Alexander/FitTrackee
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

API - refactor api responses

Browse Source
This commit is contained in:
Sam 2021-01-01 16:39:25 +01:00
parent 21e79c8883
commit 4705393a08
15 changed files with 482 additions and 564 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/api/auth.html
View File

@ -240,7 +240,8 @@
<dt class="field-even">Status Codes</dt>
<dd class="field-even"><ul class="simple">
<li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.1">200 OK</a> Successfully logged in.</p></li>
<li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.5">404 Not Found</a> Invalid credentials.</p></li>
<li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.1">400 Bad Request</a> Invalid payload.</p></li>
<li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.2">401 Unauthorized</a> Invalid credentials.</p></li>
<li><p><a class="reference external" href="http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.5.1">500 Internal Server Error</a> Error. Please try again or contact the administrator.</p></li>
</ul>
</dd>

2
docs/searchindex.js
View File

File diff suppressed because one or more lines are too long

274
fittrackee/activities/activities.py
View File

@ -5,7 +5,15 @@ from datetime import datetime, timedelta
import requests
from fittrackee import appLog, db
from flask import Blueprint, Response, current_app, jsonify, request, send_file
from fittrackee.responses import (
DataInvalidPayloadErrorResponse,
DataNotFoundErrorResponse,
InternalServerErrorResponse,
InvalidPayloadErrorResponse,
NotFoundErrorResponse,
handle_error_and_return_response,
)
from flask import Blueprint, Response, current_app, request, send_file
from sqlalchemy import exc
from ..users.utils import (
@ -251,7 +259,7 @@ def get_activities(auth_user_id):
.paginate(page, per_page, False)
.items
)
response_object = {
return {
'status': 'success',
'data': {
'activities': [
@ -259,15 +267,8 @@ def get_activities(auth_user_id):
]
},
}
code = 200
except Exception as e:
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
code = 500
return jsonify(response_object), code
return handle_error_and_return_response(e)
@activities_blueprint.route(
@ -360,27 +361,17 @@ def get_activity(auth_user_id, activity_short_id):
"""
activity_uuid = decode_short_id(activity_short_id)
activity = Activity.query.filter_by(uuid=activity_uuid).first()
activities_list = []
if not activity:
return DataNotFoundErrorResponse('activities')
if activity:
response_object, code = can_view_activity(
auth_user_id, activity.user_id
)
if response_object:
return jsonify(response_object), code
error_response = can_view_activity(auth_user_id, activity.user_id)
if error_response:
return error_response
activities_list.append(activity.serialize())
status = 'success'
code = 200
else:
status = 'not found'
code = 404
response_object = {
'status': status,
'data': {'activities': activities_list},
return {
'status': 'success',
'data': {'activities': [activity.serialize()]},
}
return jsonify(response_object), code
def get_activity_data(
@ -389,59 +380,44 @@ def get_activity_data(
"""Get data from an activity gpx file"""
activity_uuid = decode_short_id(activity_short_id)
activity = Activity.query.filter_by(uuid=activity_uuid).first()
content = ''
if activity:
response_object, code = can_view_activity(
auth_user_id, activity.user_id
if not activity:
return DataNotFoundErrorResponse(
data_type=data_type,
message=f'Activity not found (id: {activity_short_id})',
)
if response_object:
return jsonify(response_object), code
if not activity.gpx or activity.gpx == '':
message = (
f'No gpx file for this activity (id: {activity_short_id})'
)
response_object = {'status': 'error', 'message': message}
return jsonify(response_object), 404
try:
absolute_gpx_filepath = get_absolute_file_path(activity.gpx)
if data_type == 'chart':
content = get_chart_data(absolute_gpx_filepath, segment_id)
else: # data_type == 'gpx'
with open(absolute_gpx_filepath, encoding='utf-8') as f:
content = f.read()
if segment_id is not None:
content = extract_segment_from_gpx_file(
content, segment_id
)
except ActivityGPXException as e:
appLog.error(e.message)
response_object = {'status': e.status, 'message': e.message}
code = 404 if e.status == 'not found' else 500
return jsonify(response_object), code
except Exception as e:
appLog.error(e)
response_object = {'status': 'error', 'message': 'internal error'}
return jsonify(response_object), 500
error_response = can_view_activity(auth_user_id, activity.user_id)
if error_response:
return error_response
if not activity.gpx or activity.gpx == '':
return NotFoundErrorResponse(
f'No gpx file for this activity (id: {activity_short_id})'
)
status = 'success'
message = ''
code = 200
else:
status = 'not found'
message = f'Activity not found (id: {activity_short_id})'
code = 404
try:
absolute_gpx_filepath = get_absolute_file_path(activity.gpx)
if data_type == 'chart_data':
content = get_chart_data(absolute_gpx_filepath, segment_id)
else: # data_type == 'gpx'
with open(absolute_gpx_filepath, encoding='utf-8') as f:
content = f.read()
if segment_id is not None:
content = extract_segment_from_gpx_file(
content, segment_id
)
except ActivityGPXException as e:
appLog.error(e.message)
if e.status == 'not found':
return NotFoundErrorResponse(e.message)
return InternalServerErrorResponse(e.message)
except Exception as e:
return handle_error_and_return_response(e)
response_object = {
'status': status,
'message': message,
'data': (
{'chart_data': content}
if data_type == 'chart'
else {'gpx': content}
),
return {
'status': 'success',
'message': '',
'data': ({data_type: content}),
}
return jsonify(response_object), code
@activities_blueprint.route(
