def validateAdminSession(self, token):
res = self.validateSession(token)
if Status.assertStatus(res, Status.AUTHORIZED):
self.cursor.execute(
"SELECT admin FROM users WHERE `session_token`= %s", [token])
res = self.cursor.fetchall()
if len(res) != 0:
if res[0][0] == 1:
return Status.authorized("You are an administrator", token)
return Status.not_authorized('You are not an administrator')
def validateSession(self, token):
if len(token) < 1:
return Status.error("Your `x-auth` header must least 1 character")
now = time.time()
self.cursor.execute(
"SELECT expires_on FROM users WHERE `session_token`= %s and `expires_on`>%s and `enabled`=1",
[token, now])
res = self.cursor.fetchall()
if len(res) == 0:
return Status.not_authorized("Your validation has failed")
expiresOn = now + self.sessionLength
self.cursor.execute(
"UPDATE users set expires_on = %s WHERE `session_token`= %s",
[expiresOn, token])
self.db.commit()
return Status.authorized("Your token is good", token)
def login(self, user):
if 'username' not in user or 'password' not in user:
return Status.error('Must Provide Both Username and Password')
login = [
user['username'],
self._hash(user['password'], user['username'])
]
self.cursor.execute(
"SELECT id,enabled FROM users WHERE `user_name`= %s and `password_hash`= %s",
login)
res = self.cursor.fetchall()
if len(res) == 0:
return Status.not_authorized("Your login has failed")
if res[0][1] == 0:
return Status.not_authorized("Your Account is not yet validated")
newSession = self._generateSessionId()
expiresOn = time.time() + self.sessionLength
self.cursor.execute(
"UPDATE users set session_token = %s, expires_on = %s WHERE `user_name`= %s and `password_hash`= %s",
[newSession, expiresOn] + login)
self.db.commit()
return Status.authorized('You have logged in', newSession)
def addUser(self, user):
try:
password = self._hash(user['password'], user['username'])
userData = [user['username'], password, user['email']]
loginCheck = [user['username'], user['email']]
except KeyError as e:
return
self.cursor.execute(
"SELECT id FROM users WHERE `user_name`= %s or `email`= %s",
loginCheck)
res = self.cursor.fetchall()
if len(res) > 0:
return Status.warn("Account Already Exists")
self.cursor.execute(
"INSERT INTO users (`user_name`,`password_hash`,`email`) VALUES (%s,%s,%s)",
userData)
self.db.commit()
def describeHistoric():
res = validate()
if not Status.assertStatus(res, Status.AUTHORIZED):
return Status.not_authorized("You are not authorized to do this")
body = getContentBody()
return Status.json(db.describeHistoricValues(body['account_id']))
def describeCurrent():
res = validate()
if not Status.assertStatus(res, Status.AUTHORIZED):
return Status.not_authorized("You are not authorized to do this")
return Status.json(db.describeValues("account_id"))
def destroySession(self, token):
self.cursor.execute(
"UPDATE users set session_token = '', expires_on = 0 WHERE `session_token`= %s",
[token])
self.db.commit()
return Status.ok("You have been logged out")