2018-01-01 16:59:46 +01:00
|
|
|
import datetime
|
2018-01-01 21:54:03 +01:00
|
|
|
import os
|
2021-11-12 12:22:07 +01:00
|
|
|
import re
|
2022-03-13 08:52:09 +01:00
|
|
|
import secrets
|
2023-03-04 10:49:25 +01:00
|
|
|
from typing import Dict, Tuple, Union
|
2018-01-14 20:49:35 +01:00
|
|
|
|
2020-05-17 16:42:44 +02:00
|
|
|
import jwt
|
2023-03-01 21:00:53 +01:00
|
|
|
from flask import (
|
|
|
|
|
Blueprint,
|
|
|
|
|
Response,
|
|
|
|
|
current_app,
|
|
|
|
|
request,
|
|
|
|
|
send_from_directory,
|
|
|
|
|
)
|
2022-03-19 22:02:06 +01:00
|
|
|
from sqlalchemy import exc, func
|
2021-01-20 16:47:00 +01:00
|
|
|
from werkzeug.exceptions import RequestEntityTooLarge
|
|
|
|
|
from werkzeug.utils import secure_filename
|
|
|
|
|
|
2022-05-23 13:04:01 +02:00
|
|
|
from fittrackee import appLog, db
|
2022-03-13 08:56:23 +01:00
|
|
|
from fittrackee.emails.tasks import (
|
2022-03-19 22:02:06 +01:00
|
|
|
account_confirmation_email,
|
2022-03-13 08:56:23 +01:00
|
|
|
email_updated_to_current_address,
|
|
|
|
|
email_updated_to_new_address,
|
|
|
|
|
password_change_email,
|
|
|
|
|
reset_password_email,
|
|
|
|
|
)
|
2022-02-16 12:55:55 +01:00
|
|
|
from fittrackee.files import get_absolute_file_path
|
2022-05-27 15:51:40 +02:00
|
|
|
from fittrackee.oauth2.server import require_auth
|
2021-01-01 16:39:25 +01:00
|
|
|
from fittrackee.responses import (
|
2023-03-01 21:00:53 +01:00
|
|
|
DataNotFoundErrorResponse,
|
2021-01-01 16:39:25 +01:00
|
|
|
ForbiddenErrorResponse,
|
2021-01-02 19:28:03 +01:00
|
|
|
HttpResponse,
|
2021-01-01 16:39:25 +01:00
|
|
|
InvalidPayloadErrorResponse,
|
2021-12-19 11:51:28 +01:00
|
|
|
NotFoundErrorResponse,
|
2021-01-01 16:39:25 +01:00
|
|
|
PayloadTooLargeErrorResponse,
|
|
|
|
|
UnauthorizedErrorResponse,
|
2022-02-16 13:03:14 +01:00
|
|
|
get_error_response_if_file_is_invalid,
|
2021-01-01 16:39:25 +01:00
|
|
|
handle_error_and_return_response,
|
|
|
|
|
)
|
2022-02-16 13:03:14 +01:00
|
|
|
from fittrackee.utils import get_readable_duration
|
2021-11-12 12:22:07 +01:00
|
|
|
from fittrackee.workouts.models import Sport
|
2017-12-16 21:00:46 +01:00
|
|
|
|
2023-03-12 11:15:31 +01:00
|
|
|
from .exceptions import UserControlsException, UserCreationException
|
2023-03-01 12:39:35 +01:00
|
|
|
from .models import BlacklistedToken, User, UserDataExport, UserSportPreference
|
2023-03-01 16:30:44 +01:00
|
|
|
from .tasks import export_data
|
2023-03-12 11:15:31 +01:00
|
|
|
from .utils.admin import UserManagerService
|
|
|
|
|
from .utils.controls import check_password, is_valid_email
|
2023-03-04 10:49:25 +01:00
|
|
|
from .utils.language import get_language
|
2022-02-16 18:07:05 +01:00
|
|
|
from .utils.token import decode_user_token
|
2017-12-16 21:00:46 +01:00
|
|
|
|
|
|
|
|
auth_blueprint = Blueprint('auth', __name__)
|
|
|
|
|
|
2021-11-12 12:22:07 +01:00
|
|
|
HEX_COLOR_REGEX = regex = "^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$"
|
2022-04-23 18:04:20 +02:00
|
|
|
NOT_FOUND_MESSAGE = 'the requested URL was not found on the server'
|
2021-11-12 12:22:07 +01:00
|
|
|
|
2017-12-16 21:00:46 +01:00
|
|
|
|
2022-03-20 12:15:23 +01:00
|
|
|
def send_account_confirmation_email(user: User) -> None:
|
2022-04-23 18:04:20 +02:00
|
|
|
if current_app.config['CAN_SEND_EMAILS']:
|
|
|
|
|
ui_url = current_app.config['UI_URL']
|
|
|
|
|
email_data = {
|
|
|
|
|
'username': user.username,
|
|
|
|
|
'fittrackee_url': ui_url,
|
|
|
|
|
'operating_system': request.user_agent.platform, # type: ignore # noqa
|
|
|
|
|
'browser_name': request.user_agent.browser, # type: ignore
|
|
|
|
|
'account_confirmation_url': (
|
|
|
|
|
f'{ui_url}/account-confirmation'
|
|
|
|
|
f'?token={user.confirmation_token}'
|
|
|
|
|
),
|
|
|
|
|
}
|
|
|
|
|
user_data = {
|
2022-07-03 13:29:50 +02:00
|
|
|
'language': get_language(user.language),
|
2022-04-23 18:04:20 +02:00
|
|
|
'email': user.email,
|
|
|
|
|
}
|
|
|
|
|
account_confirmation_email.send(user_data, email_data)
|
2022-03-20 12:15:23 +01:00
|
|
|
|
|
|
|
|
|
2017-12-16 21:00:46 +01:00
|
|
|
@auth_blueprint.route('/auth/register', methods=['POST'])
|
2021-01-02 19:28:03 +01:00
|
|
|
def register_user() -> Union[Tuple[Dict, int], HttpResponse]:
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Register a user and send confirmation email.
|
2019-07-20 14:27:05 +02:00
|
|
|
|
2022-03-19 22:02:06 +01:00
|
|
|
The newly created account is inactive. The user must confirm his email
|
|
|
|
|
to activate it.
|
|
|
|
|
|
2019-07-20 14:27:05 +02:00
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2019-07-20 21:57:35 +02:00
|
|
|
POST /api/auth/register HTTP/1.1
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example responses**:
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- success:
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2022-03-20 12:15:23 +01:00
|
|
|
HTTP/1.1 200 SUCCESS
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- error on registration:
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 400 BAD REQUEST
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
2022-03-26 20:30:37 +01:00
|
|
|
"message": "Errors: email: valid email must be provided\\n",
|
2019-07-20 14:27:05 +02:00
|
|
|
"status": "error"
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-19 22:02:06 +01:00
|
|
|
:<json string username: username (3 to 30 characters required)
|
2019-07-20 14:27:05 +02:00
|
|
|
:<json string email: user email
|
|
|
|
|
:<json string password: password (8 characters required)
|
2022-07-03 13:29:50 +02:00
|
|
|
:<json string lang: user language preferences (if not provided or invalid,
|
|
|
|
|
fallback to 'en' (english))
|
2023-06-18 15:02:21 +02:00
|
|
|
:<json boolean accepted_policy: ``true`` if user accepted privacy policy
|
2019-07-20 14:27:05 +02:00
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``success``
|
2019-07-20 14:27:05 +02:00
|
|
|
:statuscode 400:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``invalid payload``
|
|
|
|
|
- ``sorry, that username is already taken``
|
|
|
|
|
- ``sorry, you must agree privacy policy to register``
|
|
|
|
|
- ``username: 3 to 30 characters required``
|
|
|
|
|
- ``username: only alphanumeric characters and the underscore
|
|
|
|
|
character "_" allowed``
|
|
|
|
|
- ``email: valid email must be provided``
|
|
|
|
|
- ``password: 8 characters required``
|
|
|
|
|
:statuscode 403: ``error, registration is disabled``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2019-11-13 18:40:01 +01:00
|
|
|
if not current_app.config.get('is_registration_enabled'):
|
2021-11-01 09:44:10 +01:00
|
|
|
return ForbiddenErrorResponse('error, registration is disabled')
|
2021-01-01 16:39:25 +01:00
|
|
|
|
2017-12-16 21:00:46 +01:00
|
|
|
post_data = request.get_json()
|
2019-08-28 13:25:39 +02:00
|
|
|
if (
|
|
|
|
|
not post_data
|
|
|
|
|
or post_data.get('username') is None
|
|
|
|
|
or post_data.get('email') is None
|
|
|
|
|
or post_data.get('password') is None
|
2023-02-25 14:06:49 +01:00
|
|
|
or post_data.get('accepted_policy') is None
|
2019-08-28 13:25:39 +02:00
|
|
|
):
|
2021-01-01 16:39:25 +01:00
|
|
|
return InvalidPayloadErrorResponse()
|
2023-02-25 14:06:49 +01:00
|
|
|
|
|
|
|
|
accepted_policy = post_data.get('accepted_policy') is True
|
|
|
|
|
if not accepted_policy:
|
|
|
|
|
return InvalidPayloadErrorResponse(
|
|
|
|
|
'sorry, you must agree privacy policy to register'
|
|
|
|
|
)
|
|
|
|
|
|
2017-12-16 21:00:46 +01:00
|
|
|
username = post_data.get('username')
|
|
|
|
|
email = post_data.get('email')
|
|
|
|
|
password = post_data.get('password')
|
2022-07-03 13:29:50 +02:00
|
|
|
language = get_language(post_data.get('language'))
|
2018-01-01 11:10:39 +01:00
|
|
|
|
2018-05-13 18:36:31 +02:00
|
|
|
try:
|
2023-03-12 11:15:31 +01:00
|
|
|
user_manager_service = UserManagerService(username=username)
|
|
|
|
|
new_user, _ = user_manager_service.create_user(email, password)
|
|
|
|
|
# if a user exists with same email address (returned new_user is None),
|
|
|
|
|
# no error is returned since a user has to confirm his email to
|
|
|
|
|
# activate his account
|
|
|
|
|
if new_user:
|
2022-07-03 13:29:50 +02:00
|
|
|
new_user.language = language
|
2023-02-25 14:06:49 +01:00
|
|
|
new_user.accepted_policy_date = datetime.datetime.utcnow()
|
2022-03-19 22:02:06 +01:00
|
|
|
db.session.add(new_user)
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
2022-03-20 12:15:23 +01:00
|
|
|
send_account_confirmation_email(new_user)
|
2022-03-19 22:02:06 +01:00
|
|
|
|
|
|
|
|
return {'status': 'success'}, 200
|
2017-12-16 21:00:46 +01:00
|
|
|
# handler errors
|
2023-03-12 11:15:31 +01:00
|
|
|
except (UserControlsException, UserCreationException) as e:
|
|
|
|
|
return InvalidPayloadErrorResponse(str(e))
|
|
|
|
|
except (
|
|
|
|
|
exc.IntegrityError,
|
|
|
|
|
exc.OperationalError,
|
|
|
|
|
TypeError,
|
|
|
|
|
ValueError,
|
|
|
|
|
) as e:
|
2021-01-01 16:39:25 +01:00
|
|
|
return handle_error_and_return_response(e, db=db)
|
2017-12-16 21:00:46 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/login', methods=['POST'])
|
2021-01-02 19:28:03 +01:00
|
|
|
def login_user() -> Union[Dict, HttpResponse]:
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
User login.
