From 3cae188ec17df24e8205c43c72e91b358e836452 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 15:17:44 +0700 Subject: use jwt and api user update --- indoteknik_api/controllers/api_v1/user.py | 85 +++++++++++++++++++++---------- 1 file changed, 59 insertions(+), 26 deletions(-) (limited to 'indoteknik_api/controllers/api_v1/user.py') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 41581961..0e87144a 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -3,10 +3,35 @@ from odoo import http from odoo.http import request from odoo.tools.config import config import random, string +import jwt class Auth(controller.Controller): prefix = '/api/v1/' + jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" + + def get_user_by_email(self, email): + return request.env['res.users'].search([ + ('login', '=', email), + ('active', 'in', [True, False]) + ]) + + def create_user_token(self, user): + return jwt.encode({'id': user.id}, self.jwt_secret_key) + + def verify_user_token(self, user, token): + try: + user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) + if user.id != user_token['id']: + return False + return True + except: + return False + + def response_with_token(self, user): + data = request.env['res.users'].api_single_response(user) + data['token'] = self.create_user_token(user) + return data @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) def login(self, **kw): @@ -18,7 +43,7 @@ class Auth(controller.Controller): if not email or not password: return self.response(code=400, description='email and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user and not user.active: return self.response({ 'is_auth': False, @@ -28,15 +53,11 @@ class Auth(controller.Controller): try: uid = request.session.authenticate(config.get('db_name'), email, password) user = request.env['res.users'].browse(uid) - return self.response({ + data = { 'is_auth': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } - }) + 'user': self.response_with_token(user) + } + return self.response(data) except: return self.response({ 'is_auth': False, @@ -54,7 +75,7 @@ class Auth(controller.Controller): if not name or not email or not password: return self.response(code=400, description='email, name and password is required') - user = self.get_user(email) + user = self.get_user_by_email(email) if user: return self.response({ @@ -72,16 +93,13 @@ class Auth(controller.Controller): return self.response({'register': True}) - def get_user(self, email): - return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) - @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) def request_activation_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') email = kw.get('email') - user = self.get_user(email) + user = self.get_user_by_email(email) if not user: return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) @@ -93,14 +111,34 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } }) + + @http.route(prefix + 'user/', auth='public', methods=['PUT'], csrf=False) + def update_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + if not id: + return self.response(code=400, description='id is required') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + token = kw.get('token') + is_verify = self.verify_user_token(user, token) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] + for field in allowed_field: + user[field] = kw.get(field, '') + return self.response({ + 'user': self.response_with_token(user) + }) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): @@ -118,10 +156,5 @@ class Auth(controller.Controller): user.activation_token = '' return self.response({ 'activation': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } + 'user': self.response_with_token(user) }) \ No newline at end of file -- cgit v1.2.3 From 56a0859b06725642ccca6f956147ee87a9d7e6a8 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 16:04:15 +0700 Subject: Validation --- indoteknik_api/controllers/api_v1/user.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'indoteknik_api/controllers/api_v1/user.py') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 0e87144a..31ec8a96 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -133,7 +133,9 @@ class Auth(controller.Controller): allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] for field in allowed_field: - user[field] = kw.get(field, '') + field_value = kw.get(field) + if field_value: + user[field] = field_value return self.response({ 'user': self.response_with_token(user) -- cgit v1.2.3 From 3d13c85ef615a88a6bdce454904bf0a3cda08690 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Wed, 21 Dec 2022 16:52:43 +0700 Subject: update user cors --- indoteknik_api/controllers/api_v1/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'indoteknik_api/controllers/api_v1/user.py') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 31ec8a96..46ac82ae 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -113,7 +113,7 @@ class Auth(controller.Controller): 'token': user.activation_token, }) - @http.route(prefix + 