diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2022-12-21 15:17:44 +0700 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2022-12-21 15:17:44 +0700 |
| commit | 3cae188ec17df24e8205c43c72e91b358e836452 (patch) | |
| tree | 191d348efde4b540c035fda70bf889b49f596730 | |
| parent | a553bc46cd42aa5e56a9e438d959c32bd70d10b4 (diff) | |
use jwt and api user update
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 85 | ||||
| -rw-r--r-- | indoteknik_api/models/__init__.py | 1 | ||||
| -rw-r--r-- | indoteknik_api/models/res_users.py | 18 |
3 files changed, 78 insertions, 26 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 41581961..0e87144a 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -3,10 +3,35 @@ from odoo import http from odoo.http import request from odoo.tools.config import config import random, string +import jwt class Auth(controller.Controller): prefix = '/api/v1/' + jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" + + def get_user_by_email(self, email): + return request.env['res.users'].search([ + ('login', '=', email), + ('active', 'in', [True, False]) + ]) + + def create_user_token(self, user): + return jwt.encode({'id': user.id}, self.jwt_secret_key) + + def verify_user_token(self, user, token): + try: + user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) + if user.id != user_token['id']: + return False + return True + except: + return False + + def response_with_token(self, user): + data = request.env['res.users'].api_single_response(user) + data['token'] = self.create_user_token(user) + return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) def login(self, **kw): @@ -18,7 +43,7 @@ class Auth(controller.Controller): if not email or not password: return self.response(code=400, description='email and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user and not user.active: return self.response({ 'is_auth': False, @@ -28,15 +53,11 @@ class Auth(controller.Controller): try: uid = request.session.authenticate(config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) - return self.response({ + data = { 'is_auth': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } - }) + 'user': self.response_with_token(user) + } + return self.response(data) except: return self.response({ 'is_auth': False, @@ -54,7 +75,7 @@ class Auth(controller.Controller): if not name or not email or not password: return self.response(code=400, description='email, name and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user: return self.response({ @@ -72,16 +93,13 @@ class Auth(controller.Controller): return self.response({'register': True}) - def get_user(self, email): - return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) - @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) def request_activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') - user = self.get_user(email) + user = self.get_user_by_email(email) if not user: return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) @@ -93,14 +111,34 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } }) + + @http.route(prefix + 'user/<id>', auth='public', methods=['PUT'], csrf=False) + def update_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + if not id: + return self.response(code=400, description='id is required') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + token = kw.get('token') + is_verify = self.verify_user_token(user, token) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] + for field in allowed_field: + user[field] = kw.get(field, '') + return self.response({ + 'user': self.response_with_token(user) + }) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): @@ -118,10 +156,5 @@ class Auth(controller.Controller): user.activation_token = '' return self.response({ 'activation': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': self.response_with_token(user) })
\ No newline at end of file diff --git a/indoteknik_api/models/__init__.py b/indoteknik_api/models/__init__.py index 25f6997f..3e00e2f0 100644 --- a/indoteknik_api/models/__init__.py +++ b/indoteknik_api/models/__init__.py @@ -2,4 +2,5 @@ from . import blog_post from . import product_pricelist from . import product_product from . import product_template +from . import res_users from . import x_manufactures
\ No newline at end of file diff --git a/indoteknik_api/models/res_users.py b/indoteknik_api/models/res_users.py new file mode 100644 index 00000000..608ec4df --- /dev/null +++ b/indoteknik_api/models/res_users.py @@ -0,0 +1,18 @@ +from odoo import models + + +class ResUsers(models.Model): + _inherit = 'res.users' + + def api_single_response(self, res_user, with_detail=''): + data = { + 'id': res_user.id, + 'name': res_user.name, + 'email': res_user.login, + 'phone': res_user.phone or '', + 'mobile': res_user.mobile or '', + 'external': res_user.share + } + + return data + |