def delete(self, user_id):
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
args = self.request_parser.parse_args()
password = args['password']
if not password:
return make_response('Password is mandatory!', 400)
user = service.get_user_by_id(user_id)
if user is None:
return make_response('User ' + str(user_id) + ' does not exist!',
404)
else:
existing_password_entry = \
service.find_user_password_by_email(user.email)
if not existing_password_entry.verify_password(password):
logger.warn('Cannot delete user %s (%s): '
'wrong password provided',
user_id, user.email)
return make_response('Wrong password', 400)
service.delete_user(user.email)
logger.info('Deleted user %s (%s)', user_id, user.email)
return redirect('/')
def delete(self, user_id):
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
args = self.request_parser.parse_args()
password = args['password']
if not password:
return make_response('Password is mandatory!', 400)
user = service.get_user_by_id(user_id)
if user is None:
return make_response('User ' + str(user_id) + ' does not exist!',
404)
else:
existing_password_entry = \
service.find_user_password_by_email(user.email)
if not existing_password_entry.verify_password(password):
logger.warn(
'Cannot delete user %s (%s): '
'wrong password provided', user_id, user.email)
return make_response('Wrong password', 400)
service.delete_user(user.email)
logger.info('Deleted user %s (%s)', user_id, user.email)
return redirect('/')
def post(self):
self.request_parser.add_argument('username',
type=str,
required=True,
help='No username is provided')
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
self.request_parser.add_argument('name', type=unicode, required=False)
args = self.request_parser.parse_args()
username = args['username']
password = args['password']
if not username or not password:
return make_response('Username and password are mandatory!', 400)
user = service.find_user_by_email(username)
if user is not None:
logger.warn('User %s already exists', user.email)
return make_response('User already exists', 400)
name = args['name'].encode('utf-8') if args['name'] else ''
user = service.create_new_user(username, password, name)
logger.info('New user %d with email %s has been created!', user.id,
user.email)
return redirect(url_for('main', confirmationSent=True))
def post(self):
self.request_parser.add_argument('username',
type=str,
required=True,
help='No username is provided')
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
self.request_parser.add_argument('name', type=unicode, required=False)
args = self.request_parser.parse_args()
username = args['username']
password = args['password']
if not username or not password:
return make_response('Username and password are mandatory!', 400)
user = service.find_user_by_email(username)
if user is not None:
logger.warn('User %s already exists', user.email)
return make_response('User already exists', 400)
name = args['name'].encode('utf-8') if args['name'] else ''
user = service.create_new_user(username, password, name)
logger.info('New user %d with email %s has been created!', user.id,
user.email)
return redirect(url_for('main', confirmationSent=True))
def confirm_email(user, confirmation_hash):
if confirmation_hash == user.confirmation_hash:
logger.info('User email %s is confirmed', user.email)
user.email_is_confirmed = True
db.session.commit()
return True
else:
logger.warn('User %s tried to use wrong confirmation hash', user.email)
return False
def confirm_email(user, confirmation_hash):
if confirmation_hash == user.confirmation_hash:
logger.info('User email %s is confirmed', user.email)
user.email_is_confirmed = True
db.session.commit()
return True
else:
logger.warn('User %s tried to use wrong confirmation hash',
user.email)
return False
def post(self, user_id):
"""
Updates user information.
:param user_id
:return: Flask response
"""
self.request_parser.add_argument('confirm',
type=str,
required=False)
self.request_parser.add_argument('source',
type=str,
required=False)
self.request_parser.add_argument('name',
type=unicode,
required=False)
self.request_parser.add_argument('last_name',
type=unicode,
required=False)
self.request_parser.add_argument('profession',
type=unicode,
required=False)
self.request_parser.add_argument('birthday',
type=str,
required=False)
args = self.request_parser.parse_args()
user = service.get_user_by_id(user_id)
if not user:
return make_response('User with id ' + str(user_id) +
' does not exist.', 404)
confirm_hash = args['confirm']
if confirm_hash:
if service.confirm_email(user, confirm_hash):
logger.info('User %s confirmed their email %s', user.id,
user.email)
login_user(user)
if args['source']:
return redirect(args['source'])
else:
return redirect('/')
else:
logger.warn('User with email %s tried to confirm their '
'email with wrong hash (expected %s - got %s)',
user.email, user.confirmation_hash,
confirm_hash)
return make_response('The confirmation email link is wrong! '
'The email cannot be confirmed.', 400)
user_updated = service.update_user(args, user)
if user_updated:
return make_response('User has been updated', 201)
else:
return make_response('No request parameters specified!', 400)
def post(self, user_id):
"""
Updates user information.
