def createtoken(username):
spice = os.urandom(10).hex()
token = jwt.encode({
'username': username,
'spice': spice
},
'secret',
algorithm='HS256')
#limit of 5 tokens
preExisting = DB.query('logintokens',
args='WHERE username = \'{u}\''.format(u=username))
if len(preExisting) >= 5:
oldest = datetime.strptime(preExisting[0][2], '%Y-%m-%d %H:%M:%S.%f')
for row in preExisting:
if datetime.strptime(row[2], '%Y-%m-%d %H:%M:%S.%f') < oldest:
oldest = datetime.strptime(row[2], '%Y-%m-%d %H:%M:%S.%f')
DB.delete(
'logintokens',
'username = \'{u}\' AND time = \'{t}\''.format(u=username,
t=str(oldest)))
#store the payload in db
DB.insert("logintokens", ("\'" + username + "\'", "\'" + spice + "\'",
"\'" + str(datetime.now()) + "\'"))
return token.hex()
def cancelBooking():
data = json.loads(request.data)
account = AM.checktoken(data['token'])
#does account exist
if account[0] == False:
return {'code': 'failed', 'message': 'Not logged in.'}
booking = DB.query(
'bookings',
args="WHERE username = \'{u}\' AND bookingID = {bi}".format(
u=account[2], bi=data['bookingID']))
if len(booking) < 1:
return {'code': 'failed', 'message': 'No such booking exists.'}
bookingDate = datetime.strptime(booking[0][4], '%Y-%m-%d')
print(bookingDate)
print(datetime.now())
if datetime.now() >= bookingDate:
return {
'code': 'failed',
'message': 'This date of this booking has already passed.'
}
DB.delete('bookings', 'bookingID = {bi}'.format(bi=data['bookingID']))
DB.delete('transactions', 'bookingID = {bi}'.format(bi=data['bookingID']))
return {'code': 'success', 'message': 'Booking has been cancelled.'}
def logout():
token = json.loads(flask.request.data)['token']
payload = jwt.decode(codecs.decode(token, "hex"),
'secret',
algorithms=('HS256'))
#remove user login tokens
DB.delete(
'logintokens',
'logintokens.username = \'{u}\' AND logintokens.spice = \'{s}\''.
format(u=payload['username'], s=payload['spice']))
return {'code': 'success'}
def approveuser():
data = json.loads(request.data)
username = data['username']
if (AM.checktoken(data['token'])[1] == 'admin'):
row = DB.query('accountrequests',
args='WHERE username = \'{u}\''.format(u=username))
DB.delete('accountrequests',
args='username = \'{u}\''.format(u=username))
DB.insert(
'users',
('\'' + row[0][0] + '\'', '\'' + row[0][1] + '\'', '\'' +
row[0][2] + '\'', '\'user\'', '\'false\'', '(SELECT datetime())'))
return {'code': 'success'}
return {'code': 'failed'}
def deleteRoom():
data = json.loads(request.data)
account = AM.checktoken(data['token'])
if account[1] != 'admin':
return {
'code': 'failed',
'message': 'TYou do not have high enough privilege to do that.'
}
DB.delete(
'rooms', 'floornumber = {fn} AND roomnumber = {rn}'.format(
fn=data['roomid'][:2], rn=data['roomid'][2:]))
DB.delete(
'room_info', 'floornumber = {fn} AND roomnumber = {rn}'.format(
fn=data['roomid'][:2], rn=data['roomid'][2:]))
return {'code': 'success', 'message': 'Room deleted.'}
def changePassword():
data = json.loads(flask.request.data)
account = checktoken(data['token'])
#does account exist
if account[0] == False:
return {'code': 'failed', 'message': 'Not logged in.'}
if not checkpass(account[2], data['oldpass']):
return {'code': 'failed', 'message': 'Incorrect password.'}
newhash = hashpass(data['newpass'])
DB.update(
'users',
'SET hashpass = \'{h}\', salt = \'{s}\' WHERE username = \'{u}\''.
format(u=account[2], s=newhash[0], h=newhash[1]))
DB.delete('logintokens', 'username = \'{u}\''.format(u=account[2]))
return {'code': 'success', 'message': 'Password changed.'}
def removeClient():
# returns code
data = json.loads(request.data)
account = AM.checktoken(data['token'])
print(str(data))
if account[1] != 'agent':
return {'code': 'failed', 'message': 'This is not an agent account.'}
if len(
DB.query('agent_clients',
args="WHERE username = \'{u}\' AND client_email = \'{e}\'"
.format(u=account[2], e=data['client_email']))) != 1:
return {'code': 'failed', 'message': 'Not your client.'}
DB.delete('agent_clients',
'client_email = \'{e}\''.format(e=data['client_email']))
return {'code': 'success', 'message': 'Client removed.'}