From d15f7df65c95f41f12fb72795f0b1360bde115c0 Mon Sep 17 00:00:00 2001 From: IT Fixcomart Date: Fri, 18 Nov 2022 15:30:53 +0700 Subject: User activation request rest api --- indoteknik_api/controllers/api_v1/__init__.py | 2 +- indoteknik_api/controllers/api_v1/auth.py | 75 --------------- indoteknik_api/controllers/api_v1/user.py | 127 ++++++++++++++++++++++++++ 3 files changed, 128 insertions(+), 76 deletions(-) delete mode 100644 indoteknik_api/controllers/api_v1/auth.py create mode 100644 indoteknik_api/controllers/api_v1/user.py (limited to 'indoteknik_api/controllers/api_v1') diff --git a/indoteknik_api/controllers/api_v1/__init__.py b/indoteknik_api/controllers/api_v1/__init__.py index d3023594..af28675c 100644 --- a/indoteknik_api/controllers/api_v1/__init__.py +++ b/indoteknik_api/controllers/api_v1/__init__.py @@ -1,4 +1,3 @@ -from . import auth from . import banner from . import blog from . import cart @@ -8,4 +7,5 @@ from . import manufacture from . import product from . import promotion from . import sale_order +from . import user from . import wishlist \ No newline at end of file diff --git a/indoteknik_api/controllers/api_v1/auth.py b/indoteknik_api/controllers/api_v1/auth.py deleted file mode 100644 index e51431b1..00000000 --- a/indoteknik_api/controllers/api_v1/auth.py +++ /dev/null @@ -1,75 +0,0 @@ -from .. import controller -from odoo import http -from odoo.http import request -from odoo.tools.config import config - - -class Auth(controller.Controller): - prefix = '/api/v1/' - - @http.route(prefix + 'auth/login', auth='public', methods=['POST'], csrf=False) - def login(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - - email = kw.get('email') - password = kw.get('password') - if not email or not password: - return self.response(code=400, description='email and password is required') - - user = self.get_user(email) - if user and not user.active: - return self.response({ - 'is_auth': False, - 'reason': 'NOT_ACTIVE' - }) - - try: - uid = request.session.authenticate(config.get('db_name'), email, password) - user = request.env['res.users'].browse(uid) - return self.response({ - 'is_auth': True, - 'user': { - 'id': user.id, - 'name': user.name, - 'email': user.login, - 'external': user.share - } - }) - except: - return self.response({ - 'is_auth': False, - 'reason': 'NOT_FOUND' - }) - - @http.route(prefix + 'auth/register', auth='public', methods=['POST'], csrf=False) - def register(self, **kw): - if not self.authenticate(): - return self.response(code=401, description='Unauthorized') - - name = kw.get('name') - email = kw.get('email') - password = kw.get('password') - if not name or not email or not password: - return self.response(code=400, description='email and password is required') - - user = self.get_user(email) - - if user: - return self.response({ - 'register': False, - 'reason': 'EMAIL_USED' - }) - - user = request.env['res.users'].create({ - 'name': name, - 'login': email, - 'password': password, - 'active': False, - 'sel_groups_1_9_10': 9 - }) - - return self.response({'register': True}) - - def get_user(self, email): - return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) diff --git a/indoteknik_api/controllers/api_v1/user.py b/indoteknik_api/controllers/api_v1/user.py new file mode 100644 index 00000000..41581961 --- /dev/null +++ b/indoteknik_api/controllers/api_v1/user.py @@ -0,0 +1,127 @@ +from .. import controller +from odoo import http +from odoo.http import request +from odoo.tools.config import config +import random, string + + +class Auth(controller.Controller): + prefix = '/api/v1/' + + @http.route(prefix + 'user/login', auth='public', methods=['POST'], csrf=False) + def login(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + email = kw.get('email') + password = kw.get('password') + if not email or not password: + return self.response(code=400, description='email and password is required') + + user = self.get_user(email) + if user and not user.active: + return self.response({ + 'is_auth': False, + 'reason': 'NOT_ACTIVE' + }) + + try: + uid = request.session.authenticate(config.get('db_name'), email, password) + user = request.env['res.users'].browse(uid) + return self.response({ + 'is_auth': True, + 'user': { + 'id': user.id, + 'name': user.name, + 'email': user.login, + 'external': user.share + } + }) + except: + return self.response({ + 'is_auth': False, + 'reason': 'NOT_FOUND' + }) + + @http.route(prefix + 'user/register', auth='public', methods=['POST'], csrf=False) + def register(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + name = kw.get('name') + email = kw.get('email') + password = kw.get('password') + if not name or not email or not password: + return self.response(code=400, description='email, name and password is required') + + user = self.get_user(email) + + if user: + return self.response({ + 'register': False, + 'reason': 'EMAIL_USED' + }) + + user = request.env['res.users'].create({ + 'name': name, + 'login': email, + 'password': password, + 'active': False, + 'sel_groups_1_9_10': 9 + }) + + return self.response({'register': True}) + + def get_user(self, email): + return request.env['res.users'].search([('login', '=', email), ('active', 'in', [True, False])]) + + @http.route(prefix + 'user/activation-request', auth='public', methods=['POST'], csrf=False) + def request_activation_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + email = kw.get('email') + user = self.get_user(email) + if not user: + return self.response({'activation_request': False, 'reason': 'NOT_FOUND'}) + + if user.active: + return self.response({'activation_request': False, 'reason': 'ACTIVE'}) + + token_source = string.ascii_letters + string.digits + user.activation_token = ''.join(random.choice(token_source) for i in range(20)) + return self.response({ + 'activation_request': True, + 'token': user.activation_token, + 'user': { + 'id': user.id, + 'name': user.name, + 'email': user.login, + 'external': user.share + } + }) + + @http.route(prefix + 'user/activation', auth='public', methods=['POST'], csrf=False) + def activation_user(self, **kw): + if not self.authenticate(): + return self.response(code=401, description='Unauthorized') + + token = kw.get('token') + if not token: + return self.response(code=400, description='token is required') + + user = request.env['res.users'].search([('activation_token', '=', token), ('active', '=', False)], limit=1) + if not user: + return self.response({'activation': False, 'reason': 'INVALID_TOKEN'}) + + user.active = True + user.activation_token = '' + return self.response({ + 'activation': True, + 'user': { + 'id': user.id, + 'name': user.name, + 'email': user.login, + 'external': user.share + } + }) \ No newline at end of file -- cgit v1.2.3