@ -558,7 +534,7 @@ def get_activity_chart_data(auth_user_id, activity_short_id):
:statuscode 500:
"""
return get_activity_data(auth_user_id, activity_short_id, 'chart')
return get_activity_data(auth_user_id, activity_short_id, 'chart_data')
@activities_blueprint.route(
@ -681,7 +657,7 @@ def get_segment_chart_data(auth_user_id, activity_short_id, segment_id):
"""
return get_activity_data(
auth_user_id, activity_short_id, 'chart', segment_id
auth_user_id, activity_short_id, 'chart_data', segment_id
)
@ -718,18 +694,11 @@ def get_map(map_id):
try:
activity = Activity.query.filter_by(map_id=map_id).first()
if not activity:
response_object = {
'status': 'error',
'message': 'Map does not exist',
}
return jsonify(response_object), 404
else:
absolute_map_filepath = get_absolute_file_path(activity.map)
return send_file(absolute_map_filepath)
return NotFoundErrorResponse('Map does not exist.')
absolute_map_filepath = get_absolute_file_path(activity.map)
return send_file(absolute_map_filepath)
except Exception as e:
appLog.error(e)
response_object = {'status': 'error', 'message': 'internal error.'}
return jsonify(response_object), 500
return handle_error_and_return_response(e)
@activities_blueprint.route(
@ -887,16 +856,13 @@ def post_activity(auth_user_id):
:statuscode 500:
"""
response_object, response_code = verify_extension_and_size(
'activity', request
)
if response_object['status'] != 'success':
return jsonify(response_object), response_code
error_response = verify_extension_and_size('activity', request)
if error_response:
return error_response
activity_data = json.loads(request.form['data'])
if not activity_data or activity_data.get('sport_id') is None:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
activity_file = request.files['file']
upload_dir = os.path.join(
@ -921,20 +887,19 @@ def post_activity(auth_user_id):
]
},
}
code = 201
else:
response_object = {'status': 'fail', 'data': {'activities': []}}
code = 400
return DataInvalidPayloadErrorResponse('activities', 'fail')
except ActivityException as e:
db.session.rollback()
if e.e:
appLog.error(e.e)
response_object = {'status': e.status, 'message': e.message}
code = 500 if e.status == 'error' else 400
if e.status == 'error':
return InternalServerErrorResponse(e.message)
return InvalidPayloadErrorResponse(e.message)
shutil.rmtree(folders['extract_dir'], ignore_errors=True)
shutil.rmtree(folders['tmp_dir'], ignore_errors=True)
return jsonify(response_object), code
return response_object, 201
@activities_blueprint.route('/activities/no_gpx', methods=['POST'])
@ -1059,8 +1024,7 @@ def post_activity_no_gpx(auth_user_id):
or activity_data.get('distance') is None
or activity_data.get('activity_date') is None
):
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
try:
user = User.query.filter_by(id=auth_user_id).first()
@ -1068,20 +1032,21 @@ def post_activity_no_gpx(auth_user_id):
db.session.add(new_activity)
db.session.commit()
response_object = {
'status': 'created',
'data': {'activities': [new_activity.serialize()]},
}
return jsonify(response_object), 201
return (
{
'status': 'created',
'data': {'activities': [new_activity.serialize()]},
},
201,
)
except (exc.IntegrityError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'fail',
'message': 'Error during activity save.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(
error=e,
message='Error during activity save.',
status='fail',
db=db,
)
@activities_blueprint.route(
@ -1207,41 +1172,27 @@ def update_activity(auth_user_id, activity_short_id):
"""
activity_data = request.get_json()
if not activity_data:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
try:
activity_uuid = decode_short_id(activity_short_id)
activity = Activity.query.filter_by(uuid=activity_uuid).first()
if activity:
response_object, code = can_view_activity(
auth_user_id, activity.user_id
)
if response_object:
return jsonify(response_object), code
if not activity:
return DataNotFoundErrorResponse('activities')
activity = edit_activity(activity, activity_data, auth_user_id)
db.session.commit()
response_object = {
'status': 'success',
'data': {'activities': [activity.serialize()]},
}
code = 200
else:
response_object = {
'status': 'not found',
'data': {'activities': []},
}
code = 404
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
response_object = can_view_activity(auth_user_id, activity.user_id)
if response_object:
return response_object
activity = edit_activity(activity, activity_data, auth_user_id)
db.session.commit()
return {
'status': 'success',
'data': {'activities': [activity.serialize()]},
}
code = 500
return jsonify(response_object), code
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
return handle_error_and_return_response(e)
@activities_blueprint.route(
@ -1284,34 +1235,19 @@ def delete_activity(auth_user_id, activity_short_id):
try:
activity_uuid = decode_short_id(activity_short_id)
activity = Activity.query.filter_by(uuid=activity_uuid).first()
if activity:
response_object, code = can_view_activity(
auth_user_id, activity.user_id
)
if response_object:
return jsonify(response_object), code
if not activity:
return DataNotFoundErrorResponse('activities')
error_response = can_view_activity(auth_user_id, activity.user_id)
if error_response:
return error_response
db.session.delete(activity)
db.session.commit()
response_object = {'status': 'no content'}
code = 204
else:
response_object = {
'status': 'not found',
'data': {'activities': []},
}
code = 404
db.session.delete(activity)
db.session.commit()
return {'status': 'no content'}, 204
except (
exc.IntegrityError,
exc.OperationalError,
ValueError,
OSError,
) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
code = 500
return jsonify(response_object), code
return handle_error_and_return_response(e, db=db)

