def put(self):
sender_id_user = get_jwt_identity()
args = UserAPI.parser_put.parse_args()
target_id_user = args['id_user']
old_password = args['old_password']
new_password = args['new_password']
if old_password != None and new_password != None:
try:
u = User.get_user(target_id_user)
tmp = User.get_user(sender_id_user)
if sender_id_user != target_id_user and not tmp.check_permission(
Permissions.ADMIN):
return forbidden(), 403
else:
if u.check_password(old_password):
u.set_password(new_password)
return success()
else:
return error_message("Incorrect old password!"), 500
except ErrorCodeException as ec:
return error_code(ec), 500
else:
return error_message("Argument required"), 401
def get(self, id_user):
sender_user = User.get_user(get_jwt_identity())
# Check permissions for listing other users rather than himself
if (not sender_user.check_permission(
Permissions.ADMIN)) and (not id_user == sender_user.id_user):
return forbidden(), 403
try:
return {"user": User.get_user(id_user).to_json()}
except ErrorCodeException as ec:
return error_code(ec)
def get(self):
sender_user = User.get_user(get_jwt_identity())
# If id_user hasn't been specified check permissions for listing all users
if not sender_user.check_permission(Permissions.ADMIN):
return forbidden(), 401
return {"users": [u.to_json() for u in User.get_all()]}
def get(self, id_user):
args = UserTicketAPI.parser.parse_args()
target_id_ticket = args['id_ticket']
sender_user = User.get_user(get_jwt_identity())
if sender_user.id_user != id_user and not sender_user.check_permission(
Permissions.ADMIN):
return {'error': 'Unauthorized!'}, 401
# Checks if id_ticket has been specified
if target_id_ticket != None:
try:
t = Ticket.get_ticket(target_id_ticket)
if t.id_user == id_user:
return {
"ticket":
Ticket.get_ticket(target_id_ticket).to_json()
}
except ErrorCodeException as ec:
return error_code(ec)
else:
return {
"owned_tickets":
[t.to_json() for t in Ticket.get_not_used(id_user=id_user)]
}
def set_as_used(id_ticket, id_user):
t = Ticket.get_ticket(id_ticket)
if t == None:
raise ErrorCodeException(ErrorCode.TICKET_DOESNT_EXISTS)
if t.id_user != id_user:
raise ErrorCodeException(ErrorCode.TICKET_DOESNT_BELONG_TO_USER)
if User.get_user(id_user) == None:
raise ErrorCodeException(ErrorCode.USER_DOESNT_EXISTS)
if t.used == True:
raise ErrorCodeException(ErrorCode.TICKET_ALREADY_USED)
t.set_used()
History.add_entry(History(id_ticket=unhexlify(id_ticket), id_user=id_user))
def post(self):
auth = request.authorization
#generate_password_hash("epah_mas_que_chatice")
if not auth or not auth.username or not auth.password:
return make_response(
unauthorized("Fields not specified"), 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
try:
user = User.get_user(auth.username)
except ErrorCodeException as ec:
return error_code(ec), 401, {
'WWW-Authenticate': 'Basic realm="Login required!"'
}
#if not user:
# return make_response(error_code(ErrorCode.USER_DOESNT_EXISTS) , 401 , {'WWW-Authenticate' : 'Basic realm="Login required!"'})
if user.check_password(auth.password):
token = create_access_token(
identity=str(user.id_user),
user_claims={"permissions": user.permissions},
expires_delta=datetime.timedelta(weeks=20))
decoded_token = decode_token(token)
added = SessionTable.add(
user.id_user, decoded_token['jti'],
datetime.datetime.fromtimestamp(decoded_token['exp'])
) # Old code #token = jwt.encode({'id_user' : auth.username, 'exp' : datetime.datetime.utcnow() + datetime.timedelta(minutes=5)}, app.config['TOKEN_GEN_KEY'])
#print("Sessions:",SessionTable.size(user.id_user))
if added:
return make_response(jsonify({'token': token}), 200)
else:
return make_response(
unauthorized("Unable to login"), 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})
return make_response(
error_code(ErrorCode.WRONG_PASSWORD), 401,
{'WWW-Authenticate': 'Basic realm="Login required!"'})