def put(self, user_id): """Updates a single user""" post_data = request.get_json() email = post_data.get("email") res = {"status": False, "message": "Invalid payload"} user = get_user_by_id(user_id) if user is None: api.abort(404, "Resource not found", status=False) if email is None: return res, 400 valid_email = EMAIL_REGEX.match(email) if valid_email is None: res["message"] = "Please provide a valid email address" return res, 400 else: updated_user = update_user(user, email) res["status"] = True res["message"] = "User successfully updated." res["user"] = updated_user.to_json() return res, 200
def get(self): """Get user status""" auth_header = request.headers.get("Authorization") res = {"status": False, "message": "Invalid payload."} if auth_header: try: access_token = auth_header.split(" ") if len(access_token) > 1: access_token = auth_header.split(" ")[1] resp = User.decode_token(access_token) user = get_user_by_id(resp) else: res["message"] = "Invalid header." return res, 401 if not user: res["message"] = "Invalid token. Please login." return res, 401 return user.to_json(), 200 except jwt.ExpiredSignatureError: res["message"] = "Signature expired. Please login again." return res, 401 except jwt.InvalidTokenError: res["message"] = "Invalid token. Please login again." return res, 401 else: res["message"] = "Access token required." return res, 403
def post(self): """Refresh token""" post_data = request.get_json() refresh_token = post_data.get("refresh_token") res = {"status": False, "message": "Invalid payload."} if refresh_token is None: return res, 400 try: resp = User.decode_token(refresh_token) user = get_user_by_id(resp) if not user: res["message"] = "Invalid token." return res, 400 access_token = user.encode_token(user.id, "access") refresh_token = user.encode_token(user.id, "refresh") res = { "access_token": access_token.decode(), "refresh_token": refresh_token.decode(), } return res, 200 except jwt.ExpiredSignatureError: res["message"] = "Signature expired. Please login again." return res, 401 except jwt.InvalidTokenError: res["message"] = "Invalid token. Please login again." return res, 401
def get(self, user_id): """Returns a single user""" user = get_user_by_id(user_id) if user is None: api.abort(404, "Resource not found", status=False) else: return user, 200
def delete(self, user_id): """Deletes a single user""" user = get_user_by_id(user_id) if user is None: api.abort(404, "Resource not found", status=False) else: delete_user(user) return { "status": True, "message": "User was deleted.", "user": user.to_json(), }
def test_update_user_with_password(test_app, test_db, add_user): # check password is NOT updated when updating user password_one = "password" password_two = "something" user = add_user("*****@*****.**", password_one) assert bcrypt.check_password_hash(user.password, password_one) client = test_app.test_client() res = client.put( f"/users/{user.id}", data=json.dumps({"email": "*****@*****.**", "password": password_two}), content_type="application/json", ) assert res.status_code == 200 user = get_user_by_id(user.id) assert bcrypt.check_password_hash(user.password, password_one) assert not bcrypt.check_password_hash(user.password, password_two)