6
fittrackee/activities/records.py
View File

@ -1,4 +1,4 @@
from flask import Blueprint, jsonify
from flask import Blueprint
from ..users.utils import authenticate
from .models import Record
@ -103,14 +103,12 @@ def get_records(auth_user_id):
- Invalid token. Please log in again.
"""
records = (
Record.query.filter_by(user_id=auth_user_id)
.order_by(Record.sport_id.asc(), Record.record_type.asc())
.all()
)
response_object = {
return {
'status': 'success',
'data': {'records': [record.serialize() for record in records]},
}
return jsonify(response_object), 200

55
fittrackee/activities/sports.py
View File

@ -1,5 +1,10 @@
from fittrackee import appLog, db
from flask import Blueprint, jsonify, request
from fittrackee import db
from fittrackee.responses import (
DataNotFoundErrorResponse,
InvalidPayloadErrorResponse,
handle_error_and_return_response,
)
from flask import Blueprint, request
from sqlalchemy import exc
from ..users.models import User
@ -143,14 +148,12 @@ def get_sports(auth_user_id):
- Invalid token. Please log in again.
"""
user = User.query.filter_by(id=int(auth_user_id)).first()
sports = Sport.query.order_by(Sport.id).all()
response_object = {
return {
'status': 'success',
'data': {'sports': [sport.serialize(user.admin) for sport in sports]},
}
return jsonify(response_object), 200
@sports_blueprint.route('/sports/<int:sport_id>', methods=['GET'])
@ -238,19 +241,14 @@ def get_sport(auth_user_id, sport_id):
:statuscode 404: sport not found
"""
user = User.query.filter_by(id=int(auth_user_id)).first()
sport = Sport.query.filter_by(id=sport_id).first()
if sport:
response_object = {
return {
'status': 'success',
'data': {'sports': [sport.serialize(user.admin)]},
}
code = 200
else:
response_object = {'status': 'not found', 'data': {'sports': []}}
code = 404
return jsonify(response_object), code
return DataNotFoundErrorResponse('sports')
@sports_blueprint.route('/sports/<int:sport_id>', methods=['PATCH'])
@ -325,28 +323,19 @@ def update_sport(auth_user_id, sport_id):
"""
sport_data = request.get_json()
if not sport_data or sport_data.get('is_active') is None:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
try:
sport = Sport.query.filter_by(id=sport_id).first()
if sport:
sport.is_active = sport_data.get('is_active')
db.session.commit()
response_object = {
'status': 'success',
'data': {'sports': [sport.serialize(True)]},
}
code = 200
else:
response_object = {'status': 'not found', 'data': {'sports': []}}
code = 404
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
if not sport:
return DataNotFoundErrorResponse('sports')
sport.is_active = sport_data.get('is_active')
db.session.commit()
return {
'status': 'success',
'data': {'sports': [sport.serialize(True)]},
}
code = 500
return jsonify(response_object), code
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
return handle_error_and_return_response(e, db=db)

44
fittrackee/activities/stats.py
View File

@ -1,7 +1,13 @@
from datetime import datetime, timedelta
from fittrackee import appLog, db
from flask import Blueprint, jsonify, request
from fittrackee import db
from fittrackee.responses import (
InvalidPayloadErrorResponse,
NotFoundErrorResponse,
UserNotFoundErrorResponse,
handle_error_and_return_response,
)
from flask import Blueprint, request
from sqlalchemy import func
from ..users.models import User
@ -17,11 +23,7 @@ def get_activities(user_name, filter_type):
try:
user = User.query.filter_by(username=user_name).first()
if not user:
response_object = {
'status': 'not found',
'message': 'User does not exist.',
}
return jsonify(response_object), 404
return UserNotFoundErrorResponse()
params = request.args.copy()
date_from = params.get('from')
@ -42,11 +44,7 @@ def get_activities(user_name, filter_type):
if sport_id:
sport = Sport.query.filter_by(id=sport_id).first()
if not sport:
response_object = {
'status': 'not found',
'message': 'Sport does not exist.',
}
return jsonify(response_object), 404
return NotFoundErrorResponse('Sport does not exist.')
activities = (
Activity.query.filter(
@ -103,11 +101,9 @@ def get_activities(user_name, filter_type):
activity.activity_date, "%Y"
)
else:
response_object = {
'status': 'fail',
'message': 'Invalid time period.',
}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse(
'Invalid time period.', 'fail'
)
sport_id = activity.sport_id
if time_period not in activities_list:
activities_list[time_period] = {}
@ -125,19 +121,12 @@ def get_activities(user_name, filter_type):
'total_duration'
] += convert_timedelta_to_integer(activity.moving)
response_object = {
return {
'status': 'success',
'data': {'statistics': activities_list},
}
code = 200
except Exception as e:
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
code = 500
return jsonify(response_object), code
return handle_error_and_return_response(e)
@stats_blueprint.route('/stats/<user_name>/by_time', methods=['GET'])
@ -371,7 +360,7 @@ def get_application_stats(auth_user_id):
.group_by(Activity.sport_id)
.count()
)
response_object = {
return {
'status': 'success',
'data': {
'activities': nb_activities,
@ -380,4 +369,3 @@ def get_application_stats(auth_user_id):
'uploads_dir_size': get_upload_dir_size(),
},
}
return jsonify(response_object), 200

