoint.from_bin(existing).updated_success_response()
def bins_post():
try:
json = new_bin_schema(request.json)
except MultipleInvalid as e:
return problem.invalid_params_response(e)
existing = db.bin.find_one({'_id': json['id']})
if existing:
return problem.duplicate_resource_response("id")
bin = Bin.from_json(json)
admin_increment_code("BIN", bin.id)
db.bin.insert_one(bin.to_mongodb_doc())
return BinEndpoint.from_bin(bin).created_success_response()
def skus_post():
try:
json = new_sku_schema(request.json)
except MultipleInvalid as e:
return problem.invalid_params_response(e)
if db.sku.find_one({'_id': json['id']}):
return problem.duplicate_resource_response("id")
sku = Sku.from_json(json)
admin_increment_code("SKU", sku.id)
db.sku.insert_one(sku.to_mongodb_doc())
# dbSku = Sku.from_mongodb_doc(db.sku.find_one({'id': sku.id}))
# Add text index if not yet created
# TODO: This should probably be turned into a global flag
if "name_text" not in db.sku.index_information().keys():
# print("Creating text index for sku#name") # was too noisy
db.sku.create_index([("name", TEXT)])
return SkuEndpoint.from_sku(sku).created_success_response()
def login_post():
try:
json = login_request_schema(request.get_json())
except MultipleInvalid as e:
return problem.invalid_params_response(e, status_code=401)
requested_user_data = UserData.from_mongodb_doc(
db.user.find_one({"_id": json['id']}))
if requested_user_data is None:
return problem.bad_username_password_response("id")
request_hashed_password = hashlib.pbkdf2_hmac(
"sha256",
str(json['password']).encode("utf-8"),
requested_user_data.password_salt, 100000)
if requested_user_data.password_hash != request_hashed_password:
return problem.bad_username_password_response("password")
user = User.from_user_data(requested_user_data)
if login_dangerous(user):
return Profile.from_user_data(
requested_user_data).login_success_response()
else:
return problem.deactivated_account(user.user_data.fixed_id)