def _add_one_user(db: directives.PeeweeSession, username: hug.types.text, password: hug.types.text = None, role: hug.types.one_of(UserRoles.user_roles()) = UserRoles.USER, coupons: hug.types.number = 10): with db.atomic(): name = username.lower() salt = get_random_string(2) secret_password = password or get_random_string(12) hashed_password = hash_pw(name, salt, secret_password) user = User.create(user_name=name, role=role, salt=salt, password=hashed_password, coupons=coupons) user.save() return {"name": user.user_name, "password": secret_password}
def change_user_pw(db: directives.PeeweeSession, username: hug.types.text, password: hug.types.text, for_real: hug.types.smart_boolean = False): if not for_real: print( f"this would change {username}'s pw to {password}. Run with --for_real if you're sure.") sys.exit(1) with db.atomic(): name = username.lower() salt = get_random_string(2) secret_password = password hashed_password = hash_pw(name, salt, secret_password) user = User.get(User.user_name == username) user.salt = salt user.password = hashed_password user.save() print(f"{user.user_name}'s pw successfully changed.")
def claim_appointment(db: PeeweeSession, start_date_time: hug.types.text, user: hug.directives.user): """ UPDATE appointment app SET claim_token = 'claimed' WHERE app.id IN ( SELECT a.id FROM appointment a JOIN timeslot t on a.time_slot_id = t.id WHERE t.start_date_time = '2020-03-25 08:30:00.000000' AND a.claim_token isnull AND NOT a.booked LIMIT 1 ) RETURNING * """ with db.atomic(): try: if user.role != UserRoles.ANON: assert user.coupons > 0 start_date_time_object = datetime.fromisoformat(start_date_time) now = datetime.now(tz=config.Settings.tz).replace(tzinfo=None) if start_date_time_object < now: raise ValueError("Can't claim an appointment in the past") time_slot = TimeSlot.get( TimeSlot.start_date_time == start_date_time_object) appointment = Appointment.select() \ .where( (Appointment.time_slot == time_slot) & (Appointment.booked == False) & (Appointment.claim_token.is_null() | (Appointment.claimed_at + timedelta( minutes=config.Settings.claim_timeout_min) < now)) ) \ .order_by(Appointment.claim_token.desc()) \ .get() appointment.claim_token = get_random_string(32) appointment.claimed_at = now appointment.save() return appointment.claim_token except DoesNotExist as e: raise hug.HTTPGone except ValueError as e: raise hug.HTTPBadRequest except AssertionError as e: raise hug.HTTPBadRequest
def put_user(db: PeeweeSession, newUserName: hug.types.text, newUserPassword: hug.types.text, newUserPasswordConfirm: hug.types.text): if newUserPassword != newUserPasswordConfirm: raise hug.HTTPBadRequest with db.atomic(): try: name = newUserName.lower() salt = get_random_string(2) secret_password = newUserPassword hashed_password = hash_pw(name, salt, secret_password) user = User.create(user_name=name, role=UserRoles.USER, salt=salt, password=hashed_password, coupons=10) user.save() return { "username": user.user_name } except IntegrityError: raise hug.HTTPConflict('User already exists.')
def patch_user(db: PeeweeSession, body: hug.types.json, user: hug.directives.user): old_user_password = body["old_user_password"] new_user_password = body["new_user_password"] new_user_password_confirm = body["new_user_password_confirm"] if new_user_password != new_user_password_confirm: raise hug.HTTPBadRequest with db.atomic(): try: if user.password != hash_pw(user.user_name, user.salt, old_user_password): raise hug.HTTPBadRequest salt = get_random_string(2) secret_password = new_user_password hashed_password = hash_pw(user.user_name, salt, secret_password) user.salt = salt user.password = hashed_password user.save() log.info(f"updated {user.user_name}'s pw.") return "updated" except DoesNotExist as e: raise hug.HTTPBadRequest except ValueError as e: raise hug.HTTPBadRequest