39
fittrackee/application/app_config.py
View File

@ -1,5 +1,9 @@
from fittrackee import appLog, db
from flask import Blueprint, current_app, jsonify, request
from fittrackee import db
from fittrackee.responses import (
InvalidPayloadErrorResponse,
handle_error_and_return_response,
)
from flask import Blueprint, current_app, request
from sqlalchemy.orm.exc import MultipleResultsFound, NoResultFound
from ..users.utils import authenticate_as_admin
@ -46,15 +50,11 @@ def get_application_config():
try:
config = AppConfig.query.one()
response_object = {'status': 'success', 'data': config.serialize()}
return jsonify(response_object), 200
return {'status': 'success', 'data': config.serialize()}
except (MultipleResultsFound, NoResultFound) as e:
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error on getting configuration.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(
e, message='Error on getting configuration.'
)
@config_blueprint.route('/config', methods=['PATCH'])
@ -111,8 +111,7 @@ def update_application_config(auth_user_id):
"""
config_data = request.get_json()
if not config_data:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
try:
config = AppConfig.query.one()
@ -129,18 +128,12 @@ def update_application_config(auth_user_id):
db.session.commit()
update_app_config_from_database(current_app, config)
response_object = {'status': 'success', 'data': config.serialize()}
code = 200
return {'status': 'success', 'data': config.serialize()}
except Exception as e:
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error on updating configuration.',
}
code = 500
return jsonify(response_object), code
return handle_error_and_return_response(
e, message='Error on updating configuration.'
)
@config_blueprint.route('/ping', methods=['GET'])
@ -169,4 +162,4 @@ def health_check():
:statuscode 200: success
"""
return jsonify({'status': 'success', 'message': 'pong!'})
return {'status': 'success', 'message': 'pong!'}

117
fittrackee/responses.py Normal file
View File

@ -0,0 +1,117 @@
from json import dumps
from fittrackee import appLog
from flask import Response
def get_empty_data_for_datatype(data_type):
return '' if data_type in ['gpx', 'chart_data'] else []
class HttpResponse(Response):
def __init__(
self,
response=None,
status_code=None,
content_type=None,
):
if isinstance(response, dict):
response = dumps(response)
content_type = (
'application/json' if content_type is None else content_type
)
super().__init__(
response=response,
status=status_code,
content_type=content_type,
)
class GenericErrorResponse(HttpResponse):
def __init__(self, status_code, message, status=None):
response = {
'status': 'error' if status is None else status,
'message': message,
}
super().__init__(
response=response,
status_code=status_code,
)
class InvalidPayloadErrorResponse(GenericErrorResponse):
def __init__(self, message=None, status=None):
message = 'Invalid payload.' if message is None else message
super().__init__(status_code=400, message=message, status=status)
class DataInvalidPayloadErrorResponse(HttpResponse):
def __init__(self, data_type, status=None):
response = {
'status': 'error' if status is None else status,
'data': {data_type: get_empty_data_for_datatype(data_type)},
}
super().__init__(response=response, status_code=400)
class UnauthorizedErrorResponse(GenericErrorResponse):
def __init__(self, message=None):
message = (
'Invalid token. Please request a new token.'
if message is None
else message
)
super().__init__(status_code=401, message=message)
class ForbiddenErrorResponse(GenericErrorResponse):
def __init__(self, message=None):
message = (
'You do not have permissions.' if message is None else message
)
super().__init__(status_code=403, message=message)
class NotFoundErrorResponse(GenericErrorResponse):
def __init__(self, message):
super().__init__(status_code=404, message=message, status='not found')
class UserNotFoundErrorResponse(NotFoundErrorResponse):
def __init__(self):
super().__init__(message='User does not exist.')
class DataNotFoundErrorResponse(HttpResponse):
def __init__(self, data_type, message=None):
response = {
'status': 'not found',
'data': {data_type: get_empty_data_for_datatype(data_type)},
}
if message:
response['message'] = message
super().__init__(response=response, status_code=404)
class PayloadTooLargeErrorResponse(GenericErrorResponse):
def __init__(self, message):
super().__init__(status_code=413, message=message, status='fail')
class InternalServerErrorResponse(GenericErrorResponse):
def __init__(self, message=None, status=None):
message = (
'Error. Please try again or contact the administrator.'
if message is None
else message
)
super().__init__(status_code=500, message=message, status=status)
def handle_error_and_return_response(
error, message=None, status=None, db=None
):
if db is not None:
db.session.rollback()
appLog.error(error)
return InternalServerErrorResponse(message=message, status=status)

16
fittrackee/tests/activities/test_activities_api_0_get.py
View File

@ -833,7 +833,7 @@ class TestGetActivity:
data = json.loads(response.data.decode())
assert response.status_code == 404
assert 'error' in data['status']
assert 'not found' in data['status']
assert (
f'No gpx file for this activity (id: {activity_short_id})'
in data['message']
@ -860,7 +860,7 @@ class TestGetActivity:
data = json.loads(response.data.decode())
assert response.status_code == 404
assert 'error' in data['status']
assert 'not found' in data['status']
assert (
f'No gpx file for this activity (id: {activity_short_id})'
in data['message']
@ -888,7 +888,10 @@ class TestGetActivity:
data = json.loads(response.data.decode())
assert response.status_code == 500
assert 'error' in data['status']
assert 'internal error' in data['message']
assert (
'Error. Please try again or contact the administrator.'
in data['message']
)
assert 'data' not in data
def test_it_returns_500_on_getting_chart_data_if_an_activity_has_invalid_gpx_pathname( # noqa
@ -913,7 +916,10 @@ class TestGetActivity:
data = json.loads(response.data.decode())
assert response.status_code == 500
assert 'error' in data['status']
assert 'internal error' in data['message']
assert (
'Error. Please try again or contact the administrator.'
in data['message']
)
assert 'data' not in data
def test_it_returns_404_if_activity_has_no_map(self, app, user_1):
@ -933,5 +939,5 @@ class TestGetActivity:
data = json.loads(response.data.decode())
assert response.status_code == 404
assert 'error' in data['status']
assert 'not found' in data['status']
assert 'Map does not exist' in data['message']

