def api_users_password(): """ --- tags: - User management post: summary: User management, change password description: change password consumes: - application/json produces: - application/json parameters: - name: body in: body required: true schema: type: object properties: username: type: string example: test new_password: type: string example: secret new_password_verify: type: string example: secret responses: 200: description: application token content: application/json: schema: type: object """ data = request.json min_length = 5 new_password = data['new_password'] new_password_verify = data['new_password_verify'] if len(new_password) < min_length: return jsonify({ 'status': False, 'message': 'new password must be at least {min_length} characters long'. format(min_length=min_length) }), 400 if new_password != new_password_verify: return jsonify({ 'status': False, 'message': 'passwords don\'t match' }), 400 session_user = session['username'] result = UserManagement().password(session_user=session_user, clear_password=data['new_password']) return jsonify(result)
def api_users_del(): """ --- tags: - User management delete: summary: User management, delete user description: delete user consumes: - application/json produces: - application/json parameters: - name: body in: body required: true schema: type: object properties: username: type: string example: test responses: 200: description: application token content: application/json: schema: type: object """ data = request.json session_user = session['username'] result = UserManagement().delete(session_user=session_user, username=data['username']) return jsonify(result)
def api_user_query(): """ --- tags: - User management get: summary: User management, query single user description: query single user consumes: - application/json produces: - application/json parameters: - name: body in: body required: true schema: type: object properties: username: type: string example: test responses: 200: description: application token content: application/json: schema: type: object """ data = request.json result = UserManagement().list_user(username=data['username']) return jsonify(result)
def verify_auth_token(token): s = Serializer(Configuration.global_parameters['app'].config['SECRET_KEY']) try: data = s.loads(token) result = UserManagement().list_user(data['id']) return result['message']['username'] except (SignatureExpired, BadSignature, Exception): return None # valid token (but expired), invalid token or generic exception
def api_users_add(): """ --- tags: - User management post: summary: User management, add user description: add user consumes: - application/json produces: - application/json parameters: - name: body in: body required: true schema: type: object properties: username: type: string example: test admin: type: boolean example: true password: type: string example: test responses: 200: description: application token content: application/json: schema: type: object """ data = request.json session_user = session['username'] result = UserManagement().add(session_user=session_user, username=data['username'], admin=data['admin'], clear_password=data['password']) return jsonify(result)
def api_users_query(): """ --- tags: - User management get: summary: User management, query all users description: query all users produces: - application/json responses: 200: description: application token content: application/json: schema: type: object """ result = UserManagement().list_users() return jsonify(result)
def api_login(): """ --- tags: - Authentication post: summary: request token description: This server consumes: - application/json produces: - application/json parameters: - name: body in: body required: true schema: type: object properties: username: type: string example: test password: type: string example: test responses: 200: description: application token content: application/json: schema: type: object """ def error_response(error): payload = {'token': '', 'error': error} resp = make_response(jsonify(payload)) resp.headers["Content-Type"] = "application/json" return resp if request.method == 'POST': try: data = request.json username = data['username'] password = data['password'] database = Database() with database: resp = UserManagement().list_user(username=username) if resp['status'] is False: return error_response('Incorrect username/password') users = UserManagement() checks_out = users.check(resp['message'], password) if not checks_out: return error_response('Incorrect username/password') tokens = Token(username) token = tokens.generate_auth_token() if not isinstance(token, str): token = token.decode('utf-8') session['token'] = token session['username'] = username session.modified = True session.new = True session.permanent = True print('login requested') return jsonify({'token': token, 'admin': resp['message']['admin']}) except Exception as error: return error_response(error)
def generate_auth_token(self, expiration=1200): s = Serializer(Configuration.global_parameters['app'].config['SECRET_KEY'], expires_in=expiration) token = s.dumps({'id': self.username}) UserManagement().set_token(session_user=self.username, token=token) return token