def put(cls):
# get user id
user_id = get_jwt_identity()
# get new email
newemail = request.get_json()["email"]
try:
if UserModel.find_by_email(newemail):
raise BadRequest("Email already exists")
else:
# save new email
user = UserModel.find_by_id(user_id)
user.email = newemail
user.save_to_db()
# send confirmation
# confirmation = ConfirmationModel(user.id)
# confirmation.save_to_db()
# user.send_confirmation_email()
return {"message": "Email updated", "email": newemail}, 200
except:
return {"message": "Error"}, 500
def post(cls):
email_username = request.get_json()["email_username"]
password = request.get_json()["password"]
userFound = UserModel.find_by_username_or_email(email_username, email_username)
if userFound and custom_pbkdf2.verify(password, userFound.password):
access_token = create_access_token(identity=userFound.id, fresh=True, expires_delta=False, user_claims={"company_id":userFound.company_id, "role":userFound.role_id})
refresh_token = create_refresh_token(userFound.id)
return {
"message":"User Logged In",
"user":{
"user": {
**user_schema.dump(userFound),
**{"profile_config":user_setting_schema.dump(userFound.profile_config)}
} ,
"userToken":{
"access_token":access_token,
"refresh_token":refresh_token,
}
},
}
return {"message":"Invalid credentials"}, 400
def post(cls):
password_recovery_request_id = request.get_json(
)["password_recovery_request_id"]
new_password = request.get_json()["new_password"]
# find password_recovery_request by id
password_recovery_request = PasswordRecoveryRequestModel.find_by_id(
password_recovery_request_id)
# Nor found
if password_recovery_request is None:
raise NotFoundError()
# Already expired
if password_recovery_request.expired:
raise BadRequest("Link expired")
# Password already changed
if password_recovery_request.change_made:
raise BadRequest("Link not available")
userFound = UserModel.find_by_id(password_recovery_request.user_id)
# Hash the password
hashed_pass = custom_pbkdf2.hash(new_password)
userFound.password = hashed_pass
userFound.save_to_db()
# update recover_password_request
password_recovery_request.change_made = True
password_recovery_request.save_to_db()
return {"message": "Password changed"}, 200
def post(self):
# get user data
user = request.get_json()["user"]
user_email = user.get("email")
user_password = user.get("password")
# find user by email
userFound = UserModel.find_by_email(user_email)
# compare passwords
if userFound and custom_pbkdf2.verify(user_password,
userFound.password):
# create token
access_token = create_access_token(identity=userFound.id,
expires_delta=False,
fresh=True)
# create refresh token
refresh_token = create_refresh_token(userFound.id)
resp = make_response({
"user": {
"id": userFound.id,
"username": userFound.username,
"email": userFound.email,
}
})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
raise BadRequest("Invalid credentials")
def post(cls):
# get user data
user_email = request.get_json()["userEmail"]
# find user by email
user = UserModel.find_by_email(user_email)
if not user:
raise NotFoundError()
# get latest confirmation
confirmation = user.most_recent_confirmation
if confirmation:
if confirmation.confirmed:
return {"message": "Already confirmed"}, 400
confirmation.force_to_expire()
# create new confirmation
new_confirmation = ConfirmationModel(user.id)
new_confirmation.save_to_db()
# send confirmation to email
# user.send_confirmation_email()
return {"message": "Confirmation email was sent"}, 200
def post(cls):
# get supplied email
user_email = request.get_json()["email"]
# find user
userFound = UserModel.find_by_email(user_email)
if userFound:
# create recover_password_request
password_recovery_request = PasswordRecoveryRequestModel(
user_id=userFound.id)
password_recovery_request.save_to_db()
# link = request.host_url[:-1] + url_for(
# "recover_password_request", confirmation_id=self.most_recent_confirmation.id
# )
# recover_password_request.send_email()
# send email
# userFound.send_notification_email(
# f"You new password is {new_password}")
return {"message": password_recovery_request.id}, 200
