1
|
|
|
import hashlib |
2
|
|
|
import os |
3
|
|
|
import re |
4
|
|
|
import uuid |
5
|
|
|
from datetime import datetime, timedelta, timezone |
6
|
|
|
import random |
7
|
|
|
import falcon |
8
|
|
|
import mysql.connector |
9
|
|
|
import simplejson as json |
10
|
|
|
from core.useractivity import user_logger, write_log, admin_control |
11
|
|
|
import config |
12
|
|
|
|
13
|
|
|
|
14
|
|
|
class UserCollection: |
15
|
|
|
@staticmethod |
16
|
|
|
def __init__(): |
17
|
|
|
"""Initializes Class""" |
18
|
|
|
pass |
19
|
|
|
|
20
|
|
|
@staticmethod |
21
|
|
|
def on_options(req, resp): |
22
|
|
|
resp.status = falcon.HTTP_200 |
23
|
|
|
|
24
|
|
|
@staticmethod |
25
|
|
|
def on_get(req, resp): |
26
|
|
|
admin_control(req) |
27
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
28
|
|
|
cursor = cnx.cursor() |
29
|
|
|
query = (" SELECT u.id, u.name, u.display_name, u.uuid, " |
30
|
|
|
" u.email, u.is_admin, u.is_read_only, p.id, p.name, " |
31
|
|
|
" u.account_expiration_datetime_utc, u.password_expiration_datetime_utc, u.failed_login_count " |
32
|
|
|
" FROM tbl_users u " |
33
|
|
|
" LEFT JOIN tbl_privileges p ON u.privilege_id = p.id " |
34
|
|
|
" ORDER BY u.name ") |
35
|
|
|
cursor.execute(query) |
36
|
|
|
rows = cursor.fetchall() |
37
|
|
|
cursor.close() |
38
|
|
|
cnx.close() |
39
|
|
|
|
40
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
41
|
|
|
if config.utc_offset[0] == '-': |
42
|
|
|
timezone_offset = -timezone_offset |
43
|
|
|
|
44
|
|
|
result = list() |
45
|
|
|
if rows is not None and len(rows) > 0: |
46
|
|
|
for row in rows: |
47
|
|
|
meta_result = {"id": row[0], |
48
|
|
|
"name": row[1], |
49
|
|
|
"display_name": row[2], |
50
|
|
|
"uuid": row[3], |
51
|
|
|
"email": row[4], |
52
|
|
|
"is_admin": True if row[5] else False, |
53
|
|
|
"is_read_only": (True if row[6] else False) if row[5] else None, |
54
|
|
|
"privilege": { |
55
|
|
|
"id": row[7], |
56
|
|
|
"name": row[8]} if row[7] is not None else None, |
57
|
|
|
"account_expiration_datetime": |
58
|
|
|
(row[9].replace(tzinfo=timezone.utc) + timedelta(minutes=timezone_offset)).strftime('%Y-%m-%dT%H:%M:%S'), |
59
|
|
|
"password_expiration_datetime": |
60
|
|
|
(row[10].replace(tzinfo=timezone.utc) + timedelta(minutes=timezone_offset)).strftime('%Y-%m-%dT%H:%M:%S'), |
61
|
|
|
"is_locked": True if row[11] >= config.maximum_failed_login_count else False} |
62
|
|
|
result.append(meta_result) |
63
|
|
|
|
64
|
|
|
resp.text = json.dumps(result) |
65
|
|
|
|
66
|
|
|
@staticmethod |
67
|
|
|
def on_post(req, resp): |
68
|
|
|
"""Handles POST requests""" |
69
|
|
|
admin_control(req) |
70
|
|
|
# todo: add user log |
71
|
|
|
try: |
72
|
|
|
raw_json = req.stream.read().decode('utf-8') |
73
|
|
|
new_values = json.loads(raw_json) |
74
|
|
|
except Exception as ex: |
75
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
76
|
|
|
title='API.BAD_REQUEST', |
77
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
78
|
|
|
|
79
|
|
|
if 'name' not in new_values['data'].keys() or \ |
80
|
|
|
not isinstance(new_values['data']['name'], str) or \ |
81
|
|
|
len(str.strip(new_values['data']['name'])) == 0: |
82
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
83
|
|
|
description='API.INVALID_USER_NAME') |
84
|
|
|
name = str.strip(new_values['data']['name']) |
85
|
|
|
|
86
|
|
|
if 'display_name' not in new_values['data'].keys() or \ |
87
|
|
|
not isinstance(new_values['data']['display_name'], str) or \ |
88
|
|
|
len(str.strip(new_values['data']['display_name'])) == 0: |
89
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
90
|
|
|
description='API.INVALID_DISPLAY_NAME') |
91
|
|
|
display_name = str.strip(new_values['data']['display_name']) |
92
|
|
|
|
93
|
|
|
if 'email' not in new_values['data'].keys() or \ |
94
|
|
|
not isinstance(new_values['data']['email'], str) or \ |
95
|
|
|
len(str.strip(new_values['data']['email'])) == 0: |
96
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
97
|
|
|
description='API.INVALID_EMAIL') |
98
|
|
|
email = str.lower(str.strip(new_values['data']['email'])) |
99
|
|
|
|
100
|
|
|
match = re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', email) |
101
|
|
|
if match is None: |
102
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
103
|
|
|
description='API.INVALID_EMAIL') |
104
|
|
|
|
105
|
|
|
if 'password' not in new_values['data'].keys() or \ |
106
|
|
|
not isinstance(new_values['data']['password'], str) or \ |
107
|
|
|
len(str.strip(new_values['data']['password'])) == 0: |
108
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
109
|
|
|
description='API.INVALID_PASSWORD') |
110
|
|
|
|
111
|
|
|
if len(str.strip(new_values['data']['password'])) > 100: |
112
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
113
|
|
|
description='API.PASSWORD_LENGTH_CANNOT_EXCEED_100_CHARACTERS') |
114
|
|
|
|
115
|
|
|
if 'is_admin' not in new_values['data'].keys() or \ |
116
|
|
|
not isinstance(new_values['data']['is_admin'], bool): |
117
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
118
|
|
|
description='API.INVALID_IS_ADMIN_VALUE') |
119
|
|
|
is_admin = new_values['data']['is_admin'] |
120
|
|
|
|
121
|
|
|
is_read_only = False |
122
|
|
|
|
123
|
|
|
if is_admin: |
124
|
|
|
if 'is_read_only' not in new_values['data'].keys() or \ |
125
|
|
|
not isinstance(new_values['data']['is_read_only'], bool): |
126
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
127
|
|
|
description='API.INVALID_IS_READ_ONLY_VALUE') |
128
|
|
|
is_read_only = new_values['data']['is_read_only'] |
129
|
|
|
|
130
|
|
|
if 'privilege_id' in new_values['data'].keys(): |
131
|
|
|
if not isinstance(new_values['data']['privilege_id'], int) or \ |
132
|
|
|
new_values['data']['privilege_id'] <= 0: |
133
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
134
|
|
|
description='API.INVALID_PRIVILEGE_ID') |
135
|
|
|
privilege_id = new_values['data']['privilege_id'] |
136
|
|
|
else: |
137
|
|
|
privilege_id = None |
138
|
|
|
|
139
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
140
|
|
|
if config.utc_offset[0] == '-': |
141
|
|
|
timezone_offset = -timezone_offset |
142
|
|
|
|
143
|
|
|
account_expiration_datetime = datetime.strptime(new_values['data']['account_expiration_datetime'], |
144
|
|
|
'%Y-%m-%dT%H:%M:%S') |
145
|
|
|
account_expiration_datetime = account_expiration_datetime.replace(tzinfo=timezone.utc) |
146
|
|
|
account_expiration_datetime -= timedelta(minutes=timezone_offset) |
147
|
|
|
|
148
|
|
|
password_expiration_datetime = datetime.strptime(new_values['data']['password_expiration_datetime'], |
149
|
|
|
'%Y-%m-%dT%H:%M:%S') |
150
|
|
|
password_expiration_datetime = password_expiration_datetime.replace(tzinfo=timezone.utc) |
151
|
|
|
password_expiration_datetime -= timedelta(minutes=timezone_offset) |
152
|
|
|
|
153
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
154
|
|
|
cursor = cnx.cursor() |
155
|
|
|
|
156
|
|
|
cursor.execute(" SELECT name " |
157
|
|
|
" FROM tbl_users " |
158
|
|
|
" WHERE name = %s ", (name,)) |
159
|
|
|
if cursor.fetchone() is not None: |
160
|
|
|
cursor.close() |
161
|
|
|
cnx.close() |
162
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
163
|
|
|
description='API.USER_NAME_IS_ALREADY_IN_USE') |
164
|
|
|
|
165
|
|
|
cursor.execute(" SELECT name " |
166
|
|
|
" FROM tbl_users " |
167
|
|
|
" WHERE email = %s ", (email,)) |
168
|
|
|
if cursor.fetchone() is not None: |
169
|
|
|
cursor.close() |
170
|
|
|
cnx.close() |
171
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.BAD_REQUEST', |
172
|
|
|
description='API.EMAIL_IS_ALREADY_IN_USE') |
173
|
|
|
|
174
|
|
|
if privilege_id is not None: |
175
|
|
|
cursor.execute(" SELECT name " |
176
|
|
|
" FROM tbl_privileges " |
177
|
|
|
" WHERE id = %s ", |
178
|
|
|
(privilege_id,)) |
179
|
|
|
if cursor.fetchone() is None: |
180
|
|
|
cursor.close() |
181
|
|
|
cnx.close() |
182
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
183
|
|
|
description='API.PRIVILEGE_NOT_FOUND') |
184
|
|
|
|
185
|
|
|
add_row = (" INSERT INTO tbl_users " |
186
|
|
|
" (name, uuid, display_name, email, salt, password, is_admin, is_read_only, privilege_id, " |
187
|
|
|
" account_expiration_datetime_utc, password_expiration_datetime_utc, failed_login_count) " |
188
|
|
|
" VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) ") |
189
|
|
|
|
190
|
|
|
salt = uuid.uuid4().hex |
191
|
|
|
password = new_values['data']['password'] |
192
|
|
|
hashed_password = hashlib.sha512(salt.encode() + password.encode()).hexdigest() |
193
|
|
|
|
194
|
|
|
cursor.execute(add_row, (name, |
195
|
|
|
str(uuid.uuid4()), |
196
|
|
|
display_name, |
197
|
|
|
email, |
198
|
|
|
salt, |
199
|
|
|
hashed_password, |
200
|
|
|
is_admin, |
201
|
|
|
is_read_only, |
202
|
|
|
privilege_id, |
203
|
|
|
account_expiration_datetime, |
204
|
|
|
password_expiration_datetime, |
205
|
|
|
0)) |
206
|
|
|
new_id = cursor.lastrowid |
207
|
|
|
cnx.commit() |
208
|
|
|
cursor.close() |
209
|
|
|
cnx.close() |
210
|
|
|
|
211
|
|
|
resp.status = falcon.HTTP_201 |
212
|
|
|
resp.location = '/users/' + str(new_id) |
213
|
|
|
|
214
|
|
|
|
215
|
|
|
class UserItem: |
216
|
|
|
@staticmethod |
217
|
|
|
def __init__(): |
218
|
|
|
"""Initializes Class""" |
219
|
|
|
pass |
220
|
|
|
|
221
|
|
|
@staticmethod |
222
|
|
|
def on_options(req, resp, id_): |
223
|
|
|
resp.status = falcon.HTTP_200 |
224
|
|
|
|
225
|
|
|
@staticmethod |
226
|
|
|
def on_get(req, resp, id_): |
227
|
|
|
admin_control(req) |
228
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
229
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
230
|
|
|
description='API.INVALID_USER_ID') |
231
|
|
|
|
232
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
233
|
|
|
cursor = cnx.cursor() |
234
|
|
|
|
235
|
|
|
query = (" SELECT u.id, u.name, u.display_name, u.uuid, " |
236
|
|
|
" u.email, u.is_admin, u.is_read_only, p.id, p.name, " |
237
|
|
|
" u.account_expiration_datetime_utc, u.password_expiration_datetime_utc," |
238
|
|
|
" u.failed_login_count " |
239
|
|
|
" FROM tbl_users u " |
240
|
|
|
" LEFT JOIN tbl_privileges p ON u.privilege_id = p.id " |
241
|
|
|
" WHERE u.id = %s ") |
242
|
|
|
cursor.execute(query, (id_,)) |
243
|
|
|
row = cursor.fetchone() |
244
|
|
|
cursor.close() |
245
|
|
|
cnx.close() |
246
|
|
|
|
247
|
|
|
if row is None: |
248
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
249
|
|
|
description='API.USER_NOT_FOUND') |
250
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
251
|
|
|
if config.utc_offset[0] == '-': |
252
|
|
|
timezone_offset = -timezone_offset |
253
|
|
|
|
254
|
|
|
result = {"id": row[0], |
255
|
|
|
"name": row[1], |
256
|
|
|
"display_name": row[2], |
257
|
|
|
"uuid": row[3], |
