def update(userid, user):
update_user = User.query.filter(User.userid == userid).one_or_none()
user_name = user.get("user_name")
email = user.get("email")
existing_user = (User.query.filter(User.user_name == user_name).filter(
User.email == email).one_or_none())
if update_user is None:
abort(404, "User not found for Id: {}".format(userid))
elif existing_user is not None and existing_user.id != userid:
abort(
409, "User {user_name} at {email} already exists".format(
user_name=user_name, email=email))
else:
schema = UserSchema()
update = schema.load(user, session=db.session)
update.userid = update_user.userid
db.session.merge(update)
db.session.commit()
data = schema.dump(update_user)
return data, 200
def create(user):
"""
This function creates a new person in the people structure
based on the passed in person data
:param person: person to create in people structure
:return: 201 on success, 406 on person exists
"""
name = User.get("name")
existing_user = (User.query.filter(User.name == name).one_or_none())
# Can we insert this person?
if existing_user is None:
# Create a person instance using the schema and the passed in person
schema = UserSchema()
new_user = schema.load(user, session=db.session).data
# Add the person to the database
db.session.add(new_user)
db.session.commit()
# Serialize and return the newly created person in the response
data = schema.dump(new_user).data
return data, 201
# Otherwise, nope, person exists already
else:
abort(409, f"Person {name} exists already")
def update(user_id, user):
"""
This function updates an existing person in the people structure
:param person_id: Id of the person to update in the people structure
:param person: person to update
:return: updated person structure
"""
# Get the person requested from the db into session
update_user = User.query.filter(User.user_id == user_id).one_or_none()
# Did we find an existing person?
if update_user is not None:
# turn the passed in person into a db object
schema = UserSchema()
update = schema.load(user, session=db.session).data
# Set the id to the person we want to update
update.user_id = update_user.user_id
# merge the new object into the old and commit it to the db
db.session.merge(update)
db.session.commit()
# return updated person in the response
data = schema.dump(update_user).data
return data, 200
# Otherwise, nope, didn't find that person
else:
abort(404, "User not found for Id: {user_id}".format(user_id=user_id))
def post(self):
# register user endpoint
data = validate_user(request.get_json())
if data['ok']:
data = data['data']
# check if user exists
user = User.query.filter_by(email=data['email']).first()
if user:
return { "message" : "Email has already been taken"}, 400
# get password
data['password'] = flask_bcrypt.generate_password_hash(data['password'])
# find the role of the user
role = Role.query.filter_by(name=data['role']).first()
del data['role']
# Add a new patient to db
user_schema = UserSchema()
new_user = user_schema.load(data, session=db.session)
role.users.append(new_user) # add new user to their role
db.session.add(role) # add user and role
db.session.commit()
return {}, 200
else:
return {'message': 'Please check the fields'}, 400
def update(oid, userDetails):
"""
Updates an existing user in the user list.
:param id: oid of the user to update in the user list
:param user: user to update
:return: updated user
"""
app.logger.debug(pformat(userDetails))
if userDetails.get("id") and userDetails.get("id") != oid:
abort(400, f"Id {oid} mismatch in path and body")
# Admin rights can't be set via POST nor PUT calls (#303)
if "isLZAdmin" or "isMCAdmin" in userDetails:
abort(400, "Unable to set admin rights in PUT operation.")
# Does the user exist in user list?
existing_user = db.session.query(User).filter(User.id == oid).one_or_none()
