def wrapper(*args, **kwargs):
current_user = get_jwt_auth_identity()
users = mongo_get_user_by_name(current_user)
if users and user_has_role(users, required_role):
return func(*args, **kwargs)
else:
return not_authorized
def user_create_password_reset_request(username, domain, reset_token, expiration):
user = user_db.mongo_get_user_by_name(username)
if user is None:
return {"message": "User does not exists"}, 404
reset_token_hash = hashlib.pbkdf2_hmac('sha256', reset_token.encode('ascii'), b'', 100000).hex()
user_db.mongo_create_password_reset_token(user_id=user['_id'], expiry_date=expiration,
token_hash=reset_token_hash)
email = {
"link": 'http://' + domain + "/resetPassword/" + reset_token_hash,
"expiry_delta": expiration
}
(ResetPasswordMailFactory(user, email)).send_mail()
return {}, 200
def user_register(content):
if len(content['name']) > 0 and len(content['password']) > 0:
existing_user = user_db.mongo_get_user_by_name(content['name'])
if existing_user is not None:
return {"message": "Username already exists"}, 409
password = content['password']
content['password'] = generate_password_hash(content['password'])
if "_id" in content:
del content['_id']
user_db.mongo_save_user(content)
content['password'] = password
(mail.RegistrationMailFactory(content)).send_mail()
return {"message": "Added new user"}, 200
else:
return {"message": "Invalid information"}, 404
def user_change_password(username, oldpw, newpw):
"""
Admin changes user password with a new one, return the status code of the operation
"""
user = user_db.mongo_get_user_by_name(username)
if user is None:
return {"message": "User does not exists"}, 404
current_password = user['password']
if not check_password_hash(current_password, oldpw):
return {"message": "Old password is not valid!"}, 400
if check_password_hash(current_password, newpw):
return {"message": "Old password can't be the new password!"}, 400
user['password'] = generate_password_hash(newpw)
user_db.mongo_update_user(user['_id'], user)
return {}, 200
def user_login(content):
"""
Log in a user to the platform
requires content={
username:string
password:string
}
"""
if content is None:
return {"message": "no credentials provided"}
username = content["username"]
password = content["password"]
if len(username) > 0 and len(password) > 0:
user_struct = user_db.mongo_get_user_by_name(username)
logging.log(logging.INFO,user_struct)
if user_struct is not None:
logging.log(level=logging.ERROR, msg="User not found")
if check_password_hash(user_struct.get('password'), password):
access_token = securityUtils.create_jwt_auth_access_token(
identity=username,
additional_claims={"user": username}
)
refresh_token = securityUtils.create_jwt_auth_refresh_token(
identity=username
)
return {"token": access_token, "refresh_token": refresh_token}
else:
logging.log(level=logging.ERROR, msg="Invalid password provided from user: "******"User not found: " + username)
else:
logging.log(level=logging.ERROR, msg="Invalid credentials")
return {}
def user_get_by_name(username):
return mongo_get_user_by_name(username)
def user_add(username, data):
# TODO check updated fields
return mongo_update_user((mongo_get_user_by_name(username))['_id'], data)
def user_get_roles(username):
return user_db.mongo_get_user_by_name(username)
