Пример #1
0
def api_users_password():
    """
        ---
        tags:
           - User management
        post:
          summary: User management, change password
          description: change password
          consumes:
            - application/json
          produces:
            - application/json
          parameters:
            - name: body
              in: body
              required: true
              schema:
                type: object
                properties:
                  username:
                    type: string
                    example: test
                  new_password:
                    type: string
                    example: secret
                  new_password_verify:
                    type: string
                    example: secret
        responses:
          200:
            description: application token
            content:
              application/json:
                schema:
                  type: object
    """
    data = request.json
    min_length = 5
    new_password = data['new_password']
    new_password_verify = data['new_password_verify']

    if len(new_password) < min_length:
        return jsonify({
            'status':
            False,
            'message':
            'new password must be at least {min_length} characters long'.
            format(min_length=min_length)
        }), 400

    if new_password != new_password_verify:
        return jsonify({
            'status': False,
            'message': 'passwords don\'t match'
        }), 400

    session_user = session['username']
    result = UserManagement().password(session_user=session_user,
                                       clear_password=data['new_password'])
    return jsonify(result)
Пример #2
0
def api_users_del():
    """
        ---
        tags:
           - User management
        delete:
          summary: User management, delete user
          description: delete user
          consumes:
            - application/json
          produces:
            - application/json
          parameters:
            - name: body
              in: body
              required: true
              schema:
                type: object
                properties:
                  username:
                    type: string
                    example: test
        responses:
          200:
            description: application token
            content:
              application/json:
                schema:
                  type: object
    """
    data = request.json
    session_user = session['username']
    result = UserManagement().delete(session_user=session_user,
                                     username=data['username'])
    return jsonify(result)
Пример #3
0
def api_user_query():
    """
        ---
        tags:
           - User management
        get:
          summary: User management, query single user
          description: query single user
          consumes:
            - application/json
          produces:
            - application/json
          parameters:
            - name: body
              in: body
              required: true
              schema:
                type: object
                properties:
                  username:
                    type: string
                    example: test
        responses:
          200:
            description: application token
            content:
              application/json:
                schema:
                  type: object
    """
    data = request.json
    result = UserManagement().list_user(username=data['username'])
    return jsonify(result)
Пример #4
0
 def verify_auth_token(token):
     s = Serializer(Configuration.global_parameters['app'].config['SECRET_KEY'])
     try:
         data = s.loads(token)
         result = UserManagement().list_user(data['id'])
         return result['message']['username']
     except (SignatureExpired, BadSignature, Exception):
         return None  # valid token (but expired), invalid token or generic exception
Пример #5
0
def api_users_add():
    """
        ---
        tags:
           - User management
        post:
          summary: User management, add user
          description: add user
          consumes:
            - application/json
          produces:
            - application/json
          parameters:
            - name: body
              in: body
              required: true
              schema:
                type: object
                properties:
                  username:
                    type: string
                    example: test
                  admin:
                    type: boolean
                    example: true
                  password:
                    type: string
                    example: test
        responses:
          200:
            description: application token
            content:
              application/json:
                schema:
                  type: object
    """
    data = request.json
    session_user = session['username']
    result = UserManagement().add(session_user=session_user,
                                  username=data['username'],
                                  admin=data['admin'],
                                  clear_password=data['password'])
    return jsonify(result)
Пример #6
0
def api_users_query():
    """
        ---
        tags:
           - User management
        get:
          summary: User management, query all users
          description: query all users
          produces:
            - application/json
        responses:
          200:
            description: application token
            content:
              application/json:
                schema:
                  type: object
    """
    result = UserManagement().list_users()
    return jsonify(result)
Пример #7
0
def api_login():
    """
        ---
        tags:
           - Authentication
        post:
          summary: request token
          description: This server
          consumes:
            - application/json
          produces:
            - application/json
          parameters:
            - name: body
              in: body
              required: true
              schema:
                type: object
                properties:
                  username:
                    type: string
                    example: test
                  password:
                    type: string
                    example: test
        responses:
          200:
            description: application token
            content:
              application/json:
                schema:
                  type: object
    """
    def error_response(error):
        payload = {'token': '', 'error': error}
        resp = make_response(jsonify(payload))
        resp.headers["Content-Type"] = "application/json"
        return resp

    if request.method == 'POST':
        try:
            data = request.json
            username = data['username']
            password = data['password']

            database = Database()
            with database:
                resp = UserManagement().list_user(username=username)
                if resp['status'] is False:
                    return error_response('Incorrect username/password')

                users = UserManagement()
                checks_out = users.check(resp['message'], password)
                if not checks_out:
                    return error_response('Incorrect username/password')

            tokens = Token(username)
            token = tokens.generate_auth_token()
            if not isinstance(token, str):
                token = token.decode('utf-8')
            session['token'] = token
            session['username'] = username
            session.modified = True
            session.new = True
            session.permanent = True
            print('login requested')
            return jsonify({'token': token, 'admin': resp['message']['admin']})
        except Exception as error:
            return error_response(error)
Пример #8
0
 def generate_auth_token(self, expiration=1200):
     s = Serializer(Configuration.global_parameters['app'].config['SECRET_KEY'], expires_in=expiration)
     token = s.dumps({'id': self.username})
     UserManagement().set_token(session_user=self.username, token=token)
     return token