#158114970 BUILT new endpoints & applied security using jwt

.pytest_cache/v/cache/nodeids

@@ -1,7 +1,10 @@
 [
   "tests/test_auth.py::AuthTest::test_encode_auth_token",
   "tests/test_auth.py::AuthTest::test_login_endpoint",
+  "tests/test_auth.py::AuthTest::test_logout_access",
+  "tests/test_auth.py::AuthTest::test_logout_refresh",
   "tests/test_auth.py::AuthTest::test_registration_endpoint",
+  "tests/test_auth.py::AuthTest::test_token_refresh",
   "tests/test_config.py::TestTestingConfig::test_app_is_testing",
   "tests/test_config.py::TestDevelopmentConfig::test_app_is_development",
   "tests/test_config.py::TestProductionConfig::test_app_is_production",

app.py

@@ -1,8 +1,9 @@
 from flask import Blueprint,jsonify
 from flask_restful import Api
 from resources.Hello import Hello
-from resources.requests import RequestResource, Request
-from resources.user import UserResource, User
+from resources.requests import (RequestResource, Request,ApproveRequest,DisapproveRequest,
+                                ResolveRequest,GetAllRequest)
+#from resources.user import UserResource, User
 
 from resources.auth.user_auth import (UserSignup, UserLogin, UserLogoutAccess, UserLogoutRefresh, 
                                     UserSignup, TokenRefresh, AllUsers)
@@ -12,10 +13,10 @@
 
 #Route
 api.add_resource(Hello, '/','/Hello')
-api.add_resource(RequestResource, '/user/request','/user/request/', endpoint ="requests")
-api.add_resource(Request, '/user/request/<int:req_id>','/user/request/<int:req_id>/', endpoint ="request" )
-api.add_resource(UserResource, '/user','/user/')
-api.add_resource(User, '/user/<int:uid>','/user/<int:uid>/')
+api.add_resource(RequestResource, '/users/requests','/users/requests/', endpoint ="requests")
+api.add_resource(Request, '/users/requests/<int:req_id>','/users/requests/<int:req_id>/', endpoint ="request" )
+#api.add_resource(UserResource, '/users','/users/')
+#api.add_resource(User, '/users/<int:uid>','/users/<int:uid>/')
 
 #authentication endpoints
 api.add_resource(UserSignup, '/auth/signup', '/auth/signup/')
@@ -24,3 +25,9 @@
 api.add_resource(UserLogoutRefresh, '/auth/logout/refresh')
 api.add_resource(TokenRefresh, '/auth/token/refresh')
 api.add_resource(AllUsers, '/users')
+
+#Admin functions
+api.add_resource(GetAllRequest,'/requests/','/requests')
+api.add_resource(ApproveRequest, '/requests/<int:req_id>/approve')
+api.add_resource(DisapproveRequest, '/requests/<int:req_id>/disapprove')
+api.add_resource(ResolveRequest, '/requests/<int:req_id>/resolve')

migrate.py

@@ -26,10 +26,11 @@ def create_tables():
         CREATE TABLE tb_request(
             request_id SERIAL PRIMARY KEY,
             requestor INTEGER NOT NULL,
-            type VARCHAR(50) NOT NULL,
-            status VARCHAR(50) NOT NULL,
+            request_type VARCHAR(50) NOT NULL,
+            status VARCHAR(50) DEFAULT 'Pending',
             description TEXT,
             created_on TIMESTAMP NOT NULL,
+            last_modified TIMESTAMP,
             FOREIGN KEY (requestor) REFERENCES tb_users(user_id)
         )
         """

models.py

@@ -1,13 +1,6 @@
-"""
-incomplete
-implemented using data structures
-#creating dtrequest, dtuser and dtlogin list with dictionary 
- to simulate data store
-
-"""
-
 import psycopg2
-from config import dbconfig, basedir, filename , section
+from datetime import datetime
+from config import dbconfig, basedir, filename , section, DATABASE_URL
 import os
 import jwt
 
@@ -19,7 +12,7 @@
 
 
 
-def test_connection():
+def connect():
     """Test connection to the postgresql server"""
 
     conn = None
@@ -52,142 +45,8 @@ def test_connection():
 
 
 
+if __name__ == '__main__':
+    connect()
 
