2022-04-12 07:50:24 +00:00
|
|
|
__author__ = "Florian Kaiser"
|
|
|
|
|
__copyright__ = "Copyright 2022, Project Aktienbot"
|
|
|
|
|
__credits__ = ["Florian Kaiser", "Florian Kellermann", "Linus Eickhof", "Kevin Pauer"]
|
|
|
|
|
__license__ = "GPL 3.0"
|
|
|
|
|
__version__ = "1.0.0"
|
|
|
|
|
|
2022-03-14 16:10:00 +00:00
|
|
|
import datetime
|
2022-03-14 06:32:16 +00:00
|
|
|
import os
|
|
|
|
|
|
2022-03-14 16:10:00 +00:00
|
|
|
import jwt
|
2022-03-17 08:26:25 +00:00
|
|
|
from apiflask import APIBlueprint, abort
|
2022-04-05 08:51:09 +00:00
|
|
|
from app.auth import auth
|
2022-03-30 08:46:54 +00:00
|
|
|
from app.db import database as db
|
2022-04-05 08:51:09 +00:00
|
|
|
from app.helper_functions import check_password, hash_password, abort_if_no_admin, make_response, get_email_or_abort_401, get_user
|
2022-03-30 08:46:54 +00:00
|
|
|
from app.models import User
|
2022-04-05 08:51:09 +00:00
|
|
|
from app.schema import UsersSchema, TokenSchema, LoginDataSchema, AdminDataSchema, DeleteUserSchema, RegisterDataSchema, UpdateUserDataSchema, CronDataSchema
|
|
|
|
|
from flask import current_app
|
2022-03-14 06:32:16 +00:00
|
|
|
|
2022-03-17 08:26:25 +00:00
|
|
|
users_blueprint = APIBlueprint('users', __name__, url_prefix='/api')
|
2022-03-14 06:32:16 +00:00
|
|
|
__location__ = os.path.realpath(os.path.join(os.getcwd(), os.path.dirname(__file__)))
|
|
|
|
|
|
|
|
|
|
|
2022-03-14 16:10:00 +00:00
|
|
|
@users_blueprint.route('/users', methods=['GET'])
|
2022-03-17 08:26:25 +00:00
|
|
|
@users_blueprint.output(UsersSchema(many=True), 200)
|
|
|
|
|
@users_blueprint.auth_required(auth)
|
|
|
|
|
@users_blueprint.doc(summary="Get all users", description="Returns all existing users as array")
|
2022-03-14 06:32:16 +00:00
|
|
|
def users():
|
2022-03-17 10:05:28 +00:00
|
|
|
abort_if_no_admin()
|
|
|
|
|
|
2022-03-14 06:32:16 +00:00
|
|
|
res = []
|
2022-04-12 09:36:23 +00:00
|
|
|
|
|
|
|
|
# Query all users and convert them to dicts
|
2022-03-14 06:32:16 +00:00
|
|
|
for i in User.query.all():
|
|
|
|
|
res.append(i.as_dict())
|
|
|
|
|
|
2022-03-22 10:21:39 +00:00
|
|
|
return make_response(res, 200, "Successfully received all users")
|
2022-03-14 06:32:16 +00:00
|
|
|
|
|
|
|
|
|
2022-03-17 10:05:28 +00:00
|
|
|
@users_blueprint.route('/user', methods=['GET'])
|
|
|
|
|
@users_blueprint.output(UsersSchema(), 200)
|
|
|
|
|
@users_blueprint.auth_required(auth)
|
|
|
|
|
@users_blueprint.doc(summary="Get current user", description="Returns current user")
|
|
|
|
|
def user():
|
2022-03-27 15:23:33 +00:00
|
|
|
email = get_email_or_abort_401()
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Query current user
|
2022-04-05 08:51:09 +00:00
|
|
|
query_user = get_user(email)
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-05 08:51:09 +00:00
|
|
|
return make_response(query_user.as_dict(), 200, "Successfully received current user data")
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@users_blueprint.route('/user/login', methods=['POST'])
|
|
|
|
|
@users_blueprint.output(TokenSchema(), 200)
|
|
|
|
|
@users_blueprint.input(schema=LoginDataSchema)
|
2022-03-17 08:26:25 +00:00
|
|
|
@users_blueprint.doc(summary="Login", description="Returns jwt token if username and password match, otherwise returns error")
|
|
|
|
|
def login(data):