|
2022-03-26 20:30:37 +01:00
|
|
|
|
|
|
|
|
Only user with an active account can log in.
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2019-07-20 21:57:35 +02:00
|
|
|
POST /api/auth/login HTTP/1.1
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example responses**:
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- successful login:
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"auth_token": "JSON Web Token",
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "successfully logged in",
|
2019-07-20 14:27:05 +02:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
- error on login
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2022-03-26 20:30:37 +01:00
|
|
|
HTTP/1.1 401 UNAUTHORIZED
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "invalid credentials",
|
2019-07-20 14:27:05 +02:00
|
|
|
"status": "error"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string email: user email
|
2022-03-13 08:39:50 +01:00
|
|
|
:<json string password: password
|
2019-07-20 14:27:05 +02:00
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``successfully logged in``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
|
|
|
|
:statuscode 401: ``invalid credentials``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
"""
|
2017-12-16 21:00:46 +01:00
|
|
|
# get post data
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
if not post_data:
|
2021-01-01 16:39:25 +01:00
|
|
|
return InvalidPayloadErrorResponse()
|
2021-11-03 10:23:28 +01:00
|
|
|
email = post_data.get('email', '')
|
2017-12-16 21:00:46 +01:00
|
|
|
password = post_data.get('password')
|
|
|
|
|
try:
|
2021-11-03 10:23:28 +01:00
|
|
|
user = User.query.filter(
|
2022-03-19 22:02:06 +01:00
|
|
|
func.lower(User.email) == func.lower(email),
|
|
|
|
|
User.is_active == True, # noqa
|
2021-11-03 10:23:28 +01:00
|
|
|
).first()
|
2022-05-23 13:04:01 +02:00
|
|
|
if user and user.check_password(password):
|
2017-12-16 21:00:46 +01:00
|
|
|
# generate auth token
|
|
|
|
|
auth_token = user.encode_auth_token(user.id)
|
2021-01-01 16:39:25 +01:00
|
|
|
return {
|
2017-12-16 21:00:46 +01:00
|
|
|
'status': 'success',
|
2021-11-01 09:44:10 +01:00
|
|
|
'message': 'successfully logged in',
|
2020-12-25 19:35:15 +01:00
|
|
|
'auth_token': auth_token,
|
2017-12-16 21:00:46 +01:00
|
|
|
}
|
2021-11-01 09:44:10 +01:00
|
|
|
return UnauthorizedErrorResponse('invalid credentials')
|
2017-12-16 21:00:46 +01:00
|
|
|
# handler errors
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
2021-01-01 16:39:25 +01:00
|
|
|
return handle_error_and_return_response(e, db=db)
|
2017-12-16 21:00:46 +01:00
|
|
|
|
|
|
|
|
|
2017-12-25 17:45:28 +01:00
|
|
|
@auth_blueprint.route('/auth/profile', methods=['GET'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:read'])
|
2021-01-02 19:28:03 +01:00
|
|
|
def get_authenticated_user_profile(
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user: User,
|
2021-01-02 19:28:03 +01:00
|
|
|
) -> Union[Dict, HttpResponse]:
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Get authenticated user info (profile, account, preferences).
|
|
|
|
|
|
|
|
|
|
**Scope**: ``profile:read``
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2019-07-20 21:57:35 +02:00
|
|
|
GET /api/auth/profile HTTP/1.1
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
2023-04-12 17:32:08 +02:00
|
|
|
"accepted_privacy_policy": true,
|
2019-07-20 14:27:05 +02:00
|
|
|
"admin": false,
|
|
|
|
|
"bio": null,
|
|
|
|
|
"birth_date": null,
|
|
|
|
|
"created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
|
2023-04-12 17:32:08 +02:00
|
|
|
"date_format": "dd/MM/yyyy",
|
2022-07-23 17:24:31 +02:00
|
|
|
"display_ascent": true,
|
2019-09-01 11:40:39 +02:00
|
|
|
"email": "sam@example.com",
|
2023-04-12 17:32:08 +02:00
|
|
|
"email_to_confirm": null,
|
2019-07-20 14:27:05 +02:00
|
|
|
"first_name": null,
|
2021-11-13 19:46:12 +01:00
|
|
|
"imperial_units": false,
|
2022-03-19 22:02:06 +01:00
|
|
|
"is_active": true,
|
2019-09-16 14:19:21 +02:00
|
|
|
"language": "en",
|
2019-07-20 14:27:05 +02:00
|
|
|
"last_name": null,
|
|
|
|
|
"location": null,
|
|
|
|
|
"nb_sports": 3,
|
2021-01-10 11:16:43 +01:00
|
|
|
"nb_workouts": 6,
|
2019-07-20 14:27:05 +02:00
|
|
|
"picture": false,
|
2021-09-21 18:10:27 +02:00
|
|
|
"records": [
|
|
|
|
|
{
|
|
|
|
|
"id": 9,
|
|
|
|
|
"record_type": "AS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 10,
|
|
|
|
|
"record_type": "FD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2022-07-23 17:24:31 +02:00
|
|
|
{
|
|
|
|
|
"id": 13,
|
|
|
|
|
"record_type": "HA",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "Sam",
|
|
|
|
|
"value": 43.97,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2021-09-21 18:10:27 +02:00
|
|
|
{
|
|
|
|
|
"id": 11,
|
|
|
|
|
"record_type": "LD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": "1:01:00",
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 12,
|
|
|
|
|
"record_type": "MS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
}
|
|
|
|
|
],
|
2019-09-23 20:01:11 +02:00
|
|
|
"sports_list": [
|
|
|
|
|
1,
|
|
|
|
|
4,
|
|
|
|
|
6
|
|
|
|
|
],
|
2023-04-12 17:32:08 +02:00
|
|
|
"start_elevation_at_zero": false,
|
2019-07-20 14:27:05 +02:00
|
|
|
"timezone": "Europe/Paris",
|
2023-04-12 17:32:08 +02:00
|
|
|
"total_ascent": 720.35,
|
2019-07-20 14:27:05 +02:00
|
|
|
"total_distance": 67.895,
|
|
|
|
|
"total_duration": "6:50:27",
|
2023-12-16 21:18:09 +01:00
|
|
|
"use_dark_mode": null,
|
2023-05-29 14:35:09 +02:00
|
|
|
"use_raw_gpx_speed": false,
|
2019-09-01 11:40:39 +02:00
|
|
|
"username": "sam",
|
|
|
|
|
"weekm": false
|
2019-07-20 14:27:05 +02:00
|
|
|
},
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``success``
|
2019-07-20 21:57:35 +02:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-03-13 09:30:50 +01:00
|
|
|
return {'status': 'success', 'data': auth_user.serialize(auth_user)}
|
2018-01-01 16:59:46 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/profile/edit', methods=['POST'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2021-12-01 19:22:47 +01:00
|
|
|
def edit_user(auth_user: User) -> Union[Dict, HttpResponse]:
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Edit authenticated user profile.