258
|
|
|
"email": row[4], |
259
|
|
|
"is_admin": True if row[5] else False, |
260
|
|
|
"is_read_only": (True if row[6] else False) if row[5] else None, |
261
|
|
|
"privilege": { |
262
|
|
|
"id": row[7], |
263
|
|
|
"name": row[8]} if row[7] is not None else None, |
264
|
|
|
"account_expiration_datetime": |
265
|
|
|
(row[9].replace(tzinfo=timezone.utc) + timedelta(minutes=timezone_offset)).strftime('%Y-%m-%dT%H:%M:%S'), |
266
|
|
|
"password_expiration_datetime": |
267
|
|
|
(row[10].replace(tzinfo=timezone.utc) + timedelta(minutes=timezone_offset)).strftime('%Y-%m-%dT%H:%M:%S'), |
268
|
|
|
"is_locked": True if row[11] >= config.maximum_failed_login_count else False} |
269
|
|
|
resp.text = json.dumps(result) |
270
|
|
|
|
271
|
|
|
@staticmethod |
272
|
|
|
@user_logger |
273
|
|
|
def on_delete(req, resp, id_): |
274
|
|
|
admin_control(req) |
275
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
276
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
277
|
|
|
description='API.INVALID_USER_ID') |
278
|
|
|
|
279
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
280
|
|
|
cursor = cnx.cursor() |
281
|
|
|
|
282
|
|
|
cursor.execute(" SELECT name " |
283
|
|
|
" FROM tbl_users " |
284
|
|
|
" WHERE id = %s ", (id_,)) |
285
|
|
|
if cursor.fetchone() is None: |
286
|
|
|
cursor.close() |
287
|
|
|
cnx.close() |
288
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
289
|
|
|
description='API.USER_NOT_FOUND') |
290
|
|
|
|
291
|
|
|
# check if this user is being used by microgrid |
292
|
|
|
cursor.execute(" SELECT id " |
293
|
|
|
" FROM tbl_microgrids_users " |
294
|
|
|
" WHERE user_id = %s ", (id_,)) |
295
|
|
|
rows_microgrid = cursor.fetchall() |
296
|
|
|
if rows_microgrid is not None and len(rows_microgrid) > 0: |
297
|
|
|
cursor.close() |
298
|
|
|
cnx.close() |
299
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
300
|
|
|
title='API.BAD_REQUEST', |
301
|
|
|
description='API.THERE_IS_RELATION_WITH_MICROGRIDS') |
302
|
|
|
|
303
|
|
|
# TODO: delete associated objects |
304
|
|
|
cursor.execute(" DELETE FROM tbl_users WHERE id = %s ", (id_,)) |
305
|
|
|
cnx.commit() |
306
|
|
|
|
307
|
|
|
cursor.close() |
308
|
|
|
cnx.close() |
309
|
|
|
|
310
|
|
|
resp.status = falcon.HTTP_204 |
311
|
|
|
|
312
|
|
|
@staticmethod |
313
|
|
|
@user_logger |
314
|
|
|
def on_put(req, resp, id_): |
315
|
|
|
"""Handles PUT requests""" |
316
|
|
|
admin_control(req) |
317
|
|
|
try: |
318
|
|
|
raw_json = req.stream.read().decode('utf-8') |
319
|
|
|
new_values = json.loads(raw_json) |
320
|
|
|
except Exception as ex: |
321
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
322
|
|
|
title='API.BAD_REQUEST', |
323
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
324
|
|
|
|
325
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
326
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
327
|
|
|
description='API.INVALID_USER_ID') |
328
|
|
|
|
329
|
|
|
if 'name' not in new_values['data'].keys() or \ |
330
|
|
|
not isinstance(new_values['data']['name'], str) or \ |
331
|
|
|
len(str.strip(new_values['data']['name'])) == 0: |
332
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
333
|
|
|
description='API.INVALID_USER_NAME') |
334
|
|
|
name = str.strip(new_values['data']['name']) |
335
|
|
|
|
336
|
|
|
if 'display_name' not in new_values['data'].keys() or \ |
337
|
|
|
not isinstance(new_values['data']['display_name'], str) or \ |
338
|
|
|
len(str.strip(new_values['data']['display_name'])) == 0: |
339
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
340
|
|
|
description='API.INVALID_DISPLAY_NAME') |
341
|
|
|
display_name = str.strip(new_values['data']['display_name']) |
342
|
|
|
|
343
|
|
|
if 'email' not in new_values['data'].keys() or \ |
344
|
|
|
not isinstance(new_values['data']['email'], str) or \ |
345
|
|
|
len(str.strip(new_values['data']['email'])) == 0: |
346
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
347
|
|
|
description='API.INVALID_EMAIL') |
348
|
|
|
email = str.lower(str.strip(new_values['data']['email'])) |
349
|
|
|
|
350
|
|
|
match = re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', email) |
351
|
|
|
if match is None: |
352
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
353
|
|
|
description='API.INVALID_EMAIL') |
354
|
|
|
|
355
|
|
|
if 'is_admin' not in new_values['data'].keys() or \ |
356
|
|
|
not isinstance(new_values['data']['is_admin'], bool): |
357
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
358
|
|
|
description='API.INVALID_IS_ADMIN_VALUE') |
359
|
|
|
is_admin = new_values['data']['is_admin'] |
360
|
|
|
|
361
|
|
|
is_read_only = False |
362
|
|
|
|
363
|
|
|
if is_admin: |
364
|
|
|
if 'is_read_only' not in new_values['data'].keys() or \ |
365
|
|
|
not isinstance(new_values['data']['is_read_only'], bool): |
366
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
367
|
|
|
description='API.INVALID_IS_READ_ONLY_VALUE') |
368
|
|
|
is_read_only = new_values['data']['is_read_only'] |
369
|
|
|
|
370
|
|
|
if 'privilege_id' in new_values['data'].keys(): |
371
|
|
|
if not isinstance(new_values['data']['privilege_id'], int) or \ |
372
|
|
|
new_values['data']['privilege_id'] <= 0: |
373
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
374
|
|
|
description='API.INVALID_PRIVILEGE_ID') |
375
|
|
|
privilege_id = new_values['data']['privilege_id'] |
376
|
|
|
else: |
377
|
|
|
privilege_id = None |
378
|
|
|
|
379
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
380
|
|
|
if config.utc_offset[0] == '-': |
381
|
|
|
timezone_offset = -timezone_offset |
382
|
|
|
|
383
|
|
|
account_expiration_datetime = datetime.strptime(new_values['data']['account_expiration_datetime'], |
384
|
|
|
'%Y-%m-%dT%H:%M:%S') |
385
|
|
|
account_expiration_datetime = account_expiration_datetime.replace(tzinfo=timezone.utc) |
386
|
|
|
account_expiration_datetime -= timedelta(minutes=timezone_offset) |
387
|
|
|
|
388
|
|
|
password_expiration_datetime = datetime.strptime(new_values['data']['password_expiration_datetime'], |
389
|
|
|
'%Y-%m-%dT%H:%M:%S') |
390
|
|
|
password_expiration_datetime = password_expiration_datetime.replace(tzinfo=timezone.utc) |
391
|
|
|
password_expiration_datetime -= timedelta(minutes=timezone_offset) |
392
|
|
|
|
393
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
394
|
|
|
cursor = cnx.cursor() |
395
|
|
|
|
396
|
|
|
cursor.execute(" SELECT name " |
397
|
|
|
" FROM tbl_users " |
398
|
|
|
" WHERE id = %s ", (id_,)) |
399
|
|
|
if cursor.fetchone() is None: |
400
|
|
|
cursor.close() |
401
|
|
|
cnx.close() |
402
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
403
|
|
|
description='API.USER_NOT_FOUND') |
404
|
|
|
|
405
|
|
|
cursor.execute(" SELECT name " |
406
|
|
|
" FROM tbl_users " |
407
|
|
|
" WHERE name = %s AND id != %s ", (name, id_)) |
408
|
|
|
if cursor.fetchone() is not None: |
409
|
|
|
cursor.close() |
410
|
|
|
cnx.close() |
411
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
412
|
|
|
description='API.USER_NAME_IS_ALREADY_IN_USE') |
413
|
|
|
|
414
|
|
|
cursor.execute(" SELECT name " |
415
|
|
|
" FROM tbl_users " |
416
|
|
|
" WHERE email = %s AND id != %s ", (email, id_)) |
417
|
|
|
if cursor.fetchone() is not None: |
418
|
|
|
cursor.close() |
419
|
|
|
cnx.close() |
420
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.BAD_REQUEST', |
421
|
|
|
description='API.EMAIL_IS_ALREADY_IN_USE') |
422
|
|
|
|
423
|
|
|
if privilege_id is not None: |
424
|
|
|
cursor.execute(" SELECT name " |
425
|
|
|
" FROM tbl_privileges " |
426
|
|
|
" WHERE id = %s ", |
427
|
|
|
(privilege_id,)) |
428
|
|
|
if cursor.fetchone() is None: |
429
|
|
|
cursor.close() |
430
|
|
|
cnx.close() |
431
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
432
|
|
|
description='API.PRIVILEGE_NOT_FOUND') |
433
|
|
|
|
434
|
|
|
update_row = (" UPDATE tbl_users " |
435
|
|
|
" SET name = %s, display_name = %s, email = %s, " |
436
|
|
|
" is_admin = %s, is_read_only = %s, privilege_id = %s," |
437
|
|
|
" account_expiration_datetime_utc = %s, " |
438
|
|
|
" password_expiration_datetime_utc = %s " |
439
|
|
|
" WHERE id = %s ") |
440
|
|
|
cursor.execute(update_row, (name, |
441
|
|
|
display_name, |
442
|
|
|
email, |
443
|
|
|
is_admin, |
444
|
|
|
is_read_only, |
445
|
|
|
privilege_id, |
446
|
|
|
account_expiration_datetime, |
447
|
|
|
password_expiration_datetime, |
448
|
|
|
id_,)) |
449
|
|
|
cnx.commit() |
450
|
|
|
|
451
|
|
|
cursor.close() |
452
|
|
|
cnx.close() |
453
|
|
|
|
454
|
|
|
resp.status = falcon.HTTP_200 |
455
|
|
|
|
456
|
|
|
|
457
|
|
|
class UserLogin: |
458
|
|
|
@staticmethod |
459
|
|
|
def __init__(): |
460
|
|
|
"""Initializes Class""" |
461
|
|
|
pass |
462
|
|
|
|
463
|
|
|
@staticmethod |
464
|
|
|
def on_options(req, resp): |
465
|
|
|
resp.status = falcon.HTTP_200 |
466
|
|
|
|
467
|
|
|
@staticmethod |
468
|
|
|
def on_put(req, resp): |
469
|
|
|
"""Handles PUT requests""" |
470
|
|
|
try: |
471
|
|
|
raw_json = req.stream.read().decode('utf-8') |
472
|
|
|
new_values = json.loads(raw_json) |
473
|
|
|
except Exception as ex: |
474
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
475
|
|
|
title='API.BAD_REQUEST', |
476
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
477
|
|
|
|
478
|
|
|
if not isinstance(new_values['data']['password'], str) or \ |
479
|
|
|
len(str.strip(new_values['data']['password'])) == 0: |
480
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
481
|
|
|
description='API.INVALID_PASSWORD') |
482
|
|
|
|
483
|
|
|
if len(str.strip(new_values['data']['password'])) > 100: |
484
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
485
|
|
|
description='API.PASSWORD_LENGTH_CANNOT_EXCEED_100_CHARACTERS') |
486
|
|
|
|
487
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
488
|
|
|
cursor = cnx.cursor() |
489
|
|
|
|
490
|
|
|
if 'name' in new_values['data']: |
491
|
|
|
|
492
|
|
|
if not isinstance(new_values['data']['name'], str) or \ |
493
|
|
|
len(str.strip(new_values['data']['name'])) == 0: |
494
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
495
|
|
|
description='API.INVALID_USER_NAME') |
496
|
|
|
|
497
|
|
|
query = (" SELECT id, name, uuid, display_name, email, salt, password, is_admin, is_read_only, " |
498
|
|
|
" account_expiration_datetime_utc, password_expiration_datetime_utc, failed_login_count " |
499
|
|
|
" FROM tbl_users " |
500
|
|
|
" WHERE name = %s ") |
501
|
|
|
cursor.execute(query, (str.strip(new_values['data']['name']).lower(),)) |
502
|
|
|
row = cursor.fetchone() |
503
|
|
|
if row is None: |
504
|
|
|
cursor.close() |
505
|
|
|
cnx.close() |
506
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.ERROR', description='API.USER_NOT_FOUND') |
507
|
|
|
|
508
|
|
|
