git_brcal/src/server/BreCal/impl/user.py

import json
import logging
import pydapper
import bcrypt

from ..schemas import model
from .. import local_db

def PutUser(schemaModel):
    """

    :param schemaModel: The deserialized dict of the request
    """

     # This updates an *existing* entry
    try:

        pooledConnection = local_db.getPoolConnection()
        commands = pydapper.using(pooledConnection)

        # test if object to update is found

        sentinel = object()
        theuser = commands.query_single_or_default("SELECT * FROM user where id = ?id?", sentinel, param={"id" : schemaModel["id"]}, model=model.User)
        if theuser is sentinel:
            pooledConnection.close()
            return json.dumps("no such record"), 404, {'Content-Type': 'application/json; charset=utf-8'}

        # see if we need to update public fields
        if "first_name" in schemaModel or "last_name" in schemaModel or "user_phone" in schemaModel:
            query = "UPDATE user SET "
            isNotFirst = False
            for key in schemaModel.keys():
                if key == "id":
                    continue
                if key == "old_password":
                    continue
                if key == "new_password":
                    continue
                if isNotFirst:
                    query += ", "
                isNotFirst = True
                query += key + " = ?" + key + "? "

            query += "WHERE id = ?id?"
            affected_rows = commands.execute(query, param=schemaModel)

        # update password if available and old pw is (correctly!) given
        if "old_password" in schemaModel and schemaModel["old_password"] and "new_password" in schemaModel and schemaModel["new_password"]:
                if bcrypt.checkpw(schemaModel["old_password"].encode("utf-8"), bytes(theuser.password_hash, "utf-8")): # old pw matches
                    password_hash = bcrypt.hashpw(schemaModel["new_password"].encode('utf-8'), bcrypt.gensalt( 12 )).decode('utf8')
                    query = "UPDATE user SET password_hash = ?password_hash? WHERE id = ?id?"
                    commands.execute(query, param={"password_hash" : password_hash, "id" : schemaModel["id"]})
                else:
                    result = {}
                    result["message"] = "old password invalid"
                    return json.dumps(result), 400, {'Content-Type': 'application/json; charset=utf-8'}

        pooledConnection.close()

        return json.dumps({"id" : schemaModel["id"]}), 200

    except Exception as ex:
        logging.error(ex)
        print(ex)
        result = {}
        result["message"] = "call failed"
        return json.dumps(result), 500, {'Content-Type': 'application/json; charset=utf-8'}