Пример #1
0
def logout():
    requestData = request.get_json()

    if 'sessionToken' not in requestData or 'userId' not in requestData:
        return ('No session received', 400)

    sessionToken = requestData['sessionToken']
    userId = requestData['userId']

    query = 'SELECT user_id, session_token FROM Session WHERE user_id = %(uid)s AND session_token = %(token)s'
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)

    if cursor.execute(query, {'uid': userId, 'token': sessionToken}) == 0:
        cursor.close()
        return ('No user or wrong user credentials', 400)

    queryDelete = 'DELETE FROM Session WHERE user_id = %(uid)s'
    res = cursor.execute(queryDelete, {'uid': userId})
    dbConn.commit()
    cursor.close()

    if res == 1:
        return ('', 200)

    return ('something went wrong', 500)
Пример #2
0
def checkIfSalesmanAlreadyRegistered(salesmanCode):
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)
    checkExist = "SELECT Count(*) as total FROM User WHERE salesmanCode = %s"
    cursor.execute(checkExist, (salesmanCode))
    res = cursor.fetchone()['total']
    cursor.close()
    return res > 0
Пример #3
0
def tasks():
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)
    cursor.execute('''SELECT * FROM 
    Task ORDER by date''')
    res = cursor.fetchall()
    cursor.close()
    return jsonify(res)
Пример #4
0
def deleteTask(taskId):
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)
    delete_stmt = "DELETE FROM Task WHERE id = %s"
    res = cursor.execute(delete_stmt, (taskId))
    dbConn.commit()
    cursor.close()
    return (str(res), 200)
Пример #5
0
def insertUser(salesmanCode, salesmanName, salesmanPwd):
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)
    checkExist = "INSERT INTO User(salesmanCode, password, fullname) VALUES(%(code)s, %(pwd)s, %(name)s)"
    res = cursor.execute(
        checkExist, {
            'code': salesmanCode,
            'name': salesmanName,
            'pwd': generate_password_hash(salesmanPwd)
        })
    dbConn.commit()
    cursor.close()
    return res == 1
Пример #6
0
def updateTask(taskId):
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)
    requestData = request.get_json()

    if 'completed' in requestData:

        completed = requestData['completed']
        update_stmt = "UPDATE Task SET completed = %s WHERE id = %s"
        res = cursor.execute(update_stmt, (completed, taskId))
        dbConn.commit()
        cursor.close()
        return (str(res), 200)
    else:
        cursor.close()
        return ('false', 400)
Пример #7
0
def new_task():
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)

    data = request.get_json()

    name = data['name']
    date = data['date']
    details = data['details']

    cursor.execute(
        "INSERT INTO Task (name, date, details) VALUES ('%s','%s','%s')" %
        (name, date, details))

    dbConn.commit()
    cursor.close()
    return ("")
Пример #8
0
def login():
    requestData = request.get_json()

    if 'salesmanCode' not in requestData or 'password' not in requestData:
        return ('Missing credentials', 400)

    salesmanCode = requestData['salesmanCode']
    salesmanPwd = requestData['password']

    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)

    userQuery = "SELECT id, salesmanCode, fullname, password FROM User WHERE salesmanCode = %(code)s"
    res = cursor.execute(userQuery, {"code": salesmanCode})

    if res == 0:
        cursor.close()
        return ("Wrong credentials", 403)

    user = cursor.fetchone()

    if check_password_hash(user['password'], salesmanPwd) is False:
        cursor.close()
        return ("Wrong credentials", 403)

    sessionToken = getSessionToken(user['id'])
    primaveraToken = getToken().get_json()

    if sessionToken == '':
        cursor.close()
        return ('something went wrong', 500)

    cursor.close()

    return (jsonify({
        "userId": user['id'],
        "salesmanCode": salesmanCode,
        "sessionToken": sessionToken,
        "username": user['fullname'],
        "primaveraToken": primaveraToken['access_token']
    }), 200)
Пример #9
0
def loginWithToken():
    requestData = request.get_json()

    if 'userId' not in requestData or 'sessionToken' not in requestData:
        return ('Missing credentials', 400)

    userId = requestData['userId']
    sessionToken = requestData['sessionToken']

    query = 'SELECT user_id, session_token FROM Session WHERE user_id = %(uid)s AND session_token = %(token)s'
    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)

    if cursor.execute(query, {'uid': userId, 'token': sessionToken}) == 0:
        cursor.close()
        return ('Wrong user credentials', 400)

    queryUser = '******'
    cursor.execute(queryUser, {'uid': int(userId)})

    user = cursor.fetchone()
    primaveraToken = getToken().get_json()

    if 'error' in primaveraToken:
        cursor.close()
        return ('Company code not found', 400)

    cursor.close()

    return (jsonify({
        "userId": user['id'],
        "salesmanCode": user['salesmanCode'],
        "sessionToken": sessionToken,
        "username": user['fullname'],
        "primaveraToken": primaveraToken['access_token']
    }), 200)
Пример #10
0
def getSessionToken(userId):

    dbConn = db.get_db()
    cursor = dbConn.cursor(DictCursor)

    sessionQuery = "SELECT session_token FROM Session WHERE user_id = %(id)s"
    res = cursor.execute(sessionQuery, {"id": userId})

    if res == 1:
        cursor.close()
        return cursor.fetchone()['session_token']

    newtoken = secrets.token_hex(64)

    insertQuery = "INSERT INTO Session(user_id, session_token) VALUES(%(uid)s, %(st)s)"
    res = cursor.execute(insertQuery, {'uid': userId, 'st': newtoken})
    dbConn.commit()

    if res == 1:
        cursor.close()
        return newtoken

    cursor.close()
    return ''