'user/', auth='public', methods=['PUT'], csrf=False) + @http.route(prefix + 'user/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) def update_user(self, **kw): if not self.authenticate(): return self.response(code=401, description='Unauthorized') @@ -131,7 +131,7 @@ class Auth(controller.Controller): if not is_verify: return self.response(code=401, description='Unauthorized') - allowed_field = ['name', 'email', 'phone', 'mobile', 'password'] + allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) if field_value: -- cgit v1.2.3 From 01a5286fd37137879b702fbb333a3f0cdf21e172 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Mon, 26 Dec 2022 10:46:17 +0700 Subject: Fix bug api account activation request --- indoteknik_api/controllers/api_v1/user.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'indoteknik_api/controllers/api_v1/user.py') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 46ac82ae..0477c134 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -111,6 +111,7 @@ class Auth(controller.Controller): return self.response({ 'activation_request': True, 'token': user.activation_token, + 'user': request.env['res.users'].api_single_response(user) }) @http.route(prefix + 'user/', auth='public', methods=['PUT', 'OPTIONS'], csrf=False) @@ -134,8 +135,7 @@ class Auth(controller.Controller): allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) - if field_value: - user[field] = field_value + user[field] = field_value return self.response({ 'user': self.response_with_token(user) -- cgit v1.2.3 From f4119b3e936af798138f57df5a4b8294536255a1 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Mon, 26 Dec 2022 10:56:23 +0700 Subject: Fix update user --- indoteknik_api/controllers/api_v1/user.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'indoteknik_api/controllers/api_v1/user.py') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 0477c134..1b47e1b0 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -135,7 +135,8 @@ class Auth(controller.Controller): allowed_field = ['name', 'phone', 'mobile', 'password'] for field in allowed_field: field_value = kw.get(field) - user[field] = field_value + if field_value or field_value == '': + user[field] = field_value return self.response({ 'user': self.response_with_token(user) -- cgit v1.2.3 From 2f4860787fc09d07cf538bb73f897c9b897b025e Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Tue, 27 Dec 2022 17:25:32 +0700 Subject: Update verify user token and get user address api --- indoteknik_api/controllers/api_v1/user.py | 32 ++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) (limited to 'indoteknik_api/controllers/api_v1/user.py') diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py index 1b47e1b0..3080be7d 100644 --- a/indoteknik_api/controllers/api_v1/user.py +++ b/indoteknik_api/controllers/api_v1/user.py @@ -6,7 +6,7 @@ import random, string import jwt -class Auth(controller.Controller): +class User(controller.Controller): prefix = '/api/v1/' jwt_secret_key = "NTNv7j0TuYARvmNMmWXo6fKvM4o6nvaUi9ryX38ZHL1bkrnD1ObOQ8JAUmHCBq7Iy7otZcyAagBLHVKvvYaIpmMuxmARQ97jUVG16Jkpkp1wXOPsrF9zwew6TpczyHkHgX5EuLg2MeBuiTqJACs1J0apruOOJCggOtkjB4c" @@ -19,10 +19,11 @@ class Auth(controller.Controller): def create_user_token(self, user): return jwt.encode({'id': user.id}, self.jwt_secret_key) - def verify_user_token(self, user, token): + def verify_user_token(self, user_id): try: + token = request.httprequest.environ['HTTP_TOKEN'] user_token = jwt.decode(token, self.jwt_secret_key, algorithms=['HS256']) - if user.id != user_token['id']: + if int(user_id) != user_token['id']: return False return True except: @@ -120,15 +121,12 @@ class Auth(controller.Controller): return self.response(code=401, description='Unauthorized') id = kw.get('id') - if not id: - return self.response(code=400, description='id is required') user = request.env['res.users'].search([('id', '=', id)], limit=1) if not user: return self.response(code=400, description='User not found') - token = kw.get('token') - is_verify = self.verify_user_token(user, token) + is_verify = self.verify_user_token(id) if not is_verify: return self.response(code=401, description='Unauthorized') @@ -142,6 +140,26 @@ class Auth(controller.Controller): 'user': self.response_with_token(user) }) + @http.route(prefix + 'user//address', auth='public', methods=['GET', 'OPTIONS']) + def get_user_address_by_id(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + id = kw.get('id') + + user = request.env['res.users'].search([('id', '=', id)], limit=1) + if not user: + return self.response(code=400, description='User not found') + + is_verify = self.verify_user_token(id) + if not is_verify: + return self.response(code=401, description='Unauthorized') + + partners = [user] + [x for x in user.child_ids] + address = [request.env['res.users'].api_address_response(x) for x in partners] + + return self.response(address) + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) def activation_user(self, **kw): if not self.authenticate(): -- cgit v1.2.3