modif token lab2

acc036cd · MaximeOLIVA · 8f23cb80 · acc036cd · acc036cd · acc036cd
Commit acc036cd authored 2 years ago by MaximeOLIVA
--- a/Lab2/__pycache__/server.cpython-310.pyc
+++ b/Lab2/__pycache__/server.cpython-310.pyc
--- a/Lab2/database.db
+++ b/Lab2/database.db
--- a/Lab2/server.py
+++ b/Lab2/server.py
@@ -68,9 +68,9 @@ def sign_in():

 @app.route("/users/sign_out", methods = ['POST'])
 def sign_out():
-    data = request.get_json()
-    if('token' in data):
-        if database_helper.log_out(data['token']):
+    token = get_token_from_header()
+    if(token != 1):
+        if database_helper.log_out(token):
            return "", 200
        else:
            return "", 401
@@ -81,11 +81,12 @@ def sign_out():
 @app.route("/account/change_password", methods = ['PUT'])
 def change_password():
    data = request.get_json()
-    if('token' in data and 'oldPassword' in data and 'newPassword' in data):
+    token = get_token_from_header()
+    if('oldPassword' in data and 'newPassword' in data and token != 1):
        if(len(data['oldPassword']) > 5 and len(data['newPassword']) > 5):
-            if database_helper.is_online(data['token']):
-                email = database_helper.tokenToEmail(data['token'])
-                password = database_helper.tokenToPassword(data['token'])
+            if database_helper.is_online(token):
+                email = database_helper.tokenToEmail(token)
+                password = database_helper.tokenToPassword(token)
                if(data['oldPassword'] == password):
                    if database_helper.change_password(email, data['newPassword']):
                        return "", 204
@@ -101,17 +102,27 @@ def change_password():
        return "", 400


-@app.route("/account/get/data/<token>", methods = ['GET'])
-def get_user_data_token(token):
+@app.route("/account/get/data", methods = ['GET'])
+def get_user_data_token():
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
    email = database_helper.tokenToEmail(token)
    if email:
-        return get_user_data_email(token, email)
+        return get_user_data_email(email)
    else:
        return "", 401


-@app.route("/account/get/data/<token>/<email>", methods = ['GET'])
-def get_user_data_email(token, email):
+@app.route("/account/get/data/<email>", methods = ['GET'])
+def get_user_data_email(email):
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
    if database_helper.is_online(token):
        data = database_helper.get_data_email(email)
        if data:
@@ -130,17 +141,27 @@ def get_user_data_email(token, email):
        return "", 401


-@app.route("/account/get/message/<token>", methods = ['GET'])
-def get_user_message_token(token):
+@app.route("/account/get/message", methods = ['GET'])
+def get_user_message_token():
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
    email = database_helper.tokenToEmail(token)
    if email:
-        return get_user_message_email(token, email)
+        return get_user_message_email(email)
    else:
        return "", 401


-@app.route("/account/get/message/<token>/<email>", methods = ['GET'])
-def get_user_message_email(token, email):
+@app.route("/account/get/message/<email>", methods = ['GET'])
+def get_user_message_email(email):
+    token = get_token_from_header()
+
+    if token == 1:
+        return "", 400
+
    if database_helper.is_online(token):
        data = database_helper.get_messages_email(email)
        #this user has message(s)
@@ -167,10 +188,11 @@ def get_user_message_email(token, email):
 @app.route("/account/post_message", methods = ['POST'])
 def post_message():
    data = request.get_json()
-    if('token' in data
+    token = get_token_from_header()
+    if(token != 1
        and 'message' in data
        and 'email_recipient' in data):
-        email_sender = database_helper.tokenToEmail(data['token'])
+        email_sender = database_helper.tokenToEmail(token)
        if email_sender:
            if(data['email_recipient'] == "null"):
                data['email_recipient'] = email_sender
@@ -188,6 +210,15 @@ def post_message():
        return "", 400


+def get_token_from_header():
+    try:
+        token = request.headers['token']
+    except:
+        token = 1
+
+    return token
+
+
 def generate_token():
    characters = string.ascii_letters + string.digits
    return ''.join(random.choices(characters, k=36))