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if required data is available
|
2022-03-30 08:46:54 +00:00
|
|
|
if not check_if_password_data_exists(data):
|
|
|
|
|
abort(400, "Password missing")
|
|
|
|
|
|
|
|
|
|
if not check_if_email_data_exists(data):
|
|
|
|
|
abort(400, "Email missing")
|
2022-03-17 08:26:25 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Query current user
|
|
|
|
|
query_user = get_user(data['email'])
|
2022-03-14 06:32:16 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if password matches
|
|
|
|
|
if not check_password(query_user.password, data['password'].encode("utf-8")): # Password incorrect
|
2022-03-17 08:26:25 +00:00
|
|
|
abort(500, message="Unable to login")
|
2022-03-14 06:32:16 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if user is bot
|
2022-03-30 08:46:54 +00:00
|
|
|
if query_user.email == current_app.config['BOT_EMAIL']:
|
2022-04-12 09:36:23 +00:00
|
|
|
# Set bot token valid for 1 year
|
2022-03-30 08:46:54 +00:00
|
|
|
token = jwt.encode({'email': query_user.email, 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=365)}, current_app.config['SECRET_KEY'], "HS256")
|
2022-03-28 15:56:59 +00:00
|
|
|
else:
|
2022-04-12 09:36:23 +00:00
|
|
|
# Set token valid for 1 day
|
2022-03-30 08:46:54 +00:00
|
|
|
token = jwt.encode({'email': query_user.email, 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1)}, current_app.config['SECRET_KEY'], "HS256")
|
2022-03-22 10:21:39 +00:00
|
|
|
|
|
|
|
|
return make_response({"token": token}, 200, "Successfully logged in")
|
2022-03-14 06:32:16 +00:00
|
|
|
|
|
|
|
|
|
2022-03-17 10:05:28 +00:00
|
|
|
@users_blueprint.route('/user/register', methods=['POST'])
|
2022-03-17 08:26:25 +00:00
|
|
|
@users_blueprint.output(UsersSchema(), 200)
|
2022-03-27 15:23:33 +00:00
|
|
|
@users_blueprint.input(schema=RegisterDataSchema)
|
2022-03-17 08:26:25 +00:00
|
|
|
@users_blueprint.doc(summary="Register", description="Registers user")
|
|
|
|
|
def register(data):
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if required data is available
|
2022-03-30 08:46:54 +00:00
|
|
|
if not check_if_email_data_exists(data):
|
|
|
|
|
abort(400, "Email missing")
|
|
|
|
|
|
|
|
|
|
if not check_if_username_data_exists(data):
|
|
|
|
|
abort(400, "Username missing")
|
|
|
|
|
|
|
|
|
|
if not check_if_password_data_exists(data):
|
|
|
|
|
abort(400, "Password missing")
|
2022-03-17 08:26:25 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if user already exists
|
|
|
|
|
query_user = db.session.query(User).filter_by(email=data['email']).first()
|
|
|
|
|
if query_user is not None:
|
2022-03-27 15:23:33 +00:00
|
|
|
abort(500, message="Email already exist")
|
2022-03-17 08:26:25 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Add user to database
|
2022-03-17 10:05:28 +00:00
|
|
|
new_user = User(
|
2022-04-12 09:36:23 +00:00
|
|
|
email=data['email'],
|
|
|
|
|
username=data['username'],
|
|
|
|
|
password=hash_password(data['password']),
|
2022-04-05 08:51:09 +00:00
|
|
|
admin=False,
|
|
|
|
|
cron="0 8 * * *"
|
2022-03-17 08:26:25 +00:00
|
|
|
)
|
2022-03-17 10:05:28 +00:00
|
|
|
db.session.add(new_user)
|
2022-03-17 08:26:25 +00:00
|
|
|
db.session.commit()
|
|
|
|
|
|
2022-03-22 10:21:39 +00:00
|
|
|
return make_response(new_user.as_dict(), 200, "Successfully registered user")
