changes to User model:

+ studentfirstname
+ studentlastname
+ parentfirstname
+ parentlastname
+ parent_email*
+ student_email
+ dob*
- email

Author: usrbinsam

CodeChallenge/api/users.py

@@ -26,7 +26,7 @@ def login():
     username = request.json.get("username", None)
     password = request.json.get("password", None)
 
-    user = Users.query.filter_by(email=username).first()
+    user = Users.query.filter_by(username=username).first()
     if user is None or not user.check_password(password):
         return json_error("invalid username or password")
 
@@ -66,31 +66,38 @@ def register():
     user_data = request.get_json()
     new_u = Users()
 
-    email = user_data.get("email", None)
+    # required fields first
+
+    parent_email = user_data.get("parentEmail", None)
     username = user_data.get("username", None)
+    dob = user_data.get("DOB", None)
+    password = user_data.get("password", None)
 
-    if email is None:
-        return json_error("email is required")
+    if parent_email is None:
+        return json_error("parent email is required")
 
     if username is None:
         return json_error("username is required")
 
-    password = user_data.get("password", None)
+    if dob is None:
+        return json_error("DOB is required")
 
-    if password is None or len(password) < 11 or len(password) > 120:
-        return json_error("invalid password length (between 11 and 120)")
-
-    if Users.query.filter_by(email=email).first():
-        return json_error("that email is already in use")
+    if password is None or len(password) < 8 or len(password) > 120:
+        return json_error("invalid password length (between 8 and 120)")
 
     if Users.query.filter_by(username=username).first():
         return json_error("that username has been taken")
 
-    new_u.email = user_data['email']
-    new_u.username = user_data['username']
+    new_u.parent_email = parent_email
+    new_u.username = username
     new_u.password = hash_password(password)
-    new_u.firstname = user_data['firstname']
-    new_u.lastname = user_data['lastname']
+
+    new_u.parentfirstname = user_data.get("parentFirstName")
+    new_u.parentlastname = user_data.get("parentLastName")
+    new_u.studentfirstname = user_data.get("studentFirstName")
+    new_u.studentlastname = user_data.get("studentLastName")
+    new_u.dob = dob
+
     new_u.active = True
 
     db.session.add(new_u)
@@ -106,11 +113,11 @@ def hello_protected():
     user = get_current_user()
 
     return jsonify({"status": "success",
-                    "message": f"Hello {user.firstname}! (id {identity})",
+                    "message": f"Hello {user.studentfirstname}! (id {identity})",
                     "username": user.username,
-                    "email": user.email,
-                    "firstname": user.firstname,
-                    "lastname": user.lastname,
+                    "email": user.parent_email,
+                    "firstname": user.studentfirstname,
+                    "lastname": user.studentfirstname,
                     "rank": user.rank,
                     "timeUntilNextRank": core.time_until_next_rank()})
 
@@ -124,7 +131,7 @@ def forgot_password():
     if email is None:
         return jsonify(status="error", reason="email missing"), 400
 
-    user = Users.query.filter_by(email=email).first()
+    user = Users.query.filter_by(parent_email=email).first()
 
     if user is None:
         return jsonify(status="error",
@@ -138,7 +145,7 @@ def forgot_password():
                   "did not make this request, you can ignore this email. "
                   "To reset your password, use this link within 24 hours. "
                   f"https://www.hackcwhq.com/reset-password?token={token}",
-                  recipients=[user.email])
+                  recipients=[user.parent_email])
 
     if current_app.config.get("TESTING", False):
         msg.extra_headers = {"X-Password-Reset-Token": token}
@@ -159,8 +166,8 @@ def reset_password():
     if token is None or password is None:
         return json_error("missing token or password")
 
-    if len(password) < 11 and len(password) > 120:
-        return json_error("invalid password length (between 11 and 120)")
+    if 8 > len(password) > 120:
+        return json_error("invalid password length (between 8 and 120)")
 
     try:
         reset_password_from_token(token, password)

CodeChallenge/auth.py

@@ -1,3 +1,5 @@
+from datetime import datetime
+
 import argon2
 from flask import current_app
 from flask_jwt_extended import JWTManager
@@ -10,10 +12,16 @@
 
 class Users(db.Model):
     id = db.Column(db.Integer, primary_key=True)
-    firstname = db.Column(db.String(80), nullable=True)
-    lastname = db.Column(db.String(80), nullable=True)
+    studentfirstname = db.Column(db.String(80), nullable=True)
+    studentlastname = db.Column(db.String(80), nullable=True)
+
+    parentfirstname = db.Column(db.String(80), nullable=True)
+    parentlastname = db.Column(db.String(80), nullable=True)
+
     username = db.Column(db.String(80), unique=True, nullable=False)
-    email = db.Column(db.String(120), unique=True, nullable=False)
+    parent_email = db.Column(db.String(120), unique=False, nullable=False)
+    student_email = db.Column(db.String(120), unique=False, nullable=True)
+    dob = db.Column(db.String(10), nullable=False)
     is_admin = db.Column(db.Boolean, nullable=True)
     password = db.Column(db.String(120), nullable=False)
     is_active = db.Column(db.Boolean, default=False, nullable=False)
@@ -36,39 +44,40 @@ def hash_password(plaintext):
 
 
 def authenticate(username, password):
-    user = Users.query.filter_by(email=username).first()
+    user = Users.query.filter_by(username=username).first()
     if user and user.check_password(password):
         return user
 
 
 @jwt.user_loader_callback_loader
-def identity(identity):
-    return Users.query.get(identity)
+def identity(ident):
+    return Users.query.get(ident)
 
 
 def create_user(email, username, password):
     u = Users()
-    u.email = email
+    u.parent_email = email
     u.username = username
     u.password = hash_password(password)
+    u.dob = datetime.now().strftime("%Y-%m-%d")
 
     db.session.add(u)
     db.session.commit()
 
 
 def reset_user(email, password):
-    u = Users.query.filter_by(email=email)
+    u = Users.query.filter_by(parent_email=email)
     u.password = hash_password(password)
 
     db.session.commit()
 
 
 def password_reset_token(user: Users) -> str:
     ts = URLSafeTimedSerializer(current_app.config["SECRET_KEY"])
-    return ts.dumps(user.email, salt="recovery-key")
+    return ts.dumps(user.parent_email, salt="recovery-key")
 
 
 def reset_password_from_token(token: str, password: str):
     ts = URLSafeTimedSerializer(current_app.config["SECRET_KEY"])
-    email = ts.loads(token, salt="recovery-key", max_age=86400)
-    reset_user(email, password)
+    parent_email = ts.loads(token, salt="recovery-key", max_age=86400)
+    reset_user(parent_email, password)

CodeChallenge/config.py

@@ -47,6 +47,7 @@ class ProductionConfig(DefaultConfig):
     MAIL_SUPPRESS_SEND = False
     MAIL_USERNAME = os.getenv("MAIL_USERNAME")
     MAIL_PASSWORD = os.getenv("MAIL_PASSWORD")
+    JWT_ACCESS_TOKEN_EXPIRES = 604800
 
 
 class DevelopmentConfig(ProductionConfig):