Spaces:

droov
/

enflow-api

Sleeping

enflow-api / controllers /auth_controller.py

dhruv575

Edits to be able to update user

ecbc4c7 11 months ago

4.14 kB

	from flask import jsonify, request
	from models.user import User
	from utils.auth import generate_token
	import logging

	# Configure logging
	logger = logging.getLogger(__name__)

	def login():
	"""Login a user and return an authentication token"""
	data = request.get_json()

	# Check if required fields are present
	if 'email' not in data or 'password' not in data:
	return jsonify({'message': 'Email and password are required'}), 400

	# Find user by email
	user = User.find_by_email(data['email'])
	if not user:
	return jsonify({'message': 'Invalid email or password'}), 401

	# Verify password
	if not user.password or not User.verify_password(user.password, data['password']):
	return jsonify({'message': 'Invalid email or password'}), 401

	# Generate token
	token = generate_token(user._id, user.permissions)

	# Return token and user information
	return jsonify({
	'message': 'Login successful',
	'token': token,
	'user': user.to_dict()
	}), 200

	def get_current_user(current_user):
	"""Get the current authenticated user's information"""
	return jsonify({'user': current_user.to_dict()}), 200

	def update_password(current_user):
	"""Update the current user's password"""
	data = request.get_json()

	# Check if required fields are present
	if 'current_password' not in data or 'new_password' not in data:
	return jsonify({'message': 'Current password and new password are required'}), 400

	# Verify current password
	if not User.verify_password(current_user.password, data['current_password']):
	return jsonify({'message': 'Current password is incorrect'}), 401

	# Update password
	current_user.password = User.hash_password(data['new_password'])

	if current_user.save():
	return jsonify({'message': 'Password updated successfully'}), 200
	else:
	return jsonify({'message': 'Failed to update password'}), 500

	def reset_password(current_user):
	"""Reset a user's password (admin only)"""
	data = request.get_json()

	# Check if required fields are present
	if 'user_id' not in data:
	return jsonify({'message': 'User ID is required'}), 400

	# Check if admin
	if current_user.permissions != 'Admin':
	return jsonify({'message': 'Admin permissions required'}), 403

	# Find user by ID
	user = User.find_by_id(data['user_id'])
	if not user:
	return jsonify({'message': 'User not found'}), 404

	# Check if user belongs to the same department as the admin
	if str(user.department_id) != str(current_user.department_id):
	return jsonify({'message': 'Cannot reset password for users in other departments'}), 403

	# Generate new random password or use provided one
	from controllers.department_controller import generate_random_password
	new_password = data.get('new_password', generate_random_password())

	# Update user's password
	user.password = User.hash_password(new_password)

	if user.save():
	return jsonify({
	'message': 'Password reset successfully',
	'user': user.to_dict(),
	'new_password': new_password
	}), 200
	else:
	return jsonify({'message': 'Failed to reset password'}), 500

	def update_profile(current_user):
	"""Update the current user's profile information"""
	data = request.get_json()

	# Update fields if provided
	if 'name' in data:
	current_user.name = data['name']

	if 'position' in data:
	current_user.position = data['position']

	# Don't allow updating email or permissions through this endpoint

	if current_user.save():
	return jsonify({
	'message': 'Profile updated successfully',
	'user': current_user.to_dict()
	}), 200
	else:
	return jsonify({'message': 'Failed to update profile'}), 500

	def verify_token(current_user):
	"""Verify the current user's token"""
	return jsonify({'message': 'Token is valid', 'user': current_user.to_dict()}), 200