|
|
|
|
|
|
|
|
|
|
**Scope**: ``profile:write``
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2019-07-20 21:57:35 +02:00
|
|
|
POST /api/auth/profile/edit HTTP/1.1
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
2023-04-12 17:32:08 +02:00
|
|
|
"accepted_privacy_policy": true,
|
2019-07-20 14:27:05 +02:00
|
|
|
"admin": false,
|
|
|
|
|
"bio": null,
|
|
|
|
|
"birth_date": null,
|
|
|
|
|
"created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
|
2023-04-12 17:32:08 +02:00
|
|
|
"date_format": "dd/MM/yyyy",
|
2022-07-23 17:24:31 +02:00
|
|
|
"display_ascent": true,
|
2019-09-01 11:40:39 +02:00
|
|
|
"email": "sam@example.com",
|
2023-04-12 17:32:08 +02:00
|
|
|
"email_to_confirm": null,
|
2019-07-20 14:27:05 +02:00
|
|
|
"first_name": null,
|
2021-11-13 19:46:12 +01:00
|
|
|
"imperial_units": false,
|
2022-03-19 22:02:06 +01:00
|
|
|
"is_active": true,
|
2019-09-16 14:19:21 +02:00
|
|
|
"language": "en",
|
2019-07-20 14:27:05 +02:00
|
|
|
"last_name": null,
|
|
|
|
|
"location": null,
|
|
|
|
|
"nb_sports": 3,
|
2021-01-10 11:16:43 +01:00
|
|
|
"nb_workouts": 6,
|
2019-07-20 14:27:05 +02:00
|
|
|
"picture": false,
|
2021-09-21 18:10:27 +02:00
|
|
|
"records": [
|
|
|
|
|
{
|
|
|
|
|
"id": 9,
|
|
|
|
|
"record_type": "AS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 10,
|
|
|
|
|
"record_type": "FD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2022-07-23 17:24:31 +02:00
|
|
|
{
|
|
|
|
|
"id": 13,
|
|
|
|
|
"record_type": "HA",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "Sam",
|
|
|
|
|
"value": 43.97,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2021-09-21 18:10:27 +02:00
|
|
|
{
|
|
|
|
|
"id": 11,
|
|
|
|
|
"record_type": "LD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": "1:01:00",
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 12,
|
|
|
|
|
"record_type": "MS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
}
|
|
|
|
|
],
|
2019-09-23 20:01:11 +02:00
|
|
|
"sports_list": [
|
|
|
|
|
1,
|
|
|
|
|
4,
|
|
|
|
|
6
|
|
|
|
|
],
|
2023-04-12 17:32:08 +02:00
|
|
|
"start_elevation_at_zero": false,
|
2019-07-20 14:27:05 +02:00
|
|
|
"timezone": "Europe/Paris",
|
2023-04-12 17:32:08 +02:00
|
|
|
"total_ascent": 720.35,
|
2019-07-20 14:27:05 +02:00
|
|
|
"total_distance": 67.895,
|
|
|
|
|
"total_duration": "6:50:27",
|
2023-12-16 21:18:09 +01:00
|
|
|
"use_dark_mode": null,
|
2023-05-29 14:35:09 +02:00
|
|
|
"use_raw_gpx_speed": false,
|
2019-07-20 14:27:05 +02:00
|
|
|
"username": "sam"
|
2019-09-01 11:40:39 +02:00
|
|
|
"weekm": true,
|
2019-07-20 14:27:05 +02:00
|
|
|
},
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "user profile updated",
|
2019-07-20 14:27:05 +02:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string first_name: user first name
|
|
|
|
|
:<json string last_name: user last name
|
|
|
|
|
:<json string location: user location
|
|
|
|
|
:<json string bio: user biography
|
|
|
|
|
:<json string birth_date: user birth date (format: ``%Y-%m-%d``)
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``user profile updated``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
2019-07-20 21:57:35 +02:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2018-01-01 16:59:46 +01:00
|
|
|
# get post data
|
|
|
|
|
post_data = request.get_json()
|
2019-08-31 16:33:46 +02:00
|
|
|
user_mandatory_data = {
|
|
|
|
|
'first_name',
|
|
|
|
|
'last_name',
|
|
|
|
|
'bio',
|
|
|
|
|
'birth_date',
|
|
|
|
|
'location',
|
|
|
|
|
}
|
|
|
|
|
if not post_data or not post_data.keys() >= user_mandatory_data:
|
2021-01-01 16:39:25 +01:00
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
|
2018-01-01 16:59:46 +01:00
|
|
|
first_name = post_data.get('first_name')
|
|
|
|
|
last_name = post_data.get('last_name')
|
|
|
|
|
bio = post_data.get('bio')
|
|
|
|
|
birth_date = post_data.get('birth_date')
|
|
|
|
|
location = post_data.get('location')
|
2018-01-01 17:50:12 +01:00
|
|
|
|
2018-01-01 16:59:46 +01:00
|
|
|
try:
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user.first_name = first_name
|
|
|
|
|
auth_user.last_name = last_name
|
|
|
|
|
auth_user.bio = bio
|
|
|
|
|
auth_user.location = location
|
|
|
|
|
auth_user.birth_date = (
|
2018-05-08 18:26:42 +02:00
|
|
|
datetime.datetime.strptime(birth_date, '%Y-%m-%d')
|
2018-01-01 16:59:46 +01:00
|
|
|
if birth_date
|
|
|
|
|
else None
|
|
|
|
|
)
|
2021-10-17 21:01:14 +02:00
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
'status': 'success',
|
2021-11-01 09:44:10 +01:00
|
|
|
'message': 'user profile updated',
|
2022-03-13 09:30:50 +01:00
|
|
|
'data': auth_user.serialize(auth_user),
|
2021-10-17 21:01:14 +02:00
|
|
|
}
|
2022-03-13 08:43:20 +01:00
|
|
|
|
|
|
|
|
# handler errors
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/profile/edit/account', methods=['PATCH'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2022-03-13 08:43:20 +01:00
|
|
|
def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Update authenticated user email and password.
|
2022-03-13 08:43:20 +01:00
|
|
|
|
2022-04-23 18:04:20 +02:00
|
|
|
It sends emails if sending is enabled:
|
2022-03-26 20:30:37 +01:00
|
|
|
|
|
|
|
|
- Password change
|
|
|
|
|
- Email change:
|
|
|
|
|
|
|
|
|
|
- one to the current address to inform user
|
|
|
|
|
- another one to the new address to confirm it.
|
|
|
|
|
|
2022-07-14 18:36:19 +02:00
|
|
|
**Scope**: ``profile:write``
|
|
|
|
|
|
2022-03-13 08:43:20 +01:00
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
PATCH /api/auth/profile/edit/account HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
2023-04-12 17:32:08 +02:00
|
|
|
"accepted_privacy_policy": true,
|
2022-03-13 08:43:20 +01:00
|
|
|
"admin": false,
|
|
|
|
|
"bio": null,
|
|
|
|
|
"birth_date": null,
|
|
|
|
|
"created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
|
2023-04-12 17:32:08 +02:00
|
|
|
"date_format": "dd/MM/yyyy",
|
2022-07-23 17:24:31 +02:00
|
|
|
"display_ascent": true,
|
2022-03-13 08:43:20 +01:00
|
|
|
"email": "sam@example.com",
|
2023-04-12 17:32:08 +02:00
|
|
|
"email_to_confirm": null,
|
2022-03-13 08:43:20 +01:00
|
|
|
"first_name": null,
|
|
|
|
|
"imperial_units": false,
|
2022-03-19 22:02:06 +01:00
|
|
|
"is_active": true,
|
2022-03-13 08:43:20 +01:00
|
|
|
"language": "en",
|
|
|
|
|
"last_name": null,
|
|
|
|
|
"location": null,
|
|
|
|
|
"nb_sports": 3,
|
|
|
|
|
"nb_workouts": 6,
|
|
|
|
|
"picture": false,
|
|
|
|
|
"records": [
|
|
|
|
|
{
|
|
|
|
|
"id": 9,
|
|
|
|
|
"record_type": "AS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 10,
|
|
|
|
|
"record_type": "FD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2022-07-23 17:24:31 +02:00
|
|
|
{
|
|
|
|
|
"id": 13,
|
|
|
|
|
"record_type": "HA",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "Sam",
|
|
|
|
|
"value": 43.97,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2022-03-13 08:43:20 +01:00
|
|
|
{
|
|
|
|
|
"id": 11,
|
|
|
|
|
"record_type": "LD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": "1:01:00",
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 12,
|
|
|
|
|
"record_type": "MS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"sports_list": [
|
|
|
|
|
1,
|
|
|
|
|
4,
|
|
|
|
|
6
|
|
|
|
|
],
|
2023-04-12 17:32:08 +02:00
|
|
|
"start_elevation_at_zero": false,
|
2022-03-13 08:43:20 +01:00
|
|
|
"timezone": "Europe/Paris",
|
2023-04-12 17:32:08 +02:00
|
|
|
"total_ascent": 720.35,
|
2022-03-13 08:43:20 +01:00
|
|
|
"total_distance": 67.895,
|
|
|
|
|
"total_duration": "6:50:27",
|
2023-12-16 21:18:09 +01:00
|
|
|
"use_dark_mode": null,
|
2023-05-29 14:35:09 +02:00
|
|
|
"use_raw_gpx_speed": false,
|
2022-03-13 08:43:20 +01:00
|
|
|
"username": "sam"
|
|
|
|
|
"weekm": true,
|
|
|
|
|
},
|
2022-03-13 08:48:37 +01:00
|
|
|
"message": "user account updated",
|
2022-03-13 08:43:20 +01:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-13 08:52:09 +01:00
|
|
|
:<json string email: user email
|
|
|
|
|
:<json string password: user current password
|
|
|
|
|
:<json string new_password: user new password
|
2022-03-13 08:43:20 +01:00
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``user account updated``
|
2022-03-13 08:43:20 +01:00
|
|
|
:statuscode 400:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``invalid payload``
