API - minor refacto

This commit is contained in:
Sam 2022-05-23 13:04:01 +02:00
parent 0ee28d7331
commit c13e9e0286
3 changed files with 18 additions and 15 deletions

View File

@ -10,7 +10,7 @@ from sqlalchemy import exc, func
from werkzeug.exceptions import RequestEntityTooLarge from werkzeug.exceptions import RequestEntityTooLarge
from werkzeug.utils import secure_filename from werkzeug.utils import secure_filename
from fittrackee import appLog, bcrypt, db from fittrackee import appLog, db
from fittrackee.emails.tasks import ( from fittrackee.emails.tasks import (
account_confirmation_email, account_confirmation_email,
email_updated_to_current_address, email_updated_to_current_address,
@ -237,7 +237,7 @@ def login_user() -> Union[Dict, HttpResponse]:
func.lower(User.email) == func.lower(email), func.lower(User.email) == func.lower(email),
User.is_active == True, # noqa User.is_active == True, # noqa
).first() ).first()
if user and bcrypt.check_password_hash(user.password, password): if user and user.check_password(password):
# generate auth token # generate auth token
auth_token = user.encode_auth_token(user.id) auth_token = user.encode_auth_token(user.id)
return { return {
@ -628,7 +628,7 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
current_password = data.get('password') current_password = data.get('password')
if not current_password: if not current_password:
return InvalidPayloadErrorResponse('current password is missing') return InvalidPayloadErrorResponse('current password is missing')
if not bcrypt.check_password_hash(auth_user.password, current_password): if not auth_user.check_password(current_password):
return UnauthorizedErrorResponse('invalid credentials') return UnauthorizedErrorResponse('invalid credentials')
new_password = data.get('new_password') new_password = data.get('new_password')
@ -648,9 +648,9 @@ def update_user_account(auth_user: User) -> Union[Dict, HttpResponse]:
if new_password is not None: if new_password is not None:
error_messages += check_password(new_password) error_messages += check_password(new_password)
if error_messages == '': if error_messages == '':
hashed_password = bcrypt.generate_password_hash( hashed_password = auth_user.generate_password_hash(
new_password, current_app.config.get('BCRYPT_LOG_ROUNDS') new_password
).decode() )
auth_user.password = hashed_password auth_user.password = hashed_password
if error_messages != '': if error_messages != '':
@ -1272,9 +1272,7 @@ def update_password() -> Union[Dict, HttpResponse]:
if not user: if not user:
return UnauthorizedErrorResponse() return UnauthorizedErrorResponse()
try: try:
user.password = bcrypt.generate_password_hash( user.password = user.generate_password_hash(password)
password, current_app.config.get('BCRYPT_LOG_ROUNDS')
).decode()
db.session.commit() db.session.commit()
if current_app.config['CAN_SEND_EMAILS']: if current_app.config['CAN_SEND_EMAILS']:

View File

@ -102,6 +102,15 @@ class User(BaseModel):
except jwt.InvalidTokenError: except jwt.InvalidTokenError:
return 'invalid token, please log in again' return 'invalid token, please log in again'
def check_password(self, password: str) -> bool:
return bcrypt.check_password_hash(self.password, password)
@staticmethod
def generate_password_hash(new_password: str) -> str:
return bcrypt.generate_password_hash(
new_password, current_app.config.get('BCRYPT_LOG_ROUNDS')
).decode()
@hybrid_property @hybrid_property
def workouts_count(self) -> int: def workouts_count(self) -> int:
return Workout.query.filter(Workout.user_id == self.id).count() return Workout.query.filter(Workout.user_id == self.id).count()

View File

@ -1,9 +1,7 @@
import secrets import secrets
from typing import Optional, Tuple from typing import Optional, Tuple
from flask import current_app from fittrackee import db
from fittrackee import bcrypt, db
from ..exceptions import InvalidEmailException, UserNotFoundException from ..exceptions import InvalidEmailException, UserNotFoundException
from ..models import User from ..models import User
@ -33,9 +31,7 @@ class UserManagerService:
@staticmethod @staticmethod
def _reset_user_password(user: User) -> str: def _reset_user_password(user: User) -> str:
new_password = secrets.token_urlsafe(30) new_password = secrets.token_urlsafe(30)
user.password = bcrypt.generate_password_hash( user.password = user.generate_password_hash(new_password)
new_password, current_app.config.get('BCRYPT_LOG_ROUNDS')
).decode()
return new_password return new_password
@staticmethod @staticmethod