# Does user exist?
if existing_user is not None:
userDetails["id"] = oid
schema = UserSchema()
update_user = schema.load(userDetails, session=db.session)
db.session.merge(update_user)
db.session.commit()
# return the updted user in the response
data = schema.dump(update_user)
return data, 200
# otherwise, nope, deployment doesn't exist, so that's an error
return abort(404, f"User {oid} not found")
def create(user):
schema = UserSchema()
new_user = schema.load(user, session=db.session)
new_user.password = User.hash(new_user.password)
userDB = User.query \
.filter(User.email == new_user.email) \
.one_or_none()
if userDB is not None:
return Response(status=409)
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=new_user)
refresh_token = create_refresh_token(identity=new_user)
return Response(response=schema.dump(new_user),
status=201,
mimetype='application/json')
def create(user):
username = user.get('username')
password = user.get('password')
salt = user.get('salt')
existing_user = User.query.filter(User.username == username).one_or_none()
if existing_user is None:
schema = UserSchema()
new_user = schema.load(user, session = db.session)
db.session.add(new_user)
db.session.commit()
return schema.dump(new_user), 201
else:
abort(409, 'User {username} exists already'.format(username=username))
def create(user):
"""
This function creates a new person in the people structure
based on the passed in person data
:param person: person to create in people structure
:return: 201 on success, 406 on person exists
"""
user_email = user.get("user_email")
user_name = user.get("user_name")
user_fingerprint = user.get("user_fingerprint")
user_register_ip = user.get("user_register_ip")
existing_user = (User.query.filter(User.user_email == user_email).filter(
User.user_name == user_name).one_or_none())
# Can we insert this person?
if existing_user is None:
# Create a person instance using the schema and the passed in person
schema = UserSchema()
new_user = schema.load(user, session=db.session).data
#lets add additional information in registration
new_user.user_email = user_email
new_user.user_fingerprint = user_fingerprint
new_user.user_register_ip = user_register_ip
new_user.user_name = user_name
# Add the person to the database
db.session.add(new_user)
db.session.commit()
# Serialize and return the newly created person in the response
data = schema.dump(new_user).data
return data, 201
# Otherwise, nope, person exists already
else:
abort(409,
"User {user_email} exists already".format(user_email=user_email))
def create(userDetails):
"""
Creates a new user in the user list.
based on the passed in user data
:param user: user to create in user structure
:return: 201 on success, 406 on user exists
"""
# Remove id as it's created automatically
if "id" in userDetails:
del userDetails["id"]
# abort if these fields are set
if "showWelcome" in userDetails:
abort(400, "Unable to set isWelcome in POST operation.")
# Admin rights can't be set via POST nor PUT calls (#303)
if "isLZAdmin" or "isMCAdmin" in userDetails:
abort(400, "Unable to set admin rights in POST operation.")
# Does the user exist already?
existing_user = (db.session.query(User).filter(
User.email == userDetails["email"]).one_or_none())
if existing_user is None:
schema = UserSchema()
if "IsActive" not in userDetails:
userDetails["isActive"] = 1
new_user = schema.load(userDetails, session=db.session)
db.session.add(new_user)
db.session.commit()
# Serialize and return the newly created deployment
# in the response
data = schema.dump(new_user)
return data, 201
# Otherwise, it already exists, that's an error
return abort(406, "User already exists")
def update(id, user):
update_user = User.query.filter(User.id == id).one_or_none()
if update_user is None:
abort(
404,
"User not found for Id: {id}".format(id=id),
)
else:
schema = UserSchema()
update = schema.load(user, session=db.session)
update.id = update_user.id
db.session.merge(update)
db.session.commit()
data = schema.dump(update_user)
return data, 200
def create(user):
'''
Creates a new user.
:param user: str
:return: dict, 201 - in case of success
'''
username = user.get('username')
exisiting_user = (User.query.filter(
User.username == username).one_or_none())
if exisiting_user:
abort(409, 'Found existing user with username: {}'.format(username))
# create new user
schema = UserSchema()
new_user = schema.load(user, session=db.session)
db.session.add(new_user)
db.session.commit()
data = schema.dump(new_user)
return data, 201
def create(user):
"""
This function creates a new entry in the default structure
based on the passed in user id data
:param user_name: user name to create in user structure
:param display_name: display name for the user
:param company: the user company
:param thumbnail: string url to the thumbnail image
:return: 201 on success, 406 on default exists
"""
user_name = user.get("user_name")
existing = (User.query.filter(User.user_name == user_name).one_or_none())
