def update_user_password(id): response = {'status': '', 'message': '', 'payload': []} data = request.get_json() if id != current_user.id: raise UnauthorizedError( "Can't modify the password for a different user than yourself.") # input validation request_types = { 'password': ['str'], 'newpassword': ['str'], } validate_request_data(data, request_types) if len(data['newpassword']) < 8: raise InputError("Password length must be greater than 8.") if not any(x.isupper() for x in data['newpassword']): raise InputError("Password must contain a capital letter.") if not any(x.lower() for x in data['newpassword']): raise InputError("Password must contain a lowercase letter.") if not any(x.isdigit() for x in data['newpassword']): raise InputError("Password must contain a number.") query = User.find_by_id(id) if not User.verify_hash(data['password'], query.password): raise UnauthorizedError("Password Invalid") query.password = User.generate_hash(data['newpassword']) query.req_pass_reset = False db.session.commit() response['message'] = 'Password changed' create_log(current_user, 'modify', 'User changed password for User', 'ID: ' + str(id)) return jsonify(response), 201
def create_user(): response = {'status': 'ok', 'message': '', 'payload': []} data = request.get_json() # input validation request_types = { 'username': ['str'], 'password': ['str'], 'email': ['str'], 'initials': ['str'], 'first_name': ['str'], 'last_name': ['str'], 'role': ['str'] } validate_request_data(data, request_types) # PASSWORD STRENGTH CHECKING if len(data['password']) < 8: raise InputError("Password length must be greater than 8.") if not any(x.isupper() for x in data['password']): raise InputError("Password must contain a capital letter.") if not any(x.lower() for x in data['password']): raise InputError("Password must contain a lowercase letter.") if not any(x.isdigit() for x in data['password']): raise InputError("Password must contain a number.") # Length checking if len(data['username']) < 1 or len(data['username']) > 64: raise InputError( 'Username must be greater than 1 character and no more than 64') if len(data['password']) < 8 or len(data['password']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') if len(data['email']) < 1 or len(data['email']) > 128: raise InputError( 'Password must be greater than 8 character and no more than 128') if not re.match(r".*\@.+(?:\..+)+", data['email']): raise InputError('E-mail must be of a valid e-mail format.') if len(data['initials']) < 1 or len(data['initials']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') if len(data['first_name']) < 1 or len(data['first_name']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') if len(data['last_name']) < 1 or len(data['last_name']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') # check if this username exists check = User.query.filter_by(username=data['username']).first() if check: raise InputError('Username {} already exists.'.format( data['username'])) # check if this email exists check = User.query.filter_by(email=data['email']).first() if check: raise InputError('User email {} already exists.'.format(data['email'])) # check if these initials exist check = User.query.filter_by(initials=data['initials']).first() if check: raise InputError('User initials {} already exist.'.format( data['initials'])) # ENUM check if data['role'] not in Roles.__members__: raise InputError('Specified role does not exists') # INSERT user new_user = User( username=data['username'], password=User.generate_hash(data['password']), email=data['email'], initials=data['initials'].upper(), first_name=data['first_name'], last_name=data['last_name'], role=data['role'], ) db.session.add(new_user) db.session.flush() db.session.commit() response['message'] = 'Created user {}'.format(data['username']) response['payload'] = [User.find_by_id(new_user.id).serialize] create_log(current_user, 'modify', 'User created a new User', 'New Username: '******'username'])) return jsonify(response), 201
def update_user(id): response = {'status': 'ok', 'message': '', 'payload': []} data = request.get_json() # input validation request_types = { 'username': ['str'], 'email': ['str'], 'initials': ['str'], 'first_name': ['str'], 'last_name': ['str'], 'role': ['str'] } validate_request_data(data, request_types) if len(data['username']) < 1 or len(data['username']) > 64: raise InputError( 'Username must be greater than 1 character and no more than 64') if len(data['email']) < 1 or len(data['email']) > 128: raise InputError( 'Password must be greater than 8 character and no more than 128') if not re.match(r".*\@.+(?:\..+)+", data['email']): raise InputError('E-mail must be of a valid e-mail format.') if len(data['initials']) < 1 or len(data['initials']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') if len(data['first_name']) < 1 or len(data['first_name']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') if len(data['last_name']) < 1 or len(data['last_name']) > 128: raise InputError( 'Password must be greater than 1 character and no more than 128') # UPDATE user query = User.find_by_id(id) if not query: raise NotFoundError('User ID {} does not exist.'.format(id)) # check if data already exists check = User.query.filter_by(username=data['username']).filter( User.id != id).first() if check: raise InputError('Username {} already exists.'.format( data['username'])) # check if this email exists check = User.query.filter_by(email=data['email']).filter( User.id != id).first() if check: raise InputError('User email {} already exists.'.format(data['email'])) # check if these initials exist check = User.query.filter_by(initials=data['initials']).filter( User.id != id).first() if check: raise InputError('User initials {} already exist.'.format( data['initials'])) # update user data query.username = data['username'] query.email = data['email'] query.initials = data['initials'].upper() query.first_name = data['first_name'] query.last_name = data['last_name'] if data['role'] not in Roles.__members__: raise InputError('Specified role does not exists') query.role = data['role'] db.session.commit() response['message'] = 'Updated user with id {}'.format(id) response['payload'] = [User.find_by_id(id).serialize] create_log(current_user, 'modify', 'User updated a User', 'Updated Username: '******'username'])) return jsonify(response), 201