def post(self):
"""
Creates a new customer.
"""
if not (0 <= request.json["pin"] <= 99999):
raise UnprocessableEntity("The PIN must be of 5 digits")
new_customer = Customer(
customer_mail_address=request.json['mail_address'],
customer_first_name=request.json['first_name'],
customer_last_name=request.json['last_name'],
customer_pin_hash=str(request.json['pin']))
print(new_customer.customer_pin_hash)
db.session.add(new_customer)
try:
db.session.commit()
except OperationalError:
db.session.remove()
raise InternalServerError(
description='Customer table does not exists.')
except IntegrityError:
db.session.remove()
raise Conflict(description=new_customer.__repr__() +
' already exists')
current_app.logger.info(new_customer.__repr__() +
' added to database.')
return {'message': 'Resource created'}, 201
def test_encode_auth_token(self):
user = Customer(customer_mail_address='*****@*****.**',
customer_pin_hash=str(12612),
customer_first_name='foo',
customer_last_name='bar')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token()
self.assertTrue(isinstance(auth_token, bytes))
def test_decode_auth_token(self):
user = Customer(customer_mail_address='*****@*****.**',
customer_pin_hash=str(12612),
customer_first_name='foo',
customer_last_name='bar')
db.session.add(user)
db.session.commit()
auth_token = user.encode_auth_token()
self.assertTrue(isinstance(auth_token, bytes))
resp = Customer.decode_auth_token(auth_token.decode("utf-8"))
if resp['status'] == 'success':
self.assertTrue(resp['customer'] == user.customer_mail_address)
else:
assert False
def post(self):
"""
Performs a purchase operation
"""
data = Customer.decode_auth_token(request.headers['Authorization'])
try:
customer = Customer.query.filter_by(
customer_mail_address=data['customer']).first()
except OperationalError:
raise InternalServerError('Customer table is missing')
purchase = Purchase(
purchase_date=dt.utcnow(),
purchase_customer_mail_address=customer.customer_mail_address)
if customer is None:
raise NotFound(description='Resource ' + customer.__repr__() +
' is not found')
# check if the product is requested more than once
product_list = set()
for details in request.json['purchase_details']:
# adds the product to a set to later check if the product
# appears more than once in the purchase_details
if details['purchase_quantity'] <= 0:
raise UnprocessableEntity('Purchase quantity cannot be <= 0')
product_list.add(details['product_code'])
# If length of set and received entries are different then
# it means some products shows up twice in the list,
# raise 422 HTTP error
if len(product_list) != len(request.json['purchase_details']):
raise UnprocessableEntity('A product has been submitted twice')
# adds the purchase to session
db.session.add(purchase)
for details in request.json['purchase_details']:
product = Product.query.filter_by(
product_code_uuid=details['product_code']).first()
if product is None:
raise NotFound('Product ' + details['product_code'] +
' not found')
if not product.product_availability:
db.session.remove()
raise UnprocessableEntity('Unavailable product selected')
if product.product_quantity <= 0:
db.session.remove()
raise UnprocessableEntity('Product out of stock')
if product.product_quantity < details['purchase_quantity']:
db.session.remove()
raise UnprocessableEntity('Too much quantity requested')
# update the product quantity
product.product_quantity = product.product_quantity - details[
'purchase_quantity']
# create a new association object between a purchase and a product
purchase_item = PurchaseItem(
purchase_item_product_code_uuid=product.product_code_uuid,
purchase_item_purchase_code_uuid=purchase.purchase_code_uuid,
purchase_item_quantity=details['purchase_quantity'])
db.session.add(purchase_item)
db.session.commit()
return {'purchase_uuid': purchase.purchase_code_uuid}, 200
def get_dummy_customer():
"""
Returns an instance of Customer for testing purposes
:return: A Customer object
"""
return Customer(customer_mail_address='*****@*****.**',
customer_pin=generate_password_hash(str(123456)),
customer_first_name='foo',
customer_last_name='bar')
def register_admin_customer():
admin = Customer(customer_mail_address='*****@*****.**',
customer_first_name='admin',
customer_last_name='admin',
customer_pin_hash='12345')
admin.customer_is_admin = True
db.session.add(admin)
try:
db.session.commit()
except IntegrityError:
db.session.remove()
raise Conflict(description=admin.__repr__() + ' already exists')
response = {
'mail_address': admin.customer_mail_address,
'pin': 12345,
'message': 'Login to get an admin token'
}
return response, 200
def post(self, mail_address):
"""
Produce the expense bill
"""
data = Customer.decode_auth_token(request.headers['Authorization'])
if data['customer'] != mail_address:
raise Forbidden(
"You don't have the permission to access the requested resource"
)
return produce_purchase_list(mail_address)
def decorated(*args, **kwargs):
token = None
if 'Authorization' in request.headers:
token = request.headers['Authorization']
data = Customer.decode_auth_token(token)
if data['status'] == 'fail':
return data, 401
if not token:
return {'message': 'Token is missing'}, 401
return f(*args, **kwargs)
def get(self, mail_address):
"""
Get customer data.
"""
token = request.headers['Authorization']
data = Customer.decode_auth_token(token)
if not data['admin'] and data['customer'] != mail_address:
raise Unauthorized()
customer = Customer.query.filter_by(
customer_mail_address=mail_address).first()
if customer is None:
raise NotFound()
return customer, 200
def logout_customer(data):
auth_token = data
if auth_token:
resp = Customer.decode_auth_token(auth_token)
if resp['status'] == 'success':
# mark the token as blacklisted
return save_token(token=auth_token)
else:
return resp, 401
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token'
}
return response_object, 403
def decorated(*args, **kwargs):
token = None
if 'Authorization' in request.headers:
token = request.headers['Authorization']
data = Customer.decode_auth_token(token)
if data['status'] == 'fail':
return data, 401
elif not data['admin']:
return {
'message':
'Admin token required, please login with an admin account'
}, 401
if not token:
return {'message': 'Token is missing'}, 401
return f(*args, **kwargs)
def put(self, mail_address):
"""
Edit customer data.
"""
token = request.headers['Authorization']
data = Customer.decode_auth_token(token)
if data['customer'] != mail_address:
raise Forbidden()
customer = Customer.query.filter_by(
customer_mail_address=mail_address).first()
if customer is None:
raise NotFound()
if 'pin' in request.json.keys():
if not (0 <= request.json["pin"] <= 99999):
raise UnprocessableEntity("The PIN must be 5 digits")
customer.set_password(str(request.json['pin']))
if 'first_name' in request.json.keys():
customer.customer_first_name = request.json['first_name']
if 'last_name' in request.json.keys():
customer.customer_last_name = request.json['last_name']
db.session.commit()
return '', 204
def post(self, purchase_uuid):
data = Customer.decode_auth_token(request.headers['Authorization'])
return undo_purchase(purchase_uuid, data['customer']), 204