|
|
|
|
|
- ``email is missing``
|
|
|
|
|
- ``current password is missing``
|
|
|
|
|
- ``email: valid email must be provided``
|
|
|
|
|
- ``password: 8 characters required``
|
2022-03-13 08:43:20 +01:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
- ``invalid credentials``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2022-03-13 08:43:20 +01:00
|
|
|
"""
|
|
|
|
|
data = request.get_json()
|
2022-03-13 08:52:09 +01:00
|
|
|
if not data:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
email_to_confirm = data.get('email')
|
|
|
|
|
if not email_to_confirm:
|
|
|
|
|
return InvalidPayloadErrorResponse('email is missing')
|
2022-03-13 08:48:37 +01:00
|
|
|
current_password = data.get('password')
|
2022-03-13 08:52:09 +01:00
|
|
|
if not current_password:
|
|
|
|
|
return InvalidPayloadErrorResponse('current password is missing')
|
2022-05-23 13:04:01 +02:00
|
|
|
if not auth_user.check_password(current_password):
|
2022-03-13 08:48:37 +01:00
|
|
|
return UnauthorizedErrorResponse('invalid credentials')
|
2022-03-13 08:43:20 +01:00
|
|
|
|
2022-03-13 08:48:37 +01:00
|
|
|
new_password = data.get('new_password')
|
2022-03-13 08:52:09 +01:00
|
|
|
error_messages = ''
|
2022-03-13 08:43:20 +01:00
|
|
|
try:
|
2022-03-13 08:52:09 +01:00
|
|
|
if email_to_confirm != auth_user.email:
|
|
|
|
|
if is_valid_email(email_to_confirm):
|
2022-04-23 18:04:20 +02:00
|
|
|
if current_app.config['CAN_SEND_EMAILS']:
|
|
|
|
|
auth_user.email_to_confirm = email_to_confirm
|
|
|
|
|
auth_user.confirmation_token = secrets.token_urlsafe(30)
|
|
|
|
|
else:
|
|
|
|
|
auth_user.email = email_to_confirm
|
|
|
|
|
auth_user.confirmation_token = None
|
2022-03-13 08:52:09 +01:00
|
|
|
else:
|
|
|
|
|
error_messages = 'email: valid email must be provided\n'
|
|
|
|
|
|
|
|
|
|
if new_password is not None:
|
|
|
|
|
error_messages += check_password(new_password)
|
|
|
|
|
if error_messages == '':
|
2022-05-23 13:04:01 +02:00
|
|
|
hashed_password = auth_user.generate_password_hash(
|
|
|
|
|
new_password
|
|
|
|
|
)
|
2022-03-13 08:52:09 +01:00
|
|
|
auth_user.password = hashed_password
|
|
|
|
|
|
|
|
|
|
if error_messages != '':
|
|
|
|
|
return InvalidPayloadErrorResponse(error_messages)
|
2022-03-13 08:43:20 +01:00
|
|
|
|
2022-03-13 08:52:09 +01:00
|
|
|
db.session.commit()
|
2022-03-13 08:56:23 +01:00
|
|
|
|
2022-04-23 18:04:20 +02:00
|
|
|
if current_app.config['CAN_SEND_EMAILS']:
|
|
|
|
|
ui_url = current_app.config['UI_URL']
|
|
|
|
|
user_data = {
|
2022-07-03 13:29:50 +02:00
|
|
|
'language': get_language(auth_user.language),
|
2022-04-23 18:04:20 +02:00
|
|
|
'email': auth_user.email,
|
2022-03-13 08:56:23 +01:00
|
|
|
}
|
2022-04-23 18:04:20 +02:00
|
|
|
data = {
|
|
|
|
|
'username': auth_user.username,
|
|
|
|
|
'fittrackee_url': ui_url,
|
|
|
|
|
'operating_system': request.user_agent.platform,
|
|
|
|
|
'browser_name': request.user_agent.browser,
|
2022-03-13 08:56:23 +01:00
|
|
|
}
|
2022-04-23 18:04:20 +02:00
|
|
|
|
|
|
|
|
if new_password is not None:
|
|
|
|
|
password_change_email.send(user_data, data)
|
|
|
|
|
|
|
|
|
|
if (
|
|
|
|
|
auth_user.email_to_confirm is not None
|
|
|
|
|
and auth_user.email_to_confirm != auth_user.email
|
|
|
|
|
):
|
|
|
|
|
email_data = {
|
|
|
|
|
**data,
|
|
|
|
|
**{'new_email_address': email_to_confirm},
|
|
|
|
|
}
|
|
|
|
|
email_updated_to_current_address.send(user_data, email_data)
|
|
|
|
|
|
|
|
|
|
email_data = {
|
|
|
|
|
**data,
|
|
|
|
|
**{
|
|
|
|
|
'email_confirmation_url': (
|
|
|
|
|
f'{ui_url}/email-update'
|
|
|
|
|
f'?token={auth_user.confirmation_token}'
|
|
|
|
|
)
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
user_data = {
|
|
|
|
|
**user_data,
|
|
|
|
|
**{'email': auth_user.email_to_confirm},
|
|
|
|
|
}
|
|
|
|
|
email_updated_to_new_address.send(user_data, email_data)
|
2022-03-13 08:56:23 +01:00
|
|
|
|
2022-03-13 08:43:20 +01:00
|
|
|
return {
|
|
|
|
|
'status': 'success',
|
|
|
|
|
'message': 'user account updated',
|
2022-03-13 09:30:50 +01:00
|
|
|
'data': auth_user.serialize(auth_user),
|
2022-03-13 08:43:20 +01:00
|
|
|
}
|
2021-10-17 21:01:14 +02:00
|
|
|
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/profile/edit/preferences', methods=['POST'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2021-12-01 19:22:47 +01:00
|
|
|
def edit_user_preferences(auth_user: User) -> Union[Dict, HttpResponse]:
|
2021-10-17 21:01:14 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Edit authenticated user preferences.
|
|
|
|
|
|
2022-11-01 19:58:12 +01:00
|
|
|
Supported date formats:
|
|
|
|
|
|
|
|
|
|
- ``MM/dd/yyyy`` (default value)
|
|
|
|
|
- ``dd/MM/yyyy``
|
|
|
|
|
- ``yyyy-MM-dd``
|
|
|
|
|
- ``date_string``, corresponding on client to:
|
|
|
|
|
|
|
|
|
|
- ``MMM. do, yyyy`` for ``en`` locale
|
2023-04-12 17:32:08 +02:00
|
|
|
- ``d MMM yyyy`` for ``es``, ``fr``, ``gl``, ``it`` and ``nl`` locales
|
|
|
|
|
- ``do MMM yyyy`` for ``de`` and ``nb`` locales
|
2022-11-01 19:58:12 +01:00
|
|
|
|
2022-07-14 18:36:19 +02:00
|
|
|
**Scope**: ``profile:write``
|
2021-10-17 21:01:14 +02:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/profile/edit/preferences HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
2023-04-12 17:32:08 +02:00
|
|
|
"accepted_privacy_policy": true,
|
2021-10-17 21:01:14 +02:00
|
|
|
"admin": false,
|
|
|
|
|
"bio": null,
|
|
|
|
|
"birth_date": null,
|
|
|
|
|
"created_at": "Sun, 14 Jul 2019 14:09:58 GMT",
|
2022-11-01 07:12:49 +01:00
|
|
|
"date_format": "MM/dd/yyyy",
|
2022-07-23 17:24:31 +02:00
|
|
|
"display_ascent": true,
|
2021-10-17 21:01:14 +02:00
|
|
|
"email": "sam@example.com",
|
2023-04-12 17:32:08 +02:00
|
|
|
"email_to_confirm": null,
|
2021-10-17 21:01:14 +02:00
|
|
|
"first_name": null,
|
2021-11-13 19:46:12 +01:00
|
|
|
"imperial_units": false,
|
2022-03-19 22:02:06 +01:00
|
|
|
"is_active": true,
|
2021-10-17 21:01:14 +02:00
|
|
|
"language": "en",
|
|
|
|
|
"last_name": null,
|
|
|
|
|
"location": null,
|
|
|
|
|
"nb_sports": 3,
|
|
|
|
|
"nb_workouts": 6,
|
|
|
|
|
"picture": false,
|
|
|
|
|
"records": [
|
|
|
|
|
{
|
|
|
|
|
"id": 9,
|
|
|
|
|
"record_type": "AS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 10,
|
|
|
|
|
"record_type": "FD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2022-07-23 17:24:31 +02:00
|
|
|
{
|
|
|
|
|
"id": 13,
|
|
|
|
|
"record_type": "HA",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "Sam",
|
|
|
|
|
"value": 43.97,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
2021-10-17 21:01:14 +02:00
|
|
|
{
|
|
|
|
|
"id": 11,
|
|
|
|
|
"record_type": "LD",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": "1:01:00",
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"id": 12,
|
|
|
|
|
"record_type": "MS",
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"user": "sam",
|
|
|
|
|
"value": 18,
|
|
|
|
|
"workout_date": "Sun, 07 Jul 2019 08:00:00 GMT",
|
|
|
|
|
"workout_id": "hvYBqYBRa7wwXpaStWR4V2"
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
"sports_list": [
|
|
|
|
|
1,
|
|
|
|
|
4,
|
|
|
|
|
6
|
|
|
|
|
],
|
2023-03-14 05:51:05 +01:00
|
|
|
"start_elevation_at_zero": true,
|
2021-10-17 21:01:14 +02:00
|
|
|
"timezone": "Europe/Paris",
|
2023-04-12 17:32:08 +02:00
|
|
|
"total_ascent": 720.35,
|
2021-10-17 21:01:14 +02:00
|
|
|
"total_distance": 67.895,
|
|
|
|
|
"total_duration": "6:50:27",
|
2023-12-16 21:18:09 +01:00
|
|
|
"use_dark_mode": null,
|
2023-05-15 06:40:03 +02:00
|
|
|
"use_raw_gpx_speed": true,
|
2021-10-17 21:01:14 +02:00
|
|
|
"username": "sam"
|
|
|
|
|
"weekm": true,
|
|
|
|
|
},
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "user preferences updated",
|
2021-10-17 21:01:14 +02:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
2022-10-26 01:38:55 +02:00
|
|
|
:<json string date_format: the format used to display dates in the app
|
2022-11-01 19:58:12 +01:00
|
|
|
:<json boolean display_ascent: display highest ascent records and total
|
2022-07-23 17:24:31 +02:00
|
|
|
:<json boolean imperial_units: display distance in imperial units
|
|
|
|
|
:<json string language: language preferences
|
2023-03-15 05:54:20 +01:00
|
|
|
:<json boolean start_elevation_at_zero: do elevation plots start at zero?