# Can we insert this person?
if existing is None:
# Create a person instance using the schema and the passed in person
schema = UserSchema()
users = schema.load(user, session=db.session).data
# Add the person to the database
db.session.add(users)
db.session.commit()
# Serialize and return the newly created person in the response
data = schema.dump(users).data
return data, 201
# Otherwise, nope, person exists already
else:
abort(
409,
"User {user_name} exists already".format(user_name=user_name),
)
def create_user(user):
userName = USER.get("userName")
userFirst = USER.get("userFirst")
userLast = USER.get("userLast")
userPhone = USER.get("userPhone")
userEmail = USER.get("userEmail")
userAddress = USER.get("userAddress")
userAddress2 = USER.get("userAddress2")
userState = USER.get("userState")
userZip = USER.get("userZip")
existing_user = (User.query.filter(User.userName == userName).filter(
User.userFirst == userFirst).filter(User.userLast == userLast).filter(
User.userPhone == userPhone).filter(
User.userEmail == userEmail).filter(
User.userAddress == userAddress).filter(
User.userAddress2 == userAddress2).filter(
User.userState == userState).filter(
User.userZip == userZip).one_or_none())
if existing_user is None:
schema = UserSchema()
new_user = schema.load(user, session=db.session).data
db.session.add(new_user)
db.session.commit()
data = schema.dump(new_user).data
return data, 201
else:
abort(
409,
"{UserName} already exists".format(UserName=userName),
)
def update(user_id, user):
'''
Updates user with given id.
:param user_id: integer
:param user: object
:return: dict, 200 - in case of success
'''
update_user = User.query.filter(User.user_id == user_id).one_or_none()
if not update_user:
abort(404, 'Failed to find user with id: {}'.format(user_id))
# retrieve user object from database
schema = UserSchema()
update = schema.load(user, session=db.session)
# update user
update.user_id = update_user.user_id
db.session.merge(update)
db.session.commit()
data = schema.dump(update_user)
return data, 200
def update_user(userID, userName):
update_users = User.query.filter(User.userID == userID).one_or_none()
if update_users is not None:
schema = UserSchema()
update = schema.load(userName, session=db.session).data
update.userID = update_users.userID
db.session.merge(update)
db.session.commit()
data = schema.dump(update_users).data
return data, 200
else:
abort(
404,
"User not found for ID: {userID}".format(userID=userID),
)
def create(user):
id = user.get('id')
if User.query.get(id) is not None:
abort(409, f'id {id} is already used')
pseudo = user.get('pseudo')
existing_user = User.query \
.filter(User.pseudo == pseudo) \
.one_or_none()
if existing_user is None:
schema = UserSchema()
#user.password_hash = user.set_password(self, user.password_hash)
new_user = schema.load(user, session=db.session)
db.session.add(new_user)
db.session.commit()
return schema.dump(new_user), 201
else:
abort(409, f'User {pseudo} exists already')
def post(self):
# register user endpoint
data = validate_user(request.get_json())
if data["ok"]:
data = data["data"]
# check if user exists
user = User.query.filter_by(email=data["email"]).first()
if user:
return {"message": "Email has already been taken"}, 400
# get password
data["password"] = flask_bcrypt.generate_password_hash(data["password"])
# find the role of the user
role = Role.query.filter_by(name=data["role"]).first()
if (
role
and data["role"] == "ADMIN"
and data["healthFacilityName"] == "Null"
):
data["healthFacilityName"] = None
del data["role"]
# Add a new user to db
user_schema = UserSchema()
new_user = user_schema.load(data, session=db.session)
role.users.append(new_user) # add new user to their role
db.session.add(role) # add user and role
db.session.commit()
return new_user.id, 201
else:
return {"message": "Please check the fields"}, 400
def update(user_name, user):
"""
This function updates an existing user in the structure
:param user_name: id of the user to update in the default structure
:param user: user to update
:return: updated default structure
"""
# Get the person requested from the db into session
update = User.query.filter(User.user_name == user_name).one_or_none()
