diff options
| author | IT Fixcomart <it@fixcomart.co.id> | 2023-01-05 04:26:58 +0000 |
|---|---|---|
| committer | IT Fixcomart <it@fixcomart.co.id> | 2023-01-05 04:26:58 +0000 |
| commit | d37c78617706d6313bf8c40277d56028f0f28a07 (patch) | |
| tree | d46e635d9977350d7414248fc9b5a375fd00f3e0 /indoteknik_api/controllers/api_v1/user.py | |
| parent | f56ff7fb53e25c188663f643f06691d8d71bd34a (diff) | |
| parent | 9a3a8c37b65d6017bae50d56b4c5bd1ea641a3b1 (diff) | |
Merged in staging (pull request #14)
Staging
Diffstat (limited to 'indoteknik_api/controllers/api_v1/user.py')
| -rw-r--r-- | indoteknik_api/controllers/api_v1/user.py | 108 |
1 files changed, 81 insertions, 27 deletions
diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 41581961..3080be7d 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -3,10 +3,36 @@ from odoo import http from odoo.http import request from odoo.tools.config import config import random, string +import jwt -class Auth(controller.Controller): +class User(controller.Controller): prefix = '/api/v1/' + jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" + + def get_user_by_email(self, email): + return request.env['res.users'].search([ + ('login', '=', email), + ('active', 'in', [True, False]) + ]) + + def create_user_token(self, user): + return jwt.encode({'id': user.id}, self.jwt_secret_key) + + def verify_user_token(self, user_id): + try: + token = request.httprequest.environ['HTTP_TOKEN'] + user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) + if int(user_id) != user_token['id']: + return False + return True + except: + return False + + def response_with_token(self, user): + data = request.env['res.users'].api_single_response(user) + data['token'] = self.create_user_token(user) + return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) def login(self, **kw): @@ -18,7 +44,7 @@ class Auth(controller.Controller): if not email or not password: return self.response(code=400, description='email and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user and not user.active: return self.response({ 'is_auth': False, @@ -28,15 +54,11 @@ class Auth(controller.Controller): try: uid = request.session.authenticate(config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) - return self.response({ + data = { 'is_auth': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } - }) + 'user': self.response_with_token(user) + } + return self.response(data) except: return self.response({ 'is_auth': False, @@ -54,7 +76,7 @@ class Auth(controller.Controller): if not name or not email or not password: return self.response(code=400, description='email, name and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user: return self.response({ @@ -72,16 +94,13 @@ class Auth(controller.Controller): return self.response({'register': True}) - def get_user(self, email): - return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) - @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) def request_activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') - user = self.get_user(email) + user = self.get_user_by_email(email) if not user: return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) @@ -93,14 +112,54 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': request.env['res.users'].api_single_response(user) }) + + @http.route(prefix + 'user/<id>', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) + def update_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + allowed_field = ['name', 'phone', 'mobile', 'password'] + for field in allowed_field: + field_value = kw.get(field) + if field_value or field_value == '': + user[field] = field_value + + return self.response({ + 'user': self.response_with_token(user) + }) + + @http.route(prefix + 'user/<id>/address', auth='public', methods=['GET', 'OPTIONS']) + def get_user_address_by_id(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + partners = [user] + [x for x in user.child_ids] + address = [request.env['res.users'].api_address_response(x) for x in partners] + + return self.response(address) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): @@ -118,10 +177,5 @@ class Auth(controller.Controller): user.activation_token = '' return self.response({ 'activation': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': self.response_with_token(user) })
\ No newline at end of file |