|
2021-10-17 21:01:14 +02:00
|
|
|
:<json string timezone: user time zone
|
2023-12-16 21:18:09 +01:00
|
|
|
:<json boolean use_dark_mode: Display interface with dark mode if true.
|
|
|
|
|
If null, it uses browser preferences.
|
2023-05-21 19:29:56 +02:00
|
|
|
:<json boolean use_raw_gpx_speed: Use unfiltered gpx to calculate speeds
|
2022-04-02 17:16:10 +02:00
|
|
|
:<json boolean weekm: does week start on Monday?
|
2021-10-17 21:01:14 +02:00
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``user preferences updated``
|
2021-10-17 21:01:14 +02:00
|
|
|
:statuscode 400:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``invalid payload``
|
|
|
|
|
- ``password: password and password confirmation don't match``
|
2021-10-17 21:01:14 +02:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2021-10-17 21:01:14 +02:00
|
|
|
"""
|
|
|
|
|
# get post data
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
user_mandatory_data = {
|
2022-10-25 23:27:05 +02:00
|
|
|
'date_format',
|
2022-07-23 08:09:45 +02:00
|
|
|
'display_ascent',
|
2021-11-13 19:46:12 +01:00
|
|
|
'imperial_units',
|
2021-10-17 21:01:14 +02:00
|
|
|
'language',
|
2023-03-14 05:51:05 +01:00
|
|
|
'start_elevation_at_zero',
|
2021-10-17 21:01:14 +02:00
|
|
|
'timezone',
|
2023-12-16 21:18:09 +01:00
|
|
|
'use_dark_mode',
|
2023-05-15 06:40:03 +02:00
|
|
|
'use_raw_gpx_speed',
|
2021-10-17 21:01:14 +02:00
|
|
|
'weekm',
|
|
|
|
|
}
|
|
|
|
|
if not post_data or not post_data.keys() >= user_mandatory_data:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
|
2022-10-25 23:27:05 +02:00
|
|
|
date_format = post_data.get('date_format')
|
2022-07-23 08:09:45 +02:00
|
|
|
display_ascent = post_data.get('display_ascent')
|
2021-11-13 19:46:12 +01:00
|
|
|
imperial_units = post_data.get('imperial_units')
|
2022-07-03 13:29:50 +02:00
|
|
|
language = get_language(post_data.get('language'))
|
2023-03-14 05:51:05 +01:00
|
|
|
start_elevation_at_zero = post_data.get('start_elevation_at_zero')
|
2023-05-15 06:40:03 +02:00
|
|
|
use_raw_gpx_speed = post_data.get('use_raw_gpx_speed')
|
2023-12-16 21:18:09 +01:00
|
|
|
use_dark_mode = post_data.get('use_dark_mode')
|
2021-10-17 21:01:14 +02:00
|
|
|
timezone = post_data.get('timezone')
|
|
|
|
|
weekm = post_data.get('weekm')
|
|
|
|
|
|
|
|
|
|
try:
|
2022-10-25 23:27:05 +02:00
|
|
|
auth_user.date_format = date_format
|
2022-07-23 08:09:45 +02:00
|
|
|
auth_user.display_ascent = display_ascent
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user.imperial_units = imperial_units
|
|
|
|
|
auth_user.language = language
|
2023-03-14 05:51:05 +01:00
|
|
|
auth_user.start_elevation_at_zero = start_elevation_at_zero
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user.timezone = timezone
|
2023-12-16 21:18:09 +01:00
|
|
|
auth_user.use_dark_mode = use_dark_mode
|
2023-05-15 06:40:03 +02:00
|
|
|
auth_user.use_raw_gpx_speed = use_raw_gpx_speed
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user.weekm = weekm
|
2018-01-01 16:59:46 +01:00
|
|
|
db.session.commit()
|
|
|
|
|
|
2021-01-01 16:39:25 +01:00
|
|
|
return {
|
2018-01-01 16:59:46 +01:00
|
|
|
'status': 'success',
|
2021-11-01 09:44:10 +01:00
|
|
|
'message': 'user preferences updated',
|
2022-03-13 09:30:50 +01:00
|
|
|
'data': auth_user.serialize(auth_user),
|
2018-01-01 16:59:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# handler errors
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
2021-01-01 16:39:25 +01:00
|
|
|
return handle_error_and_return_response(e, db=db)
|
2018-01-01 21:54:03 +01:00
|
|
|
|
|
|
|
|
|
2021-11-12 12:22:07 +01:00
|
|
|
@auth_blueprint.route('/auth/profile/edit/sports', methods=['POST'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2021-11-12 12:22:07 +01:00
|
|
|
def edit_user_sport_preferences(
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user: User,
|
2021-11-12 12:22:07 +01:00
|
|
|
) -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Edit authenticated user sport preferences.
|
|
|
|
|
|
|
|
|
|
**Scope**: ``profile:write``
|
2021-11-12 12:22:07 +01:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/profile/edit/sports HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"data": {
|
|
|
|
|
"color": "#000000",
|
|
|
|
|
"is_active": true,
|
|
|
|
|
"sport_id": 1,
|
|
|
|
|
"stopped_speed_threshold": 1,
|
|
|
|
|
"user_id": 1
|
|
|
|
|
},
|
|
|
|
|
"message": "user sport preferences updated",
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string color: valid hexadecimal color
|
|
|
|
|
:<json boolean is_active: is sport available when adding a workout
|
|
|
|
|
:<json float stopped_speed_threshold: stopped speed threshold used by gpxpy
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``user sport preferences updated``
|
2021-11-12 12:22:07 +01:00
|
|
|
:statuscode 400:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``invalid payload``
|
|
|
|
|
- ``invalid hexadecimal color``
|
2021-11-12 12:22:07 +01:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 404: ``sport does not exist``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2021-11-12 12:22:07 +01:00
|
|
|
"""
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
if (
|
|
|
|
|
not post_data
|
|
|
|
|
or 'sport_id' not in post_data
|
|
|
|
|
or len(post_data.keys()) == 1
|
|
|
|
|
):
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
|
|
|
|
|
sport_id = post_data.get('sport_id')
|
|
|
|
|
sport = Sport.query.filter_by(id=sport_id).first()
|
|
|
|
|
if not sport:
|
2021-12-19 11:51:28 +01:00
|
|
|
return NotFoundErrorResponse('sport does not exist')
|
2021-11-12 12:22:07 +01:00
|
|
|
|
|
|
|
|
color = post_data.get('color')
|
|
|
|
|
is_active = post_data.get('is_active')
|
|
|
|
|
stopped_speed_threshold = post_data.get('stopped_speed_threshold')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user_sport = UserSportPreference.query.filter_by(
|
2021-12-01 19:22:47 +01:00
|
|
|
user_id=auth_user.id,
|
2021-11-12 12:22:07 +01:00
|
|
|
sport_id=sport_id,
|
|
|
|
|
).first()
|
|
|
|
|
if not user_sport:
|
|
|
|
|
user_sport = UserSportPreference(
|
2021-12-01 19:22:47 +01:00
|
|
|
user_id=auth_user.id,
|
2021-11-12 12:22:07 +01:00
|
|
|
sport_id=sport_id,
|
|
|
|
|
stopped_speed_threshold=sport.stopped_speed_threshold,
|
|
|
|
|
)
|
|
|
|
|
db.session.add(user_sport)
|
|
|
|
|
db.session.flush()
|
|
|
|
|
if color:
|
|
|
|
|
if re.match(HEX_COLOR_REGEX, color) is None:
|
|
|
|
|
return InvalidPayloadErrorResponse('invalid hexadecimal color')
|
|
|
|
|
user_sport.color = color
|
|
|
|
|
if is_active is not None:
|
|
|
|
|
user_sport.is_active = is_active
|
|
|
|
|
if stopped_speed_threshold:
|
|
|
|
|
user_sport.stopped_speed_threshold = stopped_speed_threshold
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
'status': 'success',
|
|
|
|
|
'message': 'user sport preferences updated',
|
|
|
|
|
'data': user_sport.serialize(),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
# handler errors
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
|
|
|
|
|
|
|
|
|
|
2021-12-19 11:51:28 +01:00
|
|
|
@auth_blueprint.route(
|
|
|
|
|
'/auth/profile/reset/sports/<sport_id>', methods=['DELETE']
|
|
|
|
|
)
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2021-12-19 11:51:28 +01:00
|
|
|
def reset_user_sport_preferences(
|
|
|
|
|
auth_user: User, sport_id: int
|
|
|
|
|
) -> Union[Tuple[Dict, int], HttpResponse]:
|
|
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Reset authenticated user preferences for a given sport.
|
|
|
|
|
|
|
|
|
|
**Scope**: ``profile:write``
|
2021-12-19 11:51:28 +01:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
DELETE /api/auth/profile/reset/sports/1 HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 204 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
:param string sport_id: sport id
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
|
|
|
|
:statuscode 204: user preferences deleted
|
|
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 404: ``sport does not exist``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2021-12-19 11:51:28 +01:00
|
|
|
"""
|
|
|
|
|
sport = Sport.query.filter_by(id=sport_id).first()
|
|
|
|
|
if not sport:
|
|
|
|
|
return NotFoundErrorResponse('sport does not exist')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user_sport = UserSportPreference.query.filter_by(
|
|
|
|
|
user_id=auth_user.id,
|
|
|
|
|
sport_id=sport_id,
|
|
|
|
|
).first()
|
|
|
|
|
if user_sport:
|
|
|
|
|
db.session.delete(user_sport)
|
|
|
|
|
db.session.commit()
|
|
|
|
|
return {'status': 'no content'}, 204
|
|
|
|
|
|
|
|
|
|
# handler errors
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
|
|
|
|
|
|
|
|
|
|
2018-01-01 21:54:03 +01:00
|
|
|
@auth_blueprint.route('/auth/picture', methods=['POST'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2021-12-01 19:22:47 +01:00
|
|
|
def edit_picture(auth_user: User) -> Union[Dict, HttpResponse]:
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Update authenticated user picture.
