Update: user_update

2022-01-05 16:47:22 +01:00 · 2022-01-05 16:47:22 +01:00 · 604b1f4fb7
commit 604b1f4fb7
parent b81c57905c
2 changed files with 131 additions and 32 deletions
--- a/backend/application/api_functions.py
+++ b/backend/application/api_functions.py
@ -6,6 +6,22 @@ from .users_model import Users, db
 from .logs_model import Logs


+def db_create_log(ip, action, message, has_succeeded, status_code, table=None, id_user=None):
+    log = Logs(
+        date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
+        ip=ip,
+        action=action,
+        message=message,
+        has_succeeded=has_succeeded,
+        status_code=status_code,
+        table=table,
+        id_user=id_user
+    )
+    db.session.add(log)
+    db.session.commit()
+    return log.json()
+
+
 def hash_password(salt, password):
    return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)

@ -18,33 +34,27 @@ def db_login(ip, email, password):
    # Check User and Hash Pass
    if user and user.hash_pass == hash_password(user.salt, password):
        message = 'User authenticated.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=user.id,
+        db_create_log(
            ip=ip,
-            table='users',
            action='login',
            message=message,
            has_succeeded=True,
-            status_code=0
+            status_code=0,
+            table='users',
+            id_user=user.id
        )
-        db.session.add(log)
-        db.session.commit()
        return {'status': 0, 'message': message, 'data': user.json()}
    else:
        message = f'Email or password invalid'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+        db_create_log(
            ip=ip,
-            table='users',
            action='login',
            message=message,
            has_succeeded=False,
-            status_code=2
+            status_code=1,
+            table='users',
+            id_user=None
        )
-        db.session.add(log)
-        db.session.commit()
        return {'status': 1, 'message': message}  # Email or password invalid


@ -54,18 +64,15 @@ def db_register(ip, email, nickname, password, is_admin):
    ).first()
    if user:
        message = f'{email} already exist.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+        db_create_log(
            ip=ip,
-            table='users',
            action='register',
            message=message,
            has_succeeded=False,
-            status_code=1
+            status_code=1,
+            table='users',
+            id_user=None
        )
-        db.session.add(log)
-        db.session.commit()
        return {'status': 1, 'message': message}  # User already exist

    # Salt Hash Pass with SHA256
@ -96,19 +103,74 @@ def db_register(ip, email, nickname, password, is_admin):
        has_succeeded = False
        status_code = 1

-    log = Logs(
-        date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-        id_user=id_user,
+    db_create_log(
        ip=ip,
-        table='users',
        action='register',
        message=message,
        has_succeeded=has_succeeded,
-        status_code=status_code
+        status_code=status_code,
+        table='users',
+        id_user=id_user
    )
-    db.session.add(log)
-    db.session.commit()
    if status_code == 0:
        return {'status': 0, 'message': message, 'data': user.json()}
    elif status_code == 1:
        return {'status': 1, 'message': message}
+
+
+def db_user_update(ip, user_id, nickname, password):
+    user = Users.query.filter(
+        Users.id == user_id
+    ).first()
+    if user:
+        has_succeeded = False
+        status_code = 2
+        if nickname and password:
+            # Salt Hash Pass with SHA256
+            salt = os.urandom(32)
+            hash_pass = hash_password(salt, password)
+            Users.query.filter(Users.id == user_id).update({'nickname': nickname, 'hash_pass': hash_pass, 'salt': salt})
+            db.session.commit()
+            message = 'User nickname and password updated.'
+            has_succeeded = True
+            status_code = 0
+        elif nickname:
+            Users.query.filter(Users.id == user_id).update({'nickname': nickname})
+            db.session.commit()
+            message = 'User nickname updated.'
+            has_succeeded = True
+            status_code = 0
+        elif password:
+            # Salt Hash Pass with SHA256
+            salt = os.urandom(32)
+            hash_pass = hash_password(salt, password)
+            Users.query.filter(Users.id == user_id).update({'hash_pass': hash_pass, 'salt': salt})
+            db.session.commit()
+            message = 'User password updated.'
+            has_succeeded = True
+            status_code = 0
+        else:
+            message = 'Only nickname and/or password can be changed.'
+
+        db_create_log(
+            ip=ip,
+            action='user_update',
+            message=message,
+            has_succeeded=has_succeeded,
+            status_code=status_code,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': status_code, 'message': message, 'data': user.json()}
+    else:
+        message = 'User do not exist.'
+        db_create_log(
+            ip=ip,
+            action='user_update',
+            message=message,
+            has_succeeded=False,
+            status_code=1,
+            table='users',
+            id_user=user_id
+        )
+        return {'status': 1, 'message': message}