From b0b5e051c9e17f76eb7b87beec365e4819958a72 Mon Sep 17 00:00:00 2001
From: Joshua Ondieki <joshuaondieki8@gmail.com>
Date: Fri, 6 Jul 2018 05:23:48 +0300
Subject: [PATCH] [Fix #34] Updating user returning a false positive DB update

---
 ridemyway/api/v2/controllers/user.py | 26 ++++++++++++++++----------
 ridemyway/utils/db_queries.py        | 15 ++++++++++++++-
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/ridemyway/api/v2/controllers/user.py b/ridemyway/api/v2/controllers/user.py
index fed037c..ce2aaac 100644
--- a/ridemyway/api/v2/controllers/user.py
+++ b/ridemyway/api/v2/controllers/user.py
@@ -6,6 +6,7 @@
 from ridemyway.utils.response import Response
 from ridemyway.utils.db_queries import select_user, update_user
 from ridemyway.utils.warnings import edit_warnings
+from flask_restful import abort
 
 
 class UserController():
@@ -35,19 +36,24 @@ def edit_user(self, **kwargs):
         user = select_user(username=username)
         if 'email' in kwargs:
             user_exists = select_user(email=kwargs['email'])
-            if user_exists and user_exists['username'] is not user['username']:
+            print(user_exists['username'])
+            print(username)
+            if user_exists and user_exists['username'] != username:
                 message = 'Email already in use by another user'
                 response = Response.failed(message=message)
                 return response, 403
         for field in kwargs:
             if field not in immutable_fields:
                 user[field] = kwargs[field]
-        update_user(**user)
-        message = 'Edit user successful'
-        if self.warnings:
-            message = self.warnings[2]
-            meta = self.warnings[1]
-            warnings = self.warnings[0]
-            return Response.success(message=message, meta=meta,
-                                    warnings=warnings), 201
-        return Response.success(message=message), 201
+        user_updated = update_user(**user)
+        if user_updated:
+            message = 'Edit user successful'
+            if self.warnings:
+                message = self.warnings[2]
+                meta = self.warnings[1]
+                warnings = self.warnings[0]
+                return Response.success(message=message, meta=meta,
+                                        warnings=warnings), 201
+            return Response.success(message=message), 201
+        # If nothing works, it's probably a server error, abort
+        abort(500)
diff --git a/ridemyway/utils/db_queries.py b/ridemyway/utils/db_queries.py
index c1cbf7d..582abde 100644
--- a/ridemyway/utils/db_queries.py
+++ b/ridemyway/utils/db_queries.py
@@ -41,4 +41,17 @@ def select_user(username=None, email=None):
 
 
 def update_user(**kwargs):
-    pass
+    sql = """UPDATE appuser
+    SET name=%s, gender=%s, contacts=%s, email=%s, password=%s
+    WHERE username=%s
+    """
+    cur = app.conn.cursor(cursor_factory=psycopg2.extras.RealDictCursor)
+    try:
+        cur.execute(sql, (kwargs['name'], kwargs['gender'], kwargs['contacts'],
+                          kwargs['email'], kwargs['password'],
+                          kwargs['username']))
+        app.conn.commit()
+        cur.close()
+        return True
+    except psycopg2.Error:
+        return False