Пример #1
0
def Update(id):
    """ Updates teachers information """
    if not Authorization.canAccess(session.get('user'), ('admin')):
        return JsonResponse.unauthorized({
            'message':
            'no_access',
            'nice_message':
            'You do not have access to this function. Contact system administrator.'
        })

    first_name = request.form.get('first_name')
    last_name = request.form.get('last_name')
    email = request.form.get('email')
    mobile_phone = request.form.get('mobile_phone')
    password = request.form.get('password')

    if not first_name and not last_name and not email and not mobile_phone and not password:
        return JsonResponse.badRequest({
            'message':
            'missing_parameters',
            'nice_message':
            'Please enter details for the teacher.'
        })

    teachers = TeacherModel.findById(id)

    if not teachers:
        return JsonResponse.notFound({
            'message': 'not_found',
            'nice_message': 'Teacher not found.'
        })

    if first_name:
        teachers.setFirstName(first_name)

    if last_name:
        teachers.setLastName(last_name)

    if email:
        teachers.setEmail(email)

    if mobile_phone:
        teachers.setMobile(mobile_phone)

    if password:
        salt = teachers.getSalt()
        hashedPassword = Security.hashPassword(password, salt)
        teachers.setPassword(hashedPassword)

    try:
        teachers.save()
    except:
        return JsonResponse.badRequest({'error': 'database_error'})

    return JsonResponse.ok()
Пример #2
0
def Create():
    """Creates a new student (JSON) (Post variables: first_name, last_name, email, mobile_phone)"""
    #Change who is authorised
    if not Authorization.canAccess(session.get('user'), ('admin')):
        return JsonResponse.unauthorized({
            'message':
            'no_access',
            'nice_message':
            'You do not have access to this function. Contact system administrator.'
        })

    first_name = request.form.get('first_name')
    last_name = request.form.get('last_name')
    email = request.form.get('email')
    mobile_phone = request.form.get('mobile_phone')
    password = request.form.get('password')
    salt = Security.generateSalt()
    hashedPassword = Security.hashPassword(password, salt)
    student = StudentModel()

    if not first_name or not last_name or not email or not mobile_phone or not password:
        return JsonResponse.badRequest({
            'message':
            'missing_parameters',
            'nice_message':
            'Please fill all fields for the new student.'
        })

    student.setFirstName(first_name)
    student.setLastName(last_name)
    student.setEmail(email)
    student.setMobile(mobile_phone)
    student.setPassword(hashedPassword)
    student.setSalt(salt)

    try:
        student.save()
    except:
        return JsonResponse.badRequest({'error': 'database_error'})

    return JsonResponse.ok()
Пример #3
0
def Create():
    """ Creates a new teacher """
    if not Authorization.canAccess(session.get('user'), ('admin')):
        return JsonResponse.unauthorized({
            'message':
            'no_access',
            'nice_message':
            'You do not have access to this function. Contact system administrator'
        })

    first_name = request.form.get('first_name')
    last_name = request.form.get('last_name')
    email = request.form.get('email')
    mobile_phone = request.form.get('mobile_phone')

    password = request.form.get('password')
    salt = Security.generateSalt()
    hashedPassword = Security.hashPassword(password, salt)

    teachers = TeacherModel()

    if not teachers:
        return JsonResponse.notFound({
            'message': 'not_found',
            'nice_message': 'Teacher not found.'
        })

    teachers.setFirstName(first_name)
    teachers.setLastName(last_name)
    teachers.setEmail(email)
    teachers.setMobile(mobile_phone)
    teachers.setPassword(hashedPassword)
    teachers.setSalt(salt)

    try:
        teachers.save()
    except:
        return JsonResponse.badRequest({'error': 'database_error'})

    return JsonResponse.ok()
Пример #4
0
def Update(id):
    """POST /staff/[id] - Updates staff information (JSON) (Post variables: first_name, last_name, email, mobile_phone, salt, password, role (integer))"""
    #Auth
    if not Authorization.canAccess(session.get('user'), ('admin')):
        return JsonResponse.unauthorized({
            'message':
            'no_access',
            'nice_message':
            'You do not have access to this function. Contact system administrator.'
        })

    first_name = request.form.get('first_name')
    last_name = request.form.get('last_name')
    email = request.form.get('email')
    mobile_phone = request.form.get('mobile_phone')
    password = request.form.get('password')
    role = request.form.get('role')

    if not first_name and not last_name and not email and not mobile_phone and not password and not role:
        #Bad request
        return JsonResponse.badRequest({
            'message':
            'missing_parameters',
            'nice_message':
            'Pleaase enter new details for the staff member'
        })

    staff = StaffModel.findById(id)
    #Not sure on method names
    if first_name:
        staff.setFirstName(first_name)
    if last_name:
        staff.setLastName(last_name)
    if email:
        staff.setEmail(email)
    if mobile_phone:
        staff.setMobile(mobile_phone)
    if role:
        staff.setRole(role)
    #Password hashed here

    if password:
        salt = staff.getSalt()
        hashedPassword = Security.hashPassword(password, salt)
        staff.setPassword(hashedPassword)

    try:
        staff.save()
    except:
        return JsonResponse.badRequest({'error': 'database_error'})

    return JsonResponse.ok()
Пример #5
0
def Create():
    """POST /staff - Creates a new staff member (JSON) 
    (Post variables: first_name, last_name, email, mobile_phone, salt, password, role (integer))"""
    if not Authorization.canAccess(session.get('user'), ('admin')):
        return JsonResponse.unauthorized({
            'message':
            'no_access',
            'nice_message':
            'You do not have access to this function. Contact system administrator.'
        })

    first_name = request.form.get('first_name')
    last_name = request.form.get('last_name')
    email = request.form.get('email')
    mobile_phone = request.form.get('mobile_phone')
    role = request.form.get('role')
    password = request.form.get('password')

