#!/usr/bin/python
# -*- coding: utf-8 -*-
# api.py: REST API for basic account related stuff: signup/login/logout
#
# Author: Tomi.Mickelsson@iki.fi
from flask import request, session, g, jsonify
import db
import webutil
import account
from webutil import app, login_required, get_myself
import logging
log = logging.getLogger("api")
@app.route('/api/login', methods = ['POST'])
def login():
"""Logs the user in with email+password.
On success returns the user object,
on error returns 400 and json with err-field."""
input = request.json or {}
email = input.get('email')
password = input.get('password')
if not email or not password:
return webutil.warn_reply("Missing input")
u = db.get_user_by_email(email)
if not u or not account.check_password(u.password, password):
# error
return webutil.warn_reply("Invalid login credentials")
else:
# success
account.build_session(u, is_permanent=input.get('remember', True))
log.info("LOGIN OK agent={}".format(webutil.get_agent()))
return jsonify(u), 200
@app.route('/api/signup', methods = ['POST'])
def signup():
"""Signs a new user to the service. On success returns the user object,
on error returns 400 and json with err-field."""
input = request.json or {}
email = input.get('email')
password = input.get('password')
fname = input.get('fname')
lname = input.get('lname')
company = input.get('company')
if not email or not password or not fname or not lname:
return webutil.warn_reply("Invalid signup input")
u = db.get_user_by_email(email)
if u:
msg = "Signup email taken: {}".format(email)
return webutil.warn_reply(msg)
err = account.check_password_validity(password)
if err:
return jsonify({"err":err}), 400
# create new user
u = db.User()
u.email = email
u.company = company
u.first_name = fname
u.last_name = lname
u.password = account.hash_password(password)
u.tags = []
u.role = 'editor' # set default to what makes sense to your app
u.save(force_insert=True)
account.new_signup_steps(u)
account.build_session(u, is_permanent=input.get('remember', True))
log.info("SIGNUP OK agent={}".format(webutil.get_agent()))
return jsonify(u), 201
@app.route('/api/logout', methods = ['POST'])
@login_required
def logout():
"""Logs out the user, clears the session."""
session.clear()
return jsonify({}), 200
@app.route('/api/me')
@login_required
def me():
"""Return info about me. Attach more data for real use."""
me = get_myself()
reply = {"me": me}
return jsonify(reply), 200
@app.route('/api/users')
@login_required(role='superuser')
def users():
"""Search list of users. Only for superusers"""
input = request.args or {}
page = input.get('page')
size = input.get('size')
search = input.get('search')
reply = db.query_users(page, size, search)
return jsonify(reply), 200
