def validateSession(cls, serializedSession: str) -> Models.Session: deserialized = cls.deserializeSession(serializedSession) # @TODO -- eventually implement timeout try: session = Models.Session.getById(deserialized.id) except: raise ApiExceptions.UnauthorizedException() if session is not None: return session else: raise ApiExceptions.UnauthorizedException()
def convertIngredientToUnit(self): unit = flask.request.json.get('unit', None) ingredient = flask.request.json.get('ingredient', None) if unit is None or ingredient is None: raise ApiExceptions.BadRequestException() return self.makeResponse( RecipeApi.RecipeApi.convertIngredient(ingredient, unit))
def changePassword(self, userId: str): oldPassword = flask.request.json.get('old') newPassword = flask.request.json.get('new') if self.userId != userId: raise ApiExceptions.ForbiddenException() PasswordChangeApi.PasswordChangeApi.changePasswordForUser(userId, oldPassword, newPassword) return '', 204
def stageUser(cls, email: str, password: str) -> Models.StagedUser: passwordHash, salt, nonce = Encryption.encryptPassword(password) stagedUser = Models.StagedUser(email=email, password=passwordHash, salt=salt, nonce=nonce, created=int(time.time()), token=str(uuid.uuid4())) try: stagedUser.save() except pymongo.errors.DuplicateKeyError: raise ApiExceptions.ConflictException() # check that this name doesn't clash with another user matchingUser = cls.getByUsername(email) if matchingUser is not None: raise ApiExceptions.ConflictException() EmailSender.EmailSender.sendConfirmSignupToken(email, stagedUser.token) return stagedUser
def changePasswordForUser(cls, userId: str, oldPassword: str, newPassword: str): user = Models.User.getById(userId) if user is None: raise ApiExceptions.NotFoundException() # verify the old password expectedPassword = user.password expectedSalt = user.salt expectedNonce = user.nonce if Encryption.comparePasswords(expectedPassword, expectedNonce, expectedSalt, oldPassword): cls._setPasswordOnUser(user, newPassword) else: raise ApiExceptions.ForbiddenException
def loginUser(cls, username: str, password: str) -> (str, Models.User): userLookup = cls.getByUsername(username) if userLookup is not None: expectedPassword = userLookup.password expectedSalt = userLookup.salt expectedNonce = userLookup.nonce if Encryption.comparePasswords(expectedPassword, expectedNonce, expectedSalt, password): # generate a session for the user session = Models.Session( owner=userLookup.id, created=int(time.time()), sessionType='login', ) session.save() return SessionApi.SessionApi.serializeSession( session), userLookup else: raise ApiExceptions.ForbiddenException() else: raise ApiExceptions.NotFoundException()
def generateFromUrl(cls, url: str, userId: str) -> Models.Recipe: try: return RecipeFormatter.RecipeFormatter.parseScraperIntoRecipe( url, userId) except recipe_scrapers.NoSchemaFoundInWildMode: raise ApiExceptions.UnprocessableEntityException()
def parseFromUrl(self): recipeUrl = flask.request.json.get('url', None) if recipeUrl is None: raise ApiExceptions.BadRequestException() return self.makeResponse( RecipeApi.RecipeApi.generateFromUrl(recipeUrl, self.userId))
def getById(self, entityId: str): if self.userId != entityId: raise ApiExceptions.UnauthorizedException() if (entity := UserApi.UserApi.getById(entityId)) is None: raise ApiExceptions.NotFoundException