from geruecht import app, LOGGER from geruecht.exceptions import PermissionDenied import geruecht.controller.accesTokenController as ac import geruecht.controller.userController as uc from geruecht.model import MONEY, BAR, USER, GASTRO from flask import request, jsonify accesTokenController = ac.AccesTokenController() userController = uc.UserController() def login(user, password): return user.login(password) @app.route("/valid") def _valid(): token = request.headers.get("Token") accToken = accesTokenController.validateAccessToken(token, [MONEY]) if accToken: return jsonify(accToken.user.toJSON()) accToken = accesTokenController.validateAccessToken(token, [BAR]) if accToken: return jsonify(accToken.user.toJSON()) accToken = accesTokenController.validateAccessToken(token, [GASTRO]) if accToken: return jsonify(accToken.user.toJSON()) accToken = accesTokenController.validateAccessToken(token, [USER]) if accToken: return jsonify(accToken.user.toJSON()) return jsonify({"error": "permission denied"}), 401 @app.route("/pricelist", methods=['GET']) def _getPricelist(): try: retVal = userController.getPricelist() print(retVal) return jsonify(retVal) except Exception as err: return jsonify({"error": str(err)}) @app.route("/login", methods=['POST']) def _login(): """ Login User Nothing to say. Login in User and create an AccessToken for the User. Returns: A JSON-File with createt Token or Errors """ LOGGER.info("Start log in.") data = request.get_json() print(data) LOGGER.debug("JSON from request: {}".format(data)) username = data['username'] password = data['password'] LOGGER.info("search {} in database".format(username)) try: user, ldap_conn = userController.loginUser(username, password) user.password = password token = accesTokenController.createAccesToken(user, ldap_conn) dic = accesTokenController.validateAccessToken(token, [USER]).user.toJSON() dic["token"] = token dic["accessToken"] = token LOGGER.info("User {} success login.".format(username)) return jsonify(dic) except PermissionDenied as err: return jsonify({"error": str(err)}), 401 except Exception: return jsonify({"error": "permission denied"}), 401 LOGGER.info("User {} does not exist.".format(username)) return jsonify({"error": "wrong username"}), 401