def user_details_update():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('email') is None:
return ru.http_bad_gateway(message="Email must not be empty")
if not vu.is_valid_email(request.get_json().get('email')):
return ru.http_bad_gateway(message="Email is invalid")
if request.get_json().get('first_name') is None:
return ru.http_bad_gateway(message="First name must not be empty")
if request.get_json().get('last_name') is None:
return ru.http_bad_gateway(message="Last name must not be empty")
if request.get_json().get('role') is None:
return ru.http_bad_gateway(message="Role must not be empty")
if request.get_json().get('role') not in role_values:
return ru.http_bad_gateway(message="Role value is not valid")
if request.headers.get('authorization') is None:
return ru.http_unauthorized()
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
if User.is_existing_email_for_update_by_id(
token.user,
request.get_json().get('email')):
return ru.http_conflict(message="Email is already existing")
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if not User.update_user_by_id(
user.id,
email=request.get_json().get('email'),
first_name=request.get_json().get('first_name'),
last_name=request.get_json().get('last_name'),
role=user.role):
ru.http_conflict(message="Failed to update the resource")
return ru.http_success(message="Successful updated")
def user_login():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('email') is None:
return ru.http_bad_gateway()
if not vu.is_valid_email(request.get_json().get('email')):
return ru.http_bad_gateway()
#TODO: improve validation for password
if request.get_json().get('password') is None:
return ru.http_bad_gateway()
if len(request.get_json().get('password')) < 8:
return ru.http_bad_gateway(
message="Password must be a minimum of 8 characters")
user = User.is_valid_user(request.get_json().get('email'),
request.get_json().get('password'))
if user is None:
return ru.http_unauthorized(message="Email and password is not valid")
token = UserToken.generate_token()
if UserToken.create_token(user=user.id, token=token):
ru.http_conflict(message="Failed to create a user token")
return ru.http_success(
meta={
'uid': user.uid,
'token': token,
'role': role_values_reverse.get(user.role),
'first_name': user.first_name,
'last_name': user.last_name
})
def user_registration_for_admin():
#TODO: separate to a validation class
if request.get_json() is None:
return ru.http_unsupported_media_type()
if request.get_json().get('email') is None:
return ru.http_bad_gateway(message="Email must not be empty")
if not vu.is_valid_email(request.get_json().get('email')):
return ru.http_bad_gateway(message="Email is invalid")
#TODO: improve validation for password
if request.get_json().get('password') is None:
return ru.http_bad_gateway(message="Password must not be empty")
if len(request.get_json().get('password')) < 8:
return ru.http_bad_gateway(
message="Password must be a minimum of 8 characters")
if request.get_json().get('first_name') is None:
return ru.http_bad_gateway(message="First name must not be empty")
if request.get_json().get('last_name') is None:
return ru.http_bad_gateway(message="Last name must not be empty")
if request.get_json().get('role') is None:
return ru.http_bad_gateway(message="Role must not be empty")
if request.get_json().get('role') not in role_values:
return ru.http_bad_gateway(message="Role value is not valid")
if request.headers.get('authorization') is None:
return ru.http_unauthorized()
auth = request.headers.get('authorization').split(' ')
if not vu.is_valid_bearer(auth):
return ru.http_unauthorized(message="Invalid Bearer Authentication")
token = UserToken.is_valid_token(auth[1])
if token is None:
return ru.http_unauthorized(message="Invalid token")
if token.is_blocked or token.is_expired:
return ru.http_forbidden()
if User.is_existing_email(request.get_json().get('email')):
return ru.http_conflict(message="Email is already existing")
user = User.find_by_id(token.user)
if user is None:
return ru.http_forbidden()
if not user.is_admin:
return ru.http_forbidden()
if not User.create_user(
email=request.get_json().get('email'),
password=User.generate_password(
request.get_json().get('password')),
uid=User.generate_uid(),
first_name=request.get_json().get('first_name'),
last_name=request.get_json().get('last_name'),
role=role_values.get(request.get_json().get('role')),
#status default = 2 for the meantime when there is no email validation yet
status=1):
ru.http_conflict(message="Failed to create the resource")
return ru.http_created()