User login

app.py

@@ -2,6 +2,7 @@
 from flask_restful import Api
 from flask_cors import CORS
 from resources.User import User
+from resources.ApiKey import ApiKey
 from resources.QuickSearch import QuickSearch
 from resources.DataSources import DataSources
 from resources.DataSources import DataSourceById
@@ -19,6 +20,11 @@
 api.add_resource(
     User, "/user", resource_class_kwargs={"psycopg2_connection": psycopg2_connection}
 )
+api.add_resource(
+    ApiKey,
+    "/api_key",
+    resource_class_kwargs={"psycopg2_connection": psycopg2_connection},
+)
 api.add_resource(
     QuickSearch,
     "/quick-search/<search>/<location>",
@@ -50,5 +56,6 @@
     resource_class_kwargs={"psycopg2_connection": psycopg2_connection},
 )
 
+
 if __name__ == "__main__":
     app.run(debug=True, host="0.0.0.0")

app_test.py

@@ -14,7 +14,7 @@
     data_source_by_id_results,
     DATA_SOURCES_APPROVED_COLUMNS,
 )
-
+from middleware.user_queries import user_get_results, user_post_results
 from middleware.archives_queries import (
     archives_get_results,
     archives_get_query,
@@ -125,6 +125,24 @@ def test_data_source_by_id_approved(session):
     assert not response
 
 
+def test_user_get_query(session):
+    curs = session.cursor()
+    user_data = user_get_results(curs, "test")
+
+    assert user_data["password_digest"]
+
+
+def test_user_post_query(session):
+    curs = session.cursor()
+    user_post_results(curs, "unit_test", "unit_test")
+
+    email_check = curs.execute(
+        f"SELECT email FROM users WHERE email = 'unit_test'"
+    ).fetchone()[0]
+
+    assert email_check == "unit_test"
+
+
 def test_archives_get_results(session):
     response = archives_get_results(conn=session)
 

do_db_ddl_clean.sql

@@ -135,7 +135,7 @@ CREATE TABLE if not exists state_names (
 );
 
 CREATE TABLE if not exists users (
-    id bigint NOT NULL,
+    id serial primary key,
     created_at timestamp with time zone,
     updated_at timestamp with time zone,
     email text NOT NULL,
@@ -163,4 +163,5 @@ INSERT INTO agency_source_link (link_id, airtable_uid, agency_described_linked_u
 INSERT INTO agency_source_link (link_id, airtable_uid, agency_described_linked_uid) VALUES (3, 'recUGIoPQbJ6laBmr', 'recv9fMNEQTbVarj2');
 INSERT INTO agency_source_link (link_id, airtable_uid, agency_described_linked_uid) VALUES (4, 'rec8gO2K86yk9mQIU', 'recRvBpZqXM8mjddz');
 INSERT INTO state_names VALUES (1, 'IL', 'Illinois');
-INSERT INTO state_names VALUES (2, 'PA', 'Pennsylvania');
+INSERT INTO state_names VALUES (2, 'PA', 'Pennsylvania');
+INSERT INTO users (email, password_digest) VALUES ("test", "test");

middleware/user_queries.py

@@ -0,0 +1,20 @@
+from werkzeug.security import generate_password_hash
+
+
+def user_get_results(cursor, email):
+    cursor.execute(f"select id, password_digest from users where email = '{email}'")
+    results = cursor.fetchall()
+    if len(results) > 0:
+        user_data = {"id": results[0][0], "password_digest": results[0][1]}
+        return user_data
+    else:
+        return {"error": "no match"}
+
+
+def user_post_results(cursor, email, password):
+    password_digest = generate_password_hash(password)
+    cursor.execute(
+        f"insert into users (email, password_digest) values ('{email}', '{password_digest}')"
+    )
+
+    return

regular_api_checks.py

@@ -150,7 +150,28 @@ def test_get_user():
         json={"email": "test2", "password": "test"},
     )
 
-    return response
+    return response.json()["data"] == "Successfully logged in"
+
+
+def test_put_user():
+    response = requests.get(
+        "https://data-sources.pdap.io/api/user",
+        headers=HEADERS,
+        json={"email": "test2", "password": "test"},
+    )
+
+    return response.json()["data"] == "Successfully updated password"
+
+
+# api-key
+def test_get_api_key():
+    response = requests.get(
+        "https://data-sources.pdap.io/api/api_key",
+        headers=HEADERS,
+        json={"email": "test2", "password": "test"},
+    )
+
+    return len(response.json()["api_key"]) > 0
 
