User activation request rest api

author: IT Fixcomart <it@fixcomart.co.id> 2022-11-18 15:30:53 +0700
committer: IT Fixcomart <it@fixcomart.co.id> 2022-11-18 15:30:53 +0700
commit: d15f7df65c95f41f12fb72795f0b1360bde115c0 (patch)
tree: b8ceb62ffddc32a67f8c40ebe11cb42585255b47 /indoteknik_api/controllers/api_v1/user.py
parent: 4b077e2a3796fb075840307a42e89d8a73eebe11 (diff)
1 files changed, 127 insertions, 0 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py
new file mode 100644
index 00000000..41581961
--- /dev/null
+++ b/indoteknik_api/controllers/api_v1/user.py
@@ -0,0 +1,127 @@
+from .. import controller
+from odoo import http
+from odoo.http import request
+from odoo.tools.config import config
+import random, string
+
+
+class Auth(controller.Controller):
+    prefix = '/api/v1/'
+    
+    @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False)
+    def login(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        email = kw.get('email')
+        password = kw.get('password')
+        if not email or not password:
+            return self.response(code=400, description='email and password is required')
+        
+        user = self.get_user(email)
+        if user and not user.active:
+            return self.response({
+                'is_auth': False,
+                'reason': 'NOT_ACTIVE'
+            })
+        
+        try:
+            uid = request.session.authenticate(config.get('db_name'), email, password)
+            user = request.env['res.users'].browse(uid)
+            return self.response({
+                'is_auth': True, 
+                'user': {
+                    'id': user.id,
+                    'name': user.name,
+                    'email': user.login,
+                    'external': user.share
+                }
+            })
+        except:
+            return self.response({
+                'is_auth': False,
+                'reason': 'NOT_FOUND'
+            })
+    
+    @http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False)
+    def register(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        name = kw.get('name')
+        email = kw.get('email')
+        password = kw.get('password')
+        if not name or not email or not password:
+            return self.response(code=400, description='email, name and password is required')
+        
+        user = self.get_user(email)
+        
+        if user:
+            return self.response({
+                'register': False,
+                'reason': 'EMAIL_USED'
+            })
+        
+        user = request.env['res.users'].create({
+            'name': name,
+            'login': email,
+            'password': password,
+            'active': False,
+            'sel_groups_1_9_10': 9
+        })
+        
+        return self.response({'register': True})
+    
+    def get_user(self, email):
+        return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])])
+    
+    @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False)
+    def request_activation_user(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        email = kw.get('email')
+        user = self.get_user(email)
+        if not user:
+            return self.response({'activation_request': False, 'reason': 'NOT_FOUND'})
+        
+        if user.active:
+            return self.response({'activation_request': False, 'reason': 'ACTIVE'})
+        
+        token_source = string.ascii_letters + string.digits
+        user.activation_token = ''.join(random.choice(token_source) for i in range(20))
+        return self.response({
+            'activation_request': True,
+            'token': user.activation_token,
+            'user': {
+                'id': user.id,
+                'name': user.name,
+                'email': user.login,
+                'external': user.share
+            }
+        })
+        
+    @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False)
+    def activation_user(self, **kw):
+        if not self.authenticate():
+            return self.response(code=401, description='Unauthorized')
+        
+        token = kw.get('token')
+        if not token:
+            return self.response(code=400, description='token is required')
+        
+        user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1)
+        if not user:
+            return self.response({'activation': False, 'reason': 'INVALID_TOKEN'})
+        
+        user.active = True
+        user.activation_token = ''
+        return self.response({
+            'activation': True,
+            'user': {
+                'id': user.id,
+                'name': user.name,
+                'email': user.login,
+                'external': user.share
+            }
+        })
+\ No newline at end of file
author	IT Fixcomart <it@fixcomart.co.id>	2022-11-18 15:30:53 +0700
committer	IT Fixcomart <it@fixcomart.co.id>	2022-11-18 15:30:53 +0700
commit	d15f7df65c95f41f12fb72795f0b1360bde115c0 (patch)
tree	b8ceb62ffddc32a67f8c40ebe11cb42585255b47 /indoteknik_api/controllers/api_v1/user.py
parent	4b077e2a3796fb075840307a42e89d8a73eebe11 (diff)