yvachot/FlaskALED
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update: user_update

Browse source
This commit is contained in:
Yûki VACHOT 2022-01-05 16:47:22 +01:00
parent b81c57905c
commit 604b1f4fb7
2 changed files with 131 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

118
backend/application/api_functions.py
View file

@ -6,6 +6,22 @@ from .users_model import Users, db
from .logs_model import Logs from .logs_model import Logs
def db_create_log(ip, action, message, has_succeeded, status_code, table=None, id_user=None):
log = Logs(
date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
ip=ip,
action=action,
message=message,
has_succeeded=has_succeeded,
status_code=status_code,
table=table,
id_user=id_user
)
db.session.add(log)
db.session.commit()
return log.json()
def hash_password(salt, password): def hash_password(salt, password):
return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000) return hashlib.pbkdf2_hmac('sha256', password.encode('utf-8'), salt, 100000)
@ -18,33 +34,27 @@ def db_login(ip, email, password):
# Check User and Hash Pass # Check User and Hash Pass
if user and user.hash_pass == hash_password(user.salt, password): if user and user.hash_pass == hash_password(user.salt, password):
message = 'User authenticated.' message = 'User authenticated.'
log = Logs( db_create_log(
date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
id_user=user.id,
ip=ip, ip=ip,
table='users',
action='login', action='login',
message=message, message=message,
has_succeeded=True, has_succeeded=True,
status_code=0 status_code=0,
table='users',
id_user=user.id
) )
db.session.add(log)
db.session.commit()
return {'status': 0, 'message': message, 'data': user.json()} return {'status': 0, 'message': message, 'data': user.json()}
else: else:
message = f'Email or password invalid' message = f'Email or password invalid'
log = Logs( db_create_log(
date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
id_user=None,
ip=ip, ip=ip,
table='users',
action='login', action='login',
message=message, message=message,
has_succeeded=False, has_succeeded=False,
status_code=2 status_code=1,
table='users',
id_user=None
) )
db.session.add(log)
db.session.commit()
return {'status': 1, 'message': message} # Email or password invalid return {'status': 1, 'message': message} # Email or password invalid
@ -54,18 +64,15 @@ def db_register(ip, email, nickname, password, is_admin):
).first() ).first()
if user: if user:
message = f'{email} already exist.' message = f'{email} already exist.'
log = Logs( db_create_log(
date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
id_user=None,
ip=ip, ip=ip,
table='users',
action='register', action='register',
message=message, message=message,
has_succeeded=False, has_succeeded=False,
status_code=1 status_code=1,
table='users',
id_user=None
) )
db.session.add(log)
db.session.commit()
return {'status': 1, 'message': message} # User already exist return {'status': 1, 'message': message} # User already exist
# Salt Hash Pass with SHA256 # Salt Hash Pass with SHA256
@ -96,19 +103,74 @@ def db_register(ip, email, nickname, password, is_admin):
has_succeeded = False has_succeeded = False
status_code = 1 status_code = 1
log = Logs( db_create_log(
date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
id_user=id_user,
ip=ip, ip=ip,
table='users',
action='register', action='register',
message=message, message=message,
has_succeeded=has_succeeded, has_succeeded=has_succeeded,
status_code=status_code status_code=status_code,
table='users',
id_user=id_user
) )
db.session.add(log)
db.session.commit()
if status_code == 0: if status_code == 0:
return {'status': 0, 'message': message, 'data': user.json()} return {'status': 0, 'message': message, 'data': user.json()}
elif status_code == 1: elif status_code == 1:
return {'status': 1, 'message': message} return {'status': 1, 'message': message}
def db_user_update(ip, user_id, nickname, password):
user = Users.query.filter(
Users.id == user_id
).first()
if user:
has_succeeded = False
status_code = 2
if nickname and password:
# Salt Hash Pass with SHA256
salt = os.urandom(32)
hash_pass = hash_password(salt, password)
Users.query.filter(Users.id == user_id).update({'nickname': nickname, 'hash_pass': hash_pass, 'salt': salt})
db.session.commit()
message = 'User nickname and password updated.'
has_succeeded = True
status_code = 0
elif nickname:
Users.query.filter(Users.id == user_id).update({'nickname': nickname})
db.session.commit()
message = 'User nickname updated.'
has_succeeded = True
status_code = 0
elif password:
# Salt Hash Pass with SHA256
salt = os.urandom(32)
hash_pass = hash_password(salt, password)
Users.query.filter(Users.id == user_id).update({'hash_pass': hash_pass, 'salt': salt})
db.session.commit()
message = 'User password updated.'
has_succeeded = True
status_code = 0
else:
message = 'Only nickname and/or password can be changed.'
db_create_log(
ip=ip,
action='user_update',
message=message,
has_succeeded=has_succeeded,
status_code=status_code,
table='users',
id_user=user_id
)
return {'status': status_code, 'message': message, 'data': user.json()}
else:
message = 'User do not exist.'
db_create_log(
ip=ip,
action='user_update',
message=message,
has_succeeded=False,
status_code=1,
table='users',
id_user=user_id
)
return {'status': 1, 'message': message}

45
backend/application/routes.py
View file

@ -1,7 +1,7 @@
from flask import current_app as app from flask import current_app as app
from flask import request from flask import request
from .responses import send_message, send_error from .responses import send_message, send_error
from .api_functions import db_login, db_register from .api_functions import db_login, db_register, db_user_update, db_create_log
from .sessionJWT import create_auth_token, check_auth_token from .sessionJWT import create_auth_token, check_auth_token
@ -53,16 +53,53 @@ def register():
def logout(): def logout():
token = check_auth_token(request) token = check_auth_token(request)
if token['success']: if token['success']:
return send_message('User disconnected.', None, token_delete=True) ip = request.remote_addr
message = 'User disconnected.'
db_create_log(
ip=ip,
action='logout',
message=message,
has_succeeded=True,
status_code=0,
table='users',
id_user=token['payload']['id']
)
return send_message(message, None, token_delete=True)
else: else:
return send_error(500, token['message']) return send_error(500, token['message'])
# Update User # Update User (Nickname, Password)
@app.route('/api/user/update', methods=['PUT']) @app.route('/api/user/update', methods=['PUT'])
def user_update(): def user_update():
token = check_auth_token(request) token = check_auth_token(request)
return send_message('User.update not implemented', None) if token['success']:
post_json = request.json
post_nickname = None
post_password = None
fields = ''
if 'nickname' in post_json:
post_nickname = str(post_json['nickname'])
else:
fields += 'nickname'
if 'password' in post_json:
post_password = str(post_json['password'])
else:
fields += ', password'
if post_nickname is not None or post_password is not None:
ip = request.remote_addr
user_id = token['payload']['id']
res = db_user_update(ip, user_id, post_nickname, post_password)
if res['status'] == 1:
return send_error(500, res['message'])
elif res['status'] == 0:
return send_message(res['message'], res['data'])
else:
return send_error(400, 'POST Request Error : Need ' + fields + ' field.')
else:
return send_error(500, token['message'])
# Delete User # Delete User