示例#1
0
    def put(self, user_id):
        """Updates a single user"""
        post_data = request.get_json()
        email = post_data.get("email")
        res = {"status": False, "message": "Invalid payload"}

        user = get_user_by_id(user_id)

        if user is None:
            api.abort(404, "Resource not found", status=False)

        if email is None:
            return res, 400

        valid_email = EMAIL_REGEX.match(email)

        if valid_email is None:
            res["message"] = "Please provide a valid email address"
            return res, 400
        else:
            updated_user = update_user(user, email)
            res["status"] = True
            res["message"] = "User successfully updated."
            res["user"] = updated_user.to_json()
            return res, 200
示例#2
0
    def get(self):
        """Get user status"""
        auth_header = request.headers.get("Authorization")
        res = {"status": False, "message": "Invalid payload."}

        if auth_header:
            try:
                access_token = auth_header.split(" ")

                if len(access_token) > 1:
                    access_token = auth_header.split(" ")[1]
                    resp = User.decode_token(access_token)
                    user = get_user_by_id(resp)
                else:
                    res["message"] = "Invalid header."
                    return res, 401

                if not user:
                    res["message"] = "Invalid token. Please login."
                    return res, 401

                return user.to_json(), 200
            except jwt.ExpiredSignatureError:
                res["message"] = "Signature expired. Please login again."
                return res, 401
            except jwt.InvalidTokenError:
                res["message"] = "Invalid token. Please login again."
                return res, 401
        else:
            res["message"] = "Access token required."
            return res, 403
示例#3
0
    def post(self):
        """Refresh token"""
        post_data = request.get_json()
        refresh_token = post_data.get("refresh_token")
        res = {"status": False, "message": "Invalid payload."}

        if refresh_token is None:
            return res, 400

        try:
            resp = User.decode_token(refresh_token)
            user = get_user_by_id(resp)

            if not user:
                res["message"] = "Invalid token."
                return res, 400

            access_token = user.encode_token(user.id, "access")
            refresh_token = user.encode_token(user.id, "refresh")

            res = {
                "access_token": access_token.decode(),
                "refresh_token": refresh_token.decode(),
            }

            return res, 200

        except jwt.ExpiredSignatureError:
            res["message"] = "Signature expired. Please login again."
            return res, 401
        except jwt.InvalidTokenError:
            res["message"] = "Invalid token. Please login again."
            return res, 401
示例#4
0
    def get(self, user_id):
        """Returns a single user"""
        user = get_user_by_id(user_id)

        if user is None:
            api.abort(404, "Resource not found", status=False)
        else:
            return user, 200
示例#5
0
    def delete(self, user_id):
        """Deletes a single user"""
        user = get_user_by_id(user_id)

        if user is None:
            api.abort(404, "Resource not found", status=False)
        else:
            delete_user(user)
            return {
                "status": True,
                "message": "User was deleted.",
                "user": user.to_json(),
            }
示例#6
0
def test_update_user_with_password(test_app, test_db, add_user):
    # check password is NOT updated when updating user
    password_one = "password"
    password_two = "something"

    user = add_user("*****@*****.**", password_one)
    assert bcrypt.check_password_hash(user.password, password_one)

    client = test_app.test_client()
    res = client.put(
        f"/users/{user.id}",
        data=json.dumps({"email": "*****@*****.**", "password": password_two}),
        content_type="application/json",
    )

    assert res.status_code == 200

    user = get_user_by_id(user.id)
    assert bcrypt.check_password_hash(user.password, password_one)
    assert not bcrypt.check_password_hash(user.password, password_two)