2016-01-21 17:29:24 +00:00
|
|
|
from datetime import datetime
|
2016-02-16 11:10:02 +00:00
|
|
|
from flask import (jsonify, request, abort, Blueprint, current_app)
|
2016-02-17 15:41:33 +00:00
|
|
|
from app import encryption
|
2016-02-19 17:33:28 +00:00
|
|
|
|
2016-01-12 10:39:49 +00:00
|
|
|
from app.dao.users_dao import (
|
2016-01-28 11:32:46 +00:00
|
|
|
get_model_users,
|
|
|
|
|
save_model_user,
|
|
|
|
|
create_user_code,
|
|
|
|
|
get_user_code,
|
|
|
|
|
use_user_code,
|
|
|
|
|
increment_failed_login_count,
|
2016-02-23 11:03:59 +00:00
|
|
|
reset_failed_login_count,
|
|
|
|
|
get_user_by_email
|
2016-01-28 11:32:46 +00:00
|
|
|
)
|
2016-02-23 11:03:59 +00:00
|
|
|
|
2016-03-01 14:21:28 +00:00
|
|
|
from app.dao.permissions_dao import permission_dao
|
|
|
|
|
from app.dao.services_dao import dao_fetch_service_by_id
|
|
|
|
|
|
2016-01-11 15:07:13 +00:00
|
|
|
from app.schemas import (
|
2016-02-22 13:12:24 +00:00
|
|
|
old_request_verify_code_schema,
|
2016-02-19 17:33:28 +00:00
|
|
|
user_schema,
|
|
|
|
|
request_verify_code_schema,
|
2016-03-01 14:21:28 +00:00
|
|
|
user_schema_load_json,
|
|
|
|
|
permission_schema
|
2016-02-19 17:33:28 +00:00
|
|
|
)
|
2016-02-22 13:12:24 +00:00
|
|
|
|
2016-02-17 17:48:23 +00:00
|
|
|
from app.celery.tasks import (send_sms_code, send_email_code)
|
2016-02-19 17:33:28 +00:00
|
|
|
from app.errors import register_errors
|
2016-01-08 17:51:46 +00:00
|
|
|
|
2016-01-14 16:13:27 +00:00
|
|
|
user = Blueprint('user', __name__)
|
2016-02-17 17:04:50 +00:00
|
|
|
register_errors(user)
|
|
|
|
|
|
2016-01-14 16:13:27 +00:00
|
|
|
|
2016-01-15 16:44:46 +00:00
|
|
|
@user.route('', methods=['POST'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def create_user():
|
2016-01-11 18:09:10 +00:00
|
|
|
user, errors = user_schema.load(request.get_json())
|
2016-01-19 11:38:29 +00:00
|
|
|
req_json = request.get_json()
|
2016-01-20 16:25:18 +00:00
|
|
|
# TODO password policy, what is valid password
|
2016-01-28 11:41:21 +00:00
|
|
|
if not req_json.get('password', None):
|
|
|
|
|
errors.update({'password': ['Missing data for required field.']})
|
2016-01-19 12:07:14 +00:00
|
|
|
return jsonify(result="error", message=errors), 400
|
2016-01-11 18:09:10 +00:00
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
2016-01-28 11:41:21 +00:00
|
|
|
save_model_user(user, pwd=req_json.get('password'))
|
2016-01-11 15:07:13 +00:00
|
|
|
return jsonify(data=user_schema.dump(user).data), 201
|
|
|
|
|
|
|
|
|
|
|
2016-02-19 15:54:11 +00:00
|
|
|
@user.route('/<int:user_id>', methods=['PUT'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def update_user(user_id):
|
2016-02-22 13:27:47 +00:00
|
|
|
user_to_update = get_model_users(user_id=user_id)
|
|
|
|
|
if not user_to_update:
|
2016-01-11 17:19:06 +00:00
|
|
|
return jsonify(result="error", message="User not found"), 404
|
2016-02-19 11:37:35 +00:00
|
|
|
|
2016-02-19 15:54:11 +00:00
|
|
|
req_json = request.get_json()
|
|
|
|
|
update_dct, errors = user_schema_load_json.load(req_json)
|
|
|
|
|
pwd = req_json.get('password', None)
