Update: user_delete

2022-01-05 19:26:06 +01:00 · 2022-01-05 19:26:06 +01:00 · 0348c30044
commit 0348c30044
parent 604b1f4fb7
2 changed files with 85 additions and 30 deletions
--- a/backend/application/api_functions.py
+++ b/backend/application/api_functions.py
@ -58,7 +58,7 @@ def db_login(ip, email, password):
        return {'status': 1, 'message': message}  # Email or password invalid


-def db_register(ip, email, nickname, password, is_admin):
+def db_register(ip, email, nickname, password, is_admin=False):
    user = Users.query.filter(
        Users.email == email
    ).first()
@ -174,3 +174,32 @@ def db_user_update(ip, user_id, nickname, password):
            id_user=user_id
        )
        return {'status': 1, 'message': message}
+
+
+def db_user_delete(ip, user_id):
+    test = Users.query.filter(Users.id == user_id).delete()
+    if test == 1:
+        db.session.commit()
+        message = 'User deleted.'
+        db_create_log(
+            ip=ip,
+            action='user_delete',
+            message=message,
+            has_succeeded=True,
+            status_code=0,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': 0, 'message': message, 'data': None}
+    else:
+        message = 'User do not exist.'
+        db_create_log(
+            ip=ip,
+            action='user_delete',
+            message=message,
+            has_succeeded=False,
+            status_code=1,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': 1, 'message': message}
--- a/backend/application/routes.py
+++ b/backend/application/routes.py
@ -1,7 +1,7 @@
 from flask import current_app as app
 from flask import request
 from .responses import send_message, send_error
-from .api_functions import db_login, db_register, db_user_update, db_create_log
+from .api_functions import db_login, db_register, db_user_update, db_create_log, db_user_delete
 from .sessionJWT import create_auth_token, check_auth_token


@ -12,9 +12,9 @@ def login():
    post_email = str(post_json['email'])
    post_password = str(post_json['password'])
    if post_email and post_password:
+        if post_email != '' and post_password != '':
            ip = request.remote_addr
            res = db_login(ip, post_email, post_password)
-        # TODO: Token Authentication
            if res['status'] == 0:
                user = res['data']
                token = create_auth_token(user)
@ -24,7 +24,9 @@ def login():
                token = create_auth_token(user)
                return send_error(404, res['message'], token)
        else:
-        return send_error(400, 'POST Request Error : Need email, password fields.')
+            return send_error(400, 'Error : Empty email and/or password fields.')
+    else:
+        return send_error(400, 'Error : Need email, password fields.')


 # Register
@ -35,15 +37,17 @@ def register():
        post_email = str(post_json['email'])
        post_nickname = str(post_json['nickname'])
        post_password = str(post_json['password'])
-        post_is_admin = bool(post_json['is_admin'])

-        if post_email and post_nickname and post_password and post_is_admin:
+        if post_email and post_nickname and post_password:
+            if post_email != '' and post_password != '' and post_nickname != '':
                ip = request.remote_addr
-            res = db_register(ip, post_email, post_nickname, post_password, post_is_admin)
+                res = db_register(ip, post_email, post_nickname, post_password)
                if res['status'] == 1:
                    return send_error(500, res['message'])
                elif res['status'] == 0:
                    return send_message(res['message'], res['data'])
+            else:
+                return send_error(400, 'Error : Empty email and/or password and/or nickname fields.')
    except KeyError as e:
        return send_error(400, 'POST Request Error : Need '+str(e)+' field.')

@ -89,6 +93,7 @@ def user_update():
            fields += ', password'

        if post_nickname is not None or post_password is not None:
+            if post_nickname != '' and post_password != '':
                ip = request.remote_addr
                user_id = token['payload']['id']
                res = db_user_update(ip, user_id, post_nickname, post_password)
@ -96,6 +101,8 @@ def user_update():
                    return send_error(500, res['message'])
                elif res['status'] == 0:
                    return send_message(res['message'], res['data'])
+            else:
+                return send_error(400, 'Error : Empty nickname and/or password fields.')
        else:
            return send_error(400, 'POST Request Error : Need ' + fields + ' field.')
    else:
@ -105,7 +112,26 @@ def user_update():
 # Delete User
@app.route('/api/user/delete', methods=['DELETE'])
 def user_delete():
-    return send_message('User.delete not implemented', None)
+    token = check_auth_token(request)
+    if token['success']:
+        ip = request.remote_addr
+        user_id = token['payload']['id']
+        res = db_user_delete(ip, user_id)
+        if res['status'] == 1:
+            return send_error(500, res['message'])
+        elif res['status'] == 0:
+            db_create_log(
+                ip=ip,
+                action='logout',
+                message='User disconnected.',
+                has_succeeded=True,
+                status_code=0,
+                table='users',
+                id_user=token['payload']['id']
+            )
+            return send_message(res['message'], None, token_delete=True)
+    else:
+        return send_error(500, token['message'])


 # Admin : Create User