def update_role(u_id, role): with get_session() as s: u = User.get_or_404(s, u_id) if u.access == USER_ACCESS[role]: abort(409, 'User already has that role') u.access = USER_ACCESS[role]
def get_avatar(u_id): with get_session() as s: u = User.get_or_404(s, u_id) if u.avatar is None: return None return join(config.avatars.DIRECTORY, f'avatar{u_id}.{u.avatar.ext}')
def self_delete(u_id, password): with get_session() as s: u = User.get_or_404(s, u_id) opw = str(password).encode('utf-8') pw = str(u.password).encode('utf-8') if not bcrypt.checkpw(opw, pw): abort(422, 'Invalid password') u.status = 'deleted'
def close_all_sessions(u_id, password): with get_session() as s: u = User.get_or_404(s, u_id) opw = str(password).encode('utf-8') pw = str(u.password).encode('utf-8') if not bcrypt.checkpw(opw, pw): abort(422, 'Invalid password') u.cookie_id = uuid.uuid4() return u
def update_avatar(u_id, file): with get_session() as s: u = User.get_or_404(s, u_id) if u.avatar: delete_avatar(u_id) ext = files.get_ext(file.filename) files.save(file, f'avatar{u_id}.{ext}', config.avatars) s.add(Avatar(u_id=u_id, ext=ext))
def ban_user(u_id): with get_session() as s: u = User.get_or_404(s, u_id) if (u.has_access('moderator') or not current_user.has_access('moderator')): abort(403) if u.status == 'banned': abort(409, 'User has already banned') u.status = 'banned'
def change_password(u_id, old_password, new_password): with get_session() as s: u = User.get_or_404(s, u_id) opw = str(old_password).encode('utf-8') npw = str(new_password).encode('utf-8') pw = str(u.password).encode('utf-8') if not bcrypt.checkpw(opw, pw): abort(422, 'Invalid password') if bcrypt.checkpw(npw, pw): abort(422, 'Old and new passwords are equal') npw = bcrypt.hashpw(npw, bcrypt.gensalt()) u.password = npw.decode('utf-8') u.cookie_id = uuid.uuid4() return u
def update(u_id, new_data): with get_session() as s: u = User.get_or_404(s, u_id) if u_id != current_user.id and not current_user.has_access( 'moderator'): abort(403) for param, value in new_data.items(): if param == 'tags': if not current_user.has_access('moderator'): abort(403, 'You cant change tags') u.tags = s.query(Tag).filter(Tag.name.in_(value)).all() elif param == 'interests': u.interests = s.query(Tag).filter(Tag.name.in_(value)).all() else: setattr(u, param, value)
def register_user(data): with get_session() as s: user = s.query(User).filter(User.email == data['email']).one_or_none() # checking unique link while True: confirmation_link = nanoid.generate(size=50) exists = s.query(User).filter( User.confirmation_link == confirmation_link).one_or_none() if not exists: break pw = bcrypt.hashpw( str(data['password']).encode('utf-8'), bcrypt.gensalt()).decode('utf-8') if user: if user.status == 'deleted': user.password = pw user.name = data['name'] user.surname = data['surname'] user.status = config.DEFAULT_USER_STATUS user.confirmation_link = confirmation_link elif user.status == 'banned': abort(409, 'User with this email was banned') else: abort(409, 'Trying to register existing user') else: user = User(email=data['email'], name=data['name'], surname=data['surname'], password=pw, confirmation_link=confirmation_link) s.add(user) if config.DEFAULT_USER_STATUS == 'unconfirmed': util.send_email(data['email'], confirmation_link) logging.info('Registering new user [{}]'.format(data['email']))
def get(u_id): with get_session() as s: u = User.get_or_404(s, u_id) return u.as_dict()