fixed complete participant download and removed all TODOs regarding

token verifikation. Also removed the /verify call since it is now covered by /login.
2023-07-11 15:46:17 +02:00 · 2023-07-11 15:46:17 +02:00 · 5544d0126d
commit 5544d0126d
parent 0eb6fd7a20
12 changed files with 12 additions and 89 deletions
--- a/misc/index.yaml
+++ b/misc/index.yaml
@ -18,26 +18,7 @@ servers:
    description: "Test server self-hosted by yours truly"
 paths:
-  # tutorial: https://idratherbewriting.com/learnapidoc/pubapis_openapi_step4_paths_object.html
+  # tutorial: https://idratherbewriting.com/learnapidoc/pubapis_openapi_step4_paths_object.html    
  /verify:    
    get:
      summary: Returns a session key if successful
      responses:
        200:
          description: Successful response
          content:
            application/json:
              schema:
                title: Session key
                type: string
        400:
          $ref: '#/components/responses/400'
        403:
          $ref: '#/components/responses/403'
        500:
          $ref: '#/components/responses/500'
        503:
          $ref: '#/components/responses/503' 
  /shipcalls:
    get:
@ -127,8 +108,8 @@ paths:
      parameters:
        - name: user_id
          in: query
-          required: true
+          required: false
-          description: "**Id of user**. *Example: 2*. User id returned by verify call."
+          description: "**Id of user**. *Example: 2*. User id returned by login call. No parameter returns all participants."
          schema:
            type: integer
      responses:
--- a/src/server/BreCal/init.py
+++ b/src/server/BreCal/init.py
@ -5,7 +5,6 @@ import logging
 from . import local_db
 from .api import shipcalls
 from .api import verify
 from .api import participant
 from .api import times
 from .api import notifications
@ -34,7 +33,6 @@ def create_app(test_config=None):
    # Add blueprints
    app.register_blueprint(shipcalls.bp)
    app.register_blueprint(verify.bp)
    app.register_blueprint(participant.bp)
    app.register_blueprint(times.bp)
    app.register_blueprint(notifications.bp)
--- a/src/server/BreCal/api/berths.py
+++ b/src/server/BreCal/api/berths.py
@ -4,7 +4,6 @@ from .. import impl
 from ..services.auth_guard import auth_guard
 import json
 bp = Blueprint('berths', __name__)
@ -13,8 +12,7 @@ bp = Blueprint('berths', __name__)
 def GetBerths():
    if 'Authorization' in request.headers:
-        token = request.headers.get('Authorization')
+        token = request.headers.get('Authorization')        
        # TODO: verify token
        return impl.berths.GetBerths(token)
    else:
        return json.dumps("not authenticated"), 403
--- a/src/server/BreCal/api/notifications.py
+++ b/src/server/BreCal/api/notifications.py
@ -11,8 +11,6 @@ bp = Blueprint('notifications', __name__)
@auth_guard() # no restriction by role
 def GetNotifications():
    # TODO: verify token
    if 'participant_id' in request.args:
        options = {}
        options["participant_id"] = request.args.get("participant_id")
--- a/src/server/BreCal/api/participant.py
+++ b/src/server/BreCal/api/participant.py
@ -10,8 +10,7 @@ bp = Blueprint('participant', __name__)
 def GetParticipant():
    if 'Authorization' in request.headers:
-        token = request.headers.get('Authorization')
+        token = request.headers.get('Authorization')        
        # TODO: verify token
        options = {}
        options["user_id"] = request.args.get("user_id")
        return impl.participant.GetParticipant(options)
--- a/src/server/BreCal/api/shipcalls.py
+++ b/src/server/BreCal/api/shipcalls.py
@ -10,8 +10,6 @@ import json
 bp = Blueprint('shipcalls', __name__)
 # TODO: verify token
@bp.route('/shipcalls', methods=['get'])
@auth_guard() # no restriction by role
 def GetShipcalls():
--- a/src/server/BreCal/api/ships.py
+++ b/src/server/BreCal/api/ships.py
@ -5,7 +5,6 @@ import json
 bp = Blueprint('ships', __name__)
@bp.route('/ships', methods=['get'])
@auth_guard() # no restriction by role
 def GetShips():
--- a/src/server/BreCal/api/verify.py
+++ b/src/server/BreCal/api/verify.py
@ -1,18 +0,0 @@
 from flask import Blueprint, request
 from webargs.flaskparser import parser
 from ..schemas import model
 from .. import impl
 import json
 import logging
 bp = Blueprint('verify', __name__)
@bp.route('/verify', methods=['get'])
 def GetVerify():
    if 'X-Api-Key' in request.headers:
        apikey = request.headers.get('X-Api-Key')
        return impl.verify.GetVerify(apikey)
    else:
        logging.warning("call without api key")
        return json.dumps("missing api key"), 403
--- a/src/server/BreCal/impl/init.py
+++ b/src/server/BreCal/impl/init.py
@ -3,6 +3,5 @@ from . import notifications
 from . import participant
 from . import shipcalls
 from . import times
 from . import verify
 from . import ships
 from . import login
--- a/src/server/BreCal/impl/login.py
+++ b/src/server/BreCal/impl/login.py
@ -28,7 +28,8 @@ def GetUser(options):
                        "user_phone": data[0].user_phone
                    }
                    token = jwt_handler.generate_jwt(payload=result, lifetime=60) # generate token valid 60 mins
-                    return token, 200
+                    result["token"] = token # add token to user data
                    return json.dumps(result), 200
            if len(data) > 1:
                return json.dumps("credential lookup mismatch"), 500
--- a/src/server/BreCal/impl/participant.py
+++ b/src/server/BreCal/impl/participant.py
@ -8,14 +8,17 @@ from .. import local_db
 def GetParticipant(options):
    """
    :param options: A dictionary containing all the paramters for the Operations
-        options["user_id"]: **Id of user**. *Example: 2*. User id returned by verify call.
+        options["user_id"]: **Id of user**. *Example: 2*. User id returned by login call.
    """
    # TODO: validate token
    try:
        commands = pydapper.using(local_db.connection_pool)
-        data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM participant p INNER JOIN user u WHERE u.participant_id = p.id and u.id = ?userid?", model=model.Participant, param={"userid" : options["user_id"]})
+        if "user_id" in options and options["user_id"]:
            data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM  p INNER JOIN user u WHERE u.participant_id = p.id and u.id = ?userid?", model=model.Participant, param={"userid" : options["user_id"]})            
        else:
            data = commands.query("SELECT p.id as id, p.name as name, p.street as street, p.postal_code as postal_code, p.city as city, p.flags as flags, p.created as created, p.modified as modified FROM participant p ORDER BY p.name", model=model.Participant)
    except Exception as ex:
        logging.error(ex)
--- a/src/server/BreCal/impl/verify.py
+++ b/src/server/BreCal/impl/verify.py
@ -1,33 +0,0 @@
 import json
 import logging
 import pydapper
 from ..schemas import model
 from ..schemas import __init__
 def GetVerify(apikey):
  """
  :param apikey: the api-key registered with the user
  """
  if not apikey:
    return json.dumps("missing api key"), 400
  sentinel = object()
  try:
    commands = pydapper.using(__init__.connection_pool)
    data = commands.query_single_or_default("SELECT id from `user` WHERE api_key=?api_key?", default=sentinel, model=model.User, param={"api_key" : apikey})
    if(data is sentinel):
      return json.dumps("wrong api key", 403)
  except Exception as ex:
    logging.error(ex)
    return json.dumps("logon failed"), 500
  # TODO: user authenticated: Create,store and transmit JWT token
  return json.dumps("<integer>"), 200