 
 # archives
@@ -228,12 +249,14 @@ def main():
         "test_quicksearch_media_bulletin_pennsylvania_results",
         "test_data_source_by_id",
         "test_data_sources",
+        "test_update_data_source",
         "test_data_sources_approved",
         "test_data_source_by_id_approved",
         "test_search_tokens_data_sources",
         "test_search_tokens_data_source_by_id",
         "test_search_tokens_quick_search_complaints_allegheny_results",
-        # "test_get_user",
+        "test_get_user",
+        "test_get_api_key",
         "test_get_archives",
         "test_put_archives",
         "test_put_archives_brokenasof",

resources/ApiKey.py

@@ -0,0 +1,36 @@
+from werkzeug.security import check_password_hash
+from flask_restful import Resource
+from flask import request
+from middleware.user_queries import user_get_results
+import uuid
+
+
+class ApiKey(Resource):
+    def __init__(self, **kwargs):
+        self.psycopg2_connection = kwargs["psycopg2_connection"]
+
+    def get(self):
+        """
+        Generate an API key for a user that successfully logs in
+        """
+        try:
+            data = request.get_json()
+            email = data.get("email")
+            password = data.get("password")
+            cursor = self.psycopg2_connection.cursor()
+            user_data = user_get_results(cursor, email)
+
+            if check_password_hash(user_data["password_digest"], password):
+                api_key = uuid.uuid4().hex
+                user_id = str(user_data["id"])
+                cursor.execute(
+                    "UPDATE users SET api_key = %s WHERE id = %s", (api_key, user_id)
+                )
+                payload = {"api_key": api_key}
+                self.psycopg2_connection.commit()
+                return payload
+
+        except Exception as e:
+            self.psycopg2_connection.rollback()
+            print(str(e))
+            return {"error": str(e)}

resources/User.py

@@ -1,63 +1,67 @@
 from werkzeug.security import generate_password_hash, check_password_hash
 from flask_restful import Resource
-from flask import request, jsonify
-import uuid
-import os
-import jwt
+from flask import request
+from middleware.user_queries import user_get_results, user_post_results
 
 
 class User(Resource):
     def __init__(self, **kwargs):
         self.psycopg2_connection = kwargs["psycopg2_connection"]
 
-    # Login function: allows a user to login using their email and password as credentials
-    # The password is compared to the hashed password stored in the users table
-    # Once the password is verified, an API key is generated, which is stored in the users table and sent to the verified user
     def get(self):
+        """
+        Login function: allows a user to login using their email and password as credentials
+        The password is compared to the hashed password stored in the users table
+        Once the password is verified, an API key is generated, which is stored in the users table and sent to the verified user
+        """
         try:
             data = request.get_json()
             email = data.get("email")
             password = data.get("password")
             cursor = self.psycopg2_connection.cursor()
-            cursor.execute(
-                f"select id, password_digest from users where email = '{email}'"
-            )
-            results = cursor.fetchall()
-            user_data = {}
-            if len(results) > 0:
-                user_data = {"id": results[0][0], "password_digest": results[0][1]}
-            else:
-                return {"error": "no match"}
+
+            user_data = user_get_results(cursor, email)
             if check_password_hash(user_data["password_digest"], password):
-                api_key = uuid.uuid4().hex
-                user_id = str(user_data["id"])
-                cursor.execute(
-                    "UPDATE users SET api_key = %s WHERE id = %s", (api_key, user_id)
-                )
-                payload = {"api_key": api_key}
-                self.psycopg2_connection.commit()
-                return payload
+                return {"data": "Successfully logged in"}
 
         except Exception as e:
             self.psycopg2_connection.rollback()
             print(str(e))
             return {"error": str(e)}
 
-    # Sign up function: allows a user to sign up by submitting an email and password. The email and a hashed password are stored in the users table and this data is returned to the user upon completion
     def post(self):
+        """
+        Sign up function: allows a user to sign up by submitting an email and password.
+        The email and a hashed password are stored in the users table and this data is returned to the user upon completion
+        """
+        try:
+            data = request.get_json()
+            email = data.get("email")
+            password = data.get("password")
+            cursor = self.psycopg2_connection.cursor()
+            user_post_results(cursor, email, password)
+            self.psycopg2_connection.commit()
+
+            return {"data": "Successfully added user"}
+
+        except Exception as e:
+            self.psycopg2_connection.rollback()
+            print(str(e))
+            return {"error": e}
+
+    # Endpoint for updating a user's password
+    def put(self):
         try:
             data = request.get_json()
             email = data.get("email")
             password = data.get("password")
             password_digest = generate_password_hash(password)
             cursor = self.psycopg2_connection.cursor()
             cursor.execute(
-                f"insert into users (email, password_digest) values (%s, %s)",
-                (email, password_digest),
+                f"update users set password_digest = '{password_digest}' where email = '{email}'"
             )
             self.psycopg2_connection.commit()
-
-            return {"data": "Successfully added user"}
+            return {"data": "Successfully updated password"}
 
         except Exception as e:
             self.psycopg2_connection.rollback()