|
|
|
|
|
|
|
|
|
|
**Scope**: ``profile:write``
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2019-07-20 21:57:35 +02:00
|
|
|
POST /api/auth/picture HTTP/1.1
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: multipart/form-data
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "user picture updated",
|
2019-07-20 14:27:05 +02:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:form file: image file (allowed extensions: .jpg, .png, .gif)
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``user picture updated``
|
2019-07-20 14:27:05 +02:00
|
|
|
:statuscode 400:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``invalid payload``
|
|
|
|
|
- ``no file part``
|
|
|
|
|
- ``no selected file``
|
|
|
|
|
- ``file extension not allowed``
|
2019-07-20 21:57:35 +02:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 413: ``error during picture update: file size exceeds 1.0MB``
|
|
|
|
|
:statuscode 500: ``error during picture update``
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2019-08-31 14:11:00 +02:00
|
|
|
try:
|
2022-02-16 13:03:14 +01:00
|
|
|
response_object = get_error_response_if_file_is_invalid(
|
|
|
|
|
'picture', request
|
|
|
|
|
)
|
2019-08-31 14:11:00 +02:00
|
|
|
except RequestEntityTooLarge as e:
|
|
|
|
|
appLog.error(e)
|
2021-01-01 16:39:25 +01:00
|
|
|
return PayloadTooLargeErrorResponse(
|
2021-02-20 21:37:31 +01:00
|
|
|
file_type='picture',
|
|
|
|
|
file_size=request.content_length,
|
|
|
|
|
max_size=current_app.config['MAX_CONTENT_LENGTH'],
|
2021-01-01 16:39:25 +01:00
|
|
|
)
|
|
|
|
|
if response_object:
|
|
|
|
|
return response_object
|
2018-01-01 21:54:03 +01:00
|
|
|
|
2018-05-01 17:51:38 +02:00
|
|
|
file = request.files['file']
|
2021-05-22 17:14:24 +02:00
|
|
|
filename = secure_filename(file.filename) # type: ignore
|
2018-01-01 21:54:03 +01:00
|
|
|
dirpath = os.path.join(
|
2021-12-01 19:22:47 +01:00
|
|
|
current_app.config['UPLOAD_FOLDER'], 'pictures', str(auth_user.id)
|
2018-01-01 21:54:03 +01:00
|
|
|
)
|
|
|
|
|
if not os.path.exists(dirpath):
|
|
|
|
|
os.makedirs(dirpath)
|
2018-07-04 14:13:19 +02:00
|
|
|
absolute_picture_path = os.path.join(dirpath, filename)
|
2020-02-08 14:49:37 +01:00
|
|
|
relative_picture_path = os.path.join(
|
2021-12-01 19:22:47 +01:00
|
|
|
'pictures', str(auth_user.id), filename
|
2020-02-08 14:49:37 +01:00
|
|
|
)
|
2018-01-01 21:54:03 +01:00
|
|
|
|
|
|
|
|
try:
|
2021-12-01 19:22:47 +01:00
|
|
|
if auth_user.picture is not None:
|
|
|
|
|
old_picture_path = get_absolute_file_path(auth_user.picture)
|
2018-07-04 14:13:19 +02:00
|
|
|
if os.path.isfile(get_absolute_file_path(old_picture_path)):
|
|
|
|
|
os.remove(old_picture_path)
|
|
|
|
|
file.save(absolute_picture_path)
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user.picture = relative_picture_path
|
2018-01-01 21:54:03 +01:00
|
|
|
db.session.commit()
|
2021-01-01 16:39:25 +01:00
|
|
|
return {
|
2018-01-01 21:54:03 +01:00
|
|
|
'status': 'success',
|
2021-11-01 09:44:10 +01:00
|
|
|
'message': 'user picture updated',
|
2018-01-01 21:54:03 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
except (exc.IntegrityError, ValueError) as e:
|
2021-01-01 16:39:25 +01:00
|
|
|
return handle_error_and_return_response(
|
2021-11-01 09:44:10 +01:00
|
|
|
e, message='error during picture update', status='fail', db=db
|
2021-01-01 16:39:25 +01:00
|
|
|
)
|
2018-01-01 21:54:03 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/picture', methods=['DELETE'])
|
2022-06-15 19:16:14 +02:00
|
|
|
@require_auth(scopes=['profile:write'])
|
2021-12-01 19:22:47 +01:00
|
|
|
def del_picture(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
|
2019-07-20 14:27:05 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Delete authenticated user picture.
|
|
|
|
|
|
|
|
|
|
**Scope**: ``profile:write``
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2019-07-20 21:57:35 +02:00
|
|
|
DELETE /api/auth/picture HTTP/1.1
|
2019-07-20 14:27:05 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 204 NO CONTENT
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
|
|
|
|
:statuscode 204: picture deleted
|
2019-07-20 21:57:35 +02:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 500: ``error during picture deletion``
|
2019-07-20 14:27:05 +02:00
|
|
|
|
|
|
|
|
"""
|
2018-01-01 21:54:03 +01:00
|
|
|
try:
|
2021-12-01 19:22:47 +01:00
|
|
|
picture_path = get_absolute_file_path(auth_user.picture)
|
2018-07-04 14:13:19 +02:00
|
|
|
if os.path.isfile(picture_path):
|
|
|
|
|
os.remove(picture_path)
|
2021-12-01 19:22:47 +01:00
|
|
|
auth_user.picture = None
|
2018-01-01 21:54:03 +01:00
|
|
|
db.session.commit()
|
2021-01-01 16:39:25 +01:00
|
|
|
return {'status': 'no content'}, 204
|
2018-01-01 21:54:03 +01:00
|
|
|
except (exc.IntegrityError, ValueError) as e:
|
2021-01-01 16:39:25 +01:00
|
|
|
return handle_error_and_return_response(
|
2021-11-01 09:44:10 +01:00
|
|
|
e, message='error during picture deletion', status='fail', db=db
|
2021-01-01 16:39:25 +01:00
|
|
|
)
|
2020-05-10 17:08:18 +02:00
|
|
|
|
|
|
|
|
|
2020-05-17 16:42:44 +02:00
|
|
|
@auth_blueprint.route('/auth/password/reset-request', methods=['POST'])
|
2021-01-02 19:28:03 +01:00
|
|
|
def request_password_reset() -> Union[Dict, HttpResponse]:
|
2020-05-10 17:08:18 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Handle password reset request.
|
2020-05-10 17:08:18 +02:00
|
|
|
|
2023-06-24 08:48:15 +02:00
|
|
|
If email sending is disabled, this endpoint is not available.
|
2022-04-23 18:04:20 +02:00
|
|
|
|
2020-05-10 17:08:18 +02:00
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2020-05-17 16:42:44 +02:00
|
|
|
POST /api/auth/password/reset-request HTTP/1.1
|
2020-05-10 17:08:18 +02:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "password reset request processed",
|
2020-05-10 17:08:18 +02:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string email: user email
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``password reset request processed``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
|
|
|
|
:statuscode 404: ``the requested URL was not found on the server``
|
2020-05-10 17:08:18 +02:00
|
|
|
|
|
|
|
|
"""
|
2022-04-23 18:04:20 +02:00
|
|
|
if not current_app.config['CAN_SEND_EMAILS']:
|
|
|
|
|
return NotFoundErrorResponse(NOT_FOUND_MESSAGE)
|
|
|
|
|
|
2020-05-10 17:08:18 +02:00
|
|
|
post_data = request.get_json()
|
|
|
|
|
if not post_data or post_data.get('email') is None:
|
2021-01-01 16:39:25 +01:00
|
|
|
return InvalidPayloadErrorResponse()
|
2020-05-10 17:08:18 +02:00
|
|
|
email = post_data.get('email')
|
|
|
|
|
|
|
|
|
|
user = User.query.filter(User.email == email).first()
|
|
|
|
|
if user:
|
2020-05-17 16:42:44 +02:00
|
|
|
password_reset_token = user.encode_password_reset_token(user.id)
|
|
|
|
|
ui_url = current_app.config['UI_URL']
|
2022-07-03 13:29:50 +02:00
|
|
|
user_language = get_language(user.language)
|
2020-05-17 16:42:44 +02:00
|
|
|
email_data = {
|
2020-07-11 19:35:20 +02:00
|
|
|
'expiration_delay': get_readable_duration(
|
2021-01-02 19:28:03 +01:00
|
|
|
current_app.config['PASSWORD_TOKEN_EXPIRATION_SECONDS'],
|
2021-01-31 10:21:40 +01:00
|
|
|
user_language,
|
2020-07-11 19:35:20 +02:00
|
|
|
),
|
2020-05-17 16:42:44 +02:00
|
|
|
'username': user.username,
|
|
|
|
|
'password_reset_url': (
|
2020-12-25 19:35:15 +01:00
|
|
|
f'{ui_url}/password-reset?token={password_reset_token}' # noqa
|
2020-05-17 16:42:44 +02:00
|
|
|
),
|
2022-03-02 10:39:10 +01:00
|
|
|
'fittrackee_url': ui_url,
|
2021-01-02 19:28:03 +01:00
|
|
|
'operating_system': request.user_agent.platform, # type: ignore
|
|
|
|
|
'browser_name': request.user_agent.browser, # type: ignore
|
2020-05-17 16:42:44 +02:00
|
|
|
}
|
2020-07-14 22:03:56 +02:00
|
|
|
user_data = {
|
2021-01-31 10:21:40 +01:00
|
|
|
'language': user_language,
|
2020-07-14 22:03:56 +02:00
|
|
|
'email': user.email,
|
|
|
|
|
}
|
|
|
|
|
reset_password_email.send(user_data, email_data)
|
2021-01-01 16:39:25 +01:00
|
|
|
return {
|
2020-05-10 17:08:18 +02:00
|
|
|
'status': 'success',
|
2021-11-01 09:44:10 +01:00
|
|
|
'message': 'password reset request processed',
|
2020-05-10 17:08:18 +02:00
|
|
|
}
|
2020-05-17 16:42:44 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/password/update', methods=['POST'])
|
2021-01-02 19:28:03 +01:00
|
|
|
def update_password() -> Union[Dict, HttpResponse]:
|
2020-05-17 16:42:44 +02:00
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Update user password after password reset request.