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@users_blueprint.route('/user', methods=['PUT'])
|
|
|
|
|
@users_blueprint.output({}, 200)
|
2022-03-27 15:23:33 +00:00
|
|
|
@users_blueprint.input(schema=UpdateUserDataSchema)
|
2022-03-17 10:05:28 +00:00
|
|
|
@users_blueprint.auth_required(auth)
|
|
|
|
|
@users_blueprint.doc(summary="Update user", description="Changes password and/or username of current user")
|
|
|
|
|
def update_user(data):
|
2022-03-27 15:23:33 +00:00
|
|
|
email = get_email_or_abort_401()
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Query current user
|
2022-04-05 08:51:09 +00:00
|
|
|
query_user = get_user(email)
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if password data is available -> if, change password
|
2022-03-30 08:46:54 +00:00
|
|
|
if check_if_password_data_exists(data):
|
2022-03-27 15:23:33 +00:00
|
|
|
query_user.password = hash_password(data['password'])
|
2022-03-30 08:46:54 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if username data is available -> if, change username
|
2022-03-30 08:46:54 +00:00
|
|
|
if check_if_username_data_exists(data):
|
2022-03-27 15:23:33 +00:00
|
|
|
query_user.username = data['username']
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
2022-03-22 10:21:39 +00:00
|
|
|
return make_response({}, 200, "Successfully updated user")
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@users_blueprint.route('/user/setAdmin', methods=['PUT'])
|
|
|
|
|
@users_blueprint.output({}, 200)
|
|
|
|
|
@users_blueprint.input(schema=AdminDataSchema)
|
|
|
|
|
@users_blueprint.auth_required(auth)
|
|
|
|
|
@users_blueprint.doc(summary="Set user admin state", description="Set admin state of specified user")
|
|
|
|
|
def set_admin(data):
|
|
|
|
|
abort_if_no_admin() # Only admin users can do this
|
|
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if required data is available
|
2022-03-30 08:46:54 +00:00
|
|
|
if not check_if_email_data_exists(data):
|
|
|
|
|
abort(400, "Email missing")
|
|
|
|
|
|
|
|
|
|
if not check_if_admin_data_exists(data):
|
|
|
|
|
abort(400, "Admin data missing")
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Get user by email
|
|
|
|
|
query_user = get_user(data['email'])
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Update user admin state
|
|
|
|
|
query_user.admin = data['admin']
|
2022-03-17 10:05:28 +00:00
|
|
|
db.session.commit()
|
|
|
|
|
|
2022-03-22 10:21:39 +00:00
|
|
|
return make_response({}, 200, "Successfully updated users admin rights")
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
|
2022-04-05 08:51:09 +00:00
|
|
|
@users_blueprint.route('/user/setCron', methods=['PUT'])
|
|
|
|
|
@users_blueprint.output({}, 200)
|
|
|
|
|
@users_blueprint.input(schema=CronDataSchema)
|
|
|
|
|
@users_blueprint.auth_required(auth)
|
|
|
|
|
@users_blueprint.doc(summary="Set update cron", description="Set update cron of specified user")
|
|
|
|
|
def set_cron(data):
|
|
|
|
|
email = get_email_or_abort_401()
|
|
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if required data is available
|
2022-04-05 08:51:09 +00:00
|
|
|
if not check_if_cron_data_exists(data):
|
|
|
|
|
abort(400, "Cron data missing")
|
|
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Update user cron
|
2022-04-05 08:51:09 +00:00
|
|
|
get_user(email).cron = data['cron']
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
