def update_me():
user_id = get_jwt_identity()
user = get_user_profile_or_404(user_id)
body = request.data
user_info_update = body.copy()
user.update(data_update=user_info_update, session=db.session)
return generate_success_response(user.to_json())
def create():
body = request.data
check_is_new_email(body['email'])
data_user = body.copy()
user_created = create_user(data=data_user)
user_created.set_password(body['password'])
user_created.save(session=db.session)
return generate_success_response(user_created.to_json())
def change_password():
user_id = get_jwt_identity()
body = request.data
user = User.query.get_or_404(user_id)
if not user.check_password(body['password']):
raise BadRequest('Password is incorrect')
user.set_password(body['new_password'])
db.session.commit()
return generate_success_response()
def forgot_password():
body = request.data
user = find_user_by_email(body['email'])
if not user:
raise BadRequest('email is not found')
user.request_forgot_password_at = datetime.utcnow()
user.set_password_code = str(uuid.uuid4())
db.session.commit()
reset_link = f'{FRONTEND_ENDPOINT}/reset-password?token={user.set_password_code}'
send_mail_reset_password(user, reset_link)
return generate_success_response()
def reset_password():
body = request.data
user = db.session.query(User).filter_by(
set_password_code=body['set_password_code']).first()
if not bool(user):
raise BadRequest('set password code is not found')
user.request_forgot_password_at = None
user.set_password_code = None
user.set_password(body['password'])
db.session.commit()
return generate_success_response()
def update_user_profile(user_id):
user = get_user_profile_or_404(user_id)
body = request.data
user_info_update = body.copy()
if 'email' in user_info_update:
check_is_new_email(body['email'])
if 'password' in user_info_update:
user.set_password(user_info_update['password'])
user.update(data_update=user_info_update, session=db.session)
user_data = user.to_json()
user_data['new_password'] = body['password']
return generate_success_response(user_data)
def upload_file_to_s3():
file = request.files['file'] if 'file' in request.files else None
if file is None:
raise BadRequest('Form data invalid')
if file.filename == '':
raise BadRequest('Logo no selected file')
if not allowed_file(file.filename):
raise BadRequest('Extension is not allow')
filename = get_filename(file.filename)
try:
storage.upload_file_obj(file, filename, file.mimetype)
except Exception as e:
raise ApplicationError(e)
return generate_success_response(data={'filename': filename})
def login():
body = request.data
account = body.copy()
user = User.query.filter(User.email == account['email'].lower(),
User.status != UserStatus.BLOCKED.value).first()
if not user:
raise BadRequest(
'Login failed. Please enter a valid login name and password.')
if not user.check_password(account['password']):
raise BadRequest(
'Login failed. Please enter a valid login name and password.')
access_token = create_access_token(identity=str(user.id))
refresh_token = create_refresh_token(identity=str(user.id))
data = {
'access_token': access_token,
'refresh_token': refresh_token,
'role': user.role
}
return generate_success_response(data)
def get_list():
offset, limit = get_pagination_params(request)
sort_by, sort_type = get_sort(request=request,
map_sort=MAP_SORT,
default_sort_by='user_created_at')
role = request.args.get('role', None)
query = User.query
if role is not None:
query = query.filter(User.role == role)
status = request.args.get('status', None)
if status is not None:
query = query.filter(User.status == status)
count = query.count()
users = query.order_by(
sort_type(sort_by)).offset(offset).limit(limit).all()
data = [u.to_json() for u in users]
return generate_success_response(data=data,
offset=offset,
limit=limit,
total=count)
def get_me():
user_id = get_jwt_identity()
user = get_user_profile_or_404(user_id)
data = user.to_json()
return generate_success_response(data)
def get_profile(user_id):
user_id = UUID_schema(user_id)
user = get_user_profile_or_404(user_id)
data = user.to_json()
return generate_success_response(data)
def delete_user(user_id):
user = get_user_profile_or_404(user_id)
user.status = UserStatus.BLOCKED.value
db.session.commit()
return generate_success_response()
def token_refresh():
user_id = get_jwt_identity()
access_token = create_access_token(identity=user_id)
data = {'access_token': access_token}
return generate_success_response(data)
def logout_refresh():
jti = get_raw_jwt()['jti']
revoked_token = RevokedToken(jti=jti)
revoked_token.add()
return generate_success_response()