From 666892afa0e2dacd115056fa83a4dd6f9b6dd50e Mon Sep 17 00:00:00 2001 From: Samir Ladoui Date: Thu, 4 Jul 2024 14:54:10 +0100 Subject: [PATCH] [UPD] odex_web_app: add apis --- .../controllers/authentication.py | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) diff --git a/odex25_mobile/odex_web_app/controllers/authentication.py b/odex25_mobile/odex_web_app/controllers/authentication.py index 1d9fb09af..a1b8f5942 100644 --- a/odex25_mobile/odex_web_app/controllers/authentication.py +++ b/odex25_mobile/odex_web_app/controllers/authentication.py @@ -57,3 +57,85 @@ class AuthenticationController(http.Controller): dic['token'] = token http_helper.cleanup(); return http_helper.response(data=dic, message=_("User log in successfully")) + + + @http.route('/rest_api/validate',type='http', auth='none', csrf=False, cors='*',methods=['POST']) + def validate_token(self, **kw): + http_method, body, headers, token = http_helper.parse_request() + + result = validator.validate_token(token) + if result['code'] == 497 or result['code'] == 498: + return http_helper.errcode(code=result['code'], message=result['message']) + + return http_helper.response(message="uploaded success",data=result['data']) + + @http.route('/rest_api/refresh',type='http', auth='none', csrf=False, cors='*',methods=['POST']) + def refresh_token(self, **kw): + http_method, body, headers, token = http_helper.parse_request() + + result = validator.refresh_token(token) + if result['code'] == 497: + return http_helper.errcode(code=result['code'], message=result['message']) + + return http_helper.response(message="uploaded success",data=result['data']) + + # Reet password with email + @http.route(['/rest_api/reset'], type='http', auth='none', csrf=False, methods=['POST']) + def reset_email(self, **kw): + http_method, body, headers, token = http_helper.parse_request() + if not body.get('email'): + return http_helper.response(code=400, message="Email must not be empty", success=False) + user = http.request.env['res.users'].sudo().search([('login', '=', kw.get('email'))]) + if user: + user.sudo().action_reset_password() + return http_helper.response(message=_("A verification link has been sent to you email account"), data={}) + else: + return http_helper.errcode(code=403, message="Password reset failed") + + @http.route('/rest_api/users/password',type='http', auth='none', csrf=False, cors='*',methods=['PUT']) + def change_password(self, **kw): + http_method, body, headers, token = http_helper.parse_request() + if not body.get('old_password') or not body.get('new_password'): + return http_helper.errcode(code=400, message='Password must not be empty') + + result = validator.verify_token(token) + + if not result['status']: + return http_helper.errcode(code=400, message='Invalid passwords') + + user = validator.verify(token) + if not user: + return http_helper.errcode(code=400, message=_("You are not allowed to perform this operation. please check with one of your team admins")) + + if not http_helper.is_authentic(user.login, body.get('old_password')): + return http_helper.errcode(code=400, message='Invalid passwords') + + request.env.user.write({ + 'password':str(body.get('new_password')).strip() + }) + request.session.logout() + + + return http_helper.response(message=_("password changed successfully"),data={'id':user.id}) + + @http.route('/rest_api/logout', type='http', auth='none', csrf=False, cors='*', methods=['POST']) + def logout(self, **kw): + http_method, body, headers, token = http_helper.parse_request() + result = validator.verify_token(token) + if not result['status']: + return http_helper.errcode(code=result['code'], message=result['message']) + + http_helper.do_logout(token) + return http_helper.response() + + @http.route('/rest_api/users', type='http', auth='none', csrf=False, cors='*', methods=['GET']) + def info(self, **kw): + http_method, body, headers, token = http_helper.parse_request() + result = validator.verify_token(token) + if not result['status']: + return http_helper.errcode(code=result['code'], message=result['message']) + user = validator.verify(token) + if not user: + return http_helper.response(code=400, message=_("You are not allowed to perform this operation. please check with one of your team admins"), success=False) + + return http_helper.response(data=user.to_dict(True))