FitTrackee/fittrackee/users/utils.py

110 lines
3.0 KiB
Python
Raw Normal View History

2018-01-01 11:10:39 +01:00
import re
from typing import Optional, Tuple
from flask import Request
2021-01-20 16:47:00 +01:00
from fittrackee import db
2021-01-01 16:39:25 +01:00
from fittrackee.responses import (
ForbiddenErrorResponse,
2021-01-02 19:28:03 +01:00
HttpResponse,
2021-01-01 16:39:25 +01:00
UnauthorizedErrorResponse,
)
from .exceptions import UserNotFoundException
from .models import User
2021-01-02 19:28:03 +01:00
def is_valid_email(email: str) -> bool:
"""
Return if email format is valid
"""
2018-05-09 16:50:30 +02:00
mail_pattern = r"(^[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+$)"
return re.match(mail_pattern, email) is not None
2021-01-02 19:28:03 +01:00
def check_passwords(password: str, password_conf: str) -> str:
"""
Verify if password and password confirmation are the same and have
more than 8 characters
If not, it returns not empty string
"""
ret = ''
if password_conf != password:
ret = 'password: password and password confirmation do not match\n'
if len(password) < 8:
ret += 'password: 8 characters required\n'
return ret
def check_username(username: str) -> str:
"""
Return if username is valid
"""
ret = ''
if not 2 < len(username) < 13:
ret += 'username: 3 to 12 characters required\n'
if not re.match(r'^[a-zA-Z0-9_]+$', username):
ret += (
'username: only alphanumeric characters and the '
'underscore character "_" allowed\n'
)
return ret
2021-01-02 19:28:03 +01:00
def register_controls(
username: str, email: str, password: str, password_conf: str
) -> str:
"""
Verify if username, email and passwords are valid
2021-01-02 19:28:03 +01:00
If not, it returns not empty string
"""
ret = check_username(username)
2018-05-09 17:00:22 +02:00
if not is_valid_email(email):
ret += 'email: valid email must be provided\n'
ret += check_passwords(password, password_conf)
2018-05-09 17:00:22 +02:00
return ret
2021-01-02 19:28:03 +01:00
def verify_user(
current_request: Request, verify_admin: bool
) -> Tuple[Optional[HttpResponse], Optional[User]]:
2021-01-02 19:28:03 +01:00
"""
2021-12-01 19:39:45 +01:00
Return authenticated user, if the provided token is valid and user has
admin rights if 'verify_admin' is True
2021-01-02 19:28:03 +01:00
"""
default_message = 'provide a valid auth token'
2018-05-09 17:00:22 +02:00
auth_header = current_request.headers.get('Authorization')
if not auth_header:
2021-01-01 16:39:25 +01:00
return UnauthorizedErrorResponse(default_message), None
auth_token = auth_header.split(' ')[1]
2018-05-09 17:00:22 +02:00
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
2021-01-01 16:39:25 +01:00
return UnauthorizedErrorResponse(resp), None
2018-05-09 17:00:22 +02:00
user = User.query.filter_by(id=resp).first()
if not user:
2021-01-01 16:39:25 +01:00
return UnauthorizedErrorResponse(default_message), None
if verify_admin and not user.admin:
2021-01-01 16:39:25 +01:00
return ForbiddenErrorResponse(), None
return None, user
2018-05-09 17:00:22 +02:00
def can_view_workout(
auth_user_id: int, workout_user_id: int
2021-01-02 19:28:03 +01:00
) -> Optional[HttpResponse]:
"""
Return error response if user has no right to view workout
2021-01-02 19:28:03 +01:00
"""
if auth_user_id != workout_user_id:
2021-01-01 16:39:25 +01:00
return ForbiddenErrorResponse()
return None
def set_admin_rights(username: str) -> None:
user = User.query.filter_by(username=username).first()
if not user:
raise UserNotFoundException()
user.admin = True
db.session.commit()