|
2020-05-17 16:42:44 +02:00
|
|
|
|
2022-07-14 18:36:19 +02:00
|
|
|
It sends emails if sending is enabled.
|
2022-04-23 18:04:20 +02:00
|
|
|
|
2020-05-17 16:42:44 +02:00
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/password/update HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
2021-11-01 09:44:10 +01:00
|
|
|
"message": "password updated",
|
2020-05-17 16:42:44 +02:00
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string password: password (8 characters required)
|
|
|
|
|
:<json string token: password reset token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``password updated``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
|
|
|
|
:statuscode 401: ``invalid token, please request a new token``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2020-05-17 16:42:44 +02:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
if (
|
|
|
|
|
not post_data
|
|
|
|
|
or post_data.get('password') is None
|
|
|
|
|
or post_data.get('token') is None
|
|
|
|
|
):
|
2021-01-01 16:39:25 +01:00
|
|
|
return InvalidPayloadErrorResponse()
|
2020-05-17 16:42:44 +02:00
|
|
|
password = post_data.get('password')
|
|
|
|
|
token = post_data.get('token')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user_id = decode_user_token(token)
|
|
|
|
|
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
|
2021-01-01 16:39:25 +01:00
|
|
|
return UnauthorizedErrorResponse()
|
2020-05-17 16:42:44 +02:00
|
|
|
|
2022-03-13 08:39:50 +01:00
|
|
|
message = check_password(password)
|
2020-05-17 16:42:44 +02:00
|
|
|
if message != '':
|
2021-01-01 16:39:25 +01:00
|
|
|
return InvalidPayloadErrorResponse(message)
|
2020-05-17 16:42:44 +02:00
|
|
|
|
|
|
|
|
user = User.query.filter(User.id == user_id).first()
|
|
|
|
|
if not user:
|
2021-01-01 16:39:25 +01:00
|
|
|
return UnauthorizedErrorResponse()
|
2020-05-17 16:42:44 +02:00
|
|
|
try:
|
2022-05-23 13:04:01 +02:00
|
|
|
user.password = user.generate_password_hash(password)
|
2020-05-17 16:42:44 +02:00
|
|
|
db.session.commit()
|
2022-03-13 09:01:23 +01:00
|
|
|
|
2022-04-23 18:04:20 +02:00
|
|
|
if current_app.config['CAN_SEND_EMAILS']:
|
|
|
|
|
password_change_email.send(
|
|
|
|
|
{
|
2022-07-03 13:29:50 +02:00
|
|
|
'language': get_language(user.language),
|
2022-04-23 18:04:20 +02:00
|
|
|
'email': user.email,
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
'username': user.username,
|
|
|
|
|
'fittrackee_url': current_app.config['UI_URL'],
|
|
|
|
|
'operating_system': request.user_agent.platform,
|
|
|
|
|
'browser_name': request.user_agent.browser,
|
|
|
|
|
},
|
|
|
|
|
)
|
2022-03-13 09:01:23 +01:00
|
|
|
|
2021-01-01 16:39:25 +01:00
|
|
|
return {
|
2020-05-17 16:42:44 +02:00
|
|
|
'status': 'success',
|
2021-11-01 09:44:10 +01:00
|
|
|
'message': 'password updated',
|
2020-05-17 16:42:44 +02:00
|
|
|
}
|
|
|
|
|
except (exc.OperationalError, ValueError) as e:
|
2021-01-01 16:39:25 +01:00
|
|
|
return handle_error_and_return_response(e, db=db)
|
2022-03-13 08:59:37 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/email/update', methods=['POST'])
|
|
|
|
|
def update_email() -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Update user email after confirmation.
|
2022-03-13 08:59:37 +01:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/email/update HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
2022-03-26 20:30:37 +01:00
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2022-03-13 08:59:37 +01:00
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"message": "email updated",
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string token: password reset token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``email updated``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2022-03-13 08:59:37 +01:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
if not post_data or post_data.get('token') is None:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
token = post_data.get('token')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user = User.query.filter_by(confirmation_token=token).first()
|
|
|
|
|
|
|
|
|
|
if not user:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
|
|
|
|
|
user.email = user.email_to_confirm
|
|
|
|
|
user.email_to_confirm = None
|
|
|
|
|
user.confirmation_token = None
|
|
|
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
response = {
|
|
|
|
|
'status': 'success',
|
|
|
|
|
'message': 'email updated',
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
except (exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
2022-03-19 22:02:06 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/account/confirm', methods=['POST'])
|
|
|
|
|
def confirm_account() -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Activate user account after registration.
|
2022-03-19 22:02:06 +01:00
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/account/confirm HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
2022-03-26 20:30:37 +01:00
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2022-03-19 22:02:06 +01:00
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"auth_token": "JSON Web Token",
|
|
|
|
|
"message": "account confirmation successful",
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string token: confirmation token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``account confirmation successful``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2022-03-19 22:02:06 +01:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
if not post_data or post_data.get('token') is None:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
token = post_data.get('token')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user = User.query.filter_by(confirmation_token=token).first()
|
|
|
|
|
|
|
|
|
|
if not user:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
|
|
|
|
|
user.is_active = True
|
|
|
|
|
user.confirmation_token = None
|
|
|
|
|
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
# generate auth token
|
|
|
|
|
auth_token = user.encode_auth_token(user.id)
|
|
|
|
|
|
|
|
|
|
response = {
|
|
|
|
|
'status': 'success',
|
|
|
|
|
'message': 'account confirmation successful',
|
|
|
|
|
'auth_token': auth_token,
|
|
|
|
|
}
|
|
|
|
|
return response
|
|
|
|
|
|
|
|
|
|
except (exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
2022-03-20 12:15:23 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/account/resend-confirmation', methods=['POST'])
|
|
|
|
|
def resend_account_confirmation_email() -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
2022-07-14 18:36:19 +02:00
|
|
|
Resend email with instructions to confirm account.
|
2022-03-20 12:15:23 +01:00
|
|
|
|
2022-07-14 18:36:19 +02:00
|
|
|
If email sending is disabled, this endpoint is not available.
|
2022-04-23 18:04:20 +02:00
|
|
|
|
2022-03-20 12:15:23 +01:00
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/account/resend-confirmation HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
2022-03-26 20:30:37 +01:00
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2022-03-20 12:15:23 +01:00
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"message": "confirmation email resent",
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:<json string email: user email
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``confirmation email resent``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
|
|
|
|
:statuscode 404: ``the requested URL was not found on the server``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2022-03-20 12:15:23 +01:00
|
|
|
|
|
|
|
|
"""
|
2022-04-23 18:04:20 +02:00
|
|
|
if not current_app.config['CAN_SEND_EMAILS']:
|
|
|
|
|
return NotFoundErrorResponse(NOT_FOUND_MESSAGE)
|
|
|
|
|
|
2022-03-20 12:15:23 +01:00
|
|
|
post_data = request.get_json()
|
|
|
|
|
if not post_data or post_data.get('email') is None:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
email = post_data.get('email')
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
user = User.query.filter_by(email=email, is_active=False).first()
|
|
|
|
|
if user:
|
|
|
|
|
user.confirmation_token = secrets.token_urlsafe(30)
|
|
|
|
|
db.session.commit()
|
|
|
|
|
|
|
|
|
|
send_account_confirmation_email(user)
|
|
|
|
|
|
|
|
|
|
response = {
|
|
|
|
|
'status': 'success',
|
|
|
|
|
'message': 'confirmation email resent',
|
|
|
|
|
}
|
|
|
|
|
return response
|
|
|
|
|
except (exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
2022-09-14 15:15:03 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/logout', methods=['POST'])
|
|
|
|
|
@require_auth()
|
|
|
|
|
def logout_user(auth_user: User) -> Union[Tuple[Dict, int], HttpResponse]:
|
|
|
|
|
"""
|
|
|
|
|
User logout.
|
|
|
|
|
If a valid token is provided, it will be blacklisted.
