def new_role(): name = request.get_json().get('name') description = request.get_json().get('description') if not name or not description: return bad_request('Please provide name & description') role_group_id = request.get_json().get('role_group_id') role_group_name = request.get_json().get('role_group_name') if not role_group_id and not role_group_name: return bad_request('Please provide role group id or name') role_group = None if role_group_id: role_group = RoleGroup.get_by(id=role_group_id) elif role_group_name: role_group = RoleGroup.get_by(name=role_group_name) if not role_group: return bad_request('Please provide a valid role group id or name') try: new_item = Role(name=name, description=description) new_item.role_group = role_group db.session.add(new_item) db.session.commit() except IntegrityError: db.session.rollback() return bad_request('Already in DB') response = { 'data': { 'url': url_for('.get_role', item_id=new_item.id, _external=True), 'message': 'created', } } current_app.logger.info('New role created %s', new_item) return jsonify(response), 201
def new_transaction(): data = request.get_json() # 400: bad request check if data is None: return errors.bad_request('expected json data in body') required = ['file_hash', 'author_key', 'signature'] if not all(k in data for k in required): return errors.bad_request( 'missing values, must provide file_hash, author_key, signature') # check if txn already exists in blockchain file = File.query.filter_by(file_hash=data['file_hash']).first() if file is not None: return errors.error_response(403, 'file already exists') # check if txn already exists in txn pool for txn in blockchain.transaction_pool: if data['file_hash'] == txn.file_hash: return errors.error_response( 403, 'file in transaction pool, wait for block to be mined') blockchain.add_transaction(data) respone = {'message': 'Transaction will be added to Block #{}'.format( blockchain.current_block.index + 1 )} return jsonify(respone), 201
def create_thread(): app.logger.debug(f'Receive request: {request.data}') request_data = request.get_json() or {} if 'forum_id' not in request_data: bad_request('must include a forum_id') all_column_names = Thread.__table__.columns.keys() insert_data = { k: v for k, v in request_data.items() if k in all_column_names } insert_data['creator_id'] = token_auth.current_user().id insert_data['creation_timestamp'] = datetime.utcnow() insert_data['deleted'] = False insert_data_list = [(k, v) for k, v in insert_data.items()] insert_thread_query = f""" INSERT INTO thread ({', '.join([k for k, v in insert_data_list])}) VALUES ({', '.join([f"'{v}'" for k, v in insert_data_list])}) RETURNING thread.id """ query_result = database.session.execute(insert_thread_query) database.session.commit() new_thread_id = [r for r in query_result][0][0] response = jsonify({'thread_id': new_thread_id}) response.status_code = 201 response.headers['Location'] = url_for('get_thread', thread_id=new_thread_id) return response
def create_user(): app.logger.debug(f'Receive request: {request.data}') data = request.get_json() or {} if 'username' not in data or 'email' not in data or 'password' not in data: return bad_request('must include username, email and password fields') name_query = A_USER_QUERY_TEMPLATE.format('username', data['username']) query_result_proxy = database.session.execute(name_query) query_result = [r for r in query_result_proxy] if query_result: return bad_request('please use a different username') user = Users() user.from_dict(data, new_user=True) insert_command = f""" INSERT INTO users (username, email, common_name, password_hash) VALUES ( '{user.username}', '{user.email}', '{user.common_name}', '{user.password_hash}' ) RETURNING users.id """ query_result = database.session.execute(insert_command) database.session.commit() new_user_id = [r for r in query_result][0][0] response = jsonify({'user_id': new_user_id}) response.status_code = 201 response.headers['Location'] = url_for('get_user', user_id=new_user_id) return response
def create_project(): data = request.get_json() or {} project_name = data.get('project_name') owner_name = data.get('owner_name') if not project_name or not owner_name: return bad_request('must include project name or owner_name') if Project.query.filter_by(project_name=project_name).first(): return bad_request('please use a different project name') if not User.query.filter_by(username=owner_name).first(): return bad_request('owner does not exist') project = Project(project_name=project_name, owner_name=owner_name) db.session.add(project) session_commit() project = Project.query.filter_by(project_name=project_name).first() if not project: return bad_request('create project fail') # project.add_user(g.current_user) # admins = User.admins_list() # if admins: # for admin in admins: # project.add_user(admin) # session_commit() data = project.to_dict() response = trueReturn(data, 'create project successfully') # response.status_code = 201 return response
def create_forum(): app.logger.debug(f'Receive request: {request.data}') request_data = request.get_json() or {} if 'name' not in request_data or 'short_name' not in request_data: return bad_request('must include name amd short_name fields') for unique_field_name in ['name', 'short_name']: forum_query = A_FORUM_QUERY_TEMPLATE.format( unique_field_name, request_data[unique_field_name], ) query_result_proxy = database.session.execute(forum_query) query_result = [r for r in query_result_proxy] if query_result: return bad_request(f'please use a different {unique_field_name}') creator_id = token_auth.current_user().id insert_command = f""" INSERT INTO forum (name, short_name, creator_id) VALUES ( '{request_data['name']}', '{request_data['short_name']}', '{creator_id}' ) RETURNING forum.id """ query_result = database.session.execute(insert_command) database.session.commit() new_forum_id = [r for r in query_result][0][0] response = jsonify({'forum_id': new_forum_id}) response.status_code = 201 response.headers['Location'] = url_for('get_forum', forum_id=new_forum_id) return response
