def register():
data = request.json
if data.get('username') and data.get('password'):
query = sql('GET_USER_BY_NAME', data.get('username'))
res = conn.execute(query, data.get('username'))
if len(res.json) != 1:
hash = auth.hash_password(password=data.get('password'))
query = sql('POST_REGISTER_USER', data.get('username'), hash)
conn.execute(query, data.get('username'), hash)
return make_response(status_custom("Registration successful"), 200)
else:
return make_response(status_custom("User already exists."), 200)
else:
return abort(400)
def user():
"""
Handles crud operations on a user.
Can be used to fetch all users, user by id and delete user by id
"""
if request.method == 'GET':
if request.args.get('id'):
query = sql('GET_USER_BY_ID', request.args.get('id'))
res = conn.execute(query, request.args.get('id'))
elif request.args.get('type'):
query = sql('GET_USER_BY_TYPE')
res = conn.execute(query, request.args.get('type'))
elif request.args.get('name'):
query = sql('GET_USER_BY_NAME')
likeStr = "%" + request.args.get('name') + "%"
res = conn.execute(query, likeStr)
else:
query = sql(request_type='GET_ALL_USERS')
res = conn.execute(query)
elif request.method == 'DELETE':
if request.args.get('id'):
query = sql('DELETE_USER', request.args.get('id'))
conn.execute(query, request.args.get('id'))
return make_response(status_custom("User deleted"), 200)
else:
return make_response(status_code(400), 400)
return make_response(res, 200)
def login():
"""
Handles login of a user and returns a session_token if supplied password and username is correct.
Token and Username needs to be supplied with every request in order to access restricted routes.
Example:
{
"username": "******",
"token": "0e45b5df2e6c42ae9b69f1a2a2470209"
}
"""
data = request.json
if data.get('username') and data.get('password'):
query = sql('GET_USER_BY_NAME', data.get('username'))
user = conn.execute(query, data.get('username')).json
if not user:
return make_response(status_custom("No such user"), 200)
user = user[0]
if auth.is_valid_login(data.get('password'), user.get('hash')):
token = secrets.token_urlsafe(64)
query = sql('POST_UPDATE_TOKEN')
conn.execute(query, token, user.get('id'))
user = {"username": user.get('name'), "token": token}
return make_response(user, 200)
else:
return make_response(status_code(403), 403)
return abort(400)
def login():
data = request.json
if data.get('username') and data.get('password'):
query = sql('GET_USER_BY_NAME', data.get('username'))
user = conn.execute(query, data.get('username')).json
if not user:
return make_response(status_custom("No such user"), 200)
user = user[0]
if auth.is_valid_login(data.get('password'), user[2]):
token = uuid.uuid4().hex
query = sql('POST_UPDATE_TOKEN')
conn.execute(query, token, user[0])
user = {"username": user[1], "token": token}
return make_response(user, 200)
else:
return make_response(status_custom("Invalid password"), 200)
else:
return abort(400)
def register():
"""
Handles registration of users. Works by supplying a json object in the POST request body.
Example:
{
"username": "******",
"password": "******"
}
"""
data = request.json
if data.get('username') and data.get('password'):
query = sql('GET_USER_BY_NAME', data.get('username'))
res = conn.execute(query, data.get('username'))
if len(res.json) != 1:
hash = auth.hash_password(password=data.get('password'))
query = sql('POST_REGISTER_USER', data.get('username'), hash)
conn.execute(query, data.get('username'), hash, DEFAULT_PERMISSION)
return make_response(status_custom("Registration successful"), 200)
else:
return abort(400)
return make_response(status_custom("Username taken"), 400)
def test_auth():
"""
Tests that a user is authenticated.
"""
return make_response(status_custom("Authorized"), 200)
def test():
"""
Used to test API connection.
"""
return make_response(status_custom("Connection OK"), 200)
def test_auth():
return make_response(status_custom("Authorized"), 200)
def test():
return make_response(status_custom("Connection OK"), 200)