|
|
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /api/auth/logout HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example responses**:
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- successful logout:
|
2022-09-14 15:15:03 +02:00
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"message": "successfully logged out",
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- error on logout:
|
2022-09-14 15:15:03 +02:00
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 401 UNAUTHORIZED
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"message": "provide a valid auth token",
|
|
|
|
|
"status": "error"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``successfully logged out``
|
2022-09-14 15:15:03 +02:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``The access token provided is expired, revoked, malformed, or invalid
|
|
|
|
|
for other reasons.``
|
|
|
|
|
:statuscode 500: ``error on token blacklist``
|
2022-09-14 15:15:03 +02:00
|
|
|
|
|
|
|
|
"""
|
|
|
|
|
auth_token = request.headers.get('Authorization', '').split(' ')[1]
|
|
|
|
|
try:
|
|
|
|
|
db.session.add(BlacklistedToken(token=auth_token))
|
|
|
|
|
db.session.commit()
|
|
|
|
|
except Exception:
|
|
|
|
|
return {
|
|
|
|
|
'status': 'error',
|
|
|
|
|
'message': 'error on token blacklist',
|
|
|
|
|
}, 500
|
|
|
|
|
|
|
|
|
|
return {
|
|
|
|
|
'status': 'success',
|
|
|
|
|
'message': 'successfully logged out',
|
|
|
|
|
}, 200
|
2023-02-26 10:47:48 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route('/auth/account/privacy-policy', methods=['POST'])
|
|
|
|
|
@require_auth()
|
|
|
|
|
def accept_privacy_policy(auth_user: User) -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
|
|
|
|
The authenticated user accepts the privacy policy.
|
|
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
POST /auth/account/privacy-policy HTTP/1.1
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"status": "success"
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-18 15:02:21 +02:00
|
|
|
:<json boolean accepted_policy: ``true`` if user accepted privacy policy
|
2023-02-26 10:47:48 +01:00
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``success``
|
|
|
|
|
:statuscode 400: ``invalid payload``
|
2023-02-26 10:47:48 +01:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2023-02-26 10:47:48 +01:00
|
|
|
"""
|
|
|
|
|
post_data = request.get_json()
|
|
|
|
|
if not post_data or not post_data.get('accepted_policy'):
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
if post_data.get('accepted_policy') is True:
|
|
|
|
|
auth_user.accepted_policy_date = datetime.datetime.utcnow()
|
|
|
|
|
db.session.commit()
|
|
|
|
|
return {"status": "success"}
|
|
|
|
|
else:
|
|
|
|
|
return InvalidPayloadErrorResponse()
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
2023-03-01 12:39:35 +01:00
|
|
|
|
|
|
|
|
|
2023-03-05 10:30:26 +01:00
|
|
|
@auth_blueprint.route('/auth/account/export/request', methods=['POST'])
|
2023-03-01 12:39:35 +01:00
|
|
|
@require_auth()
|
|
|
|
|
def request_user_data_export(auth_user: User) -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
|
|
|
|
Request a data export for authenticated user.
|
|
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2023-03-05 10:30:26 +01:00
|
|
|
POST /auth/account/export/request HTTP/1.1
|
2023-03-01 12:39:35 +01:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"status": "success",
|
|
|
|
|
"request": {
|
|
|
|
|
"created_at": "Wed, 01 Mar 2023 12:31:17 GMT",
|
|
|
|
|
"status": "in_progress",
|
|
|
|
|
"file_name": null,
|
|
|
|
|
"file_size": null
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``success``
|
2023-03-01 12:39:35 +01:00
|
|
|
:statuscode 400:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``ongoing request exists``
|
|
|
|
|
- ``completed request already exists``
|
2023-03-01 12:39:35 +01:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 500: ``error, please try again or contact the administrator``
|
2023-03-01 12:39:35 +01:00
|
|
|
"""
|
|
|
|
|
existing_export_request = UserDataExport.query.filter_by(
|
|
|
|
|
user_id=auth_user.id
|
|
|
|
|
).first()
|
|
|
|
|
if existing_export_request:
|
|
|
|
|
if not existing_export_request.completed:
|
|
|
|
|
return InvalidPayloadErrorResponse("ongoing request exists")
|
|
|
|
|
|
2023-03-01 16:30:44 +01:00
|
|
|
export_expiration = current_app.config["DATA_EXPORT_EXPIRATION"]
|
|
|
|
|
if existing_export_request.created_at > (
|
|
|
|
|
datetime.datetime.utcnow()
|
|
|
|
|
- datetime.timedelta(hours=export_expiration)
|
2023-03-01 12:39:35 +01:00
|
|
|
):
|
|
|
|
|
return InvalidPayloadErrorResponse(
|
|
|
|
|
"completed request already exists"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
if existing_export_request:
|
|
|
|
|
db.session.delete(existing_export_request)
|
|
|
|
|
db.session.flush()
|
|
|
|
|
export_request = UserDataExport(user_id=auth_user.id)
|
|
|
|
|
db.session.add(export_request)
|
|
|
|
|
db.session.commit()
|
2023-03-01 16:30:44 +01:00
|
|
|
|
|
|
|
|
export_data.send(export_request_id=export_request.id)
|
|
|
|
|
|
2023-03-01 12:39:35 +01:00
|
|
|
return {"status": "success", "request": export_request.serialize()}
|
|
|
|
|
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
|
|
|
|
|
return handle_error_and_return_response(e, db=db)
|
|
|
|
|
|
|
|
|
|
|
2023-03-05 10:30:26 +01:00
|
|
|
@auth_blueprint.route('/auth/account/export', methods=['GET'])
|
2023-03-01 12:39:35 +01:00
|
|
|
@require_auth()
|
|
|
|
|
def get_user_data_export(auth_user: User) -> Union[Dict, HttpResponse]:
|
|
|
|
|
"""
|
|
|
|
|
Get a data export info for authenticated user if a request exists.
|
2023-03-04 17:49:02 +01:00
|
|
|
|
2023-03-01 12:39:35 +01:00
|
|
|
It returns:
|
2023-03-04 17:49:02 +01:00
|
|
|
|
2023-03-01 12:39:35 +01:00
|
|
|
- export creation date
|
2023-03-05 14:26:31 +01:00
|
|
|
- export status (``in_progress``, ``successful`` and ``errored``)
|
2023-03-01 12:39:35 +01:00
|
|
|
- file name and size (in bytes) when export is successful
|
|
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2023-03-05 10:30:26 +01:00
|
|
|
GET /auth/account/export HTTP/1.1
|
2023-03-01 12:39:35 +01:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- if a request exists:
|
2023-03-04 17:49:02 +01:00
|
|
|
|
2023-03-01 12:39:35 +01:00
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"status": "success",
|
|
|
|
|
"request": {
|
|
|
|
|
"created_at": "Wed, 01 Mar 2023 12:31:17 GMT",
|
|
|
|
|
"status": "successful",
|
|
|
|
|
"file_name": "archive_rgjsR3fHt295ywNQr5Yp.zip",
|
|
|
|
|
"file_size": 924
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
- if no request:
|
2023-03-04 17:49:02 +01:00
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/json
|
2023-03-01 12:39:35 +01:00
|
|
|
|
|
|
|
|
{
|
|
|
|
|
"status": "success",
|
|
|
|
|
"request": null
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``success``
|
2023-03-01 12:39:35 +01:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
2023-03-01 12:39:35 +01:00
|
|
|
"""
|
|
|
|
|
export_request = UserDataExport.query.filter_by(
|
|
|
|
|
user_id=auth_user.id
|
|
|
|
|
).first()
|
|
|
|
|
return {
|
|
|
|
|
"status": "success",
|
|
|
|
|
"request": export_request.serialize() if export_request else None,
|
|
|
|
|
}
|
2023-03-01 21:00:53 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@auth_blueprint.route(
|
2023-03-05 10:30:26 +01:00
|
|
|
'/auth/account/export/<string:file_name>', methods=['GET']
|
2023-03-01 21:00:53 +01:00
|
|
|
)
|
|
|
|
|
@require_auth()
|
|
|
|
|
def download_data_export(
|
|
|
|
|
auth_user: User, file_name: str
|
|
|
|
|
) -> Union[Response, HttpResponse]:
|
|
|
|
|
"""
|
|
|
|
|
Download a data export archive
|
|
|
|
|
|
|
|
|
|
**Example request**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
2023-03-05 10:30:26 +01:00
|
|
|
GET /auth/account/export/download/archive_rgjsR3fHr5Yp.zip HTTP/1.1
|
2023-03-01 21:00:53 +01:00
|
|
|
Content-Type: application/json
|
|
|
|
|
|
|
|
|
|
**Example response**:
|
|
|
|
|
|
|
|
|
|
.. sourcecode:: http
|
|
|
|
|
|
|
|
|
|
HTTP/1.1 200 OK
|
|
|
|
|
Content-Type: application/x-gzip
|
|
|
|
|
|
|
|
|
|
:param string file_name: filename
|
|
|
|
|
|
|
|
|
|
:reqheader Authorization: OAuth 2.0 Bearer Token
|
|
|
|
|
|
2023-06-18 20:45:39 +02:00
|
|
|
:statuscode 200: ``success``
|
2023-03-01 21:00:53 +01:00
|
|
|
:statuscode 401:
|
2023-06-18 20:45:39 +02:00
|
|
|
- ``provide a valid auth token``
|
|
|
|
|
- ``signature expired, please log in again``
|
|
|
|
|
- ``invalid token, please log in again``
|
|
|
|
|
:statuscode 404: ``file not found``
|
2023-03-01 21:00:53 +01:00
|
|
|
"""
|
|
|
|
|
export_request = UserDataExport.query.filter_by(
|
|
|
|
|
user_id=auth_user.id
|
|
|
|
|
).first()
|
|
|
|
|
if (
|
|
|
|
|
not export_request
|
|
|
|
|
or not export_request.completed
|
|
|
|
|
or export_request.file_name != file_name
|
|
|
|
|
):
|
|
|
|
|
return DataNotFoundErrorResponse(
|
|
|
|
|
data_type="archive", message="file not found"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
return send_from_directory(
|
|
|
|
|
f"{current_app.config['UPLOAD_FOLDER']}/exports/{auth_user.id}",
|
|
|
|
|
export_request.file_name,
|
|
|
|
|
mimetype='application/zip',
|
|
|
|
|
as_attachment=True,
|
|
|
|
|
)
|
