def _add_one_user(db: directives.PeeweeSession, username: hug.types.text, password: hug.types.text = None,
role: hug.types.one_of(UserRoles.user_roles()) = UserRoles.USER,
coupons: hug.types.number = 10):
with db.atomic():
name = username.lower()
salt = get_random_string(2)
secret_password = password or get_random_string(12)
hashed_password = hash_pw(name, salt, secret_password)
user = User.create(user_name=name, role=role, salt=salt,
password=hashed_password, coupons=coupons)
user.save()
return {"name": user.user_name, "password": secret_password}
def change_user_pw(db: directives.PeeweeSession, username: hug.types.text, password: hug.types.text, for_real: hug.types.smart_boolean = False):
if not for_real:
print(
f"this would change {username}'s pw to {password}. Run with --for_real if you're sure.")
sys.exit(1)
with db.atomic():
name = username.lower()
salt = get_random_string(2)
secret_password = password
hashed_password = hash_pw(name, salt, secret_password)
user = User.get(User.user_name == username)
user.salt = salt
user.password = hashed_password
user.save()
print(f"{user.user_name}'s pw successfully changed.")
def claim_appointment(db: PeeweeSession, start_date_time: hug.types.text,
user: hug.directives.user):
"""
UPDATE appointment app
SET claim_token = 'claimed'
WHERE app.id
IN (
SELECT a.id FROM appointment a
JOIN timeslot t on a.time_slot_id = t.id
WHERE t.start_date_time = '2020-03-25 08:30:00.000000'
AND a.claim_token isnull
AND NOT a.booked
LIMIT 1
)
RETURNING *
"""
with db.atomic():
try:
if user.role != UserRoles.ANON:
assert user.coupons > 0
start_date_time_object = datetime.fromisoformat(start_date_time)
now = datetime.now(tz=config.Settings.tz).replace(tzinfo=None)
if start_date_time_object < now:
raise ValueError("Can't claim an appointment in the past")
time_slot = TimeSlot.get(
TimeSlot.start_date_time == start_date_time_object)
appointment = Appointment.select() \
.where(
(Appointment.time_slot == time_slot) &
(Appointment.booked == False) &
(Appointment.claim_token.is_null() | (Appointment.claimed_at +
timedelta(
minutes=config.Settings.claim_timeout_min) < now))
) \
.order_by(Appointment.claim_token.desc()) \
.get()
appointment.claim_token = get_random_string(32)
appointment.claimed_at = now
appointment.save()
return appointment.claim_token
except DoesNotExist as e:
raise hug.HTTPGone
except ValueError as e:
raise hug.HTTPBadRequest
except AssertionError as e:
raise hug.HTTPBadRequest
def put_user(db: PeeweeSession, newUserName: hug.types.text, newUserPassword: hug.types.text,
newUserPasswordConfirm: hug.types.text):
if newUserPassword != newUserPasswordConfirm:
raise hug.HTTPBadRequest
with db.atomic():
try:
name = newUserName.lower()
salt = get_random_string(2)
secret_password = newUserPassword
hashed_password = hash_pw(name, salt, secret_password)
user = User.create(user_name=name, role=UserRoles.USER, salt=salt, password=hashed_password, coupons=10)
user.save()
return {
"username": user.user_name
}
except IntegrityError:
raise hug.HTTPConflict('User already exists.')
def patch_user(db: PeeweeSession, body: hug.types.json,
user: hug.directives.user):
old_user_password = body["old_user_password"]
new_user_password = body["new_user_password"]
new_user_password_confirm = body["new_user_password_confirm"]
if new_user_password != new_user_password_confirm:
raise hug.HTTPBadRequest
with db.atomic():
try:
if user.password != hash_pw(user.user_name, user.salt,
old_user_password):
raise hug.HTTPBadRequest
salt = get_random_string(2)
secret_password = new_user_password
hashed_password = hash_pw(user.user_name, salt, secret_password)
user.salt = salt
user.password = hashed_password
user.save()
log.info(f"updated {user.user_name}'s pw.")
return "updated"
except DoesNotExist as e:
raise hug.HTTPBadRequest
except ValueError as e:
raise hug.HTTPBadRequest