5
fittrackee/tests/activities/test_activities_api_1_post.py
View File

@ -843,7 +843,10 @@ class TestPostAndGetActivityWithGpx:
assert response.status_code == 500
assert data['status'] == 'error'
assert data['message'] == 'internal error.'
assert (
data['message']
== 'Error. Please try again or contact the administrator.'
)
def test_it_gets_an_activity_created_with_gpx(
self, app, user_1, sport_1_cycling, gpx_file

24
fittrackee/tests/users/test_auth_api.py
View File

@ -162,7 +162,7 @@ class TestUserRegistration:
assert response.content_type == 'application/json'
assert response.status_code == 400
def test_it_returns_error_if_paylaod_is_invalid(self, app):
def test_it_returns_error_if_payload_is_invalid(self, app):
client = app.test_client()
response = client.post(
'/api/auth/register',
@ -278,43 +278,49 @@ class TestUserRegistration:
class TestUserLogin:
def test_user_can_register(self, app, user_1):
client = app.test_client()
response = client.post(
'/api/auth/login',
data=json.dumps(dict(email='test@test.com', password='12345678')),
content_type='application/json',
)
assert response.content_type == 'application/json'
assert response.status_code == 200
data = json.loads(response.data.decode())
assert data['status'] == 'success'
assert data['message'] == 'Successfully logged in.'
assert data['auth_token']
assert response.content_type == 'application/json'
assert response.status_code == 200
def test_it_returns_error_if_user_does_not_exists(self, app):
client = app.test_client()
response = client.post(
'/api/auth/login',
data=json.dumps(dict(email='test@test.com', password='12345678')),
content_type='application/json',
)
assert response.content_type == 'application/json'
assert response.status_code == 401
data = json.loads(response.data.decode())
assert data['status'] == 'error'
assert data['message'] == 'Invalid credentials.'
assert response.content_type == 'application/json'
assert response.status_code == 404
def test_it_returns_error_on_invalid_payload(self, app):
client = app.test_client()
response = client.post(
'/api/auth/login',
data=json.dumps(dict()),
content_type='application/json',
)
assert response.content_type == 'application/json'
assert response.status_code == 400
data = json.loads(response.data.decode())
assert data['status'] == 'error'
assert data['message'] == 'Invalid payload.'
assert response.content_type == 'application/json'
assert response.status_code == 400
def test_it_returns_error_if_password_is_invalid(self, app, user_1):
client = app.test_client()
@ -325,11 +331,11 @@ class TestUserLogin:
content_type='application/json',
)
assert response.content_type == 'application/json'
assert response.status_code == 401
data = json.loads(response.data.decode())
assert data['status'] == 'error'
assert data['message'] == 'Invalid credentials.'
assert response.content_type == 'application/json'
assert response.status_code == 404
class TestUserLogout:

4
fittrackee/tests/users/test_users_api.py
View File

@ -111,7 +111,7 @@ class TestGetUser:
data = json.loads(response.data.decode())
assert response.status_code == 404
assert 'fail' in data['status']
assert 'not found' in data['status']
assert 'User does not exist.' in data['message']
@ -972,7 +972,7 @@ class TestGetUserPicture:
data = json.loads(response.data.decode())
assert response.status_code == 404
assert 'fail' in data['status']
assert 'not found' in data['status']
assert 'User does not exist.' in data['message']

