def put(self):
user = current_user()
args = user_parser_edit.parse_args()
allowed_fields = user_fields.keys()
for key in args.keys():
if key in allowed_fields:
if key == 'username' and args[key] and User.query.filter_by(
username=args.username).first():
return abort(400, message='Username already taken')
elif key == 'username' and args[key] and not valid_username(
args.username):
return abort(400, message='Username is not valid.')
if key == 'email' and args[key] and not valid_email(args[key]):
return abort(400, message='Wrong email supplied')
if args[key] or args[key] is not None:
setattr(user, key, args[key])
if (key == 'password' and args.password
and args.password_confirmation and args.current_password):
if args.password_confirmation != args.password:
return abort(400, message='Passwords don\'t match.')
elif not User.verify_hash(args.current_password,
user.password):
return abort(400,
message='The current password is incorrect')
user.password = User.generate_hash(args.password)
tokens = TokenBlacklist.query.filter_by(
user_identity=str(user.id)).all()
for token in tokens:
db.session.delete(token)
db.session.commit()
return marshal(user, user_fields)
def refresh():
# Do the same thing that we did in the login endpoint here
user = current_user()
access_token = create_access_token(identity=user.id)
add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
return jsonify({
'access_token': access_token,
'refresh_token': request.headers.get('Authorization')[7:]
}), 201
def delete(self):
args = delete_answer_parser.parse_args()
answer = CovidAnswer.query.filter_by(user=current_user()).filter_by(
id=args.answer).first()
if answer:
answer.deleted_at = datetime.datetime.now()
db.session.commit()
return jsonify({'success': 1})
return jsonify({'success': 0})
def delete(self):
args = delete_question_parser.parse_args()
question = CovidQuestion.query.filter_by(
user=current_user()).filter_by(id=args.question).first()
if question:
question.deleted_at = datetime.datetime.now()
db.session.commit()
return jsonify({'success': 1})
return jsonify({'success': 0})
def post(self):
args = rating_parser.parse_args()
answer = CovidAnswer.query.filter_by(user=current_user()).filter_by(
id=args.answer).first()
rating = AnswerRating.query.filter_by(user=current_user()).filter_by(
answer=answer).first() if answer else None
if answer and not rating:
db.session.add(
AnswerRating(answer=answer,
rating=args.rating,
user=current_user()))
db.session.commit()
return jsonify({'success': 1, 'new_rating': answer.average_rating})
elif answer and rating:
rating.rating = args.rating
db.session.commit()
return jsonify({'success': 1, 'new_rating': answer.average_rating})
return jsonify({'success': 0})
def post(self):
args = question_new_parser.parse_args()
db.session.add(
CovidQuestion(
title=args.title,
question=args.question,
anon=args.anon,
user=current_user() if not args.anon else None,
))
db.session.commit()
return jsonify({'success': 1})
def logout():
user = current_user()
args = logout_parser.parse_args()
# TODO: Delete auth token
decoded_token = decode_token(request.headers.get('Authorization')[7:])
token = TokenBlacklist.query.filter_by(jti=decoded_token['jti']).first()
revoke_token(token.id, user.id)
if token:
db.session.delete(push_token)
db.session.commit()
return {'success': 1}, 200
def get(self):
args = user_parser.parse_args()
user = current_user()
if not args.user:
users = User.query.all()
return [marshal(u, user_fields) for u in users]
query = User.query.filter_by(username=args.user)
try:
int(args.user)
query = User.query.filter_by(id=args.user)
except ValueError:
pass
return marshal(user, user_fields)
def post(self):
args = answer_new_parser.parse_args()
question = CovidQuestion.query.filter_by(id=args.question).filter_by(
deleted_at=None).first()
if not question:
abort(400, message='Wrong question or it has been deleted')
db.session.add(
CovidAnswer(
answer=args.answer,
question=question,
user=current_user(),
))
db.session.commit()
return jsonify({'success': 1})
def modify_token(token_id):
# Get and verify the desired revoked status from the body
json_data = request.get_json(silent=True)
if not json_data:
return jsonify({"msg": "Missing 'revoke' in body"}), 400
revoke = json_data.get('revoke', None)
if revoke is None:
return jsonify({"msg": "Missing 'revoke' in body"}), 400
if not isinstance(revoke, bool):
return jsonify({"msg": "'revoke' must be a boolean"}), 400
# Revoke or unrevoke the token based on what was passed to this function
user = current_user()
try:
if revoke:
revoke_token(token_id, user.id)
return jsonify({'msg': 'Token revoked'}), 200
else:
unrevoke_token(token_id, user.id)
return jsonify({'msg': 'Token unrevoked'}), 200
except TokenNotFound:
return jsonify({'msg': 'The specified token was not found'}), 404
def get(self):
user = current_user()
return marshal(user, user_fields)
def get_tokens():
user = current_user()
all_tokens = get_user_tokens(str(user.id))
ret = [token.to_dict() for token in all_tokens]
return jsonify(ret), 200