# Did we find a user?
if update is not None:
# turn the passed in person into a db object
schema = UserSchema()
updates = schema.load(user, session=db.session).data
# Set the id to the person we want to update
updates.user_name = user_name
# merge the new object into the old and commit it to the db
db.session.merge(updates)
db.session.commit()
# return updated person in the response
data = schema.dump(updates).data
return data, 200
# Otherwise, nope, didn't find that person
else:
abort(
404,
"User not found for Id: {user_name}".format(user_name=user_name),
)
def update_user(user_id, user):
"""
@route: /api/v1/user/:id
@method: PUT
@return: updated user
"""
update_user = User.query.filter(User.id == user_id).one_or_none()
# Get existing person to avoid duplicate record after update
email = user.get('email')
existing_user = User.query.filter(User.email == email).one_or_none()
# Check if the user to update exist
if update_user is None:
abort(
404, "Couldn't find any user with the ID: {user_id}".format(
user_id=user_id))
# If the update create a duplicate of a existing user
elif (existing__user is not None and existing_user.id != user_id):
abort(409, "User with {email} exists already".format(email=email))
else:
# turn the passed into user into a db object
schema = UserSchema()
update = schema.load(user, session=db.session)
# Set the id to the user we want to update
update.id = update_user.id
# Merge the new object into the old and commit to db
db.session.merge(update)
db.session.commit()
# return updated user in the sponse
data = schema.dump(update_user)
return data, 200
def check_credentials(login_details):
"""
Responds to a request for /api/login.
:return: json string of user details
"""
authorization = connexion.request.headers.get("Authorization")
if authorization:
logger.debug("Authorization: %s", authorization)
token = authorization.split(" ")[1]
claims = security.decode_token(token)
logger.debug("Claims: %s", claims)
existing_user = (
db.session.query(User)
.filter(User.email == claims.get("email"))
.one_or_none()
)
if not existing_user:
userDetails = {
"email": claims.get("email"),
"firstName": claims.get("given_name"),
"lastName": claims.get("family_name"),
}
with db_session() as dbs:
schema = UserSchema()
new_user = schema.load(userDetails, session=dbs)
dbs.add(new_user)
login_details["username"] = claims.get("email")
login_details["password"] = os.environ.get("EC_PASSWORD", pw_backup)
logger.info(
"Login Details: {}".format(pformat(ModelTools.redact_dict(login_details)))
)
username = login_details.get("username")
password = login_details.get("password")
is_active_user = False
with db_session() as dbs:
user = (
dbs.query(User).filter(User.email == username, User.isActive).one_or_none()
)
if user:
is_active_user = True
is_valid_password = False
if os.environ.get("EC_PASSWORD", pw_backup) == password:
is_valid_password = True
schema = ExtendedLoginSchema(many=False)
if is_active_user and is_valid_password:
logger.debug("LOGIN accepted!")
teams_resp = team.read_list_by_user_id(user.id)
if teams_resp[1] == HTTPStatus.OK:
user.teams = teams_resp[0]
else:
logger.info("No teams found for user {user.id}")
data = schema.dump(user)
return data, 200
logger.warning("LOGIN FAILED!")
abort(401, "Unauthorised! {}".format(ModelTools.redact_dict(login_details)))
class UserResource(Base, AccountResource):
def __init__(self):
super(UserResource, self).__init__()
self.user_schema = UserSchema()
self.users_schema = UserSchema(many=True)
self.per_page = 20 # TODO: move fix num to config file
self.fields = [('username', True), ('password', True), ('email', True),
('role', True)]
self.token_data = ['username', 'password']
def validate_permission(self, user, action):
username = user['username']
users = User.query
user = User.query.filter_by(username=username).first()
if user:
return True
# account = Account.query.filter_by(id=user.account_id).first()
#
# TODO: validate_token and below:
#
# role = Role.query.filter_by(id=account.role_id).first()
#
# if role.role_name == action:
# return True
return False
def get(self):
"""
Get a list of users filterd by ( id, username, email, sort_name, sort_order, limit, role_name )
"""
_, error = self.get_usertoken_data(request.args.get('token', ''))
if not error:
user_id = int(request.args.get('user_id', 0))
username = request.args.get('username', '')
email = request.args.get('email', '')
sort_name = request.args.get('sort_name',
'') # column name to filter