result = {"id": row[0], |
509
|
|
|
"name": row[1], |
510
|
|
|
"uuid": row[2], |
511
|
|
|
"display_name": row[3], |
512
|
|
|
"email": row[4], |
513
|
|
|
"salt": row[5], |
514
|
|
|
"password": row[6], |
515
|
|
|
"is_admin": True if row[7] else False, |
516
|
|
|
"is_read_only": (True if row[8] else False) if row[7] else None, |
517
|
|
|
"account_expiration_datetime_utc": row[9], |
518
|
|
|
"password_expiration_datetime_utc": row[10], |
519
|
|
|
"failed_login_count": row[11]} |
520
|
|
|
|
521
|
|
|
elif 'email' in new_values['data']: |
522
|
|
|
if not isinstance(new_values['data']['email'], str) or \ |
523
|
|
|
len(str.strip(new_values['data']['email'])) == 0: |
524
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
525
|
|
|
description='API.INVALID_EMAIL') |
526
|
|
|
|
527
|
|
|
query = (" SELECT id, name, uuid, display_name, email, salt, password, is_admin, is_read_only, " |
528
|
|
|
" account_expiration_datetime_utc, password_expiration_datetime_utc,failed_login_count " |
529
|
|
|
" FROM tbl_users " |
530
|
|
|
" WHERE email = %s ") |
531
|
|
|
cursor.execute(query, (str.strip(new_values['data']['email']).lower(),)) |
532
|
|
|
row = cursor.fetchone() |
533
|
|
|
if row is None: |
534
|
|
|
cursor.close() |
535
|
|
|
cnx.close() |
536
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.ERROR', description='API.USER_NOT_FOUND') |
537
|
|
|
|
538
|
|
|
result = {"id": row[0], |
539
|
|
|
"name": row[1], |
540
|
|
|
"uuid": row[2], |
541
|
|
|
"display_name": row[3], |
542
|
|
|
"email": row[4], |
543
|
|
|
"salt": row[5], |
544
|
|
|
"password": row[6], |
545
|
|
|
"is_admin": True if row[7] else False, |
546
|
|
|
"is_read_only": (True if row[8] else False) if row[7] else None, |
547
|
|
|
"account_expiration_datetime_utc": row[9], |
548
|
|
|
"password_expiration_datetime_utc": row[10], |
549
|
|
|
"failed_login_count": row[11]} |
550
|
|
|
|
551
|
|
|
else: |
552
|
|
|
cursor.close() |
553
|
|
|
cnx.close() |
554
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
555
|
|
|
description='API.INVALID_USER_NAME_OR_EMAIL') |
556
|
|
|
|
557
|
|
|
failed_login_count = result['failed_login_count'] |
558
|
|
|
|
559
|
|
|
if failed_login_count >= config.maximum_failed_login_count: |
560
|
|
|
cursor.close() |
561
|
|
|
cnx.close() |
562
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
563
|
|
|
title='API.BAD_REQUEST', |
564
|
|
|
description='API.USER_ACCOUNT_HAS_BEEN_LOCKED') |
565
|
|
|
|
566
|
|
|
salt = result['salt'] |
567
|
|
|
password = str.strip(new_values['data']['password']) |
568
|
|
|
hashed_password = hashlib.sha512(salt.encode() + password.encode()).hexdigest() |
569
|
|
|
|
570
|
|
|
if hashed_password != result['password']: |
571
|
|
|
update_failed_login_count = (" UPDATE tbl_users " |
572
|
|
|
" SET failed_login_count = %s " |
573
|
|
|
" WHERE uuid = %s ") |
574
|
|
|
user_uuid = result['uuid'] |
575
|
|
|
cursor.execute(update_failed_login_count, (failed_login_count + 1, user_uuid)) |
576
|
|
|
cnx.commit() |
577
|
|
|
cursor.close() |
578
|
|
|
cnx.close() |
579
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_PASSWORD') |
580
|
|
|
|
581
|
|
|
if failed_login_count != 0: |
582
|
|
|
update_failed_login_count = (" UPDATE tbl_users " |
583
|
|
|
" SET failed_login_count = 0 " |
584
|
|
|
" WHERE uuid = %s ") |
585
|
|
|
user_uuid = result['uuid'] |
586
|
|
|
cursor.execute(update_failed_login_count, (user_uuid, )) |
587
|
|
|
cnx.commit() |
588
|
|
|
|
589
|
|
|
if result['account_expiration_datetime_utc'] <= datetime.utcnow(): |
590
|
|
|
cursor.close() |
591
|
|
|
cnx.close() |
592
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
593
|
|
|
title='API.BAD_REQUEST', |
594
|
|
|
description='API.USER_ACCOUNT_HAS_EXPIRED') |
595
|
|
|
|
596
|
|
|
if result['password_expiration_datetime_utc'] <= datetime.utcnow(): |
597
|
|
|
cursor.close() |
598
|
|
|
cnx.close() |
599
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
600
|
|
|
title='API.BAD_REQUEST', |
601
|
|
|
description='API.USER_PASSWORD_HAS_EXPIRED') |
602
|
|
|
|
603
|
|
|
add_session = (" INSERT INTO tbl_sessions " |
604
|
|
|
" (user_uuid, token, utc_expires) " |
605
|
|
|
" VALUES (%s, %s, %s) ") |
606
|
|
|
user_uuid = result['uuid'] |
607
|
|
|
token = hashlib.sha512(os.urandom(24)).hexdigest() |
608
|
|
|
utc_expires = datetime.utcnow() + timedelta(seconds=config.session_expires_in_seconds) |
609
|
|
|
cursor.execute(add_session, (user_uuid, token, utc_expires)) |
610
|
|
|
cnx.commit() |
611
|
|
|
cursor.close() |
612
|
|
|
cnx.close() |
613
|
|
|
del result['salt'] |
614
|
|
|
del result['password'] |
615
|
|
|
|
616
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
617
|
|
|
if config.utc_offset[0] == '-': |
618
|
|
|
timezone_offset = -timezone_offset |
619
|
|
|
|
620
|
|
|
result['account_expiration_datetime'] = \ |
621
|
|
|
(result['account_expiration_datetime_utc'].replace(tzinfo=timezone.utc) + |
622
|
|
|
timedelta(minutes=timezone_offset)).strftime('%Y-%m-%dT%H:%M:%S') |
623
|
|
|
del result['account_expiration_datetime_utc'] |
624
|
|
|
|
625
|
|
|
result['password_expiration_datetime'] = \ |
626
|
|
|
(result['password_expiration_datetime_utc'].replace(tzinfo=timezone.utc) + |
627
|
|
|
timedelta(minutes=timezone_offset)).strftime('%Y-%m-%dT%H:%M:%S') |
628
|
|
|
del result['password_expiration_datetime_utc'] |
629
|
|
|
|
630
|
|
|
result['token'] = token |
631
|
|
|
|
632
|
|
|
resp.text = json.dumps(result) |
633
|
|
|
resp.status = falcon.HTTP_200 |
634
|
|
|
write_log(user_uuid=user_uuid, request_method='PUT', resource_type='UserLogin', |
635
|
|
|
resource_id=None, request_body=None) |
636
|
|
|
|
637
|
|
|
|
638
|
|
|
class UserLogout: |
639
|
|
|
@staticmethod |
640
|
|
|
def __init__(): |
641
|
|
|
"""Initializes Class""" |
642
|
|
|
pass |
643
|
|
|
|
644
|
|
|
@staticmethod |
645
|
|
|
def on_options(req, resp): |
646
|
|
|
resp.status = falcon.HTTP_200 |
647
|
|
|
|
648
|
|
|
@staticmethod |
649
|
|
|
@user_logger |
650
|
|
|
def on_put(req, resp): |
651
|
|
|
"""Handles PUT requests""" |
652
|
|
|
|
653
|
|
|
if 'USER-UUID' not in req.headers or \ |
654
|
|
|
not isinstance(req.headers['USER-UUID'], str) or \ |
655
|
|
|
len(str.strip(req.headers['USER-UUID'])) == 0: |
656
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
657
|
|
|
description='API.INVALID_USER_UUID') |
658
|
|
|
user_uuid = str.strip(req.headers['USER-UUID']) |
659
|
|
|
|
660
|
|
|
if 'TOKEN' not in req.headers or \ |
661
|
|
|
not isinstance(req.headers['TOKEN'], str) or \ |
662
|
|
|
len(str.strip(req.headers['TOKEN'])) == 0: |
663
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
664
|
|
|
description='API.INVALID_TOKEN') |
665
|
|
|
token = str.strip(req.headers['TOKEN']) |
666
|
|
|
|
667
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
668
|
|
|
cursor = cnx.cursor() |
669
|
|
|
query = (" DELETE FROM tbl_sessions " |
670
|
|
|
" WHERE user_uuid = %s AND token = %s ") |
671
|
|
|
cursor.execute(query, (user_uuid, token,)) |
672
|
|
|
rowcount = cursor.rowcount |
673
|
|
|
cnx.commit() |
674
|
|
|
cursor.close() |
675
|
|
|
cnx.close() |
676
|
|
|
if rowcount is None or rowcount == 0: |
677
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
678
|
|
|
description='API.USER_SESSION_NOT_FOUND') |
679
|
|
|
resp.text = json.dumps("OK") |
680
|
|
|
resp.status = falcon.HTTP_200 |
681
|
|
|
|
682
|
|
|
|
683
|
|
|
class ChangePassword: |
684
|
|
|
@staticmethod |
685
|
|
|
def __init__(): |
686
|
|
|
"""Initializes Class""" |
687
|
|
|
pass |
688
|
|
|
|
689
|
|
|
@staticmethod |
690
|
|
|
def on_options(req, resp): |
691
|
|
|
resp.status = falcon.HTTP_200 |
692
|
|
|
|
693
|
|
|
@staticmethod |
694
|
|
|
def on_put(req, resp): |
695
|
|
|
"""Handles PUT requests""" |
696
|
|
|
if 'USER-UUID' not in req.headers or \ |
697
|
|
|
not isinstance(req.headers['USER-UUID'], str) or \ |
698
|
|
|
len(str.strip(req.headers['USER-UUID'])) == 0: |
699
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
700
|
|
|
description='API.INVALID_USER_UUID') |
701
|
|
|
user_uuid = str.strip(req.headers['USER-UUID']) |
702
|
|
|
|
703
|
|
|
if 'TOKEN' not in req.headers or \ |
704
|
|
|
not isinstance(req.headers['TOKEN'], str) or \ |
705
|
|
|
len(str.strip(req.headers['TOKEN'])) == 0: |
706
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
707
|
|
|
description='API.INVALID_TOKEN') |
708
|
|
|
token = str.strip(req.headers['TOKEN']) |
709
|
|
|
|
710
|
|
|
try: |
711
|
|
|
raw_json = req.stream.read().decode('utf-8') |
712
|
|
|
new_values = json.loads(raw_json) |
713
|
|
|
except Exception as ex: |
714
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
715
|
|
|
title='API.BAD_REQUEST', |
716
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
717
|
|
|
|
718
|
|
|
if 'old_password' not in new_values['data'] or \ |
719
|
|
|
not isinstance(new_values['data']['old_password'], str) or \ |
720
|
|
|
len(str.strip(new_values['data']['old_password'])) == 0: |
721
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
722
|
|
|
description='API.INVALID_OLD_PASSWORD') |
723
|
|
|
old_password = str.strip(new_values['data']['old_password']) |
724
|
|
|
|
725
|
|
|
if len(str.strip(new_values['data']['old_password'])) > 100: |
726
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
727
|
|
|
description='API.OLD_PASSWORD_LENGTH_CANNOT_EXCEED_100_CHARACTERS') |
728
|
|
|
|
729
|
|
|
if 'new_password' not in new_values['data'] or \ |
730
|
|
|
not isinstance(new_values['data']['new_password'], str) or \ |
731
|
|
|
len(str.strip(new_values['data']['new_password'])) == 0: |
732
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
733
|
|
|
description='API.INVALID_NEW_PASSWORD') |
734
|
|
|
new_password = str.strip(new_values['data']['new_password']) |
735
|
|
|
|
736
|
|
|
if len(str.strip(new_values['data']['new_password'])) > 100: |
737
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
738
|
|
|
description='API.NEW_PASSWORD_LENGTH_CANNOT_EXCEED_100_CHARACTERS') |
739
|
|
|
|
740
|
|
|
# Verify User Session |
741
|
|
|
|
742
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
743
|
|
|
cursor = cnx.cursor() |
744
|
|
|
query = (" SELECT utc_expires " |
745
|
|
|
" FROM tbl_sessions " |
746
|
|
|
" WHERE user_uuid = %s AND token = %s") |
747
|
|
|
cursor.execute(query, (user_uuid, token,)) |
748
|
|
|
row = cursor.fetchone() |
749
|
|
|
|
750
|
|
|
if row is None: |
751
|
|
|
cursor.close() |
752
|
|
|
cnx.close() |
753
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
754
|
|
|
description='API.USER_SESSION_NOT_FOUND') |
755
|
|
|
else: |
756
|
|
|
utc_expires = row[0] |
757
|
|
|
if datetime.utcnow() > utc_expires: |
758
|
|
|
cursor.close() |
759
|
|
|
cnx.close() |
760
