major claude changes
This commit is contained in:
@@ -1,3 +1,4 @@
|
||||
import logging
|
||||
from flask import request, jsonify
|
||||
from flask_login import current_user, logout_user, login_required
|
||||
from app.auth import auth
|
||||
@@ -5,9 +6,12 @@ from app import db, bcrypt
|
||||
from datetime import datetime
|
||||
from uuid import uuid4
|
||||
from app.classes.auth import Auth_User
|
||||
from app.classes.employee import Employee_Employee
|
||||
from app.classes.employee import Employee_Employee
|
||||
from app.schemas import LoginSchema, RegisterSchema, ChangePasswordSchema, validate_request
|
||||
import re
|
||||
|
||||
logger = logging.getLogger(__name__)
|
||||
|
||||
@auth.route("/whoami", methods=["GET"])
|
||||
def check_session():
|
||||
"""
|
||||
@@ -25,7 +29,7 @@ def check_session():
|
||||
user = db.session.query(Auth_User).filter(Auth_User.api_key == api_key).first()
|
||||
|
||||
if not user:
|
||||
print("no user found with that api key")
|
||||
logger.warning("Authentication failed: no user found with provided API key")
|
||||
return jsonify({"ok": False, "error": "Invalid token"}), 401
|
||||
|
||||
# Now, build the complete response with both user and employee data.
|
||||
@@ -73,9 +77,11 @@ def logout():
|
||||
|
||||
|
||||
@auth.route("/login", methods=["POST"])
|
||||
@validate_request(LoginSchema)
|
||||
def login():
|
||||
username = request.json["username"]
|
||||
password = request.json["password"]
|
||||
data = request.validated_data
|
||||
username = data["username"]
|
||||
password = data["password"]
|
||||
|
||||
user = db.session.query(Auth_User).filter_by(username=username).first()
|
||||
|
||||
@@ -103,15 +109,17 @@ def login():
|
||||
}), 200
|
||||
|
||||
@auth.route("/register", methods=["POST"])
|
||||
@validate_request(RegisterSchema)
|
||||
def register_user():
|
||||
"""
|
||||
Main post function to register a user
|
||||
"""
|
||||
data = request.validated_data
|
||||
now = datetime.utcnow()
|
||||
|
||||
username = request.json["username"]
|
||||
email = request.json["email"]
|
||||
password = request.json["password"]
|
||||
username = data["username"]
|
||||
email = data["email"]
|
||||
password = data["password"]
|
||||
|
||||
part_one_code = uuid4().hex
|
||||
part_two_code = uuid4().hex
|
||||
@@ -172,6 +180,7 @@ def register_user():
|
||||
|
||||
|
||||
@auth.route('/change-password', methods=['POST'])
|
||||
@validate_request(ChangePasswordSchema)
|
||||
def change_password():
|
||||
auth_header = request.headers.get('Authorization')
|
||||
if not auth_header:
|
||||
@@ -184,8 +193,9 @@ def change_password():
|
||||
if not user:
|
||||
return jsonify({"error": "Invalid token"}), 401
|
||||
|
||||
new_password = request.json["new_password"]
|
||||
new_password_confirm = request.json["password_confirm"]
|
||||
data = request.validated_data
|
||||
new_password = data["new_password"]
|
||||
new_password_confirm = data["password_confirm"]
|
||||
|
||||
if str(new_password) != str(new_password_confirm):
|
||||
return jsonify({"error": "Error: Incorrect Passwords"}), 200
|
||||
@@ -214,7 +224,7 @@ def admin_change_password():
|
||||
if not user:
|
||||
return jsonify({"error": "Invalid token"}), 401
|
||||
|
||||
if user.admin_role != 0:
|
||||
if user.admin_role == 0:
|
||||
return jsonify({"error": "Admin access required"}), 403
|
||||
|
||||
employee_id = request.json.get("employee_id")
|
||||
|
||||
Reference in New Issue
Block a user