sort_order = request.args.get('sort_order', '') # asc | desc
limit = request.args.get('limit', None)
role_name = request.args.get('role', '')
users = User.query.join(Account,
Account.id == User.account_id).join(
Role, Role.id == Account.role_id)
if users and user_id:
users = users.filter_by(id=user_id)
elif users and email:
users = users.filter_by(email=email)
elif users and username:
users = users.filter_by(username=username)
else:
if users and role_name:
users = users.filter(Role.role_name == role_name)
if users and sort_name:
users = users.order_by(
text(f'user.{sort_name} {sort_order}'))
else:
users = users.order_by(User.id.desc())
total_pages, total_items, limit, users = self.get_pages_data(
users, int(request.args.get('page', 1)), limit)
result = self.users_schema.dump(users)
for user in result:
account = Account.query.filter_by(
id=user['account_id']).first()
role = Role.query.filter_by(id=account.role_id).first()
user['role'] = role.role_name
return response(200,
data={
'users': result,
'totalPages': total_pages,
'totalItems': total_items,
'perPage': limit
})
return error
def post(self):
"""
Register a new user if curr_user has permission
:param requests: {token: curr_user_token , new_user:{username, password, email, role}}
:return: {id, json web token}
"""
json_data, error = get_data(request)
if not error:
data, error = validate_json_payload(json_data,
[('token', True),
('new_user', True)])
if not error:
token_data, error = self.get_usertoken_data(data['token'])
curr_user = token_data['username']
_, error = validate_json_payload(data['new_user'], self.fields)
if not error:
new_user = data['new_user']
del token_data, data
if self.validate_permission(curr_user, 'create_new_user'):
error = self._validate_data(
username=new_user['username'],
password=new_user['password'],
email=new_user['email'],
role_name=new_user['role'])
if not error:
new_user['password'] = hash_password(
new_user['password'])
token = gen_token({
key: new_user[key]
for key in self.token_data
})
try:
role = Role.query.filter_by(
role_name=new_user['role']).first()
account_data = self.account_schema.load({
'password':
new_user['password'],
'role_id':
role.id
})
user_data = self.user_schema.load({
'username':
new_user['username'],
'email':
new_user['email']
})
except marshmallow.exceptions.ValidationError as errors:
return response(400, str(errors))
new_account = Account(**account_data)
new_user = User(**user_data)
error = new_account.save()
if not error:
new_user.account_id = new_account.id
error = new_user.save()
if not error:
return response(200,
data={
'id': new_user.id,
'token': token
})
else:
return response(400,
'Current user don\'t has permission')
return error
def put(self):
"""
Update data to new user and return new token
:return: {id, json web token}
"""
json_data, error = get_data(request)
if not error:
data, error = validate_json_payload(json_data,
[('token', True),
('new_user', True)])
if not error:
curr_user, error = self.get_usertoken_data(data['token'])
# curr_user = token_data['username']
_, error = validate_json_payload(
data['new_user'],
[('username', True)] + [(field, False)
for field, _ in self.fields[1:]])
if not error:
update_user = data['new_user']
del data
if self.validate_permission(curr_user, 'update_new_user'):
if self._validate_user(update_user['username']):
error = self._validate_data(
password=update_user['password']
if 'password' in update_user.keys() else None,
email=update_user['email']
if 'email' in update_user.keys() else None,
role_name=update_user['role']
if 'role' in update_user.keys() else None)
if not error:
if 'password' in update_user.keys():
update_user['password'] = hash_password(
update_user['password'])
token = gen_token({
key: update_user[key]
for key in self.token_data
})
user = User.query.filter_by(
username=update_user['username']).first()
account = Account.query.filter_by(
id=user.account_id).first()
if 'email' in update_user.keys():
user.email = update_user['email']
user.last_update = dt.now().strftime(
'%Y-%m-%d %H:%M:%S')
error = user.save()
if not error:
if 'role' in update_user.keys():
role = Role.query.filter_by(
role_name=update_user['role']
).first()
account.role_id = role.id
if 'password' in update_user.keys():
account.password = update_user[
'password']
error = account.save()
if not error:
return response(200,
data={
'id': account.id,
'token': token
})
else:
return response(400,
'Current user don\'t has permission')
return error