return make_response({}, 200, "Successfully updated users cron")
|
|
|
|
|
|
|
|
|
|
|
2022-03-17 10:05:28 +00:00
|
|
|
@users_blueprint.route('/user', methods=['DELETE'])
|
|
|
|
|
@users_blueprint.output({}, 200)
|
|
|
|
|
@users_blueprint.input(schema=DeleteUserSchema)
|
|
|
|
|
@users_blueprint.auth_required(auth)
|
|
|
|
|
@users_blueprint.doc(summary="Delete user", description="Deletes user by username")
|
|
|
|
|
def delete_user(data):
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if required data is available
|
2022-03-30 08:46:54 +00:00
|
|
|
if not check_if_email_data_exists(data):
|
|
|
|
|
abort(400, "Email missing")
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
# Check if email to delete is current user
|
|
|
|
|
# -> if, delete user
|
|
|
|
|
# -> if not, check if user is admin
|
|
|
|
|
# -> if, delete user
|
|
|
|
|
# -> else, abort
|
|
|
|
|
if data['email'] == get_email_or_abort_401(): # Username is same as current user
|
|
|
|
|
db.session.query(User).filter_by(email=data['email']).delete()
|
2022-03-17 10:05:28 +00:00
|
|
|
db.session.commit()
|
2022-04-12 09:36:23 +00:00
|
|
|
else:
|
2022-03-17 10:05:28 +00:00
|
|
|
abort_if_no_admin()
|
|
|
|
|
|
2022-04-12 09:36:23 +00:00
|
|
|
db.session.query(User).filter_by(email=data['email']).delete()
|
2022-03-17 10:05:28 +00:00
|
|
|
db.session.commit()
|
|
|
|
|
|
2022-03-22 10:21:39 +00:00
|
|
|
return make_response({}, 200, "Successfully removed user")
|
2022-03-17 08:26:25 +00:00
|
|
|
|
|
|
|
|
|
2022-03-27 15:23:33 +00:00
|
|
|
def check_if_email_data_exists(data):
|
|
|
|
|
if "email" not in data:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
2022-03-17 08:26:25 +00:00
|
|
|
|
2022-03-27 15:23:33 +00:00
|
|
|
if data['email'] == "" or data['email'] is None:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
return True
|
2022-03-17 08:26:25 +00:00
|
|
|
|
2022-03-27 15:23:33 +00:00
|
|
|
|
|
|
|
|
def check_if_password_data_exists(data):
|
2022-03-17 08:26:25 +00:00
|
|
|
if "password" not in data:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
2022-03-17 08:26:25 +00:00
|
|
|
|
|
|
|
|
if data['password'] == "" or data['password'] is None:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
return True
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
|
2022-03-27 15:23:33 +00:00
|
|
|
def check_if_username_data_exists(data):
|
2022-03-17 10:05:28 +00:00
|
|
|
if "username" not in data:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
if data['username'] == "" or data['username'] is None:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
return True
|
2022-03-17 10:05:28 +00:00
|
|
|
|
2022-03-27 15:23:33 +00:00
|
|
|
|
|
|
|
|
def check_if_admin_data_exists(data):
|
2022-03-17 10:05:28 +00:00
|
|
|
if "admin" not in data:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
2022-03-17 10:05:28 +00:00
|
|
|
|
|
|
|
|
if data['admin'] == "" or data['admin'] is None:
|
2022-03-30 08:46:54 +00:00
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
return True
|
2022-04-05 08:51:09 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def check_if_cron_data_exists(data):
|
|
|
|
|
if "cron" not in data:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
if data['cron'] == "" or data['cron'] is None:
|
|
|
|
|
return False
|
|
|
|
|
|
|
|
|
|
return True
|