230
fittrackee/users/auth.py
View File

@ -3,8 +3,15 @@ import os
import jwt
from fittrackee import appLog, bcrypt, db
from fittrackee.responses import (
ForbiddenErrorResponse,
InvalidPayloadErrorResponse,
PayloadTooLargeErrorResponse,
UnauthorizedErrorResponse,
handle_error_and_return_response,
)
from fittrackee.tasks import reset_password_email
from flask import Blueprint, current_app, jsonify, request
from flask import Blueprint, current_app, request
from sqlalchemy import exc, or_
from werkzeug.exceptions import RequestEntityTooLarge
from werkzeug.utils import secure_filename
@ -84,11 +91,8 @@ def register_user():
"""
if not current_app.config.get('is_registration_enabled'):
response_object = {
'status': 'error',
'message': 'Error. Registration is disabled.',
}
return jsonify(response_object), 403
return ForbiddenErrorResponse('Error. Registration is disabled.')
# get post data
post_data = request.get_json()
if (
@ -98,8 +102,7 @@ def register_user():
or post_data.get('password') is None
or post_data.get('password_conf') is None
):
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
@ -108,53 +111,36 @@ def register_user():
try:
ret = register_controls(username, email, password, password_conf)
except TypeError as e:
db.session.rollback()
appLog.error(e)
return handle_error_and_return_response(e, db=db)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
return jsonify(response_object), 500
if ret != '':
response_object = {'status': 'error', 'message': ret}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse(ret)
try:
# check for existing user
user = User.query.filter(
or_(User.username == username, User.email == email)
).first()
if not user:
# add new user to db
new_user = User(username=username, email=email, password=password)
new_user.timezone = 'Europe/Paris'
db.session.add(new_user)
db.session.commit()
# generate auth token
auth_token = new_user.encode_auth_token(new_user.id)
response_object = {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token,
}
return jsonify(response_object), 201
else:
response_object = {
'status': 'error',
'message': 'Sorry. That user already exists.',
}
return jsonify(response_object), 400
if user:
return InvalidPayloadErrorResponse(
'Sorry. That user already exists.'
)
# add new user to db
new_user = User(username=username, email=email, password=password)
new_user.timezone = 'Europe/Paris'
db.session.add(new_user)
db.session.commit()
# generate auth token
auth_token = new_user.encode_auth_token(new_user.id)
return {
'status': 'success',
'message': 'Successfully registered.',
'auth_token': auth_token,
}, 201
# handler errors
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(e, db=db)
@auth_blueprint.route('/auth/login', methods=['POST'])
@ -200,15 +186,15 @@ def login_user():
:<json string password_conf: password confirmation
:statuscode 200: Successfully logged in.
:statuscode 404: Invalid credentials.
:statuscode 400: Invalid payload.
:statuscode 401: Invalid credentials.
:statuscode 500: Error. Please try again or contact the administrator.
"""
# get post data
post_data = request.get_json()
if not post_data:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
email = post_data.get('email')
password = post_data.get('password')
try:
@ -217,27 +203,15 @@ def login_user():
if user and bcrypt.check_password_hash(user.password, password):
# generate auth token
auth_token = user.encode_auth_token(user.id)
response_object = {
return {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token,
}
return jsonify(response_object), 200
else:
response_object = {
'status': 'error',
'message': 'Invalid credentials.',
}
return jsonify(response_object), 404
return UnauthorizedErrorResponse('Invalid credentials.')
# handler errors
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(e, db=db)
@auth_blueprint.route('/auth/logout', methods=['GET'])
@ -287,24 +261,18 @@ def logout_user(auth_user_id):
"""
# get auth token
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
resp = User.decode_auth_token(auth_token)
if not isinstance(auth_user_id, str):
response_object = {
'status': 'success',
'message': 'Successfully logged out.',
}
return jsonify(response_object), 200
else:
response_object = {'status': 'error', 'message': resp}
return jsonify(response_object), 401
else:
response_object = {
'status': 'error',
'message': 'Provide a valid auth token.',
}
return jsonify(response_object), 401
if not auth_header:
return UnauthorizedErrorResponse('Provide a valid auth token.')
auth_token = auth_header.split(' ')[1]
resp = User.decode_auth_token(auth_token)
if isinstance(auth_user_id, str):
return UnauthorizedErrorResponse(resp)
return {
'status': 'success',
'message': 'Successfully logged out.',
}
@auth_blueprint.route('/auth/profile', methods=['GET'])
@ -365,8 +333,7 @@ def get_authenticated_user_profile(auth_user_id):
"""
user = User.query.filter_by(id=auth_user_id).first()
response_object = {'status': 'success', 'data': user.serialize()}
return jsonify(response_object), 200
return {'status': 'success', 'data': user.serialize()}
@auth_blueprint.route('/auth/profile/edit', methods=['POST'])
@ -455,8 +422,8 @@ def edit_user(auth_user_id):
'weekm',
}
if not post_data or not post_data.keys() >= user_mandatory_data:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
first_name = post_data.get('first_name')
last_name = post_data.get('last_name')
bio = post_data.get('bio')
@ -471,8 +438,7 @@ def edit_user(auth_user_id):
if password is not None and password != '':
message = check_passwords(password, password_conf)
if message != '':
response_object = {'status': 'error', 'message': message}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse(message)
password = bcrypt.generate_password_hash(
password, current_app.config.get('BCRYPT_LOG_ROUNDS')
).decode()
@ -495,22 +461,15 @@ def edit_user(auth_user_id):
user.weekm = weekm
db.session.commit()
response_object = {
return {
'status': 'success',
'message': 'User profile updated.',
'data': user.serialize(),
}
return jsonify(response_object), 200
# handler errors
except (exc.IntegrityError, exc.OperationalError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(e, db=db)
@auth_blueprint.route('/auth/picture', methods=['POST'])
@ -557,20 +516,16 @@ def edit_picture(auth_user_id):
"""
try:
response_object, response_code = verify_extension_and_size(
'picture', request
)
response_object = verify_extension_and_size('picture', request)
except RequestEntityTooLarge as e:
appLog.error(e)
max_file_size = current_app.config['MAX_CONTENT_LENGTH']
response_object = {
'status': 'fail',
'message': 'Error during picture update, file size exceeds '
f'{display_readable_file_size(max_file_size)}.',
}
return jsonify(response_object), 413
if response_object['status'] != 'success':
return jsonify(response_object), response_code
return PayloadTooLargeErrorResponse(
'Error during picture update, file size exceeds '
f'{display_readable_file_size(max_file_size)}.'
)
if response_object:
return response_object
file = request.files['file']
filename = secure_filename(file.filename)
@ -593,21 +548,15 @@ def edit_picture(auth_user_id):
file.save(absolute_picture_path)
user.picture = relative_picture_path
db.session.commit()
response_object = {
return {
'status': 'success',
'message': 'User picture updated.',
}
return jsonify(response_object), 200
except (exc.IntegrityError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'fail',
'message': 'Error during picture update.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(
e, message='Error during picture update.', status='fail', db=db
)
@auth_blueprint.route('/auth/picture', methods=['DELETE'])
@ -647,18 +596,11 @@ def del_picture(auth_user_id):
os.remove(picture_path)
user.picture = None
db.session.commit()
response_object = {'status': 'no content'}
return jsonify(response_object), 204
return {'status': 'no content'}, 204
except (exc.IntegrityError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'fail',
'message': 'Error during picture deletion.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(
e, message='Error during picture deletion.', status='fail', db=db
)
@auth_blueprint.route('/auth/password/reset-request', methods=['POST'])
@ -693,8 +635,7 @@ def request_password_reset():
"""
post_data = request.get_json()
if not post_data or post_data.get('email') is None:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
email = post_data.get('email')
user = User.query.filter(User.email == email).first()
@ -718,11 +659,10 @@ def request_password_reset():
'email': user.email,
}
reset_password_email.send(user_data, email_data)
response_object = {
return {
'status': 'success',
'message': 'Password reset request processed.',
}
return jsonify(response_object), 200
@auth_blueprint.route('/auth/password/update', methods=['POST'])
@ -766,45 +706,31 @@ def update_password():
or post_data.get('password_conf') is None
or post_data.get('token') is None
):
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
password = post_data.get('password')
password_conf = post_data.get('password_conf')
token = post_data.get('token')
invalid_token_response_object = {
'status': 'error',
'message': 'Invalid token. Please request a new token.',
}
try:
user_id = decode_user_token(token)
except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
return jsonify(invalid_token_response_object), 401
return UnauthorizedErrorResponse()
message = check_passwords(password, password_conf)
if message != '':
response_object = {'status': 'error', 'message': message}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse(message)
user = User.query.filter(User.id == user_id).first()
if not user:
return jsonify(invalid_token_response_object), 401
return UnauthorizedErrorResponse()
try:
user.password = bcrypt.generate_password_hash(
password, current_app.config.get('BCRYPT_LOG_ROUNDS')
).decode()
db.session.commit()
response_object = {
return {
'status': 'success',
'message': 'Password updated.',
}
return jsonify(response_object), 200
except (exc.OperationalError, ValueError) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
return jsonify(response_object), 500
return handle_error_and_return_response(e, db=db)