def edit_role_group(item_id): new_name = request.get_json().get('name') new_description = request.get_json().get('description') if not new_name or not new_description: return bad_request('Please provide new name or new description') role_group = RoleGroup.get_by(id=item_id) if not role_group: return not_found('item not found') try: role_group.name = new_name role_group.description = new_description db.session.commit() except IntegrityError: db.session.rollback() return bad_request('already in DB') response = { 'data': { 'url': url_for('.get_role_group', item_id=role_group.id, _external=True), } } return jsonify(response)
def put(self, id): """ Edit the name of a bucketlist [PUT] Args: id :the bucketlist identiier Returns: a dictionary of the bucketlist updated """ args = self.reqparse.parse_args() bucketlist = Bucketlist.query.filter_by(id=id, created_by=g.user.id).first() name = args['name'] if not bucketlist: return ({'message': 'bucketlist does not exist.'}, 404) else: if name == bucketlist.name: return ({'message': 'Cannot update with same name.'}, 409) if name: if bucketlist.created_by == g.user.id: bucketlist.name = name db.session.add(bucketlist) db.session.commit() return ({ 'message': 'Update was successfull', 'bucketlist': marshal(bucketlist, bucketlist_field) }, 200) else: return errors.bad_request(' Unauthorised') else: return errors.bad_request('No value provided!')
def api_view(request, user): try: data = json.loads(request.data.decode('utf-8')) except json.JSONDecodeError: return bad_json() # validate fields if 'model' not in data: return bad_request("No `model` prodivded in request") model = data['model'] if 'n' in data: try: n = int(data['n']) except ValueError: return bad_request("Value given for `n` is not valid: " + str(data['n'])) if n < 1: return bad_request("Value given for `n` is less than 1") else: n = 1 if 'refresh' in data: refresh = data['refresh'] if type(refresh) is not bool: return bad_request("Value given for `refresh` is not valid: " + str(refresh)) else: refresh = True # do transaction record = json.dumps({'model': model, 'n': n}) last_trans = Transaction.query.filter_by(request=record, user=user).first() if refresh or last_trans is None: # TODO deal with bad model data_out, cost = jg.generate(model, n) response = json.dumps(data_out) transaction = Transaction(user=user, cost=cost, request=record, response=response, time=datetime.now()) else: response = last_trans.response transaction = Transaction(user=user, cost=last_trans.cost, request=record, response=last_trans.response, time=datetime.now()) db.session.add(transaction) db.session.commit() return response
def update_client(id): """Update the client by id""" client = Client.query.get(id) if not client: return bad_request(404) name = request.json.get("name", '') if not name: return bad_request(405) client.name = name client.save() return jsonify(client.to_dict()), 200
def update_category(id): """Update the category by id""" category = Category.query.get(id) if not category: return bad_request(404) name = request.json.get("name", '') if not name: return bad_request(405) category.name = name category.save() return jsonify(category.to_dict()), 200
def update_client(client_id): """Updates data about client by id""" client = Client.query.get_or_404(client_id) data = request.get_json() or {} if 'address' in data and data['address'] != client.address and \ Client.query.filter_by(address=data['address']).first(): return bad_request('please use a different address') if 'email' in data and data['email'] != client.email and \ Client.query.filter_by(email=data['email']).first(): return bad_request('please use a different email address') client.from_dict(data, new_user=False) db.session.commit() return jsonify(client.to_dict())
def add_user(): request_data = request.get_json() if not request_data: return bad_request("No input data provided") try: data = UserSchema().load(request_data) except ValidationError as err: return error_response(422, err.messages) email = data.get('email') password = data.get('password') firstname = data.get('firstname') lastname = data.get('lastname') username = data.get('username') or \ f'{firstname}{lastname}_{int(random()*1e6)}' try: # check for existing user user_email = User.find_by_identity(data.get('email')) user_username = User.find_by_identity(data.get('username')) if user_email is None and user_username is None: # add new user to db user = User() user.firstname = firstname user.lastname = lastname user.username = username user.email = email user.password = password user.bio = data.get('bio') user.is_active = data.get('is_active') or False user.is_admin = data.get('is_admin') or False user.save() response = jsonify({ 'message': 'Successfully added new user.', }) response.status_code = 201 response.headers['Location'] = url_for( 'users.get_user', id=user.id) return response else: return bad_request('Sorry. That user already exists.') # handle errors except (exc.IntegrityError, ValueError): db.session.rollback() return error_response(500, 'Something went wrong, please try again.')
