Update: user_update

2022-01-05 16:47:22 +01:00 · 2022-01-05 16:47:22 +01:00 · 604b1f4fb7
commit 604b1f4fb7
parent b81c57905c
2 changed files with 131 additions and 32 deletions
--- a/backend/application/api_functions.py
+++ b/backend/application/api_functions.py
@ -6,6 +6,22 @@ from .users_model import Users, db
 from .logs_model import Logs


+def db_create_log(ip, action, message, has_succeeded, status_code, table=None, id_user=None):
+    log = Logs(
+        date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
+        ip=ip,
+        action=action,
+        message=message,
+        has_succeeded=has_succeeded,
+        status_code=status_code,
+        table=table,
+        id_user=id_user
+    )
+    db.session.add(log)
+    db.session.commit()
+    return log.json()
+
+
 def hash_password(salt, password):
    return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)

@ -18,33 +34,27 @@ def db_login(ip, email, password):
    # Check User and Hash Pass
    if user and user.hash_pass == hash_password(user.salt, password):
        message = 'User authenticated.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=user.id,
+        db_create_log(
            ip=ip,
-            table='users',
            action='login',
            message=message,
            has_succeeded=True,
-            status_code=0
+            status_code=0,
+            table='users',
+            id_user=user.id
        )
-        db.session.add(log)
-        db.session.commit()
        return {'status': 0, 'message': message, 'data': user.json()}
    else:
        message = f'Email or password invalid'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+        db_create_log(
            ip=ip,
-            table='users',
            action='login',
            message=message,
            has_succeeded=False,
-            status_code=2
+            status_code=1,
+            table='users',
+            id_user=None
        )
-        db.session.add(log)
-        db.session.commit()
        return {'status': 1, 'message': message}  # Email or password invalid


@ -54,18 +64,15 @@ def db_register(ip, email, nickname, password, is_admin):
    ).first()
    if user:
        message = f'{email} already exist.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+        db_create_log(
            ip=ip,
-            table='users',
            action='register',
            message=message,
            has_succeeded=False,
-            status_code=1
+            status_code=1,
+            table='users',
+            id_user=None
        )
-        db.session.add(log)
-        db.session.commit()
        return {'status': 1, 'message': message}  # User already exist

    # Salt Hash Pass with SHA256
@ -96,19 +103,74 @@ def db_register(ip, email, nickname, password, is_admin):
        has_succeeded = False
        status_code = 1

-    log = Logs(
-        date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-        id_user=id_user,
+    db_create_log(
        ip=ip,
-        table='users',
        action='register',
        message=message,
        has_succeeded=has_succeeded,
-        status_code=status_code
+        status_code=status_code,
+        table='users',
+        id_user=id_user
    )
-    db.session.add(log)
-    db.session.commit()
    if status_code == 0:
        return {'status': 0, 'message': message, 'data': user.json()}
    elif status_code == 1:
        return {'status': 1, 'message': message}
+
+
+def db_user_update(ip, user_id, nickname, password):
+    user = Users.query.filter(
+        Users.id == user_id
+    ).first()
+    if user:
+        has_succeeded = False
+        status_code = 2
+        if nickname and password:
+            # Salt Hash Pass with SHA256
+            salt = os.urandom(32)
+            hash_pass = hash_password(salt, password)
+            Users.query.filter(Users.id == user_id).update({'nickname': nickname, 'hash_pass': hash_pass, 'salt': salt})
+            db.session.commit()
+            message = 'User nickname and password updated.'
+            has_succeeded = True
+            status_code = 0
+        elif nickname:
+            Users.query.filter(Users.id == user_id).update({'nickname': nickname})
+            db.session.commit()
+            message = 'User nickname updated.'
+            has_succeeded = True
+            status_code = 0
+        elif password:
+            # Salt Hash Pass with SHA256
+            salt = os.urandom(32)
+            hash_pass = hash_password(salt, password)
+            Users.query.filter(Users.id == user_id).update({'hash_pass': hash_pass, 'salt': salt})
+            db.session.commit()
+            message = 'User password updated.'
+            has_succeeded = True
+            status_code = 0
+        else:
+            message = 'Only nickname and/or password can be changed.'
+
+        db_create_log(
+            ip=ip,
+            action='user_update',
+            message=message,
+            has_succeeded=has_succeeded,
+            status_code=status_code,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': status_code, 'message': message, 'data': user.json()}
+    else:
+        message = 'User do not exist.'
+        db_create_log(
+            ip=ip,
+            action='user_update',
+            message=message,
+            has_succeeded=False,
+            status_code=1,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': 1, 'message': message}
--- a/backend/application/routes.py
+++ b/backend/application/routes.py
@ -1,7 +1,7 @@
 from flask import current_app as app
 from flask import request
 from .responses import send_message, send_error
-from .api_functions import db_login, db_register
+from .api_functions import db_login, db_register, db_user_update, db_create_log
 from .sessionJWT import create_auth_token, check_auth_token


@ -53,16 +53,53 @@ def register():
 def logout():
    token = check_auth_token(request)
    if token['success']:
-        return send_message('User disconnected.', None, token_delete=True)
+        ip = request.remote_addr
+        message = 'User disconnected.'
+        db_create_log(
+            ip=ip,
+            action='logout',
+            message=message,
+            has_succeeded=True,
+            status_code=0,
+            table='users',
+            id_user=token['payload']['id']
+        )
+        return send_message(message, None, token_delete=True)
    else:
        return send_error(500, token['message'])


-# Update User
+# Update User (Nickname, Password)
@app.route('/api/user/update', methods=['PUT'])
 def user_update():
    token = check_auth_token(request)
-    return send_message('User.update not implemented', None)
+    if token['success']:
+        post_json = request.json
+        post_nickname = None
+        post_password = None
+        fields = ''
+        if 'nickname' in post_json:
+            post_nickname = str(post_json['nickname'])
+        else:
+            fields += 'nickname'
+
+        if 'password' in post_json:
+            post_password = str(post_json['password'])
+        else:
+            fields += ', password'
+
+        if post_nickname is not None or post_password is not None:
+            ip = request.remote_addr
+            user_id = token['payload']['id']
+            res = db_user_update(ip, user_id, post_nickname, post_password)
+            if res['status'] == 1:
+                return send_error(500, res['message'])
+            elif res['status'] == 0:
+                return send_message(res['message'], res['data'])
+        else:
+            return send_error(400, 'POST Request Error : Need ' + fields + ' field.')
+    else:
+        return send_error(500, token['message'])


 # Delete User