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
761
|
|
|
description='API.USER_SESSION_TIMEOUT') |
762
|
|
|
|
763
|
|
|
query = (" SELECT salt, password " |
764
|
|
|
" FROM tbl_users " |
765
|
|
|
" WHERE uuid = %s ") |
766
|
|
|
cursor.execute(query, (user_uuid,)) |
767
|
|
|
row = cursor.fetchone() |
768
|
|
|
if row is None: |
769
|
|
|
cursor.close() |
770
|
|
|
cnx.close() |
771
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', description='API.USER_NOT_FOUND') |
772
|
|
|
|
773
|
|
|
result = {'salt': row[0], 'password': row[1]} |
774
|
|
|
|
775
|
|
|
# verify old password |
776
|
|
|
salt = result['salt'] |
777
|
|
|
hashed_password = hashlib.sha512(salt.encode() + old_password.encode()).hexdigest() |
778
|
|
|
|
779
|
|
|
if hashed_password != result['password']: |
780
|
|
|
cursor.close() |
781
|
|
|
cnx.close() |
782
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
783
|
|
|
title='API.BAD_REQUEST', |
784
|
|
|
description='API.INVALID_OLD_PASSWORD') |
785
|
|
|
|
786
|
|
|
# Update User password |
787
|
|
|
salt = uuid.uuid4().hex |
788
|
|
|
hashed_password = hashlib.sha512(salt.encode() + new_password.encode()).hexdigest() |
789
|
|
|
|
790
|
|
|
update_user = (" UPDATE tbl_users " |
791
|
|
|
" SET salt = %s, password = %s " |
792
|
|
|
" WHERE uuid = %s ") |
793
|
|
|
cursor.execute(update_user, (salt, hashed_password, user_uuid,)) |
794
|
|
|
cnx.commit() |
795
|
|
|
|
796
|
|
|
# Refresh User session |
797
|
|
|
update_session = (" UPDATE tbl_sessions " |
798
|
|
|
" SET utc_expires = %s " |
799
|
|
|
" WHERE user_uuid = %s AND token = %s ") |
800
|
|
|
utc_expires = datetime.utcnow() + timedelta(seconds=1000 * 60 * 60 * 8) |
801
|
|
|
cursor.execute(update_session, (utc_expires, user_uuid, token, )) |
802
|
|
|
cnx.commit() |
803
|
|
|
|
804
|
|
|
cursor.close() |
805
|
|
|
cnx.close() |
806
|
|
|
resp.text = json.dumps("OK") |
807
|
|
|
resp.status = falcon.HTTP_200 |
808
|
|
|
write_log(user_uuid=user_uuid, request_method='PUT', resource_type='ChangePassword', |
809
|
|
|
resource_id=None, request_body=None) |
810
|
|
|
|
811
|
|
|
|
812
|
|
|
class ResetPassword: |
813
|
|
|
@staticmethod |
814
|
|
|
def __init__(): |
815
|
|
|
"""Initializes Class""" |
816
|
|
|
pass |
817
|
|
|
|
818
|
|
|
@staticmethod |
819
|
|
|
def on_options(req, resp): |
820
|
|
|
resp.status = falcon.HTTP_200 |
821
|
|
|
|
822
|
|
|
@staticmethod |
823
|
|
|
def on_put(req, resp): |
824
|
|
|
"""Handles PUT requests""" |
825
|
|
|
if 'USER-UUID' not in req.headers or \ |
826
|
|
|
not isinstance(req.headers['USER-UUID'], str) or \ |
827
|
|
|
len(str.strip(req.headers['USER-UUID'])) == 0: |
828
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
829
|
|
|
description='API.INVALID_USER_UUID') |
830
|
|
|
admin_user_uuid = str.strip(req.headers['USER-UUID']) |
831
|
|
|
|
832
|
|
|
if 'TOKEN' not in req.headers or \ |
833
|
|
|
not isinstance(req.headers['TOKEN'], str) or \ |
834
|
|
|
len(str.strip(req.headers['TOKEN'])) == 0: |
835
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
836
|
|
|
description='API.INVALID_TOKEN') |
837
|
|
|
admin_token = str.strip(req.headers['TOKEN']) |
838
|
|
|
|
839
|
|
|
try: |
840
|
|
|
raw_json = req.stream.read().decode('utf-8') |
841
|
|
|
new_values = json.loads(raw_json) |
842
|
|
|
except Exception as ex: |
843
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
844
|
|
|
title='API.BAD_REQUEST', |
845
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
846
|
|
|
|
847
|
|
|
if 'name' not in new_values['data'] or \ |
848
|
|
|
not isinstance(new_values['data']['name'], str) or \ |
849
|
|
|
len(str.strip(new_values['data']['name'])) == 0: |
850
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
851
|
|
|
description='API.INVALID_USER_NAME') |
852
|
|
|
user_name = str.strip(new_values['data']['name']) |
853
|
|
|
|
854
|
|
|
if 'password' not in new_values['data'] or \ |
855
|
|
|
not isinstance(new_values['data']['password'], str) or \ |
856
|
|
|
len(str.strip(new_values['data']['password'])) == 0: |
857
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
858
|
|
|
description='API.INVALID_PASSWORD') |
859
|
|
|
|
860
|
|
|
if len(str.strip(new_values['data']['password'])) > 100: |
861
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
862
|
|
|
description='API.PASSWORD_LENGTH_CANNOT_EXCEED_100_CHARACTERS') |
863
|
|
|
|
864
|
|
|
new_password = str.strip(new_values['data']['password']) |
865
|
|
|
|
866
|
|
|
# Verify Administrator |
867
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
868
|
|
|
cursor = cnx.cursor() |
869
|
|
|
query = (" SELECT utc_expires " |
870
|
|
|
" FROM tbl_sessions " |
871
|
|
|
" WHERE user_uuid = %s AND token = %s") |
872
|
|
|
cursor.execute(query, (admin_user_uuid, admin_token,)) |
873
|
|
|
row = cursor.fetchone() |
874
|
|
|
|
875
|
|
|
if row is None: |
876
|
|
|
cursor.close() |
877
|
|
|
cnx.close() |
878
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
879
|
|
|
description='API.ADMINISTRATOR_SESSION_NOT_FOUND') |
880
|
|
|
else: |
881
|
|
|
utc_expires = row[0] |
882
|
|
|
if datetime.utcnow() > utc_expires: |
883
|
|
|
cursor.close() |
884
|
|
|
cnx.close() |
885
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
886
|
|
|
description='API.ADMINISTRATOR_SESSION_TIMEOUT') |
887
|
|
|
|
888
|
|
|
query = (" SELECT name " |
889
|
|
|
" FROM tbl_users " |
890
|
|
|
" WHERE uuid = %s AND is_admin = 1 ") |
891
|
|
|
cursor.execute(query, (admin_user_uuid,)) |
892
|
|
|
row = cursor.fetchone() |
893
|
|
|
if row is None: |
894
|
|
|
cursor.close() |
895
|
|
|
cnx.close() |
896
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_PRIVILEGE') |
897
|
|
|
|
898
|
|
|
salt = uuid.uuid4().hex |
899
|
|
|
hashed_password = hashlib.sha512(salt.encode() + new_password.encode()).hexdigest() |
900
|
|
|
|
901
|
|
|
update_user = (" UPDATE tbl_users " |
902
|
|
|
" SET salt = %s, password = %s " |
903
|
|
|
" WHERE name = %s ") |
904
|
|
|
cursor.execute(update_user, (salt, hashed_password, user_name,)) |
905
|
|
|
cnx.commit() |
906
|
|
|
|
907
|
|
|
query = (" SELECT id " |
908
|
|
|
" FROM tbl_users " |
909
|
|
|
" WHERE name = %s ") |
910
|
|
|
cursor.execute(query, (user_name,)) |
911
|
|
|
row = cursor.fetchone() |
912
|
|
|
if row is None: |
913
|
|
|
cursor.close() |
914
|
|
|
cnx.close() |
915
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_USERNAME') |
916
|
|
|
|
917
|
|
|
user_id = row[0] |
918
|
|
|
|
919
|
|
|
# Refresh administrator session |
920
|
|
|
update_session = (" UPDATE tbl_sessions " |
921
|
|
|
" SET utc_expires = %s " |
922
|
|
|
" WHERE user_uuid = %s and token = %s ") |
923
|
|
|
utc_expires = datetime.utcnow() + timedelta(seconds=1000 * 60 * 60 * 8) |
924
|
|
|
cursor.execute(update_session, (utc_expires, admin_user_uuid, admin_token, )) |
925
|
|
|
cnx.commit() |
926
|
|
|
|
927
|
|
|
cursor.close() |
928
|
|
|
cnx.close() |
929
|
|
|
resp.text = json.dumps("OK") |
930
|
|
|
resp.status = falcon.HTTP_200 |
931
|
|
|
write_log(user_uuid=admin_user_uuid, request_method='PUT', resource_type='ResetPassword', |
932
|
|
|
resource_id=user_id, request_body=None) |
933
|
|
|
|
934
|
|
|
|
935
|
|
|
class Unlock: |
936
|
|
|
@staticmethod |
937
|
|
|
def __init__(): |
938
|
|
|
"""Initializes Class""" |
939
|
|
|
pass |
940
|
|
|
|
941
|
|
|
@staticmethod |
942
|
|
|
def on_options(req, resp): |
943
|
|
|
resp.status = falcon.HTTP_200 |
944
|
|
|
|
945
|
|
|
@staticmethod |
946
|
|
|
def on_put(req, resp, id_): |
947
|
|
|
"""Handles PUT requests""" |
948
|
|
|
if 'USER-UUID' not in req.headers or \ |
949
|
|
|
not isinstance(req.headers['USER-UUID'], str) or \ |
950
|
|
|
len(str.strip(req.headers['USER-UUID'])) == 0: |
951
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
952
|
|
|
description='API.INVALID_USER_UUID') |
953
|
|
|
admin_user_uuid = str.strip(req.headers['USER-UUID']) |
954
|
|
|
|
955
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
956
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
957
|
|
|
description='API.INVALID_USER_ID') |
958
|
|
|
|
959
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
960
|
|
|
cursor = cnx.cursor() |
961
|
|
|
|
962
|
|
|
query = (" SELECT failed_login_count " |
963
|
|
|
" FROM tbl_users " |
964
|
|
|
" WHERE id = %s ") |
965
|
|
|
cursor.execute(query, (id_,)) |
966
|
|
|
row = cursor.fetchone() |
967
|
|
|
if row is None: |
968
|
|
|
cursor.close() |
969
|
|
|
cnx.close() |
970
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', description='API.INVALID_Id') |
971
|
|
|
|
972
|
|
|
failed_login_count = row[0] |
973
|
|
|
if failed_login_count < config.maximum_failed_login_count: |
974
|
|
|
cursor.close() |
975
|
|
|
cnx.close() |
976
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
977
|
|
|
title='API.BAD_REQUEST', |
978
|
|
|
description='API.USER_ACCOUNT_IS_NOT_LOCKED') |
979
|
|
|
|
980
|
|
|
update_user = (" UPDATE tbl_users " |
981
|
|
|
" SET failed_login_count = 0" |
982
|
|
|
" WHERE id = %s ") |
983
|
|
|
cursor.execute(update_user, (id_, )) |
984
|
|
|
cnx.commit() |
985
|
|
|
|
986
|
|
|
query = (" SELECT failed_login_count " |
987
|
|
|
" FROM tbl_users " |
988
|
|
|
" WHERE id = %s ") |
989
|
|
|
cursor.execute(query, (id_,)) |
990
|
|
|
row = cursor.fetchone() |
991
|
|
|
if row is None or row[0] != 0: |
992
|
|
|
cursor.close() |
993
|
|
|
cnx.close() |
994
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
995
|
|
|
title='API.BAD_REQUEST', |
996
|
|
|
description='API.ACCOUNT_UNLOCK_FAILED') |
997
|
|
|
|
998
|
|
|
cursor.close() |
999
|
|
|
cnx.close() |
1000
|
|
|
resp.text = json.dumps("OK") |
1001
|
|
|
resp.status = falcon.HTTP_200 |
1002
|
|
|
write_log(user_uuid=admin_user_uuid, request_method='PUT', resource_type='UnlockUser', |
1003
|
|
|
resource_id=id_, request_body=None) |
1004
|
|
|
|
1005
|
|
|
|
1006
|
|
|
class ForgotPassword: |
1007
|
|
|
@staticmethod |
1008
|
|
|
def __init__(): |
1009
|
|
|
"""Initializes Class""" |
1010
|
|
|
pass |
1011
|
|
|
|
1012
|
|
|
@staticmethod |
1013
|
|
|
def on_options(req, resp): |
1014
|
|
|
resp.status = falcon.HTTP_200 |
1015
|
|
|
|
1016
|
|
|
@staticmethod |
1017
|
|
|
def on_put(req, resp): |
1018
|
|
|
"""Handles PUT requests""" |
1019
|
|
|
try: |
1020
|
|
|
raw_json = req.stream.read().decode('utf-8') |
1021
|
|
|
new_values = json.loads(raw_json) |
1022
|
|
|
except Exception as ex: |
1023
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1024
|
|
|
title='API.BAD_REQUEST', |
1025
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
1026
|
|
|
|
1027
|
|
|
if 'verification_code' not in new_values['data'].keys() or \ |
1028
|
|
|
not isinstance(new_values['data']['verification_code'], str) or \ |
1029
|
|
|
len(str.strip(new_values['data']['verification_code'])) == 0: |