def create_registering_user(): data = request.args.to_dict() or {} if 'error' in data: return bad_request('Error: ' + data['error']) try: user_uuid = uuid.UUID(data['state']).hex # Check for UUID validity except (ValueError, KeyError): return bad_request('Must include correct UUID in the state') RegisteringUser.query.filter_by(uuid=user_uuid).delete() db.session.commit() registering_user = RegisteringUser(uuid=user_uuid, auth_code=data['code']) db.session.add(registering_user) db.session.commit() return redirect(url_for('static', filename='close.html'))
def create_user(): data = request.get_json() or {} if 'username' not in data or 'vulgo' not in data or 'password' not in data: return bad_request('must include username, vulgo and password fields') if User.query.filter_by(username=data['username']).first(): return bad_request('please use a different username') user = User() user.from_dict(data, new_user=True) db.session.add(user) db.session.commit() response = jsonify(user.to_dict()) response.status_code = 201 response.headers['Location'] = url_for('get_user', id=user.id) return response
def get_project_info(): project_id = request.args.get('project_id', type=int) if not project_id: return bad_request('must include project id') project = g.current_user.followed_projects().filter_by( id=project_id).first() if not project: return bad_request('%s is not the member of project %d' % (g.current_user.username, project_id)) data = project.to_dict() response = trueReturn(data, 'Success') return response
def register(): """ View function which handles users registration. :param username: registered username. :param password: user password. :param email: user email. :param role: role name for new user. :return: a JSON with user token & email confirmation URL. """ username = request.json.get('username') password = request.json.get('password') email = request.json.get('email') role_name = request.json.get('role') if not username or not password or not email or not role_name: return bad_request('Invalid parameters') role = Role.get_by(name=role_name) if not role: return bad_request('Use a valid role please.') try: user = User(email=email, username=username, password=password, login_count=0) user.roles.append(role) db.session.add(user) db.session.commit() except IntegrityError: db.session.rollback() return bad_request('Please use another username/email') expiration = current_app.config.get('SESSION_TTL') token = user.generate_auth_token(expiration=expiration) email_token = user.generate_email_token(expiration=expiration*5) celery_email(subject='Confirm Your Account', recipients=[user.email, ], countdown=5, template='confirm_account', username=username, email_token=email_token.decode('utf-8'), application=current_app.config.get('PROJECT_NAME').upper(), ) response = { 'data': { 'token': token.decode('utf-8'), 'confirm_email_url': url_for('auth.confirm_email', email_token=email_token, _external=True), 'expiration': expiration, } } current_app.logger.info('New user created %s', user) return jsonify(response), 201
def create_post(): app.logger.debug(f'Receive request: {request.data}') request_data = request.get_json() or {} obligatory_fields = ['text', 'thread_id'] for field_name in obligatory_fields: if field_name not in request_data: return bad_request(f'must include the field "{field_name}"') post_text = request_data['text'] thread_id = request_data['thread_id'] author_id = token_auth.current_user().id insert_post_query = f""" INSERT INTO post (text, creation_timestamp, user_id, thread_id, deleted, deleted_by_thread) VALUES ('{post_text}', '{datetime.utcnow()}', '{author_id}', '{thread_id}', FALSE, FALSE) RETURNING post.id """ query_result = database.session.execute(insert_post_query) database.session.commit() new_post_id = [r for r in query_result][0][0] response = jsonify({'post_id': new_post_id}) response.status_code = 201 response.headers['Location'] = url_for('get_post', post_id=new_post_id) return response
def change_my_username(): new_username = request.get_json().get('username') if not new_username: return bad_request('Please provide username') if not User.is_valid_username(new_username): return bad_request('not valid username') g.current_user.username = new_username db.session.commit() response = { 'data': { 'message': 'updated', } } return jsonify(response)
def signin( ) -> Union[Tuple[Response, int, Dict[str, str]], Response, Tuple[str, int]]: """ Login user """ try: if not request.json or not 'email_id' in request.json \ or not 'password' in request.json: return bad_request('Email_id and/or password is missing!') email = request.json.get('email_id') password = request.json.get('password') user = db.session.query(User).filter_by(email=email).first() if user: if bcrypt.check_password_hash(user.password, password): auth_token = user.encode_auth_token(user.id) responseObj = { 'status': 'Success', 'message': 'Successfull login.', 'auth_token': auth_token.decode('utf-8') } return jsonify(responseObj), 201, { 'Content-Type': 'application/json' } else: return redirect("signup", code=303) except Exception as ex: print(ex) return 'try again', 401
