fixed complete participant download and removed all TODOs regarding

token verifikation. Also removed the /verify call since it is now covered by /login.

misc/index.yaml

@@ -18,26 +18,7 @@ servers:
     description: "Test server self-hosted by yours truly"
 
 paths:
-  # tutorial: https://idratherbewriting.com/learnapidoc/pubapis_openapi_step4_paths_object.html
-  /verify:    
-    get:
-      summary: Returns a session key if successful
-      responses:
-        200:
-          description: Successful response
-          content:
-            application/json:
-              schema:
-                title: Session key
-                type: string
-        400:
-          $ref: '#/components/responses/400'
-        403:
-          $ref: '#/components/responses/403'
-        500:
-          $ref: '#/components/responses/500'
-        503:
-          $ref: '#/components/responses/503' 
+  # tutorial: https://idratherbewriting.com/learnapidoc/pubapis_openapi_step4_paths_object.html    
 
   /shipcalls:
     get:
@@ -127,8 +108,8 @@ paths:
       parameters:
         - name: user_id
           in: query
-          required: true
-          description: "**Id of user**. *Example: 2*. User id returned by verify call."
+          required: false
+          description: "**Id of user**. *Example: 2*. User id returned by login call. No parameter returns all participants."
           schema:
             type: integer
       responses:

src/server/BreCal/__init__.py

@@ -5,7 +5,6 @@ import logging
 from . import local_db
 
 from .api import shipcalls
-from .api import verify
 from .api import participant
 from .api import times
 from .api import notifications
@@ -34,7 +33,6 @@ def create_app(test_config=None):
 
     # Add blueprints
     app.register_blueprint(shipcalls.bp)
-    app.register_blueprint(verify.bp)
     app.register_blueprint(participant.bp)
     app.register_blueprint(times.bp)
     app.register_blueprint(notifications.bp)

src/server/BreCal/api/berths.py

@@ -4,7 +4,6 @@ from .. import impl
 from ..services.auth_guard import auth_guard
 import json
 
-
 bp = Blueprint('berths', __name__)
 
 
@@ -13,8 +12,7 @@ bp = Blueprint('berths', __name__)
 def GetBerths():
 
     if 'Authorization' in request.headers:
-        token = request.headers.get('Authorization')
-        # TODO: verify token
+        token = request.headers.get('Authorization')        
         return impl.berths.GetBerths(token)
     else:
         return json.dumps("not authenticated"), 403

src/server/BreCal/api/notifications.py

@@ -11,8 +11,6 @@ bp = Blueprint('notifications', __name__)
 @auth_guard() # no restriction by role
 def GetNotifications():
 
-    # TODO: verify token
-
     if 'participant_id' in request.args:
         options = {}
         options["participant_id"] = request.args.get("participant_id")

src/server/BreCal/api/participant.py

@@ -10,8 +10,7 @@ bp = Blueprint('participant', __name__)
 def GetParticipant():
 
     if 'Authorization' in request.headers:
-        token = request.headers.get('Authorization')
-        # TODO: verify token
+        token = request.headers.get('Authorization')        
         options = {}
         options["user_id"] = request.args.get("user_id")
         return impl.participant.GetParticipant(options)

src/server/BreCal/api/shipcalls.py

@@ -10,8 +10,6 @@ import json
 
 bp = Blueprint('shipcalls', __name__)
 
-# TODO: verify token
-
 @bp.route('/shipcalls', methods=['get'])
 @auth_guard() # no restriction by role
 def GetShipcalls():

src/server/BreCal/api/ships.py

@@ -5,7 +5,6 @@ import json
 
 bp = Blueprint('ships', __name__)
 
-
 @bp.route('/ships', methods=['get'])
 @auth_guard() # no restriction by role
 def GetShips():

src/server/BreCal/api/verify.py

@@ -1,18 +0,0 @@
-from flask import Blueprint, request
-from webargs.flaskparser import parser
-from ..schemas import model
-from .. import impl
-import json
-import logging
-
-bp = Blueprint('verify', __name__)
-
-
-@bp.route('/verify', methods=['get'])
-def GetVerify():
-    if 'X-Api-Key' in request.headers:
-        apikey = request.headers.get('X-Api-Key')
-        return impl.verify.GetVerify(apikey)
-    else:
-        logging.warning("call without api key")
-        return json.dumps("missing api key"), 403

src/server/BreCal/impl/__init__.py

@@ -3,6 +3,5 @@ from . import notifications
 from . import participant
 from . import shipcalls
 from . import times
-from . import verify
 from . import ships
 from . import login

src/server/BreCal/impl/login.py

@@ -28,7 +28,8 @@ def GetUser(options):
                         "user_phone": data[0].user_phone
                     }
                     token = jwt_handler.generate_jwt(payload=result, lifetime=60) # generate token valid 60 mins
-                    return token, 200
+                    result["token"] = token # add token to user data
+                    return json.dumps(result), 200
 
             if len(data) > 1:
                 return json.dumps("credential lookup mismatch"), 500

src/server/BreCal/impl/participant.py

@@ -8,14 +8,17 @@ from .. import local_db
 def GetParticipant(options):
     """
     :param options: A dictionary containing all the paramters for the Operations
-        options["user_id"]: **Id of user**. *Example: 2*. User id returned by verify call.
+        options["user_id"]: **Id of user**. *Example: 2*. User id returned by login call.
 
     """
     # TODO: validate token
 
     try:
         commands = pydapper.using(local_db.connection_pool)
-        data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM participant p INNER JOIN user u WHERE u.participant_id = p.id and u.id = ?userid?", model=model.Participant, param={"userid" : options["user_id"]})
+        if "user_id" in options and options["user_id"]:
+            data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM  p INNER JOIN user u WHERE u.participant_id = p.id and u.id = ?userid?", model=model.Participant, param={"userid" : options["user_id"]})            
+        else:
+            data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM participant p ORDER BY p.name", model=model.Participant)
 
     except Exception as ex:
         logging.error(ex)

src/server/BreCal/impl/verify.py

@@ -1,33 +0,0 @@
-import json
-import logging
-import pydapper
-
-from ..schemas import model
-from ..schemas import __init__
-
-def GetVerify(apikey):
-  """
-  :param apikey: the api-key registered with the user
-  """
-
-  if not apikey:
-    return json.dumps("missing api key"), 400
-
-  sentinel = object()
-  try:
-    commands = pydapper.using(__init__.connection_pool)
-    data = commands.query_single_or_default("SELECT id from `user` WHERE api_key=?api_key?", default=sentinel, model=model.User, param={"api_key" : apikey})
-    if(data is sentinel):
-      return json.dumps("wrong api key", 403)
-
-  except Exception as ex:
-    logging.error(ex)
-    return json.dumps("logon failed"), 500
-
-
-  # TODO: user authenticated: Create,store and transmit JWT token
-
-  return json.dumps("<integer>"), 200
-
-
-