def get_evacuation_assistance(request): """ returns a json on success with the following data { "evacuation_assistance": "Y" <- Or null } """ # Pull the jwt from the POST request jwt = request.META.get(JWT_Headers_Key) try: j.validate_token(jwt) except Exception as e: return HttpResponse(str(e), status=http_unauthorized_response) # Grab username from the token payload = j.grab_token_payload(jwt) user_pidm = Identity.objects.get(username=payload['username']).pidm # Now we query the emergency table for any info the user has listed # SELECT * FROM Emergency WHERE Emergency.pidm = user_pidm user_entry = Emergency.objects.filter(pidm=user_pidm) # No info found for this user's valid request results in a 204, No Content if len(user_entry) < 1: return HttpResponse("No emergency info found", status=http_no_content_response) # Otherwise return evacuation assistance status in their json format emergency_info = list(user_entry.values('evacuation_assistance')) return JsonResponse(emergency_info, safe=False)
def get_emergency_notifications(request): """ Only available as a POST request expects 'jwt': JWT JWT Body: { first_name (str) last_name (str) username (str) email (str) } returns a json on success with the following data { "alternate_phone": "XXXXXXXXXX", <- no dashes "primary_phone": "XXXXXXXXXX", <- no dashes "sms_device": "XXXXXXXXXX", <- no dashes "external_email": "*****@*****.**", "campus_email": "*****@*****.**", "activity_date": "YYYY-MM-DDTHH:MM:SS", <- YearMonthDayTHour:MinuteSecond "sms_status_ind": "Y" <- Or null } NOTE: Any of these values can be null, make sure to check in front-end """ # Pull the jwt from the POST request jwt = request.META.get(JWT_Headers_Key) try: j.validate_token(jwt) except Exception as e: return HttpResponse(str(e), status=http_unauthorized_response) # Grab username from the token payload = j.grab_token_payload(jwt) user_pidm = Identity.objects.get(username=payload['username']).pidm # Now we query the emergency table for any info the user has listed # SELECT * FROM Emergency WHERE Emergency.pidm = user_pidm user_entry = Emergency.objects.filter(pidm=user_pidm) # No info found for this user's valid request results in a 204, No Content if len(user_entry) < 1: return HttpResponse("No emergency info found", status=http_no_content_response) # Otherwise return all emergency info in their json format # We want every field except for the pidm, as there is no need to expose front-end to database specifics emergency_info = list(user_entry.values('external_email', 'campus_email', 'primary_phone', 'alternate_phone', 'sms_status_ind', 'sms_device')) # Return the list of user's emergency info, safe=false means we can return non-dictionary items return JsonResponse(emergency_info, safe=False)
def get_emergency_contacts(request): """ Validates the jwt issued, then returns relevent emergency contact info if jwt fails to validate, then return Unauthorized Error(401) if user has no contacts, return No Content(204) Body: { first_name (str) last_name (str) username (str) email (str) } returns a json on success with the following data { { surrogate_id: xxxx contact info... }, { surrogate_id: xxxx contact info... }, ... } If the user has no contacts, returns a No Content(204) if JWT fails to validate return Unauthorized Error(401) """ # Pull the jwt from the POST request jwt = request.META.get(JWT_Headers_Key) try: j.validate_token(jwt) except Exception as e: return HttpResponse(str(e), status=http_unauthorized_response) payload = j.grab_token_payload(jwt) user_pidm = Identity.objects.get(username=payload['username']).pidm # Now we can query the contact table for any contacts that this user has listed contacts = Contact.objects.filter(pidm=user_pidm) # No contacts for this user's valid request results in a 204, No Content if len(contacts) < 1: return HttpResponse("No contacts found", status=http_no_content_response) # Otherwise return all contacts in their json form contact_list = list(contacts.values()) return JsonResponse(contact_list, safe=False)
def test_grab_token_payload(self): """ Testing the payload-grabbing of JWTs The payload/claims used to generate a JWT should matche the output from the grab_token_payload function """ """Testing valid and invalid comparisons""" for data in self.good_data_list: jwt = jwt_placeholder.generate_token(data) data_from_JWT = jwt_placeholder.grab_token_payload(jwt) """Valid comparison - should be True""" self.assertTrue(data == data_from_JWT) """Invalid comparison - should be False""" for bad_data in self.bad_data_list: self.assertFalse(bad_data == data_from_JWT)