1030
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1031
|
|
|
description='API.INVALID_VERIFICATION_CODE') |
1032
|
|
|
verification_code = str.strip(new_values['data']['verification_code']) |
1033
|
|
|
|
1034
|
|
|
if 'password' not in new_values['data'].keys() or \ |
1035
|
|
|
not isinstance(new_values['data']['password'], str) or \ |
1036
|
|
|
len(str.strip(new_values['data']['password'])) == 0: |
1037
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1038
|
|
|
description='API.INVALID_PASSWORD') |
1039
|
|
|
password = str.strip(new_values['data']['password']) |
1040
|
|
|
|
1041
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1042
|
|
|
cursor = cnx.cursor() |
1043
|
|
|
|
1044
|
|
|
if 'email' in new_values['data']: |
1045
|
|
|
if not isinstance(new_values['data']['email'], str) or \ |
1046
|
|
|
len(str.strip(new_values['data']['email'])) == 0: |
1047
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1048
|
|
|
description='API.INVALID_EMAIL') |
1049
|
|
|
|
1050
|
|
|
email = str.strip(new_values['data']['email']).lower() |
1051
|
|
|
|
1052
|
|
|
query = (" SELECT recipient_email, verification_code, expires_datetime_utc" |
1053
|
|
|
" FROM tbl_verification_codes " |
1054
|
|
|
" WHERE recipient_email = %s and verification_code = %s" |
1055
|
|
|
" ORDER BY created_datetime_utc DESC") |
1056
|
|
|
cursor.execute(query, (email, verification_code)) |
1057
|
|
|
row = cursor.fetchone() |
1058
|
|
|
|
1059
|
|
|
if row is None: |
1060
|
|
|
cursor.close() |
1061
|
|
|
cnx.close() |
1062
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.ERROR', |
1063
|
|
|
description='API.INVALID_VERIFICATION_CODE') |
1064
|
|
|
else: |
1065
|
|
|
if datetime.utcnow() > row[2]: |
1066
|
|
|
cursor.close() |
1067
|
|
|
cnx.close() |
1068
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1069
|
|
|
description='API.ADMINISTRATOR_SESSION_TIMEOUT') |
1070
|
|
|
else: |
1071
|
|
|
cursor.close() |
1072
|
|
|
cnx.close() |
1073
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1074
|
|
|
title='API.BAD_REQUEST', |
1075
|
|
|
description='API.INVALID_EMAIL') |
1076
|
|
|
|
1077
|
|
|
cursor.execute(" SELECT salt, uuid, id " |
1078
|
|
|
" FROM tbl_users " |
1079
|
|
|
" WHERE email = %s", |
1080
|
|
|
(email,)) |
1081
|
|
|
row = cursor.fetchone() |
1082
|
|
|
if row is None: |
1083
|
|
|
cursor.close() |
1084
|
|
|
cnx.close() |
1085
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.ERROR', description='API.USER_NOT_FOUND') |
1086
|
|
|
else: |
1087
|
|
|
result = {"salt": row[0], "uuid": row[1], "id": row[2]} |
1088
|
|
|
|
1089
|
|
|
hashed_password = hashlib.sha512(result['salt'].encode() + password.encode()).hexdigest() |
1090
|
|
|
cursor.execute(" SELECT uuid, id " |
1091
|
|
|
" FROM tbl_users " |
1092
|
|
|
" WHERE email = %s and password = %s", |
1093
|
|
|
(email, hashed_password)) |
1094
|
|
|
row = cursor.fetchone() |
1095
|
|
|
if row is not None: |
1096
|
|
|
cursor.close() |
1097
|
|
|
cnx.close() |
1098
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.ERROR', description='API.PASSWORDS_MATCH') |
1099
|
|
|
|
1100
|
|
|
cursor.execute(" UPDATE tbl_users " |
1101
|
|
|
" SET password = %s " |
1102
|
|
|
" Where email = %s", |
1103
|
|
|
(hashed_password, email)) |
1104
|
|
|
cnx.commit() |
1105
|
|
|
|
1106
|
|
|
cursor.execute(" DELETE FROM tbl_verification_codes " |
1107
|
|
|
" WHERE recipient_email = %s ", |
1108
|
|
|
(email,)) |
1109
|
|
|
cnx.commit() |
1110
|
|
|
cursor.close() |
1111
|
|
|
cnx.close() |
1112
|
|
|
|
1113
|
|
|
resp.status = falcon.HTTP_200 |
1114
|
|
|
write_log(user_uuid=result['uuid'], request_method='PUT', resource_type='ForgotPassword', |
1115
|
|
|
resource_id=result['id'], request_body=None) |
1116
|
|
|
|
1117
|
|
|
|
1118
|
|
|
class EmailMessageCollection: |
1119
|
|
|
@staticmethod |
1120
|
|
|
def __init__(): |
1121
|
|
|
""""Initializes EmailMessageCollection""" |
1122
|
|
|
pass |
1123
|
|
|
|
1124
|
|
|
@staticmethod |
1125
|
|
|
def on_options(req, resp): |
1126
|
|
|
resp.status = falcon.HTTP_200 |
1127
|
|
|
|
1128
|
|
View Code Duplication |
@staticmethod |
|
|
|
|
1129
|
|
|
def on_get(req, resp): |
1130
|
|
|
admin_control(req) |
1131
|
|
|
start_datetime_local = req.params.get('startdatetime') |
1132
|
|
|
end_datetime_local = req.params.get('enddatetime') |
1133
|
|
|
|
1134
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
1135
|
|
|
if config.utc_offset[0] == '-': |
1136
|
|
|
timezone_offset = -timezone_offset |
1137
|
|
|
|
1138
|
|
|
if start_datetime_local is None: |
1139
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1140
|
|
|
description="API.INVALID_START_DATETIME_FORMAT") |
1141
|
|
|
else: |
1142
|
|
|
start_datetime_local = str.strip(start_datetime_local) |
1143
|
|
|
try: |
1144
|
|
|
start_datetime_utc = datetime.strptime(start_datetime_local, |
1145
|
|
|
'%Y-%m-%dT%H:%M:%S').replace(tzinfo=timezone.utc) - \ |
1146
|
|
|
timedelta(minutes=timezone_offset) |
1147
|
|
|
except ValueError: |
1148
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1149
|
|
|
description="API.INVALID_START_DATETIME_FORMAT") |
1150
|
|
|
|
1151
|
|
|
if end_datetime_local is None: |
1152
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1153
|
|
|
description="API.INVALID_END_DATETIME_FORMAT") |
1154
|
|
|
else: |
1155
|
|
|
end_datetime_local = str.strip(end_datetime_local) |
1156
|
|
|
try: |
1157
|
|
|
end_datetime_utc = datetime.strptime(end_datetime_local, |
1158
|
|
|
'%Y-%m-%dT%H:%M:%S').replace(tzinfo=timezone.utc) - \ |
1159
|
|
|
timedelta(minutes=timezone_offset) |
1160
|
|
|
except ValueError: |
1161
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1162
|
|
|
description="API.INVALID_END_DATETIME_FORMAT") |
1163
|
|
|
|
1164
|
|
|
if start_datetime_utc >= end_datetime_utc: |
1165
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1166
|
|
|
title='API.BAD_REQUEST', |
1167
|
|
|
description='API.START_DATETIME_MUST_BE_EARLIER_THAN_END_DATETIME') |
1168
|
|
|
|
1169
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1170
|
|
|
cursor = cnx.cursor() |
1171
|
|
|
|
1172
|
|
|
query = (" SELECT id, recipient_name, recipient_email, " |
1173
|
|
|
" subject, message, created_datetime_utc, " |
1174
|
|
|
" scheduled_datetime_utc, status " |
1175
|
|
|
" FROM tbl_email_messages " |
1176
|
|
|
" WHERE created_datetime_utc >= %s AND created_datetime_utc < %s " |
1177
|
|
|
" ORDER BY created_datetime_utc ") |
1178
|
|
|
cursor.execute(query, (start_datetime_utc, end_datetime_utc)) |
1179
|
|
|
rows = cursor.fetchall() |
1180
|
|
|
|
1181
|
|
|
if cursor: |
1182
|
|
|
cursor.close() |
1183
|
|
|
if cnx: |
1184
|
|
|
cnx.close() |
1185
|
|
|
|
1186
|
|
|
result = list() |
1187
|
|
|
if rows is not None and len(rows) > 0: |
1188
|
|
|
for row in rows: |
1189
|
|
|
meta_result = {"id": row[0], |
1190
|
|
|
"recipient_name": row[1], |
1191
|
|
|
"recipient_email": row[2], |
1192
|
|
|
"subject": row[3], |
1193
|
|
|
"message": row[4].replace("<br>", ""), |
1194
|
|
|
"created_datetime": row[5].timestamp() * 1000 if isinstance(row[5], datetime) else None, |
1195
|
|
|
"scheduled_datetime": |
1196
|
|
|
row[6].timestamp() * 1000 if isinstance(row[6], datetime) else None, |
1197
|
|
|
"status": row[7]} |
1198
|
|
|
result.append(meta_result) |
1199
|
|
|
|
1200
|
|
|
resp.text = json.dumps(result) |
1201
|
|
|
|
1202
|
|
|
@staticmethod |
1203
|
|
|
def on_post(req, resp): |
1204
|
|
|
try: |
1205
|
|
|
raw_json = req.stream.read().decode('utf-8') |
1206
|
|
|
new_values = json.loads(raw_json) |
1207
|
|
|
except Exception as ex: |
1208
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1209
|
|
|
title='API.BAD_REQUEST', |
1210
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
1211
|
|
|
|
1212
|
|
|
expires_datetime_utc = datetime.utcnow() + timedelta(seconds=60 * 60 * 1) |
1213
|
|
|
|
1214
|
|
|
if 'recipient_email' not in new_values['data'].keys() or \ |
1215
|
|
|
not isinstance(new_values['data']['recipient_email'], str) or \ |
1216
|
|
|
len(str.strip(new_values['data']['recipient_email'])) == 0: |
1217
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1218
|
|
|
description='API.INVALID_RECIPIENT_EMAIL') |
1219
|
|
|
recipient_email = str.strip(new_values['data']['recipient_email']) |
1220
|
|
|
match = re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', recipient_email) |
1221
|
|
|
if match is None: |
1222
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1223
|
|
|
description='API.INVALID_EMAIL') |
1224
|
|
|
|
1225
|
|
|
if 'subject' not in new_values['data'].keys() or \ |
1226
|
|
|
not isinstance(new_values['data']['subject'], str) or \ |
1227
|
|
|
len(str.strip(new_values['data']['subject'])) == 0: |
1228
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1229
|
|
|
description='API.INVALID_SUBJECT_VALUE') |
1230
|
|
|
subject = str.strip(new_values['data']['subject']) |
1231
|
|
|
|
1232
|
|
|
if 'message' not in new_values['data'].keys() or \ |
1233
|
|
|
not isinstance(new_values['data']['message'], str) or \ |
1234
|
|
|
len(str.strip(new_values['data']['message'])) == 0: |
1235
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1236
|
|
|
description='API.INVALID_MESSAGE_VALUE') |
1237
|
|
|
|
1238
|
|
|
verification_code = str(random.randint(100000, 999999)) |
1239
|
|
|
message = str.strip(new_values['data']['message']) |
1240
|
|
|
message = re.sub(r'{verification_code}', verification_code, message) |
1241
|
|
|
|
1242
|
|
|
if 'created_datetime' not in new_values['data'].keys() or \ |
1243
|
|
|
not isinstance(new_values['data']['created_datetime'], str) or \ |
1244
|
|
|
len(str.strip(new_values['data']['created_datetime'])) == 0: |
1245
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1246
|
|
|
description='API.INVALID_CREATED_DATETIME') |
1247
|
|
|
created_datetime_local = str.strip(new_values['data']['created_datetime']) |
1248
|
|
|
|
1249
|
|
|
if 'scheduled_datetime' not in new_values['data'].keys() or \ |
1250
|
|
|
not isinstance(new_values['data']['scheduled_datetime'], str) or \ |
1251
|
|
|
len(str.strip(new_values['data']['scheduled_datetime'])) == 0: |
1252
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1253
|
|
|
description='API.INVALID_SCHEDULED_DATETIME') |
1254
|
|
|
scheduled_datetime_local = str.strip(new_values['data']['scheduled_datetime']) |
1255
|
|
|
|
1256
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
1257
|
|
|
if config.utc_offset[0] == '-': |
1258
|
|
|
timezone_offset = -timezone_offset |
1259
|
|
|
|
1260
|
|
View Code Duplication |
if created_datetime_local is None: |
|
|
|
|
1261
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1262
|
|
|
description="API.INVALID_CREATED_DATETIME") |
1263
|
|
|
else: |
1264
|
|