    #password = '******' #generatePassword()
    salt = Security.generateSalt()
    hashedPassword = Security.hashPassword(password, salt)

    staff = StaffModel()

    staff.setFirstName(first_name)
    staff.setLastName(last_name)
    staff.setEmail(email)
    staff.setMobile(mobile_phone)
    staff.setRole(role)
    staff.setPassword(hashedPassword)
    staff.setSalt(salt)

    try:
        staff.save()
    except:
        return JsonResponse.badRequest({'error': 'database_error'})

    return JsonResponse.ok()
Пример #6
0
def LoginPost():
    """ Example route, show information about system and current session. """
    if Authorization.isLoggedIn(session.get('user')):
        return redirect(url_for('Campus.List'))

    email = request.form.get('email')
    password = request.form.get('password')

    staff = StaffModel.findBy('email', email)

    if len(staff) != 0:
        staff = staff[0]
        if staff.getPassword() == Security.hashPassword(
                password, staff.getSalt()):
            session['user'] = staff.getId()
            return redirect(url_for('Campus.List'))

    return render_template('auth/login.html', data={'email': email})
Пример #7
0
def Update(id):
    """Updates student information """
    """(JSON) (Post variables: first_name, last_name, email, mobile_phone, password)"""
    #Auth
    if not Authorization.canAccess(session.get('user'), ('admin')):
        return JsonResponse.unauthorized()

    first_name = request.form.get('first_name')
    last_name = request.form.get('last_name')
    email = request.form.get('email')
    mobile_phone = request.form.get('mobile_phone')
    password = request.form.get('password')

    if not first_name and not last_name and not email and not mobile_phone and not password:
        #Bad request
        return JsonResponse.badRequest({
            'message':
            'missing_parameters',
            'nice_message':
            'Please fill out new information for the student.'
        })

    student = StudentModel.findById(id)
    #Not sure on method names
    if first_name:
        student.setFirstName(first_name)
    if last_name:
        student.setLastName(last_name)
    if email:
        student.setEmail(email)
    if mobile_phone:
        student.setMobile(mobile_phone)
    #Password hashed here
    if password:
        salt = student.getSalt()
        hashedPassword = Security.hashPassword(password, salt)
        student.setPassword(hashedPassword)

    try:
        student.save()
    except:
        return JsonResponse.badRequest({'error': 'database_error'})

    return JsonResponse.ok()
Пример #8
0
def SessionLogin():
    if 'X-App-Token' in request.headers and ApiSession.isValid(request):
        return JsonResponse.ok({'token': request.headers['X-App-Token']})

    userEmail = request.form.get('email')
    userPassword = request.form.get('password')
    userType = request.form.get('user_type')

    # Step 1: Verify presence of values and validate them
    if not userEmail or not userPassword or not userType:
        return JsonResponse.badRequest({
            'message': 'post_property_missing',
            'nice_message': 'Missing POST property.'
        })

    if userType not in ('student', 'teacher'):
        return JsonResponse.badRequest({
            'message':
            'invalid_user_type',
            'nice_message':
            'Given user type is invalid! Allowable types are: student/teacher.'
        })

    # Step 2: Verify password
    if userType == 'student':
        user = StudentModel.findBy('email', userEmail)
    elif userType == 'teacher':
        user = TeacherModel.findBy('email', userEmail)
    else:
        return JsonResponse.internalServerError({
            'message':
            'unexpected_user_type',
            'nice_message':
            'Unexpected user type. Contact system administrator.'
        })

    if len(user) != 1:
        return JsonResponse.unauthorized({
            'message':
            'invalid_credentials',
            'nice_message':
            'Supplied credentials (email/password) are invalid.'
        })

    user = user[0]

    salt = user.getSalt()

    hashedPassword = Security.hashPassword(userPassword, salt)

    if hashedPassword != user.getPassword():
        return JsonResponse.unauthorized({
            'message':
            'invalid_credentials',
            'nice_message':
            'Supplied credentials (email/password) are invalid.'
        })

    userId = user.getId()

    # Step 3: Create session
    ipAddress = request.remote_addr

    if Config.getValue('DEPLOYMENT') == 'heroku':
        ipAddress = request.headers['X-Forwarded-For']

    token = ApiSession.create(userId, userType, ipAddress,
                              request.headers['User-Agent'])

    if token:
        return JsonResponse.ok({'token': token})

    return JsonResponse.internalServerError({
        'message':
        'session_generation_failed',
        'nice_message':
        'Session generation failed. Contact system administrator.'
    })