def logout():
requestData = request.get_json()
if 'sessionToken' not in requestData or 'userId' not in requestData:
return ('No session received', 400)
sessionToken = requestData['sessionToken']
userId = requestData['userId']
query = 'SELECT user_id, session_token FROM Session WHERE user_id = %(uid)s AND session_token = %(token)s'
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
if cursor.execute(query, {'uid': userId, 'token': sessionToken}) == 0:
cursor.close()
return ('No user or wrong user credentials', 400)
queryDelete = 'DELETE FROM Session WHERE user_id = %(uid)s'
res = cursor.execute(queryDelete, {'uid': userId})
dbConn.commit()
cursor.close()
if res == 1:
return ('', 200)
return ('something went wrong', 500)
def checkIfSalesmanAlreadyRegistered(salesmanCode):
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
checkExist = "SELECT Count(*) as total FROM User WHERE salesmanCode = %s"
cursor.execute(checkExist, (salesmanCode))
res = cursor.fetchone()['total']
cursor.close()
return res > 0
def tasks():
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
cursor.execute('''SELECT * FROM
Task ORDER by date''')
res = cursor.fetchall()
cursor.close()
return jsonify(res)
def deleteTask(taskId):
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
delete_stmt = "DELETE FROM Task WHERE id = %s"
res = cursor.execute(delete_stmt, (taskId))
dbConn.commit()
cursor.close()
return (str(res), 200)
def insertUser(salesmanCode, salesmanName, salesmanPwd):
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
checkExist = "INSERT INTO User(salesmanCode, password, fullname) VALUES(%(code)s, %(pwd)s, %(name)s)"
res = cursor.execute(
checkExist, {
'code': salesmanCode,
'name': salesmanName,
'pwd': generate_password_hash(salesmanPwd)
})
dbConn.commit()
cursor.close()
return res == 1
def updateTask(taskId):
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
requestData = request.get_json()
if 'completed' in requestData:
completed = requestData['completed']
update_stmt = "UPDATE Task SET completed = %s WHERE id = %s"
res = cursor.execute(update_stmt, (completed, taskId))
dbConn.commit()
cursor.close()
return (str(res), 200)
else:
cursor.close()
return ('false', 400)
def new_task():
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
data = request.get_json()
name = data['name']
date = data['date']
details = data['details']
cursor.execute(
"INSERT INTO Task (name, date, details) VALUES ('%s','%s','%s')" %
(name, date, details))
dbConn.commit()
cursor.close()
return ("")
def login():
requestData = request.get_json()
if 'salesmanCode' not in requestData or 'password' not in requestData:
return ('Missing credentials', 400)
salesmanCode = requestData['salesmanCode']
salesmanPwd = requestData['password']
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
userQuery = "SELECT id, salesmanCode, fullname, password FROM User WHERE salesmanCode = %(code)s"
res = cursor.execute(userQuery, {"code": salesmanCode})
if res == 0:
cursor.close()
return ("Wrong credentials", 403)
user = cursor.fetchone()
if check_password_hash(user['password'], salesmanPwd) is False:
cursor.close()
return ("Wrong credentials", 403)
sessionToken = getSessionToken(user['id'])
primaveraToken = getToken().get_json()
if sessionToken == '':
cursor.close()
return ('something went wrong', 500)
cursor.close()
return (jsonify({
"userId": user['id'],
"salesmanCode": salesmanCode,
"sessionToken": sessionToken,
"username": user['fullname'],
"primaveraToken": primaveraToken['access_token']
}), 200)
def loginWithToken():
requestData = request.get_json()
if 'userId' not in requestData or 'sessionToken' not in requestData:
return ('Missing credentials', 400)
userId = requestData['userId']
sessionToken = requestData['sessionToken']
query = 'SELECT user_id, session_token FROM Session WHERE user_id = %(uid)s AND session_token = %(token)s'
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
if cursor.execute(query, {'uid': userId, 'token': sessionToken}) == 0:
cursor.close()
return ('Wrong user credentials', 400)
queryUser = '******'
cursor.execute(queryUser, {'uid': int(userId)})
user = cursor.fetchone()
primaveraToken = getToken().get_json()
if 'error' in primaveraToken:
cursor.close()
return ('Company code not found', 400)
cursor.close()
return (jsonify({
"userId": user['id'],
"salesmanCode": user['salesmanCode'],
"sessionToken": sessionToken,
"username": user['fullname'],
"primaveraToken": primaveraToken['access_token']
}), 200)
def getSessionToken(userId):
dbConn = db.get_db()
cursor = dbConn.cursor(DictCursor)
sessionQuery = "SELECT session_token FROM Session WHERE user_id = %(id)s"
res = cursor.execute(sessionQuery, {"id": userId})
if res == 1:
cursor.close()
return cursor.fetchone()['session_token']
newtoken = secrets.token_hex(64)
insertQuery = "INSERT INTO Session(user_id, session_token) VALUES(%(uid)s, %(st)s)"
res = cursor.execute(insertQuery, {'uid': userId, 'st': newtoken})
dbConn.commit()
if res == 1:
cursor.close()
return newtoken
cursor.close()
return ''