|
|
|
|
|
# TODO password validation, it is already done on the admin app
|
|
|
|
|
# but would be good to have the same validation here.
|
|
|
|
|
if pwd is not None and not pwd:
|
|
|
|
|
errors.update({'password': ['Invalid data for field']})
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
status_code = 200
|
2016-02-22 13:12:24 +00:00
|
|
|
save_model_user(user_to_update, update_dict=update_dct, pwd=pwd)
|
2016-02-19 11:37:35 +00:00
|
|
|
return jsonify(data=user_schema.dump(user_to_update).data), status_code
|
2016-01-11 15:07:13 +00:00
|
|
|
|
|
|
|
|
|
2016-01-20 16:25:18 +00:00
|
|
|
@user.route('/<int:user_id>/verify/password', methods=['POST'])
|
|
|
|
|
def verify_user_password(user_id):
|
2016-02-19 11:37:35 +00:00
|
|
|
user_to_verify = get_model_users(user_id=user_id)
|
|
|
|
|
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_pwd = None
|
2016-01-20 16:25:18 +00:00
|
|
|
try:
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_pwd = request.get_json()['password']
|
2016-01-20 16:25:18 +00:00
|
|
|
except KeyError:
|
|
|
|
|
return jsonify(
|
|
|
|
|
result="error",
|
|
|
|
|
message={'password': ['Required field missing data']}), 400
|
2016-02-19 11:37:35 +00:00
|
|
|
if user_to_verify.check_password(txt_pwd):
|
|
|
|
|
reset_failed_login_count(user_to_verify)
|
2016-01-28 11:41:21 +00:00
|
|
|
return jsonify({}), 204
|
2016-01-20 16:25:18 +00:00
|
|
|
else:
|
2016-02-19 11:37:35 +00:00
|
|
|
increment_failed_login_count(user_to_verify)
|
2016-01-20 16:25:18 +00:00
|
|
|
return jsonify(result='error', message={'password': ['Incorrect password']}), 400
|
|
|
|
|
|
|
|
|
|
|
2016-01-21 17:29:24 +00:00
|
|
|
@user.route('/<int:user_id>/verify/code', methods=['POST'])
|
|
|
|
|
def verify_user_code(user_id):
|
2016-02-19 11:37:35 +00:00
|
|
|
user_to_verify = get_model_users(user_id=user_id)
|
|
|
|
|
|
2016-01-21 17:29:24 +00:00
|
|
|
txt_code = None
|
|
|
|
|
resp_json = request.get_json()
|
|
|
|
|
txt_type = None
|
|
|
|
|
errors = {}
|
|
|
|
|
try:
|
|
|
|
|
txt_code = resp_json['code']
|
|
|
|
|
except KeyError:
|
|
|
|
|
errors.update({'code': ['Required field missing data']})
|
|
|
|
|
try:
|
|
|
|
|
txt_type = resp_json['code_type']
|
|
|
|
|
except KeyError:
|
|
|
|
|
errors.update({'code_type': ['Required field missing data']})
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
2016-02-19 11:37:35 +00:00
|
|
|
code = get_user_code(user_to_verify, txt_code, txt_type)
|
2016-01-21 17:29:24 +00:00
|
|
|
if not code:
|
|
|
|
|
return jsonify(result="error", message="Code not found"), 404
|
|
|
|
|
if datetime.now() > code.expiry_datetime or code.code_used:
|
|
|
|
|
return jsonify(result="error", message="Code has expired"), 400
|
|
|
|
|
use_user_code(code.id)
|
2016-01-28 11:41:21 +00:00
|
|
|
return jsonify({}), 204
|
2016-01-21 17:29:24 +00:00
|
|
|
|
|
|
|
|
|
2016-02-19 11:37:35 +00:00
|
|
|
@user.route('/<int:user_id>/sms-code', methods=['POST'])
|
|
|
|
|
def send_user_sms_code(user_id):
|
|
|
|
|
user_to_send_to = get_model_users(user_id=user_id)
|
|
|
|
|
|
2016-02-22 13:27:47 +00:00
|
|
|
if not user_to_send_to:
|
|
|
|
|
return jsonify(result="error", message="No user found"), 404
|
|
|
|
|
|
2016-02-19 11:37:35 +00:00
|
|
|
verify_code, errors = request_verify_code_schema.load(request.get_json())
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
|
|
|
|
|
from app.dao.users_dao import create_secret_code
|
|
|
|
|
secret_code = create_secret_code()
|
|
|
|
|
create_user_code(user_to_send_to, secret_code, 'sms')