-
-
-#User sample data
-dtusers = [
-{
-        "id": 1,
-        "fname": "John", 
-        "lname": "Doe",
-        "email": "john@gmail.com"  
-    },
-    {
-        "id": 2,
-        "fname": "Susan", 
-        "lname": "Sue",
-        "email": "sue@gmail.com" 
-    },
-    {
-        "id": 3,
-        "fname": "Mary", 
-        "lname": "Doe",
-        "email": "mary@gmail.com" 
-    },
-    {
-        "id": 4,
-        "fname": "Anto", 
-        "lname": "Denis",
-        "email": "anto@gmail.com"
-    }
-]
-
-#requests sample data
-dtrequest = [
-    {
-        "id": 1,
-        "requestor":"Anto kish",
-        "email": "anto@gmail.com",
-        "type": "maintenance",
-        "status":"Approved",
-        "desc": "Description goes here"
-    },
-    {
-        "id": 2,
-        "requestor":"John Doe",
-        "email": "john@gmail.com",
-        "type": "repair",
-        "status":"Pending",
-        "desc": "Description goes here"
-    },
-    {
-        "id": 3,
-        "requestor":"Anto kish",
-        "email": "anto@gmail.com",
-        "type": "maintenance",
-        "status":"Pending",
-        "desc": "Description goes here"
-    },
-    {
-        "id": 4,
-        "requestor":"John Doe",
-        "email": "john@gmail.com",
-        "type": "maintenance",
-        "status":"Approved",
-        "desc": "Description goes here"
-    }
-]
-#login data
-dtlogin = [
-    {
-        "id": 1,
-        "username": "john@gmail.com",
-        "password": "pass"
-    },
-    {
-        "id": 2,
-        "username": "sue@gmail.com",
-        "password": "pass"
-    }
-
-]
-
-def find_by_username(username):
-    query = """SELECT username,password FROM tb_users WHERE username=(%s)"""
-
-    conn = None
-    result = None
-    try:
-        params = dbconfig(filename, section)
-        conn = psycopg2.connect(**params)
-
-        cur = conn.cursor()
-        cur.execute(query,(username,))
-
-        result = cur.fetchone()
-
-        #print(result)
-
-        cur.close()
-
-    except (Exception, psycopg2.DatabaseError) as error:
-        print(error)
-    finally:
-        if conn is not None:
-            conn.close()
-    return result
-
-def return_all():
-    query = """select array_to_json(array_agg(row_to_json(t))) from (  
-                SELECT * FROM tb_users) t"""
 
-    conn = None
-    result = None
-
-    try:
-        params = dbconfig(filename, section)
-
-        conn = psycopg2.connect(**params)
-
-        cur = conn.cursor()
-        cur.execute(query)
-
-        result = cur.fetchall()
-
-        cur.close()
-
-
-    except (Exception, psycopg2.DatabaseError) as error:
-        print (error)
-    finally:
-        if conn is not None:
-            conn.close()
-    return result
-
-current_user = find_by_username("antokish@gmail.com")
-
-if __name__ == '__main__':
-    #test_connection()
-    current_user[0]
-    print(return_all())
+

resources/auth/user_auth.py

@@ -4,7 +4,6 @@
 
 
 from flask import Flask, abort, request , jsonify, g, json
-from flask_httpauth import HTTPBasicAuth
 from flask_restful import Api, Resource, reqparse
 from resources.models import (insert_to_db, find_by_username, hash_password, verify_hash,
                             return_all)
@@ -13,7 +12,6 @@
 jwt_required, jwt_refresh_token_required,get_jwt_identity, get_raw_jwt)
 
 
-auth = HTTPBasicAuth
 
 #parsing incoming data
 parser = reqparse.RequestParser()
@@ -44,7 +42,7 @@ def post(self):
 
         if current_user is None:
             pass
-        elif current_user[0]==username:
+        elif current_user[1]==username:
             return{"message":"user {} already exist".format(username)}
 
         try:
@@ -71,7 +69,7 @@ class UserLogin(Resource):
 
     #login user
     def post(self):
-        self.data = parser.parse_args()
+        self.data = request.get_json(force=True)
 
         username = self.data['username']
         password = self.data['password']
@@ -81,7 +79,7 @@ def post(self):
         if current_user is None:
             return {"message": "user {} doesn\'t exist".format(username)}
 
-        if verify_hash(password, current_user[1]):
+        if verify_hash(password, current_user[2]):
             access_token = create_access_token(identity=username)
             refresh_token = create_refresh_token(identity=username)
             return {