|
created_datetime_local = str.strip(created_datetime_local) |
1265
|
|
|
try: |
1266
|
|
|
created_datetime_utc = datetime.strptime(created_datetime_local, |
1267
|
|
|
'%Y-%m-%dT%H:%M:%S').replace(tzinfo=timezone.utc) - \ |
1268
|
|
|
timedelta(minutes=timezone_offset) |
1269
|
|
|
except ValueError: |
1270
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1271
|
|
|
description="API.INVALID_CREATED_DATETIME") |
1272
|
|
|
|
1273
|
|
View Code Duplication |
if scheduled_datetime_local is None: |
|
|
|
|
1274
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1275
|
|
|
description="API.INVALID_SCHEDULED_DATETIME") |
1276
|
|
|
else: |
1277
|
|
|
scheduled_datetime_local = str.strip(scheduled_datetime_local) |
1278
|
|
|
try: |
1279
|
|
|
scheduled_datetime_utc = datetime.strptime(scheduled_datetime_local, |
1280
|
|
|
'%Y-%m-%dT%H:%M:%S').replace(tzinfo=timezone.utc) - \ |
1281
|
|
|
timedelta(minutes=timezone_offset) |
1282
|
|
|
except ValueError: |
1283
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1284
|
|
|
description="API.INVALID_SCHEDULED_DATETIME") |
1285
|
|
|
|
1286
|
|
|
status = 'new' |
1287
|
|
|
|
1288
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1289
|
|
|
cursor = cnx.cursor() |
1290
|
|
|
|
1291
|
|
|
cursor.execute(" DELETE FROM tbl_verification_codes " |
1292
|
|
|
" WHERE recipient_email = %s ", |
1293
|
|
|
(recipient_email,)) |
1294
|
|
|
cnx.commit() |
1295
|
|
|
|
1296
|
|
|
cursor.execute(" select name " |
1297
|
|
|
" from tbl_new_users " |
1298
|
|
|
" where email = %s ", (recipient_email,)) |
1299
|
|
|
row = cursor.fetchone() |
1300
|
|
|
if row is not None: |
1301
|
|
|
recipient_name = row[0] |
1302
|
|
|
else: |
1303
|
|
|
recipient_name = recipient_email.split('@')[0] |
1304
|
|
|
|
1305
|
|
|
add_verification_code = (" INSERT INTO tbl_verification_codes " |
1306
|
|
|
" (recipient_email, verification_code, created_datetime_utc, expires_datetime_utc) " |
1307
|
|
|
" VALUES (%s, %s, %s, %s) ") |
1308
|
|
|
cursor.execute(add_verification_code, |
1309
|
|
|
(recipient_email, verification_code, created_datetime_utc, expires_datetime_utc)) |
1310
|
|
|
|
1311
|
|
|
add_row = (" INSERT INTO tbl_email_messages " |
1312
|
|
|
" (recipient_name, recipient_email, subject, message, " |
1313
|
|
|
" created_datetime_utc, scheduled_datetime_utc, status) " |
1314
|
|
|
" VALUES (%s, %s, %s, %s, %s, %s, %s) ") |
1315
|
|
|
|
1316
|
|
|
cursor.execute(add_row, (recipient_name, |
1317
|
|
|
recipient_email, |
1318
|
|
|
subject, |
1319
|
|
|
message, |
1320
|
|
|
created_datetime_utc, |
1321
|
|
|
scheduled_datetime_utc, |
1322
|
|
|
status)) |
1323
|
|
|
cnx.commit() |
1324
|
|
|
|
1325
|
|
|
cursor.close() |
1326
|
|
|
cnx.close() |
1327
|
|
|
|
1328
|
|
|
resp.status = falcon.HTTP_201 |
1329
|
|
|
|
1330
|
|
|
|
1331
|
|
|
class EmailMessageItem: |
1332
|
|
|
@staticmethod |
1333
|
|
|
def __init__(): |
1334
|
|
|
""""Initializes EmailMessageItem""" |
1335
|
|
|
pass |
1336
|
|
|
|
1337
|
|
|
@staticmethod |
1338
|
|
|
def on_options(req, resp, id_): |
1339
|
|
|
resp.status = falcon.HTTP_200 |
1340
|
|
|
|
1341
|
|
View Code Duplication |
@staticmethod |
|
|
|
|
1342
|
|
|
def on_get(req, resp, id_): |
1343
|
|
|
admin_control(req) |
1344
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
1345
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1346
|
|
|
description='API.INVALID_EMAIL_MESSAGE_ID') |
1347
|
|
|
|
1348
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1349
|
|
|
cursor = cnx.cursor() |
1350
|
|
|
|
1351
|
|
|
query = (" SELECT id, recipient_name, recipient_email, " |
1352
|
|
|
" subject, message, created_datetime_utc, " |
1353
|
|
|
" scheduled_datetime_utc, status " |
1354
|
|
|
" FROM tbl_email_messages " |
1355
|
|
|
" WHERE id = %s ") |
1356
|
|
|
cursor.execute(query, (id_,)) |
1357
|
|
|
row = cursor.fetchone() |
1358
|
|
|
|
1359
|
|
|
if cursor: |
1360
|
|
|
cursor.close() |
1361
|
|
|
if cnx: |
1362
|
|
|
cnx.close() |
1363
|
|
|
|
1364
|
|
|
if row is None: |
1365
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1366
|
|
|
description='API.EMAIL_MESSAGE_NOT_FOUND') |
1367
|
|
|
|
1368
|
|
|
result = {"id": row[0], |
1369
|
|
|
"recipient_name": row[1], |
1370
|
|
|
"recipient_email": row[2], |
1371
|
|
|
"subject": row[3], |
1372
|
|
|
"message": row[4].replace("<br>", ""), |
1373
|
|
|
"created_datetime": row[5].timestamp() * 1000 if isinstance(row[5], datetime) else None, |
1374
|
|
|
"scheduled_datetime": row[6].timestamp() * 1000 if isinstance(row[6], datetime) else None, |
1375
|
|
|
"status": row[7]} |
1376
|
|
|
|
1377
|
|
|
resp.text = json.dumps(result) |
1378
|
|
|
|
1379
|
|
|
@staticmethod |
1380
|
|
|
@user_logger |
1381
|
|
|
def on_put(req, resp, id_): |
1382
|
|
|
"""Handles PUT requests""" |
1383
|
|
|
admin_control(req) |
1384
|
|
|
|
1385
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
1386
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1387
|
|
|
description='API.INVALID_EMAIL_MESSAGE_ID') |
1388
|
|
|
|
1389
|
|
|
try: |
1390
|
|
|
raw_json = req.stream.read().decode('utf-8') |
1391
|
|
|
new_values = json.loads(raw_json) |
1392
|
|
|
except Exception as ex: |
1393
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1394
|
|
|
title='API.BAD_REQUEST', |
1395
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
1396
|
|
|
|
1397
|
|
|
if 'recipient_name' not in new_values['data'].keys() or \ |
1398
|
|
|
not isinstance(new_values['data']['recipient_name'], str) or \ |
1399
|
|
|
len(str.strip(new_values['data']['recipient_name'])) == 0: |
1400
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1401
|
|
|
description='API.INVALID_RECIPIENT_NAME') |
1402
|
|
|
recipient_name = str.strip(new_values['data']['recipient_name']) |
1403
|
|
|
|
1404
|
|
|
if 'recipient_email' not in new_values['data'].keys() or \ |
1405
|
|
|
not isinstance(new_values['data']['recipient_email'], str) or \ |
1406
|
|
|
len(str.strip(new_values['data']['recipient_email'])) == 0: |
1407
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1408
|
|
|
description='API.INVALID_RECIPIENT_EMAIL') |
1409
|
|
|
recipient_email = str.strip(new_values['data']['recipient_email']) |
1410
|
|
|
match = re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', recipient_email) |
1411
|
|
|
if match is None: |
1412
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1413
|
|
|
description='API.INVALID_EMAIL') |
1414
|
|
|
|
1415
|
|
|
if 'subject' not in new_values['data'].keys() or \ |
1416
|
|
|
not isinstance(new_values['data']['subject'], str) or \ |
1417
|
|
|
len(str.strip(new_values['data']['subject'])) == 0: |
1418
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1419
|
|
|
description='API.INVALID_SUBJECT_VALUE') |
1420
|
|
|
subject = str.strip(new_values['data']['subject']) |
1421
|
|
|
|
1422
|
|
|
if 'message' not in new_values['data'].keys() or \ |
1423
|
|
|
not isinstance(new_values['data']['message'], str) or \ |
1424
|
|
|
len(str.strip(new_values['data']['message'])) == 0: |
1425
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1426
|
|
|
description='API.INVALID_MESSAGE_VALUE') |
1427
|
|
|
message = str.strip(new_values['data']['message']) |
1428
|
|
|
|
1429
|
|
|
if 'status' not in new_values['data'].keys() or \ |
1430
|
|
|
not isinstance(new_values['data']['status'], str) or \ |
1431
|
|
|
len(str.strip(new_values['data']['status'])) == 0 or \ |
1432
|
|
|
str.strip(new_values['data']['status']) not in ('new', 'acknowledged', 'timeout'): |
1433
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1434
|
|
|
description='API.INVALID_STATUS') |
1435
|
|
|
status = str.strip(new_values['data']['status']) |
1436
|
|
|
|
1437
|
|
|
if 'created_datetime' not in new_values['data'].keys() or \ |
1438
|
|
|
not isinstance(new_values['data']['created_datetime'], str) or \ |
1439
|
|
|
len(str.strip(new_values['data']['created_datetime'])) == 0: |
1440
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1441
|
|
|
description='API.INVALID_CREATED_DATETIME') |
1442
|
|
|
created_datetime_local = str.strip(new_values['data']['created_datetime']) |
1443
|
|
|
|
1444
|
|
|
if 'scheduled_datetime' not in new_values['data'].keys() or \ |
1445
|
|
|
not isinstance(new_values['data']['scheduled_datetime'], str) or \ |
1446
|
|
|
len(str.strip(new_values['data']['scheduled_datetime'])) == 0: |
1447
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1448
|
|
|
description='API.INVALID_SCHEDULED_DATETIME') |
1449
|
|
|
scheduled_datetime_local = str.strip(new_values['data']['scheduled_datetime']) |
1450
|
|
|
|
1451
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
1452
|
|
|
if config.utc_offset[0] == '-': |
1453
|
|
|
timezone_offset = -timezone_offset |
1454
|
|
|
|
1455
|
|
View Code Duplication |
if created_datetime_local is None: |
|
|
|
|
1456
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1457
|
|
|
description="API.INVALID_CREATED_DATETIME") |
1458
|
|
|
else: |
1459
|
|
|
created_datetime_local = str.strip(created_datetime_local) |
1460
|
|
|
try: |
1461
|
|
|
created_datetime_utc = datetime.strptime(created_datetime_local, |
1462
|
|
|
'%Y-%m-%dT%H:%M:%S').replace(tzinfo=timezone.utc) - \ |
1463
|
|
|
timedelta(minutes=timezone_offset) |
1464
|
|
|
except ValueError: |
1465
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1466
|
|
|
description="API.INVALID_CREATED_DATETIME") |
1467
|
|
|
|
1468
|
|
View Code Duplication |
if scheduled_datetime_local is None: |
|
|
|
|
1469
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1470
|
|
|
description="API.INVALID_SCHEDULED_DATETIME") |
1471
|
|
|
else: |
1472
|
|
|
scheduled_datetime_local = str.strip(scheduled_datetime_local) |
1473
|
|
|
try: |
1474
|
|
|
scheduled_datetime_utc = datetime.strptime(scheduled_datetime_local, |
1475
|
|
|
'%Y-%m-%dT%H:%M:%S').replace(tzinfo=timezone.utc) - \ |
1476
|
|
|
timedelta(minutes=timezone_offset) |
1477
|
|
|
except ValueError: |
1478
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1479
|
|
|
description="API.INVALID_SCHEDULED_DATETIME") |
1480
|
|
|
|
1481
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1482
|
|
|
cursor = cnx.cursor() |
1483
|
|
|
|
1484
|
|
|
cursor.execute(" SELECT recipient_name " |
1485
|
|
|
" FROM tbl_email_messages " |
1486
|
|
|
" WHERE id = %s ", (id_,)) |
1487
|
|
|
|
1488
|
|
|
if cursor.fetchone() is None: |
1489
|
|
|
cursor.close() |
1490
|
|
|
cnx.close() |
1491
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1492
|
|
|
description='API.EMAIL_MESSAGE_NOT_FOUND') |
1493
|
|
|
|
1494
|
|
|
update_row = (" UPDATE tbl_email_messages " |
1495
|
|
|
" SET recipient_name = %s, recipient_email = %s, subject = %s, message = %s," |
1496
|
|
|
" created_datetime_utc = %s, scheduled_datetime_utc = %s, status = %s" |