|
|
|
|
|
|
|
|
|
|
mobile = user_to_send_to.mobile_number if verify_code.get('to', None) is None else verify_code.get('to')
|
|
|
|
|
verification_message = {'to': mobile, 'secret_code': secret_code}
|
|
|
|
|
|
|
|
|
|
send_sms_code.apply_async([encryption.encrypt(verification_message)], queue='sms-code')
|
|
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@user.route('/<int:user_id>/email-code', methods=['POST'])
|
|
|
|
|
def send_user_email_code(user_id):
|
|
|
|
|
user_to_send_to = get_model_users(user_id=user_id)
|
2016-02-22 13:27:47 +00:00
|
|
|
if not user_to_send_to:
|
|
|
|
|
return jsonify(result="error", message="No user found"), 404
|
|
|
|
|
|
2016-02-19 11:37:35 +00:00
|
|
|
verify_code, errors = request_verify_code_schema.load(request.get_json())
|
|
|
|
|
if errors:
|
|
|
|
|
return jsonify(result="error", message=errors), 400
|
|
|
|
|
|
|
|
|
|
from app.dao.users_dao import create_secret_code
|
|
|
|
|
secret_code = create_secret_code()
|
|
|
|
|
create_user_code(user_to_send_to, secret_code, 'email')
|
|
|
|
|
|
|
|
|
|
email = user_to_send_to.email_address if verify_code.get('to', None) is None else verify_code.get('to')
|
|
|
|
|
verification_message = {'to': email, 'secret_code': secret_code}
|
|
|
|
|
|
|
|
|
|
send_email_code.apply_async([encryption.encrypt(verification_message)], queue='email-code')
|
|
|
|
|
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2016-01-11 15:07:13 +00:00
|
|
|
@user.route('/<int:user_id>', methods=['GET'])
|
2016-01-22 09:59:02 +00:00
|
|
|
@user.route('', methods=['GET'])
|
2016-01-11 15:07:13 +00:00
|
|
|
def get_user(user_id=None):
|
2016-02-19 17:07:59 +00:00
|
|
|
users = get_model_users(user_id=user_id)
|
|
|
|
|
if not users:
|
|
|
|
|
return jsonify(result="error", message="not found"), 404
|
2016-02-26 12:00:16 +00:00
|
|
|
result = user_schema.dump(users, many=True) if isinstance(users, list) else user_schema.dump(users)
|
2016-01-11 15:07:13 +00:00
|
|
|
return jsonify(data=result.data)
|
2016-02-23 11:03:59 +00:00
|
|
|
|
|
|
|
|
|
2016-03-03 09:59:21 +00:00
|
|
|
@user.route('/<int:user_id>/service/<service_id>/permission', methods=['POST'])
|
2016-03-01 14:21:28 +00:00
|
|
|
def set_permissions(user_id, service_id):
|
|
|
|
|
# TODO fix security hole, how do we verify that the user
|
|
|
|
|
# who is making this request has permission to make the request.
|
|
|
|
|
user = get_model_users(user_id=user_id)
|
|
|
|
|
if not user:
|
|
|
|
|
abort(404, 'User not found for id: {}'.format(user_id))
|
|
|
|
|
service = dao_fetch_service_by_id(service_id=service_id)
|
|
|
|
|
if not service:
|
|
|
|
|
abort(404, 'Service not found for id: {}'.format(service_id))
|
|
|
|
|
permissions, errors = permission_schema.load(request.get_json(), many=True)
|
|
|
|
|
if errors:
|
|
|
|
|
abort(400, errors)
|
|
|
|
|
for p in permissions:
|
|
|
|
|
p.user = user
|
|
|
|
|
p.service = service
|
|
|
|
|
permission_dao.set_user_permission(user, permissions)
|
|
|
|
|
return jsonify({}), 204
|
|
|
|
|
|
|
|
|
|
|
2016-02-23 11:03:59 +00:00
|
|
|
@user.route('/email', methods=['GET'])
|
|
|
|
|
def get_by_email():
|
|
|
|
|
email = request.args.get('email')
|
|
|
|
|
if not email:
|
|
|
|
|
return jsonify(result="error", message="invalid request"), 400
|
|
|
|
|
user = get_user_by_email(email)
|
|
|
|
|
if not user:
|
|
|
|
|
return jsonify(result="error", message="not found"), 404
|
|
|
|
|
result = user_schema.dump(user)
|
|
|
|
|
|
|
|
|
|
return jsonify(data=result.data)
|