151
fittrackee/users/users.py
View File

@ -1,8 +1,15 @@
import os
import shutil
from fittrackee import appLog, db
from flask import Blueprint, jsonify, request, send_file
from fittrackee import db
from fittrackee.responses import (
ForbiddenErrorResponse,
InvalidPayloadErrorResponse,
NotFoundErrorResponse,
UserNotFoundErrorResponse,
handle_error_and_return_response,
)
from flask import Blueprint, request, send_file
from sqlalchemy import exc
from ..activities.utils_files import get_absolute_file_path
@ -156,7 +163,7 @@ def get_users(auth_user_id):
.paginate(page, per_page, False)
)
users = users_pagination.items
response_object = {
return {
'status': 'success',
'data': {'users': [user.serialize() for user in users]},
'pagination': {
@ -167,7 +174,6 @@ def get_users(auth_user_id):
'total': users_pagination.total,
},
}
return jsonify(response_object), 200
@users_blueprint.route('/users/<user_name>', methods=['GET'])
@ -232,20 +238,16 @@ def get_single_user(auth_user_id, user_name):
:statuscode 404:
- User does not exist.
"""
response_object = {'status': 'fail', 'message': 'User does not exist.'}
try:
user = User.query.filter_by(username=user_name).first()
if not user:
return jsonify(response_object), 404
else:
response_object = {
if user:
return {
'status': 'success',
'data': {'users': [user.serialize()]},
}
return jsonify(response_object), 200
except ValueError:
return jsonify(response_object), 404
pass
return UserNotFoundErrorResponse()
@users_blueprint.route('/users/<user_name>/picture', methods=['GET'])
@ -274,21 +276,16 @@ def get_picture(user_name):
- No picture.
"""
response_object = {'status': 'not found', 'message': 'No picture.'}
try:
user = User.query.filter_by(username=user_name).first()
if not user:
response_object = {
'status': 'fail',
'message': 'User does not exist.',
}
return jsonify(response_object), 404
return UserNotFoundErrorResponse()
if user.picture is not None:
picture_path = get_absolute_file_path(user.picture)
return send_file(picture_path)
return jsonify(response_object), 404
except Exception:
return jsonify(response_object), 404
pass
return NotFoundErrorResponse('No picture.')
@users_blueprint.route('/users/<user_name>', methods=['PATCH'])
@ -359,34 +356,23 @@ def update_user(auth_user_id, user_name):
- User does not exist.
:statuscode 500:
"""
response_object = {'status': 'fail', 'message': 'User does not exist.'}
user_data = request.get_json()
if 'admin' not in user_data:
response_object = {'status': 'error', 'message': 'Invalid payload.'}
return jsonify(response_object), 400
return InvalidPayloadErrorResponse()
try:
user = User.query.filter_by(username=user_name).first()
if not user:
return jsonify(response_object), 404
else:
user.admin = user_data['admin']
db.session.commit()
response_object = {
'status': 'success',
'data': {'users': [user.serialize()]},
}
return jsonify(response_object), 200
return UserNotFoundErrorResponse()
except exc.StatementError as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
user.admin = user_data['admin']
db.session.commit()
return {
'status': 'success',
'data': {'users': [user.serialize()]},
}
code = 500
return jsonify(response_object), code
except exc.StatementError as e:
return handle_error_and_return_response(e, db=db)
@users_blueprint.route('/users/<user_name>', methods=['DELETE'])
@ -435,62 +421,43 @@ def delete_user(auth_user_id, user_name):
try:
auth_user = User.query.filter_by(id=auth_user_id).first()
user = User.query.filter_by(username=user_name).first()
if user:
if user.id != auth_user_id and not auth_user.admin:
response_object = {
'status': 'error',
'message': 'You do not have permissions.',
}
return response_object, 403
if (
user.admin is True
and User.query.filter_by(admin=True).count() == 1
):
response_object = {
'status': 'error',
'message': (
'You can not delete your account, '
'no other user has admin rights.'
),
}
return response_object, 403
for activity in Activity.query.filter_by(user_id=user.id).all():
db.session.delete(activity)
db.session.flush()
user_picture = user.picture
db.session.delete(user)
db.session.commit()
if user_picture:
picture_path = get_absolute_file_path(user.picture)
if os.path.isfile(picture_path):
os.remove(picture_path)
shutil.rmtree(
get_absolute_file_path(f'activities/{user.id}'),
ignore_errors=True,
if not user:
return UserNotFoundErrorResponse()
if user.id != auth_user_id and not auth_user.admin:
return ForbiddenErrorResponse()
if (
user.admin is True
and User.query.filter_by(admin=True).count() == 1
):
return ForbiddenErrorResponse(
'You can not delete your account, '
'no other user has admin rights.'
)
shutil.rmtree(
get_absolute_file_path(f'pictures/{user.id}'),
ignore_errors=True,
)
response_object = {'status': 'no content'}
code = 204
else:
response_object = {
'status': 'not found',
'message': 'User does not exist.',
}
code = 404
for activity in Activity.query.filter_by(user_id=user.id).all():
db.session.delete(activity)
db.session.flush()
user_picture = user.picture
db.session.delete(user)
db.session.commit()
if user_picture:
picture_path = get_absolute_file_path(user.picture)
if os.path.isfile(picture_path):
os.remove(picture_path)
shutil.rmtree(
get_absolute_file_path(f'activities/{user.id}'),
ignore_errors=True,
)
shutil.rmtree(
get_absolute_file_path(f'pictures/{user.id}'),
ignore_errors=True,
)
return {'status': 'no content'}, 204
except (
exc.IntegrityError,
exc.OperationalError,
ValueError,
OSError,
) as e:
db.session.rollback()
appLog.error(e)
response_object = {
'status': 'error',
'message': 'Error. Please try again or contact the administrator.',
}
code = 500
return jsonify(response_object), code
return handle_error_and_return_response(e, db=db)