def set_emergency_notifications(request): """ Updates the user's status on the Emergency assistance table """ jwt = request.META.get(JWT_Headers_Key) try: j.validate_token(jwt) except Exception as e: return HttpResponse(str(e), status=http_unauthorized_response) payload = j.grab_token_payload(jwt) user_pidm = Identity.objects.get(username=payload['username']).pidm user_email = payload['email'] # Determine if the user is already in the emergency registry query = Emergency.objects.filter(pidm=user_pidm) if len(query) < 1: entry = None user_exists = False else: # Might as well grab the Emergency entry here entry = query[0] user_exists = True form = SetEmergencyNotificationsForm(request.POST, instance=entry) if form.is_valid(): if user_exists == True: form.save() return HttpResponse("Updated successfully.") else: new_entry = form.save(commit=False) new_entry.pidm = user_pidm new_entry.campus_email = user_email new_entry.save() return HttpResponse("Created successfully.") else: return HttpResponse("errors:" + str(form.errors), status=http_unprocessable_entity_response)
def update_emergency_contact(request, surrogate_id=None): """ Update the database information regarding the emergency contact information. This could imply either submitting a new emergency contact, or deleting the existing emergency contact. """ # extract JWT from post request in uniform fashion to above JWT code jwt = request.META.get(JWT_Headers_Key) # Validate JWT try: j.validate_token(jwt) except Exception as e: return HttpResponse(str(e), status=401) # Extract jwt payload payload = j.grab_token_payload(jwt) # First, we extract the checkbox data and determine if we need to branch if request.method == "DELETE": # checking whether surrogate id is given, and exists in database if surrogate_id == None: return HttpResponse("No Surrogate ID given for deleting contact!", status=422) try: entry = Contact.objects.get(surrogate_id=surrogate_id) except Contact.DoesNotExist: return HttpResponse("No contact found.") # checking whether user request has matching pidm with contact that has the surrogate id user_pidm = Identity.objects.get(username=payload['username']).pidm if entry.pidm != user_pidm: return HttpResponse("No contact found", status=http_unprocessable_entity_response) else: # any contacts that is belong to the same user and have lower priority got promoted, before deleting the entry Contact.objects.filter(pidm=entry.pidm, priority__gt=entry.priority).update(priority=F('priority') - 1) entry.delete() return HttpResponse("Successfully deleted emergency contact.", status=200) # End of deletion branch ============================================================== else: # first, decide if we are updating or creating # based upon if the surrogate_id already exists surrogate_id = request.POST.get('surrogate_id') if surrogate_id: # if given surrogate id does not match in table, throws error try: entry = Contact.objects.get(surrogate_id=surrogate_id) except Contact.DoesNotExist: return HttpResponse("Invalid surrogate id", status=http_unprocessable_entity_response) contact_exists = True # also record the priority before proceeding, to decide whether other contacts belong to the same user need demotion or promotion old_priority = int(entry.priority) else: entry = None contact_exists = False # Grab the pidm from the JWT jwt_pidm = Identity.objects.get(username=payload['username']).pidm # Create a copy of the POST request to modify the Pidm temp_body = request.POST.copy() temp_body['pidm'] = jwt_pidm # temporary fix for null value on state try: if temp_body['stat_code'] == "null": temp_body['stat_code'] = None except: pass # use form to validate and then save the request if the inputs are valid form = UpdateEmergencyContactForm(temp_body, instance=entry) # If instance=None, it creates table. else, updates if form.is_valid(): # do not save immediately, since priority check on other contacts are needed entry = form.save(commit=False) new_priority = int(entry.priority) if contact_exists == True: # if the old contact wants to be promoted, demote the contacts between new and (old - 1) priority if old_priority > new_priority: Contact.objects.filter(pidm=entry.pidm, priority__range=(new_priority, old_priority - 1)).update(priority=F('priority') + 1) # if the old contact wants to be demoted, promote the contacts between (old + 1) and new priority if old_priority < new_priority: Contact.objects.filter(pidm=entry.pidm, priority__range=(old_priority + 1, new_priority)).update(priority=F('priority') - 1) # and do not change anything if the old and new priority are same entry.save() return HttpResponse("Updated successfully.") else: # if the contact is new, demote any contacts that have lower priority Contact.objects.filter(priority__gte=new_priority).update(priority=F('priority') + 1) entry.save() return HttpResponse("Created successfully.") else: return HttpResponse("errors:" + str(form.errors), status=http_unprocessable_entity_response)