def get(self):
"""
Get User Info
"""
if 'X-API-KEY' in request.headers:
apiKey = request.headers['X-API-KEY']
adminKeyCheck = apiFunc.isValidAdminKey(apiKey)
if adminKeyCheck is True:
args = getUser.parse_args()
if 'username' in args:
username = args['username']
userQuery = Sec.User.query.filter_by(
username=username).all()
db.session.commit()
return {'results': [ob.serialize() for ob in userQuery]}
else:
userQuery = Sec.User.query.all()
db.session.commit()
return {'results': [ob.serialize() for ob in userQuery]}
else:
args = getUser.parse_args()
if 'username' in args:
username = args['username']
userQuery = Sec.User.query.filter_by(username=username).all()
db.session.commit()
return {'results': [ob.serialize() for ob in userQuery]}
else:
return {'results': {'message': "Request Error"}}, 400
def delete(self):
"""
Delete a User - **Admin API Key Required**
"""
if 'X-API-KEY' in request.headers:
apiKey = request.headers['X-API-KEY']
adminKeyCheck = apiFunc.isValidAdminKey(apiKey)
if adminKeyCheck is True:
args = deleteUser.parse_args()
if 'username' in args:
username = args['username']
userQuery = Sec.User.query.filter_by(
username=username).first()
if userQuery != None:
db.session.delete(userQuery)
db.session.commit()
return {
'results': {
'message': 'User ' + username + ' deleted'
}
}
else:
db.session.commit()
return {
'results': {
'message': "No Such Username"
}
}, 400
return {'results': {'message': "Request Error"}}, 400
def delete(self):
"""
Remove a role from a user - **Admin API Key Required**
"""
if 'X-API-KEY' in request.headers:
apiKey = request.headers['X-API-KEY']
adminKeyCheck = apiFunc.isValidAdminKey(apiKey)
if adminKeyCheck is True:
args = roleArgs.parse_args()
if 'username' and 'role' in args:
username = args['username']
role = (args['role']).title()
userQuery = Sec.User.query.filter_by(
username=username).first()
if userQuery is not None:
roleQuery = Sec.Role.query.filter_by(name=role).first()
if roleQuery is not None:
user_datastore.remove_role_from_user(
userQuery, roleQuery)
db.session.commit()
return {
'results': {
'message':
'Role ' + role + ' removed from ' +
username
}
}
else:
db.session.commit()
return {
'results': {
'message': "No Such Role"
}
}, 400
else:
db.session.commit()
return {
'results': {
'message': "No Such Username"
}
}, 400
db.session.commit()
return {'results': {'message': "Request Error"}}, 400
def post(self):
"""
Create a New User - **Admin API Key Required**
"""
if 'X-API-KEY' in request.headers:
apiKey = request.headers['X-API-KEY']
adminKeyCheck = apiFunc.isValidAdminKey(apiKey)
if adminKeyCheck is True:
args = newUserPost.parse_args()
if 'username' in args and 'email' in args and 'password' in args:
username = args['username']
email = args['email']
# Email Address Validation
if not re.match(r"[^@]+@[^@]+\.[^@]+", email):
db.session.commit()
return {
'results': {
'message': "Invalid Email Format"
}
}, 400
# Perform Existing Checks
existingUserQuery = Sec.User.query.filter_by(
username=username).first()
if existingUserQuery != None:
db.session.commit()
return {
'results': {
'message': "Username already Exists"
}
}, 400
existingEmailQuery = Sec.User.query.filter_by(
email=email).first()
if existingEmailQuery != None:
db.session.commit()
return {
'results': {
'message': "Email Address already Exists"
}
}, 400
password = hash_password(args['password'])
user_datastore.creatuser_datastore.create_user(
email=email,
username=username,
password=password,
active=True,
confirmed_at=datetime.datetime.utcnow(),
authType=0)
defaultRoleQuery = Sec.Role.query.filter_by(
default=True).all()
newUserQuery = Sec.User.query.filter_by(
email=email, username=username).first()
for role in defaultRoleQuery:
user_datastore.add_role_to_user(
newUserQuery, role.name)
newUserQuery.authType = 0
newUserQuery.xmppToken = str(os.urandom(32).hex())
newUserQuery.uuid = str(uuid.uuid4())
db.session.commit()
return {'results': newUserQuery.serialize()}
return {'results': {'message': "Request Error"}}, 400