:param user_id
:return: Flask response
"""
self.request_parser.add_argument('confirm', type=str, required=False)
self.request_parser.add_argument('source', type=str, required=False)
self.request_parser.add_argument('name', type=unicode, required=False)
self.request_parser.add_argument('last_name',
type=unicode,
required=False)
self.request_parser.add_argument('profession',
type=unicode,
required=False)
self.request_parser.add_argument('birthday', type=str, required=False)
args = self.request_parser.parse_args()
user = service.get_user_by_id(user_id)
if not user:
return make_response(
'User with id ' + str(user_id) + ' does not exist.', 404)
confirm_hash = args['confirm']
if confirm_hash:
if service.confirm_email(user, confirm_hash):
logger.info('User %s confirmed their email %s', user.id,
user.email)
login_user(user)
if args['source']:
return redirect(args['source'])
else:
return redirect('/')
else:
logger.warn(
'User with email %s tried to confirm their '
'email with wrong hash (expected %s - got %s)', user.email,
user.confirmation_hash, confirm_hash)
return make_response(
'The confirmation email link is wrong! '
'The email cannot be confirmed.', 400)
user_updated = service.update_user(args, user)
if user_updated:
return make_response('User has been updated', 201)
else:
return make_response('No request parameters specified!', 400)
def post(self):
self.request_parser.add_argument('username',
type=str,
required=True,
help='No username is provided')
self.request_parser.add_argument('password',
type=str,
required=True,
help='No password is provided')
self.request_parser.add_argument('source',
type=str,
required=False)
args = self.request_parser.parse_args()
username = args['username']
password = args['password']
if not username or not password:
return make_response('Username and password are mandatory!', 400)
user = users_service.find_user_by_email(username)
if user is None:
return make_response('User ' + username + ' does not exist!', 404)
else:
logger.info('Logging in with an existing username: %s',
user.email)
existing_password_entry = \
users_service.find_user_password_by_email(username)
if not existing_password_entry.verify_password(password):
logger.warn('User %s tried to login with a wrong password',
user.email)
return make_response('Wrong password', 404)
elif not user.email_is_confirmed:
logger.warn('User %s has not verified their email yet.'
' Login attempt denied.',
user.email)
return make_response(
'Please confirm the email first.'
'The confirmation link is sent to your email.', 403)
else:
login_user(user)
logger.info('User %s logged in', user.email)
if args['source']:
return redirect(args['source'])
else:
return redirect('/')
def update_user(args, user):
user_updated = False
for field in ['name', 'last_name', 'profession', 'birthday']:
if field in args and args[field]:
if field == 'birthday':
new_value = None
try:
new_value = \
datetime.strptime(args[field], '%Y-%m-%d').date()
except ValueError:
logger.warn('Value %s cannot be converted to date',
args[field])
else:
new_value = args[field].encode('utf-8')
if hasattr(user, field) and new_value is not None:
# FIXME: is this ok or not so?
user.__setattr__(field, new_value)
db.session.commit()
logger.info('User %s has been updated. %s has been changed',
user.email, field)
user_updated = True
return user_updated
def update_user(args, user):
user_updated = False
for field in ['name', 'last_name', 'profession', 'birthday']:
if field in args and args[field]:
if field == 'birthday':
new_value = None
try:
new_value = \
datetime.strptime(args[field], '%Y-%m-%d').date()
except ValueError:
logger.warn('Value %s cannot be converted to date',
args[field])
else:
new_value = args[field].encode('utf-8')
if hasattr(user, field) and new_value is not None:
# FIXME: is this ok or not so?
user.__setattr__(field, new_value)
db.session.commit()
logger.info('User %s has been updated. %s has been changed',
user.email, field)
user_updated = True
return user_updated
