Skip to content
Snippets Groups Projects
Normal view Permalink
users.py 4.48 KiB
Newer Older
  • Learn to ignore specific revisions
    • Victor Löfgren's avatar
    config: Initial commit
    Victor Löfgren committed
    1 
    import datetime
    Albin Henriksson's avatar
    Issue/7 add test coverage report  
    Albin Henriksson committed
    2 3 4 5 6 
    
from app import db
from app.api import api_blueprint
from app.database.models import Blacklist, User
from app.utils.validator import edit_user_schema, login_schema, register_schema, validateObject
    Victor Löfgren's avatar
    config: Initial commit
    Victor Löfgren committed
    7 
    from flask import request
    Carl Schönfelder's avatar
    #10: new database models  
    Carl Schönfelder committed
    8 
    from flask.globals import session
    Victor Löfgren's avatar
    config: Initial commit
    Victor Löfgren committed
    9 10 11 12 13 
    from flask_jwt_extended import (
    create_access_token,
    create_refresh_token,
    get_jwt_identity,
    get_raw_jwt,
    Albin Henriksson's avatar
    Issue/7 add test coverage report  
    Albin Henriksson committed
    14 15 
        jwt_refresh_token_required,
    jwt_required,
    Victor Löfgren's avatar
    config: Initial commit
    Victor Löfgren committed
    16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 
    )


def get_current_user():
    return User.query.filter_by(id=get_jwt_identity()).first()


@api_blueprint.route("/users/test", methods=["GET"])
def test():
    return {"message": "hello teknik8"}, 200


@api_blueprint.route("/users/test_auth", methods=["GET"])
@jwt_required
def test_auth():
    return {"message": "you are authenticated"}, 200


@api_blueprint.route("/users/login", methods=["POST"])
def login():
    json_dict = request.get_json(force=True)

    validate_msg = validateObject(login_schema, json_dict)
    if validate_msg != None:
        return {"message": validate_msg}, 400

    email = json_dict["email"]
    password = json_dict["password"]
    user = User.query.filter_by(email=email).first()

    # Dont show the user that the email was correct unless the password was also correct
    if not user:
        return {"message": "The email or password you entered is incorrect."}, 401

    if not user.is_correct_password(password):
        return {"message": "The email or password you entered is incorrect."}, 401

    expires = datetime.timedelta(days=7)
    access_token = create_access_token(identity=user.id, expires_delta=expires)
    refresh_token = create_refresh_token(identity=user.id)
    return (
        {"id": user.id, "access_token": access_token, "refresh_token": refresh_token},
        200,
    )


@api_blueprint.route("/users/logout", methods=["POST"])
@jwt_required
def logout():
    jti = get_raw_jwt()["jti"]

    db.session.add(Blacklist(jti))
    db.session.commit()
    return {"message": "message fully logged out"}, 200


@api_blueprint.route("/users/refresh", methods=["POST"])
@jwt_refresh_token_required
def refresh():
    current_user = get_jwt_identity()
    ret = {"access_token": create_access_token(identity=current_user)}
    return ret, 200


@api_blueprint.route("/users/", methods=["POST"])
def create():
    json_dict = request.get_json(force=True)

    validate_msg = validateObject(register_schema, json_dict)
    if validate_msg != None:
        return {"message": validate_msg}, 400

    existing_user = User.query.filter_by(email=json_dict["email"]).first()

    if existing_user != None:
        return {"message": "User already exists"}, 400

    user = User(json_dict["email"], json_dict["password"])
    db.session.add(user)
    db.session.commit()

    return user.get_dict(), 200


@api_blueprint.route("/users/", methods=["PUT"])
@jwt_required
def edit():
    json_dict = request.get_json(force=True)

    validate_msg = validateObject(edit_user_schema, json_dict)
    if validate_msg != None:
        return {"message": validate_msg}, 400

    user = get_current_user()
    user.name = json_dict["name"].title()

    db.session.commit()
    return user.get_dict(), 200


@api_blueprint.route("/users/", methods=["DELETE"])
@jwt_required
def delete():
    user = get_current_user()
    db.session.delete(user)
    jti = get_raw_jwt()["jti"]
    db.session.add(Blacklist(jti))
    db.session.commit()
    return {"message": "User was deleted"}, 200


###
# Getters
###
@api_blueprint.route("/users/", defaults={"UserID": None}, methods=["GET"])
@api_blueprint.route("/users/<int:UserID>", methods=["GET"])
@jwt_required
def get(UserID):

    if UserID:
        user = User.query.filter_by(id=UserID).first()
    else:
        user = get_current_user()

    if not user:
        return {"message": "User not found"}, 404

    return user.get_dict(), 200


# Searchable, returns 10 max at default
@api_blueprint.route("/users/search", methods=["GET"])
def search():
    arguments = request.args
    query = User.query

    if "name" in arguments:
        query = query.filter(User.name.like(f"%{arguments['name']}%"))

    if "email" in arguments:
        query = query.filter(User.email.like(f"%{arguments['email']}%"))

    if "page" in arguments:
        page_size = 15
        if "page_size" in arguments:
            page_size = int(arguments["page_size"])
        query = query.limit(page_size)
        query = query.offset(int(arguments["page"]) * page_size)
    else:
        query = query.limit(15)

    return [i.get_dict() for i in query.all()], 200