1497
|
|
|
" WHERE id = %s ") |
1498
|
|
|
|
1499
|
|
|
cursor.execute(update_row, (recipient_name, |
1500
|
|
|
recipient_email, |
1501
|
|
|
subject, |
1502
|
|
|
message, |
1503
|
|
|
created_datetime_utc, |
1504
|
|
|
scheduled_datetime_utc, |
1505
|
|
|
status, |
1506
|
|
|
id_)) |
1507
|
|
|
|
1508
|
|
|
cnx.commit() |
1509
|
|
|
cursor.close() |
1510
|
|
|
cnx.close() |
1511
|
|
|
|
1512
|
|
|
resp.status = falcon.HTTP_200 |
1513
|
|
|
|
1514
|
|
View Code Duplication |
@staticmethod |
|
|
|
|
1515
|
|
|
@user_logger |
1516
|
|
|
def on_delete(req, resp, id_): |
1517
|
|
|
admin_control(req) |
1518
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
1519
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1520
|
|
|
description='API.INVALID_EMAIL_MESSAGE_ID') |
1521
|
|
|
|
1522
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1523
|
|
|
cursor = cnx.cursor() |
1524
|
|
|
|
1525
|
|
|
cursor.execute(" SELECT id " |
1526
|
|
|
" FROM tbl_email_messages " |
1527
|
|
|
" WHERE id = %s ", (id_,)) |
1528
|
|
|
row = cursor.fetchone() |
1529
|
|
|
|
1530
|
|
|
if row is None: |
1531
|
|
|
if cursor: |
1532
|
|
|
cursor.close() |
1533
|
|
|
if cnx: |
1534
|
|
|
cnx.close() |
1535
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1536
|
|
|
description='API.EMAIL_MESSAGE_NOT_FOUND') |
1537
|
|
|
|
1538
|
|
|
cursor.execute(" DELETE FROM tbl_email_messages WHERE id = %s ", (id_,)) |
1539
|
|
|
cnx.commit() |
1540
|
|
|
|
1541
|
|
|
if cursor: |
1542
|
|
|
cursor.close() |
1543
|
|
|
if cnx: |
1544
|
|
|
cnx.close() |
1545
|
|
|
|
1546
|
|
|
resp.status = falcon.HTTP_204 |
1547
|
|
|
|
1548
|
|
|
|
1549
|
|
|
class NewUserCollection: |
1550
|
|
|
@staticmethod |
1551
|
|
|
def __init__(): |
1552
|
|
|
"""Initializes Class""" |
1553
|
|
|
pass |
1554
|
|
|
|
1555
|
|
|
@staticmethod |
1556
|
|
|
def on_options(req, resp): |
1557
|
|
|
resp.status = falcon.HTTP_200 |
1558
|
|
|
|
1559
|
|
|
@staticmethod |
1560
|
|
|
def on_get(req, resp): |
1561
|
|
|
admin_control(req) |
1562
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1563
|
|
|
cursor = cnx.cursor() |
1564
|
|
|
query = (" SELECT id, name, display_name, uuid, email " |
1565
|
|
|
" FROM tbl_new_users " |
1566
|
|
|
" ORDER BY name ") |
1567
|
|
|
cursor.execute(query) |
1568
|
|
|
rows = cursor.fetchall() |
1569
|
|
|
cursor.close() |
1570
|
|
|
cnx.close() |
1571
|
|
|
|
1572
|
|
|
result = list() |
1573
|
|
|
if rows is not None and len(rows) > 0: |
1574
|
|
|
for row in rows: |
1575
|
|
|
meta_result = {"id": row[0], |
1576
|
|
|
"name": row[1], |
1577
|
|
|
"display_name": row[2], |
1578
|
|
|
"uuid": row[3], |
1579
|
|
|
"email": row[4], } |
1580
|
|
|
result.append(meta_result) |
1581
|
|
|
|
1582
|
|
|
resp.text = json.dumps(result) |
1583
|
|
|
|
1584
|
|
|
@staticmethod |
1585
|
|
|
def on_post(req, resp): |
1586
|
|
|
try: |
1587
|
|
|
raw_json = req.stream.read().decode('utf-8') |
1588
|
|
|
new_values = json.loads(raw_json) |
1589
|
|
|
except Exception as ex: |
1590
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1591
|
|
|
title='API.BAD_REQUEST', |
1592
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
1593
|
|
|
|
1594
|
|
|
if 'name' not in new_values['data'].keys() or \ |
1595
|
|
|
not isinstance(new_values['data']['name'], str) or \ |
1596
|
|
|
len(str.strip(new_values['data']['name'])) == 0: |
1597
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1598
|
|
|
description='API.INVALID_USER_NAME') |
1599
|
|
|
name = str.strip(new_values['data']['name']) |
1600
|
|
|
|
1601
|
|
|
if 'display_name' not in new_values['data'].keys() or \ |
1602
|
|
|
not isinstance(new_values['data']['display_name'], str) or \ |
1603
|
|
|
len(str.strip(new_values['data']['display_name'])) == 0: |
1604
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1605
|
|
|
description='API.INVALID_DISPLAY_NAME') |
1606
|
|
|
display_name = str.strip(new_values['data']['display_name']) |
1607
|
|
|
|
1608
|
|
|
if 'email' not in new_values['data'].keys() or \ |
1609
|
|
|
not isinstance(new_values['data']['email'], str) or \ |
1610
|
|
|
len(str.strip(new_values['data']['email'])) == 0: |
1611
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1612
|
|
|
description='API.INVALID_EMAIL') |
1613
|
|
|
email = str.lower(str.strip(new_values['data']['email'])) |
1614
|
|
|
|
1615
|
|
|
match = re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', email) |
1616
|
|
|
if match is None: |
1617
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1618
|
|
|
description='API.INVALID_EMAIL') |
1619
|
|
|
|
1620
|
|
|
if 'password' not in new_values['data'].keys() or \ |
1621
|
|
|
not isinstance(new_values['data']['password'], str) or \ |
1622
|
|
|
len(str.strip(new_values['data']['password'])) == 0: |
1623
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1624
|
|
|
description='API.INVALID_PASSWORD') |
1625
|
|
|
|
1626
|
|
|
if len(str.strip(new_values['data']['password'])) > 100: |
1627
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1628
|
|
|
description='API.PASSWORD_LENGTH_CANNOT_EXCEED_100_CHARACTERS') |
1629
|
|
|
|
1630
|
|
|
if 'verification_code' not in new_values['data'].keys() or \ |
1631
|
|
|
not isinstance(new_values['data']['verification_code'], str) or \ |
1632
|
|
|
len(str.strip(new_values['data']['verification_code'])) == 0: |
1633
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1634
|
|
|
title='API.BAD_REQUEST', |
1635
|
|
|
description='API.INVALID_VERIFICATION_CODE') |
1636
|
|
|
verification_code = str.strip(new_values['data']['verification_code']) |
1637
|
|
|
|
1638
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1639
|
|
|
cursor = cnx.cursor() |
1640
|
|
|
|
1641
|
|
|
cursor.execute(" SELECT expires_datetime_utc " |
1642
|
|
|
" FROM tbl_verification_codes " |
1643
|
|
|
" WHERE recipient_email = %s and verification_code = %s ", |
1644
|
|
|
(email, verification_code)) |
1645
|
|
|
row = cursor.fetchone() |
1646
|
|
|
if row is not None: |
1647
|
|
|
expires_datetime_utc = row[0] |
1648
|
|
|
print(expires_datetime_utc) |
1649
|
|
|
print(datetime.utcnow()) |
1650
|
|
|
if datetime.utcnow() > expires_datetime_utc: |
1651
|
|
|
cursor.close() |
1652
|
|
|
cnx.close() |
1653
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1654
|
|
|
title='API.BAD_REQUEST', |
1655
|
|
|
description='API.NEW_USER_SESSION_TIMEOUT') |
1656
|
|
|
else: |
1657
|
|
|
cursor.close() |
1658
|
|
|
cnx.close() |
1659
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, |
1660
|
|
|
title='API.NOT_FOUND', |
1661
|
|
|
description='API.NEW_USER_SESSION_NOT_FOUND') |
1662
|
|
|
|
1663
|
|
|
cursor.execute(" SELECT name " |
1664
|
|
|
" FROM tbl_new_users " |
1665
|
|
|
" WHERE name = %s ", (name,)) |
1666
|
|
|
if cursor.fetchone() is not None: |
1667
|
|
|
cursor.close() |
1668
|
|
|
cnx.close() |
1669
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1670
|
|
|
description='API.USER_NAME_IS_ALREADY_IN_USE') |
1671
|
|
|
|
1672
|
|
|
cursor.execute(" SELECT name " |
1673
|
|
|
" FROM tbl_users " |
1674
|
|
|
" WHERE name = %s ", (name,)) |
1675
|
|
|
if cursor.fetchone() is not None: |
1676
|
|
|
cursor.close() |
1677
|
|
|
cnx.close() |
1678
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1679
|
|
|
description='API.USER_NAME_IS_ALREADY_IN_USE') |
1680
|
|
|
|
1681
|
|
|
cursor.execute(" SELECT name " |
1682
|
|
|
" FROM tbl_new_users " |
1683
|
|
|
" WHERE email = %s ", (email,)) |
1684
|
|
|
if cursor.fetchone() is not None: |
1685
|
|
|
cursor.close() |
1686
|
|
|
cnx.close() |
1687
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.BAD_REQUEST', |
1688
|
|
|
description='API.EMAIL_IS_ALREADY_IN_USE') |
1689
|
|
|
|
1690
|
|
|
cursor.execute(" SELECT name " |
1691
|
|
|
" FROM tbl_users " |
1692
|
|
|
" WHERE email = %s ", (email,)) |
1693
|
|
|
if cursor.fetchone() is not None: |
1694
|
|
|
cursor.close() |
1695
|
|
|
cnx.close() |
1696
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.BAD_REQUEST', |
1697
|
|
|
description='API.EMAIL_IS_ALREADY_IN_USE') |
1698
|
|
|
|
1699
|
|
|
add_row = (" INSERT INTO tbl_new_users " |
1700
|
|
|
" (name, uuid, display_name, email, salt, password) " |
1701
|
|
|
" VALUES (%s, %s, %s, %s, %s, %s) ") |
1702
|
|
|
|
1703
|
|
|
salt = uuid.uuid4().hex |
1704
|
|
|
password = new_values['data']['password'] |
1705
|
|
|
hashed_password = hashlib.sha512(salt.encode() + password.encode()).hexdigest() |
1706
|
|
|
|
1707
|
|
|
cursor.execute(add_row, (name, |
1708
|
|
|
str(uuid.uuid4()), |
1709
|
|
|
display_name, |
1710
|
|
|
email, |
1711
|
|
|
salt, |
1712
|
|
|
hashed_password)) |
1713
|
|
|
new_id = cursor.lastrowid |
1714
|
|
|
cnx.commit() |
1715
|
|
|
|
1716
|
|
|
cursor.execute(" DELETE FROM tbl_verification_codes " |
1717
|
|
|
" WHERE recipient_email = %s", |
1718
|
|
|
(email,)) |
1719
|
|
|
cnx.commit() |
1720
|
|
|
|
1721
|
|
|
cursor.close() |
1722
|
|
|
cnx.close() |
1723
|
|
|
|
1724
|
|
|
resp.status = falcon.HTTP_201 |
1725
|
|
|
resp.location = '/users/newusers/' + str(new_id) |
1726
|
|
|
|
1727
|
|
|
|
1728
|
|
|
class NewUserItem: |
1729
|
|
|
@staticmethod |
1730
|
|
|
def __init__(): |
1731
|
|
|
"""Initializes Class""" |
1732
|
|
|
pass |
1733
|
|
|
|
1734
|
|
|
@staticmethod |
1735
|
|
|
def on_options(req, resp, id_): |
1736
|
|
|
resp.status = falcon.HTTP_200 |
1737
|
|
|
|
1738
|
|
|
@staticmethod |
1739
|
|
|
def on_get(req, resp, email): |
1740
|
|
|
if not isinstance(email, str) or len(str.strip(email)) == 0: |
1741
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1742
|
|
|
description='API.INVALID_EMAIL') |
1743
|
|
|
email = str.lower(str.strip(email)) |
1744
|
|
|
|
1745
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1746
|
|
|
cursor = cnx.cursor() |
1747
|
|
|
|
1748
|
|
|
query = (" SELECT id, name, display_name, uuid, email " |
1749
|
|
|
" FROM tbl_new_users " |
1750
|
|
|
" WHERE id = %s ") |
1751
|
|
|
cursor.execute(query, (email,)) |
1752
|
|
|
row = cursor.fetchone() |
1753
|
|
|
cursor.close() |
1754
|
|
|
cnx.close() |
1755
|
|
|
|
1756
|
|
|
if row is None: |
1757
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1758
|
|
|
description='API.USER_NOT_FOUND') |
1759
|
|
|
|
1760
|
|
|
result = {"id": row[0], |
1761
|
|
|
"name": row[1], |
1762
|
|
|
"display_name": row[2], |
1763
|
|
|
"uuid": row[3], |
1764
|
|
|
"email": row[4]} |
1765
|
|
|
resp.text = json.dumps(result) |
1766
|
|
|
|
1767
|
|
|
@staticmethod |
1768
|
|
|
@user_logger |
1769
|
|
|
def on_delete(req, resp, id_): |
1770
|
|
|
admin_control(req) |
1771
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
1772
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1773
|
|
|
description='API.INVALID_USER_ID') |
1774
|
|
|
|
1775
