def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
secret = request.json.get('secret', None)
role = 'admin'
if secret != 'iniSECret':
return {'message': 'Permission denied'}, 500
if User.find_by_username(username):
return {'message': 'Admin already exists: {}'.format(username)}
username = username
password = User.generate_hash(password)
try:
new_user = User(username, password, role)
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
return {
'message': 'Admin created: {}'.format(username),
'access_token': access_token,
'refresh_token': refresh_token
}
except Exception as e:
return {'message': e}, 500
def get(self):
username = get_jwt_identity()
current_user = User.find_by_username(username)
if not current_user:
return {'message': 'User doesn\'t exist: {}'.format(username)}
detail = {}
for column in current_user.__table__.columns:
detail[column.name] = str(getattr(current_user, column.name))
return detail
def wrapper(*args, **kwargs):
verify_jwt_in_request()
username = get_jwt_identity()
current_user = User.find_by_username(username)
if current_user.role != 'admin':
return {
'message': 'Permission denied. Admin only'
}, 403
else:
return fn(*args, **kwargs)
def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
current_user = User.find_by_username(username)
if not current_user:
return {'message': 'User doesn\'t exist: {}'.format(username)}
if User.verify_hash(password, current_user.password):
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=password)
return {
'message': 'Logged in as {}'.format(current_user.username),
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': 'Wrong credentials'}
def post(self):
username = get_jwt_identity()
current_user = User.find_by_username(username)
if not current_user:
return {'message': 'User doesn\'t exist: {}'.format(username)}
try:
current_user.phone = request.json.get('phone', None)
current_user.address = request.json.get('address', None)
db.session.commit()
return {
'message': 'Data updated: {}'.format(current_user.username)
}
except Exception as e:
return {'message': e}, 500
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
current_user = User.find_by_username(username)
if not current_user:
flash('ERROR! user not found.', 'error')
return redirect(url_for('admin.dashboard'))
if User.verify_hash(password, current_user.password):
current_user.authenticated = True
db.session.add(current_user)
db.session.commit()
login_user(current_user)
return redirect(url_for('admin.dashboard'))
else:
db.session.rollback()
flash('ERROR! Incorrect login credentials.', 'error')
return render_template('login.html')
def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
if User.find_by_username(username):
return {'message': 'User already exists: {}'.format(username)}
username = username
password = User.generate_hash(password)
try:
new_user = User(username, password)
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
return {
'message': 'User created: {}'.format(username),
'access_token': access_token,
'refresh_token': refresh_token
}
except Exception as e:
return {'message': e}, 500
def profile(username):
current_user = User.find_by_username(username)
return render_template('profiles.html', user=current_user)