def signup() -> Union[Tuple[Response, int, Dict[str, str]], Tuple[str, int]]: """ Signup new user """ try: if not request.json or not 'email_id' in request.json \ or not 'password' in request.json: return bad_request('Email_id and/or password is missing!') email = request.json.get('email_id') password = request.json.get('password') user = User(email=email, password=password) db.session.add(user) db.session.commit() auth_token = user.encode_auth_token(user.id) responseObj = { 'status': 'Success', 'message': 'Successfully signed up.', 'auth_token': auth_token.decode('utf-8') } return jsonify(responseObj), 201, {'Content-Type': 'application/json'} except Exception as ex: print(ex) return 'try again', 401
def receive_object(): #extract request data or none data = request.get_json() or {} #check if required fields exist (auth_token, and item_token) if 'auth_token' not in data or 'item_token' not in data: return bad_request('Auth token and item token must be included') #authorise user from token user = User.check_auth_token(data['auth_token']) #check if user is authorised and is ssame as item's recipient if not user: return error_response(401, 'User not authorised.') #get required item recipient, item = Item.decode_item_token(data['item_token']) #check if item and recipient were found if item and recipient: #if user is same as item's recipient if recipient is user: item.owner = user db.session.commit() #create response response = jsonify( {'message': "Object was succesfully transfered."}) response.status_code = 200 return response else: return error_response(403, 'Resource is forbidden.') else: return error_response(404, 'Item not found.')
def send_object(): #extract request data or none data = request.get_json() or {} #check if required fields exist if 'token' not in data or 'id' not in data or 'login' not in data: return bad_request('Token, id and login fields must be included') #get required item item = Item.query.get(data['id']) #check if the recipient exists recipient = User.query.filter_by(login=data['login']).first() if not item or not recipient: return error_response(404, "Item or recipient doesn't exist.") #get user from token user = User.check_auth_token(data['token']) #check if user was found and if he is owner of the item if user and user is item.owner: response = jsonify({ 'message': 'Item token generated.', 'item_token': item.generate_item_token(data['login']).decode(), }) response.status_code = 200 return response else: return error_response(403, 'Please log in.')
def create_feature(): """Create a feature""" feature_dict = request.get_json(silent=True) if not feature_dict: return bad_request(405) try: target_date = datetime.strptime( feature_dict.get('target_date', '')[0:10], "%Y-%m-%d") feature_dict['target_date'] = target_date feature = Feature(**feature_dict) except: print("Error has occured.") else: feature.save() return jsonify(feature.to_dict()), 201 return bad_request(405)
def update_trip(trip_id): trip = Trip.query.get_or_404(trip_id) if (not trip.status == "ONGOING") and (not trip.status == "PANIC"): return bad_request('Cannot update ' + trip.status + ' trips.') data = request.get_json(silent=True) or {} trip.update_from_dictionary(data) db.session.commit() return jsonify(trip.to_dictionary())
def create_category(): """Create a category""" name = request.json.get("name", '') if not name: return bad_request(405) category = Category(name=name) category.save() return jsonify(category.to_dict()), 201
def update_feature(id): """Update the feature by id""" feature = Feature.query.get(id) # filter_by(Feature.id=id).first() if not feature: return bad_request(404) try: feature_dict = request.get_json(silent=True) target_date = datetime.strptime( feature_dict.get('target_date', '')[0:10], "%Y-%m-%d") feature_dict['target_date'] = target_date feature.__init__(**feature_dict) feature.save() except: print("Cannot update the feature_dict") else: return jsonify(feature.to_dict()), 200 return bad_request(405)
def create_client(): """Create a client""" name = request.json.get("name", '') if not name: return bad_request(405) client = Client(name=name) client.save() return jsonify(client.to_dict()), 201
def remove_role_from_user(item_id, role_name): user = User.get_by(id=item_id) if not user: return not_found('user not found') if role_name not in user.list_roles_names(): return bad_request('user does not has that role') if not user.remove_role(role_name): if len(user.roles) == 1: return bad_request('user only has that role! cannot be removed') else: return not_found('not valid role name') response = { 'data': { 'message': 'Role successfully removed from User.' } } return jsonify(response), 204
def image(): data = request.files['file'] or None if data is None: return bad_request('must include image') results = process_image(data) response = jsonify(results) response.status_code = 201 return response