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1776
|
|
|
cursor = cnx.cursor() |
1777
|
|
|
|
1778
|
|
|
cursor.execute(" SELECT name " |
1779
|
|
|
" FROM tbl_new_users " |
1780
|
|
|
" WHERE id = %s ", (id_,)) |
1781
|
|
|
if cursor.fetchone() is None: |
1782
|
|
|
cursor.close() |
1783
|
|
|
cnx.close() |
1784
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1785
|
|
|
description='API.USER_NOT_FOUND') |
1786
|
|
|
|
1787
|
|
|
# TODO: delete associated objects |
1788
|
|
|
cursor.execute(" DELETE FROM tbl_new_users WHERE id = %s ", (id_,)) |
1789
|
|
|
cnx.commit() |
1790
|
|
|
|
1791
|
|
|
cursor.close() |
1792
|
|
|
cnx.close() |
1793
|
|
|
|
1794
|
|
|
resp.status = falcon.HTTP_204 |
1795
|
|
|
|
1796
|
|
|
@staticmethod |
1797
|
|
|
@user_logger |
1798
|
|
|
def on_put(req, resp, id_): |
1799
|
|
|
"""Handles PUT requests""" |
1800
|
|
|
admin_control(req) |
1801
|
|
|
|
1802
|
|
|
try: |
1803
|
|
|
raw_json = req.stream.read().decode('utf-8') |
1804
|
|
|
new_values = json.loads(raw_json) |
1805
|
|
|
except Exception as ex: |
1806
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1807
|
|
|
title='API.BAD_REQUEST', |
1808
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
1809
|
|
|
|
1810
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
1811
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1812
|
|
|
description='API.INVALID_USER_ID') |
1813
|
|
|
|
1814
|
|
|
if 'name' not in new_values['data'].keys() or \ |
1815
|
|
|
not isinstance(new_values['data']['name'], str) or \ |
1816
|
|
|
len(str.strip(new_values['data']['name'])) == 0: |
1817
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1818
|
|
|
description='API.INVALID_USER_NAME') |
1819
|
|
|
name = str.strip(new_values['data']['name']) |
1820
|
|
|
|
1821
|
|
|
if 'display_name' not in new_values['data'].keys() or \ |
1822
|
|
|
not isinstance(new_values['data']['display_name'], str) or \ |
1823
|
|
|
len(str.strip(new_values['data']['display_name'])) == 0: |
1824
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1825
|
|
|
description='API.INVALID_DISPLAY_NAME') |
1826
|
|
|
display_name = str.strip(new_values['data']['display_name']) |
1827
|
|
|
|
1828
|
|
|
if 'email' not in new_values['data'].keys() or \ |
1829
|
|
|
not isinstance(new_values['data']['email'], str) or \ |
1830
|
|
|
len(str.strip(new_values['data']['email'])) == 0: |
1831
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1832
|
|
|
description='API.INVALID_EMAIL') |
1833
|
|
|
email = str.lower(str.strip(new_values['data']['email'])) |
1834
|
|
|
|
1835
|
|
|
match = re.match(r'^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,4})$', email) |
1836
|
|
|
if match is None: |
1837
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1838
|
|
|
description='API.INVALID_EMAIL') |
1839
|
|
|
|
1840
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1841
|
|
|
cursor = cnx.cursor() |
1842
|
|
|
|
1843
|
|
|
cursor.execute(" SELECT name " |
1844
|
|
|
" FROM tbl_new_users " |
1845
|
|
|
" WHERE id = %s ", (id_,)) |
1846
|
|
|
if cursor.fetchone() is None: |
1847
|
|
|
cursor.close() |
1848
|
|
|
cnx.close() |
1849
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1850
|
|
|
description='API.USER_NOT_FOUND') |
1851
|
|
|
|
1852
|
|
|
cursor.execute(" SELECT name " |
1853
|
|
|
" FROM tbl_users " |
1854
|
|
|
" WHERE name = %s ", (name,)) |
1855
|
|
|
if cursor.fetchone() is not None: |
1856
|
|
|
cursor.close() |
1857
|
|
|
cnx.close() |
1858
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1859
|
|
|
description='API.USER_NAME_IS_ALREADY_IN_USE') |
1860
|
|
|
|
1861
|
|
|
cursor.execute(" SELECT name " |
1862
|
|
|
" FROM tbl_new_users " |
1863
|
|
|
" WHERE name = %s AND id != %s ", (name, id_)) |
1864
|
|
|
if cursor.fetchone() is not None: |
1865
|
|
|
cursor.close() |
1866
|
|
|
cnx.close() |
1867
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1868
|
|
|
description='API.USER_NAME_IS_ALREADY_IN_USE') |
1869
|
|
|
|
1870
|
|
|
cursor.execute(" SELECT name " |
1871
|
|
|
" FROM tbl_users " |
1872
|
|
|
" WHERE email = %s ", (email, )) |
1873
|
|
|
if cursor.fetchone() is not None: |
1874
|
|
|
cursor.close() |
1875
|
|
|
cnx.close() |
1876
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.BAD_REQUEST', |
1877
|
|
|
description='API.EMAIL_IS_ALREADY_IN_USE') |
1878
|
|
|
|
1879
|
|
|
cursor.execute(" SELECT name " |
1880
|
|
|
" FROM tbl_new_users " |
1881
|
|
|
" WHERE email = %s AND id != %s ", (email, id_)) |
1882
|
|
|
if cursor.fetchone() is not None: |
1883
|
|
|
cursor.close() |
1884
|
|
|
cnx.close() |
1885
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.BAD_REQUEST', |
1886
|
|
|
description='API.EMAIL_IS_ALREADY_IN_USE') |
1887
|
|
|
|
1888
|
|
|
update_row = (" UPDATE tbl_new_users " |
1889
|
|
|
" SET name = %s, display_name = %s, email = %s " |
1890
|
|
|
" WHERE id = %s ") |
1891
|
|
|
cursor.execute(update_row, (name, |
1892
|
|
|
display_name, |
1893
|
|
|
email, |
1894
|
|
|
id_,)) |
1895
|
|
|
cnx.commit() |
1896
|
|
|
|
1897
|
|
|
cursor.close() |
1898
|
|
|
cnx.close() |
1899
|
|
|
|
1900
|
|
|
resp.status = falcon.HTTP_200 |
1901
|
|
|
|
1902
|
|
|
|
1903
|
|
|
class NewUserApprove: |
1904
|
|
|
@staticmethod |
1905
|
|
|
def __init__(): |
1906
|
|
|
"""Initializes Class""" |
1907
|
|
|
pass |
1908
|
|
|
|
1909
|
|
|
@staticmethod |
1910
|
|
|
def on_options(req, resp, id_): |
1911
|
|
|
resp.status = falcon.HTTP_200 |
1912
|
|
|
|
1913
|
|
|
@staticmethod |
1914
|
|
|
@user_logger |
1915
|
|
|
def on_put(req, resp, id_): |
1916
|
|
|
"""Handles POST requests""" |
1917
|
|
|
admin_control(req) |
1918
|
|
|
|
1919
|
|
|
try: |
1920
|
|
|
raw_json = req.stream.read().decode('utf-8') |
1921
|
|
|
new_values = json.loads(raw_json) |
1922
|
|
|
except Exception as ex: |
1923
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, |
1924
|
|
|
title='API.BAD_REQUEST', |
1925
|
|
|
description='API.FAILED_TO_READ_REQUEST_STREAM') |
1926
|
|
|
|
1927
|
|
|
if not id_.isdigit() or int(id_) <= 0: |
1928
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1929
|
|
|
description='API.INVALID_USER_ID') |
1930
|
|
|
|
1931
|
|
|
if 'is_admin' not in new_values['data'].keys() or \ |
1932
|
|
|
not isinstance(new_values['data']['is_admin'], bool): |
1933
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1934
|
|
|
description='API.INVALID_IS_ADMIN_VALUE') |
1935
|
|
|
is_admin = new_values['data']['is_admin'] |
1936
|
|
|
|
1937
|
|
|
is_read_only = False |
1938
|
|
|
|
1939
|
|
|
if is_admin: |
1940
|
|
|
if 'is_read_only' not in new_values['data'].keys() or \ |
1941
|
|
|
not isinstance(new_values['data']['is_read_only'], bool): |
1942
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1943
|
|
|
description='API.INVALID_IS_READ_ONLY_VALUE') |
1944
|
|
|
is_read_only = new_values['data']['is_read_only'] |
1945
|
|
|
|
1946
|
|
|
if 'privilege_id' in new_values['data'].keys(): |
1947
|
|
|
if not isinstance(new_values['data']['privilege_id'], int) or \ |
1948
|
|
|
new_values['data']['privilege_id'] <= 0: |
1949
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_400, title='API.BAD_REQUEST', |
1950
|
|
|
description='API.INVALID_PRIVILEGE_ID') |
1951
|
|
|
privilege_id = new_values['data']['privilege_id'] |
1952
|
|
|
else: |
1953
|
|
|
privilege_id = None |
1954
|
|
|
|
1955
|
|
|
timezone_offset = int(config.utc_offset[1:3]) * 60 + int(config.utc_offset[4:6]) |
1956
|
|
|
if config.utc_offset[0] == '-': |
1957
|
|
|
timezone_offset = -timezone_offset |
1958
|
|
|
|
1959
|
|
|
account_expiration_datetime = datetime.strptime(new_values['data']['account_expiration_datetime'], |
1960
|
|
|
'%Y-%m-%dT%H:%M:%S') |
1961
|
|
|
account_expiration_datetime = account_expiration_datetime.replace(tzinfo=timezone.utc) |
1962
|
|
|
account_expiration_datetime -= timedelta(minutes=timezone_offset) |
1963
|
|
|
|
1964
|
|
|
password_expiration_datetime = datetime.strptime(new_values['data']['password_expiration_datetime'], |
1965
|
|
|
'%Y-%m-%dT%H:%M:%S') |
1966
|
|
|
password_expiration_datetime = password_expiration_datetime.replace(tzinfo=timezone.utc) |
1967
|
|
|
password_expiration_datetime -= timedelta(minutes=timezone_offset) |
1968
|
|
|
|
1969
|
|
|
cnx = mysql.connector.connect(**config.myems_user_db) |
1970
|
|
|
cursor = cnx.cursor() |
1971
|
|
|
|
1972
|
|
|
cursor.execute(" SELECT name " |
1973
|
|
|
" FROM tbl_new_users " |
1974
|
|
|
" WHERE id = %s ", (id_,)) |
1975
|
|
|
if cursor.fetchone() is None: |
1976
|
|
|
cursor.close() |
1977
|
|
|
cnx.close() |
1978
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1979
|
|
|
description='API.USER_NOT_FOUND') |
1980
|
|
|
|
1981
|
|
|
if privilege_id is not None: |
1982
|
|
|
cursor.execute(" SELECT name " |
1983
|
|
|
" FROM tbl_privileges " |
1984
|
|
|
" WHERE id = %s ", |
1985
|
|
|
(privilege_id,)) |
1986
|
|
|
if cursor.fetchone() is None: |
1987
|
|
|
cursor.close() |
1988
|
|
|
cnx.close() |
1989
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
1990
|
|
|
description='API.PRIVILEGE_NOT_FOUND') |
1991
|
|
|
|
1992
|
|
|
cursor.execute(" SELECT name, uuid, display_name, email, salt, password" |
1993
|
|
|
" FROM tbl_new_users " |
1994
|
|
|
" WHERE id = %s ", (id_,)) |
1995
|
|
|
row = cursor.fetchone() |
1996
|
|
|
if row is None: |
1997
|
|
|
cursor.close() |
1998
|
|
|
cnx.close() |
1999
|
|
|
raise falcon.HTTPError(status=falcon.HTTP_404, title='API.NOT_FOUND', |
2000
|
|
|
description='API.USER_NOT_FOUND') |
2001
|
|
|
else: |
2002
|
|
|
name = row[0] |
2003
|
|
|
user_uuid = row[1] |
2004
|
|
|
display_name = row[2] |
2005
|
|
|
email = row[3] |
2006
|
|
|
salt = row[4] |
2007
|
|
|
passowrd = row[5] |
2008
|
|
|
|
2009
|
|
|
add_row = (" INSERT INTO tbl_users " |
2010
|
|
|
" (name, uuid, display_name, email, salt, password, is_admin, is_read_only, privilege_id, " |
2011
|
|
|
" account_expiration_datetime_utc, password_expiration_datetime_utc, failed_login_count) " |
2012
|
|
|
" VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s) ") |
2013
|
|
|
|
2014
|
|
|
cursor.execute(add_row, (name, |
2015
|
|
|
user_uuid, |
2016
|
|
|
display_name, |
2017
|
|
|
email, |
2018
|
|
|
salt, |
2019
|
|
|
passowrd, |
2020
|
|
|
is_admin, |
2021
|
|
|
is_read_only, |
2022
|
|
|
privilege_id, |
2023
|
|
|
account_expiration_datetime, |
2024
|
|
|
password_expiration_datetime, |
2025
|
|
|
0)) |
2026
|
|
|
new_id = cursor.lastrowid |
2027
|
|
|
cnx.commit() |
2028
|
|
|
|
2029
|
|
|
cursor.execute(" DELETE FROM tbl_new_users WHERE id = %s", (id_,)) |
2030
|
|
|
cnx.commit() |
2031
|
|
|
cursor.close() |
2032
|
|
|
cnx.close() |
2033
|
|
|
|
2034
|
|
|
resp.status = falcon.HTTP_201 |
2035
|
|
|
resp.location = '/users/' + str(new_id) |
2036
|
|
|
|
2037
|
|
|
|