def _create_user(role):
"""
Run: 'flask users create_superadmin'
Create a super admin user, skip email confirmation.
"""
form = {}
form["username"] = input("enter username (required):")
form["email"] = input("enter email (required):")
form["firstName"] = input("enter first name:")
form["firstName"] = input("enter last name:")
form["password"] = getpass("enter password (required):")
password_confirm = getpass("enter password again:")
if form["password"] != password_confirm:
print("\nPassword does not match!\n")
return
user = User.create(form, autoconfirm=True)
user.set_role(role)
if commit_to_db():
print(f"\nUser {user.username} created successfully!\n")
else:
print("\nFailed to create user!\n")
def _update_user(user_id):
form = UserSchema().validate_or_400(request.get_json())
user = User.get(user_id)
user = user.update(form)
if commit_to_db():
return success(user.json())
error(500, {"user": "******"})
def _delete_user(user_id):
user = User.get(user_id)
caller_id = get_jwt_identity()
user.delete()
if commit_to_db():
resp = jsonify(success())
# If the user deletes their account then this removes the users
# access tokens logging them out.
if user.id == caller_id:
unset_jwt_cookies(resp)
return resp
error(500, {"user": "******"})
def post(self):
"""
Check that the username and email are not already in use by another
user and check the password strength is sufficient as the average user
will need this check. If this is successful then create the user.
"""
form = UserSchema().validate_or_400(request.get_json())
user = User.create(form)
user.set_role(Roles.user)
if commit_to_db():
user.send_confirmation_email()
return success({"confirm": "Please confirm email address"})
error(500, {"user": "******"})
def get(self, conf_token):
"""
Check the token and if the user still exists or has not previously
confirmed their token.
"""
email = confirm_token(conf_token)
if email is None:
fail(401,
{"form": "Account with this email address does not exist"})
user = User.query.filter_by(email=email).first_or_404()
if user.confirmed_on:
fail(400, {"form": "Account already confirmed. Please login."})
user.save_email_confirmation()
if commit_to_db():
return success({"confirm": "You have confirmed your account."})
error(500, {"user": "******"})
def save_in_db(self):
if self["id"] != None:
self.remove_from_db()
database.commit_to_db(tuple(self.values()))