else:
raise NotFoundError()
def put(cls):
# get user id
user_id = get_jwt_identity()
# get current password
currentPassword = request.get_json()["currentPassword"]
# get new password
newPassword = request.get_json()["newPassword"]
# find user
user = UserModel.find_by_id(user_id)
# check if curent password provided is valid
if custom_pbkdf2.verify(currentPassword, user.password):
# hash and update password
newHashedPassword = custom_pbkdf2.hash(newPassword)
user.password = newHashedPassword
user.save_to_db()
return {"message": "Password updated"}, 200
else:
raise BadRequest("Incorrect password")
def delete (cls, id):
user = UserModel.find_by_id(id)
if user:
user.delete_from_db()
return {"message":"user deleted"}
return {"message":"not found"}, 404
def post(self):
# create user model
user_json = request.get_json().get("user")
user = user_schema.load(user_json)
# check email and userame
if UserModel.find_by_username(user.username):
raise BadRequest("A user with that username already exists")
if UserModel.find_by_email(user.email):
raise BadRequest("A user with that email already exists")
# Hash the password
hashed_pass = custom_pbkdf2.hash(user.password)
user.password = hashed_pass
# save user
user.save_to_db()
# create confirmation
# confirmation = ConfirmationModel(user.id)
# confirmation.save_to_db()
# user.send_confirmation_email()
# create token
access_token = create_access_token(identity=user.id,
expires_delta=False,
fresh=True)
# create refresh token
refresh_token = create_refresh_token(user.id)
return {
"user": {
"id": user.id,
"username": user.username,
"email": user.email,
"access_token": access_token,
"refresh_token": refresh_token,
},
"message": "User created!",
}, 201
def put(cls):
# get user id
user_id = get_jwt_identity()
# new username
newusername = request.get_json()["username"]
# check if username already exists
if UserModel.find_by_username(newusername):
raise BadRequest("Username already exists")
else:
# save new user name
user = UserModel.find_by_id(user_id)
user.username = newusername
user.save_to_db()
return {"message": "Username updated", "username": newusername}, 200
def post(cls):
user_json = request.get_json()["user"]
user = user_schema.load(user_json)
if UserModel.find_by_username(user.username):
return {"message":"Username already exists"}, 400
if UserModel.find_by_email(user.email):
return {"message":"Username already exists"}, 400
hashed_password = custom_pbkdf2.hash(user.password)
user.password = hashed_password
user.save_to_db()
user_setting = user_setting_schema.load({"user_id":user.id})
user_setting.save_to_db()
access_token = create_access_token(identity=user.id, fresh=True, expires_delta=False,user_claims={"company_id":user.company_id, "role":user.role_id})
refresh_token = create_refresh_token(user.id)
return {
"message":"User Logged In",
"user":{
"user": {
user_schema.dump(user),
*{"profile_config":user_setting_schema.dump(user_setting)}
} ,
"userToken":{
"access_token":access_token,
"refresh_token":refresh_token,
}
},
}
def get(cls, user_id):
# find user by id
user = UserModel.find_by_id(user_id)
headers = {"Content-Type": "text/html"}
if not user:
return make_response(render_template("not_found.html"), 404,
headers)
try:
confirmation = user.most_recent_confirmation
if confirmation:
if confirmation.confirmed:
return make_response(
render_template("info_template.html",
message="Already confirmed!"), 200,
headers)
confirmation.force_to_expire()
# create a new confirmation
new_confirmation = ConfirmationModel(user_id)
new_confirmation.save_to_db()
# send an email
# user.send_confirmation_email()
return make_response(
render_template("info_template.html", message="Email sent!"),
200, headers)
# except MailGunException as e:
# return {"message": str(e)}, 500
except:
traceback.print_exc()
return {"message": "Error"}, 500
def _pre_dump(self, user: UserModel):
user.confirmation = [user.most_recent_confirmation]
return user