def logout(): if request.method == "DELETE": empty = make_response({}) empty.set_cookie('authorization', '') return empty, 204 elif request.method == 'GET': auth_token = request.cookies.get('authorization') if auth_token: _log.debug(auth_token) _log.debug(User) _log.debug(User.decode_auth_token(auth_token)) return jsonify( db.get_user_by_id(User.decode_auth_token(auth_token))), 200 else: return {}, 401
def login(username): '''handles requests to login and sets the cookies''' _log.debug("%s is logging in", username) if request.method == "POST": _log.debug(request.get_json()) _log.debug(request.path) password = request.get_json()["password"] user = db.login(username, password) if user: # Generate our token user_dict = user.to_dict() auth_token = user.encode_auth_token() response = make_response(jsonify(user_dict)) response.set_cookie('authorization', auth_token.decode()) return response, 200 return {}, 400 if request.method == "DELETE": _log.debug("Deleting user: %s", username) user = db.get_user_by_username(username) if user: auth_token = request.cookies.get("authorization") sender = db.get_user_by_id(User.decode_auth_token(auth_token)) if sender and (sender.usertype == "admin" or sender.usertype == "moderator"): db.delete_user_by_id(user._id) return "User Deleted", 200 return "Only an Admin or Moderator can delete a user", 401 return {}, 400 else: return {}, 501
def update_usertype(username): if request.method == "POST": _log.debug("Updating user:%s usertype", username) user = db.get_user_by_username(username) if user: auth_token = request.cookies.get("authorization") sender = db.get_user_by_id(User.decode_auth_token(auth_token)) _log.debug(user._id) _log.debug(request.get_json()) #sender = db.get_user_by_username("admin") if sender and (sender.usertype == "admin" or sender.usertype == "moderator"): db.update_usertype(user._id, request.get_json()["usertype"]) return "Usertype updated", 200 return "Only an Admin can edit usertype", 401 return {}, 400 return {}, 501