added a user login

misc/add_user.py

@@ -0,0 +1,32 @@
+import mysql.connector
+import os
+import json
+import bcrypt
+
+config_path = '../src/server/BreCal/connection_data.json'
+print (os.getcwd())
+if not os.path.exists(config_path):
+    print ('cannot find ' + config_path)
+    exit(1)
+
+f = open(config_path);
+connection_data = json.load(f)
+mydb = mysql.connector.connect(host=connection_data["host"], user=connection_data["user"],
+                               password = connection_data["password"], database=connection_data["database"])
+print(mydb)
+
+# insert a new user
+participant_id = 1
+first_name = "Londo"
+last_name = "Mollari"
+user_name = "Londo"
+user_email = "l.mollari@centauri.gov"
+user_phone = "+01 555 324 2313"
+password = "Hallowach"
+password_hash = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt( 12 )).decode('utf8')
+
+query = "INSERT INTO user (participant_id, first_name, last_name, user_name,  user_email, user_phone, password_hash) VALUES (" + str(participant_id) + ",\"" + first_name + "\",\"" + last_name + "\",\"" + user_name + "\",\"" + user_email + "\",\"" + user_phone + "\",\"" + password_hash + "\")"
+with mydb.cursor() as cursor:
+    cursor.execute(query)
+    mydb.commit()
+

misc/create_schema.sql

@@ -19,6 +19,8 @@ CREATE TABLE `user` (
   `first_name` varchar(45) DEFAULT NULL,
   `last_name` varchar(45) DEFAULT NULL,
   `user_name` varchar(45) DEFAULT NULL,
+  `user_email` varchar(128) DEFAULT NULL,
+  `user_phone` varchar(128) DEFAULT NULL,
   `password_hash` varchar(128) DEFAULT NULL,
   `api_key` varchar(256) DEFAULT NULL,
   `created` DATETIME NULL DEFAULT current_timestamp(),

src/server/BreCal/__init__.py

@@ -12,6 +12,7 @@ from .api import times
 from .api import notifications
 from .api import berths
 from .api import ships
+from .api import login
 
 sessions = dict()
 
@@ -40,6 +41,7 @@ def create_app(test_config=None):
     app.register_blueprint(notifications.bp)
     app.register_blueprint(berths.bp)
     app.register_blueprint(ships.bp)
+    app.register_blueprint(login.bp)
 
     logging.basicConfig(filename='brecal.log', level=logging.DEBUG, format='%(asctime)s | %(name)s | %(levelname)s | %(message)s')
     local_db.initPool()

src/server/BreCal/api/login.py

@@ -0,0 +1,16 @@
+from flask import Blueprint, request
+from flask_jwt_extended import create_access_token
+from webargs.flaskparser import parser
+from ..schemas import model
+from .. import impl
+import json
+import logging
+
+bp = Blueprint('login', __name__)
+
+
+@bp.route('/login', methods=['post'])
+def Logon():
+
+    options = request.get_json(force=True)
+    return impl.login.GetUser(options)

src/server/BreCal/impl/__init__.py

@@ -5,3 +5,4 @@ from . import shipcalls
 from . import times
 from . import verify
 from . import ships
+from . import login

src/server/BreCal/impl/login.py

@@ -0,0 +1,40 @@
+import json
+import logging
+import pydapper
+import bcrypt
+
+from ..schemas import model
+from .. import local_db
+
+def GetUser(options):
+
+    try:
+        if "password" in options and "username" in options:
+            hash = bcrypt.hashpw(options["password"].encode('utf-8'), bcrypt.gensalt( 12 )).decode('utf8')
+
+            commands = pydapper.using(local_db.connection_pool)
+            data = commands.query("SELECT id, participant_id, first_name, last_name, user_name, user_email, user_phone, password_hash, api_key FROM user WHERE user_name = ?username? OR user_email = ?username?",
+                                  model=model.User, param={"username" : options["username"]})
+            print(data)
+            if len(data) == 1:
+                if bcrypt.checkpw(options["password"].encode("utf-8"), bytes(data[0].password_hash, "utf-8")):
+                    return json.dumps({ "id": data[0].id,
+                                   "participant_id": data[0].participant_id,
+                                   "first_name": data[0].first_name,
+                                   "last_name": data[0].last_name,
+                                   "user_name": data[0].user_name,
+                                   "user_phone": data[0].user_phone}), 200
+
+            if len(data) > 1:
+                return json.dumps("credential lookup mismatch"), 500
+
+            return json.dumps("invalid credentials"), 403
+
+    except Exception as ex:
+        logging.error(ex)
+        print(ex)
+        return json.dumps("call failed"), 500
+
+# $2b$12$uWLE0r32IrtCV30WkMbVwOdltgeibymZyYAf4ZnQb2Bip8hrkGGwG
+# $2b$12$.vEapj9xU8z0RK0IpIGeYuRIl0ktdMt4XdJQBhVn.3K2hmvm7qD3y
+# $2b$12$yL3PiseU70ciwEuMVM4OtuMwR6tNuIT9vvBiBG/uyMrPxa16E2Zqu

src/server/BreCal/local_db.py

@@ -22,7 +22,7 @@ def initPool():
         connection_pool = mysql.connector.connect(**connection_data)
 
         commands = pydapper.using(connection_pool)
-        data = commands.query_single("SELECT id from `user`")
+        data = commands.query("SELECT id from `user`")
         print("DB connection successful")
 
     except mysql.connector.PoolError as e:

src/server/BreCal/schemas/model.py

@@ -142,7 +142,18 @@ class Times:
     created: datetime
     modified: datetime
 
-
+@dataclass
+class User:
+    
+    id: int
+    participant_id: int
+    first_name: str
+    last_name: str
+    user_name: str
+    user_email: str
+    user_phone: str
+    password_hash: str
+    api_key: str
 
 @dataclass
 class Ship(Schema):
@@ -173,12 +184,3 @@ class Shipcalls(Shipcall):
 
 class TimesList(Times):
     pass
-
-class User(Schema):
-    id = fields.Int()
-    participant_id = fields.Int()
-    first_name = fields.String()
-    last_name = fields.String()
-    user_name = fields.String()
-    password_hash = fields.String()
-    api_key = fields.String()