76
fittrackee/users/utils.py
View File

@ -3,7 +3,13 @@ from datetime import timedelta
from functools import wraps
import humanize
from flask import current_app, jsonify, request
from fittrackee.responses import (
ForbiddenErrorResponse,
InvalidPayloadErrorResponse,
PayloadTooLargeErrorResponse,
UnauthorizedErrorResponse,
)
from flask import current_app, request
from .models import User
@ -38,17 +44,12 @@ def register_controls(username, email, password, password_conf):
def verify_extension_and_size(file_type, req):
response_object = {'status': 'success'}
code = 400
if 'file' not in req.files:
response_object = {'status': 'fail', 'message': 'No file part.'}
return response_object, code
return InvalidPayloadErrorResponse('No file part.', 'fail')
file = req.files['file']
if file.filename == '':
response_object = {'status': 'fail', 'message': 'No selected file.'}
return response_object, code
return InvalidPayloadErrorResponse('No selected file.', 'fail')
allowed_extensions = (
'ACTIVITY_ALLOWED_EXTENSIONS'
@ -67,52 +68,43 @@ def verify_extension_and_size(file_type, req):
file_extension
and file_extension in current_app.config.get(allowed_extensions)
):
response_object = {
'status': 'fail',
'message': 'File extension not allowed.',
}
elif file_extension != 'zip' and req.content_length > max_file_size:
response_object = {
'status': 'fail',
'message': 'Error during picture update, file size exceeds '
f'{display_readable_file_size(max_file_size)}.',
}
code = 413
return InvalidPayloadErrorResponse(
'File extension not allowed.', 'fail'
)
return response_object, code
if file_extension != 'zip' and req.content_length > max_file_size:
return PayloadTooLargeErrorResponse(
'Error during picture update, file size exceeds '
f'{display_readable_file_size(max_file_size)}.'
)
return None
def verify_user(current_request, verify_admin):
response_object = {
'status': 'error',
'message': 'Something went wrong. Please contact us.',
}
code = 401
default_message = 'Provide a valid auth token.'
auth_header = current_request.headers.get('Authorization')
if not auth_header:
response_object['message'] = 'Provide a valid auth token.'
return response_object, code, None
auth_token = auth_header.split(" ")[1]
return UnauthorizedErrorResponse(default_message), None
auth_token = auth_header.split(' ')[1]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
response_object['message'] = resp
return response_object, code, None
return UnauthorizedErrorResponse(resp), None
user = User.query.filter_by(id=resp).first()
if not user:
return response_object, code, None
return UnauthorizedErrorResponse(default_message), None
if verify_admin and not is_admin(resp):
response_object['message'] = 'You do not have permissions.'
return response_object, 403, None
return None, None, resp
return ForbiddenErrorResponse(), None
return None, resp
def authenticate(f):
@wraps(f)
def decorated_function(*args, **kwargs):
verify_admin = False
response_object, code, resp = verify_user(request, verify_admin)
response_object, resp = verify_user(request, verify_admin)
if response_object:
return jsonify(response_object), code
return response_object
return f(resp, *args, **kwargs)
return decorated_function
@ -122,9 +114,9 @@ def authenticate_as_admin(f):
@wraps(f)
def decorated_function(*args, **kwargs):
verify_admin = True
response_object, code, resp = verify_user(request, verify_admin)
response_object, resp = verify_user(request, verify_admin)
if response_object:
return jsonify(response_object), code
return response_object
return f(resp, *args, **kwargs)
return decorated_function
@ -132,12 +124,8 @@ def authenticate_as_admin(f):
def can_view_activity(auth_user_id, activity_user_id):
if auth_user_id != activity_user_id:
response_object = {
'status': 'error',
'message': 'You do not have permissions.',
}
return response_object, 403
return None, None
return ForbiddenErrorResponse()
return None
def display_readable_file_size(size_in_bytes):