def post(cls):
password_recovery_request_id = request.get_json(
)["password_recovery_request_id"]
new_password = request.get_json()["new_password"]
# find password_recovery_request by id
password_recovery_request = PasswordRecoveryRequestModel.find_by_id(
password_recovery_request_id)
# Nor found
if password_recovery_request is None:
raise NotFoundError()
# Already expired
if password_recovery_request.expired:
raise BadRequest("Link expired")
# Password already changed
if password_recovery_request.change_made:
raise BadRequest("Link not available")
userFound = UserModel.find_by_id(password_recovery_request.user_id)
# Hash the password
hashed_pass = custom_pbkdf2.hash(new_password)
userFound.password = hashed_pass
userFound.save_to_db()
# update recover_password_request
password_recovery_request.change_made = True
password_recovery_request.save_to_db()
return {"message": "Password changed"}, 200
def post(self):
# get user data
user = request.get_json()["user"]
user_email = user.get("email")
user_password = user.get("password")
# find user by email
userFound = UserModel.find_by_email(user_email)
# compare passwords
if userFound and custom_pbkdf2.verify(user_password,
userFound.password):
# create token
access_token = create_access_token(identity=userFound.id,
expires_delta=False,
fresh=True)
# create refresh token
refresh_token = create_refresh_token(userFound.id)
resp = make_response({
"user": {
"id": userFound.id,
"username": userFound.username,
"email": userFound.email,
}
})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
raise BadRequest("Invalid credentials")
def put(cls):
# get user id
user_id = get_jwt_identity()
# get current password
currentPassword = request.get_json()["currentPassword"]
# get new password
newPassword = request.get_json()["newPassword"]
# find user
user = UserModel.find_by_id(user_id)
# check if curent password provided is valid
if custom_pbkdf2.verify(currentPassword, user.password):
# hash and update password
newHashedPassword = custom_pbkdf2.hash(newPassword)
user.password = newHashedPassword
user.save_to_db()
return {"message": "Password updated"}, 200
else:
raise BadRequest("Incorrect password")
def put(cls):
# get user id
user_id = get_jwt_identity()
# get new email
newemail = request.get_json()["email"]
try:
if UserModel.find_by_email(newemail):
raise BadRequest("Email already exists")
else:
# save new email
user = UserModel.find_by_id(user_id)
user.email = newemail
user.save_to_db()
# send confirmation
# confirmation = ConfirmationModel(user.id)
# confirmation.save_to_db()
# user.send_confirmation_email()
return {"message": "Email updated", "email": newemail}, 200
except:
return {"message": "Error"}, 500
def wrapper(*args, **kwargs):
try:
schema().load(request.get_json(), many=many)
return func(*args, **kwargs)
except ValidationError as err:
raise BadRequest("Invalid input")
def get(cls, password_recovery_request_id: str):
# find password_recovery_request by id
password_recovery_request = PasswordRecoveryRequestModel.find_by_id(
password_recovery_request_id)
# Nor found
if password_recovery_request is None:
raise NotFoundError()
# Confirmartion expired
if password_recovery_request.expired:
raise BadRequest("Link expired")
# Already confirmed
if password_recovery_request.change_made:
raise BadRequest("Link not available")
return {"change_made": False}, 200
def post(self):
# create user model
user_json = request.get_json().get("user")
user = user_schema.load(user_json)
# check email and userame
if UserModel.find_by_username(user.username):
raise BadRequest("A user with that username already exists")
if UserModel.find_by_email(user.email):
raise BadRequest("A user with that email already exists")
# Hash the password
hashed_pass = custom_pbkdf2.hash(user.password)
user.password = hashed_pass
# save user
user.save_to_db()
# create confirmation
# confirmation = ConfirmationModel(user.id)
# confirmation.save_to_db()
# user.send_confirmation_email()
# create token
access_token = create_access_token(identity=user.id,
expires_delta=False,
fresh=True)
# create refresh token
refresh_token = create_refresh_token(user.id)
return {
"user": {
"id": user.id,
"username": user.username,
"email": user.email,
"access_token": access_token,
"refresh_token": refresh_token,
},
"message": "User created!",
}, 201
def wrapper(*args, **kwargs):
token = request.get_json().get("token")
result = RecaptchaManager.verify_recaptcha(token)
if not result:
raise BadRequest("Can't validate user ineraction")
return func(*args, **kwargs)
def put(cls):
# get user id
user_id = get_jwt_identity()
# new username
newusername = request.get_json()["username"]
# check if username already exists
if UserModel.find_by_username(newusername):
raise BadRequest("Username already exists")
else:
# save new user name
user = UserModel.find_by_id(user_id)
user.username = newusername
user.save_to_db()
return {"message": "Username updated", "username": newusername}, 200