From bf553f3f61fc0ee7aabc495855c0a52e81ae6a2d Mon Sep 17 00:00:00 2001 From: "CHIEFSOFT\\ameye" Date: Sun, 12 Oct 2025 08:07:34 -0400 Subject: [PATCH] office password --- app/api/services/office_auth.py | 124 ++++++++++++++++++++++++-------- app/models/office_users.py | 13 +++- 2 files changed, 106 insertions(+), 31 deletions(-) diff --git a/app/api/services/office_auth.py b/app/api/services/office_auth.py index eb3a62e..7b0840c 100644 --- a/app/api/services/office_auth.py +++ b/app/api/services/office_auth.py @@ -4,7 +4,9 @@ from werkzeug.security import generate_password_hash, check_password_hash import datetime import jwt from app.config import Config - +from app.models import OfficeUsers +from app.utils.logger import logger +from app.extensions import db class OfficeAuthService: @staticmethod @@ -19,37 +21,101 @@ class OfficeAuthService: "test": "test123" } - # Check if the provided credentials are valid - if username in valid_credentials and password == valid_credentials[username]: - # Generate JWT token with 15 minutes expiration - payload = { - 'sub': username, # Subject (typically user ID) - 'iat': datetime.datetime.utcnow(), # Issued at - 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15), # Expiration (15 minutes) - 'role': 'admin' if username == 'admin' else 'user' # Role based on username - } + logger.info('ENTER API:: login') + try: + with db.session.begin(): + member = OfficeUsers.get_office_user_by_username(username) + password_hash = generate_password_hash(password) + logger.info("Password generated = > {}".format(password_hash)) - # Get the secret key from config - secret_key = Config.JWT_SECRET_KEY + if not member: + invalid_data = { + "error_message": "invalid username or password", + "message_key": "invalid_username_or_password", + } + return invalid_data, 401 + user_id = member.id + member_password = member.password + logger.info("Current Password = > {}".format(member_password)) + if str(member_password).strip() == 'password': + updateResult = OfficeUsers.set_office_user_password(user_id, username, password_hash) + logger.info(f"Password Update Result = > {updateResult} ") + member_password= password_hash + member = OfficeUsers.get_office_user_by_username(username) # reload office - # Generate the token - token = jwt.encode(payload, secret_key, algorithm='HS256') + pass_check = check_password_hash(member.password, password) + logger.info("Password check: {}".format(pass_check)) + if not member or not pass_check: + invalid_data = { + "error_message": "invalid username or password", + "message_key": "invalid_username_or_password", + } + return invalid_data , 401 + else: + payload = { + 'sub': username, # Subject (typically user ID) + 'iat': datetime.datetime.utcnow(), # Issued at + 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15), # Expiration (15 minutes) + 'role': 'admin' if username == 'admin' else 'user' # Role based on username + } + + # Get the secret key from config + secret_key = Config.JWT_SECRET_KEY + + # Generate the token + token = jwt.encode(payload, secret_key, algorithm='HS256') + + # Return the token and user info + return { + 'jwt_token': token, + 'user': { + 'firstname': member.firstname, + 'lastname': member.lastname, + 'email':'support@mermsemr.com', + 'username': username, + 'role': 'admin' if username == 'admin' else 'user' + }, + 'expires_in': 900 # 15 minutes in seconds + } + + + + # # Check if the provided credentials are valid + # if username in valid_credentials and password == valid_credentials[username]: + # # Generate JWT token with 15 minutes expiration + # payload = { + # 'sub': username, # Subject (typically user ID) + # 'iat': datetime.datetime.utcnow(), # Issued at + # 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=15), # Expiration (15 minutes) + # 'role': 'admin' if username == 'admin' else 'user' # Role based on username + # } + # + # # Get the secret key from config + # secret_key = Config.JWT_SECRET_KEY + # + # # Generate the token + # token = jwt.encode(payload, secret_key, algorithm='HS256') + # + # # Return the token and user info + # return { + # 'jwt_token': token, + # 'user': { + # 'username': username, + # 'role': 'admin' if username == 'admin' else 'user' + # }, + # 'expires_in': 900 # 15 minutes in seconds + # } + # else: + # # Return error for invalid credentials + # return { + # 'error': 'Invalid credentials', + # 'message': 'The username or password is incorrect' + # }, 401 + + except Exception as e: + logger.error(f"An error occurred while get_office_country_list data: {str(e)}", exc_info=True) + return jsonify({"message": "Internal Server Error"}), 500 - # Return the token and user info - return { - 'jwt_token': token, - 'user': { - 'username': username, - 'role': 'admin' if username == 'admin' else 'user' - }, - 'expires_in': 900 # 15 minutes in seconds - } - else: - # Return error for invalid credentials - return { - 'error': 'Invalid credentials', - 'message': 'The username or password is incorrect' - }, 401 @staticmethod def verify_token(token): diff --git a/app/models/office_users.py b/app/models/office_users.py index 5ac7acd..e82abaa 100644 --- a/app/models/office_users.py +++ b/app/models/office_users.py @@ -26,7 +26,7 @@ class OfficeUsers(db.Model): uid = db.Column(db.String(150), nullable=True) username = db.Column(db.String(25), nullable=False) - password = db.Column(db.String(100), nullable=False) + password = db.Column(db.String(250), nullable=False) firstname = db.Column(db.String(25), nullable=False) lastname = db.Column(db.String(25), nullable=False) acc_level = db.Column(db.Integer, nullable=True, default=10) @@ -56,10 +56,19 @@ class OfficeUsers(db.Model): users_list = cls.query.filter_by(username=username).first() logger.info(f"users_list looking for {username} after.") if not users_list: - logger.error(f"users_list with ID {user_id} does not exist.") + logger.error(f"users_list with ID {username} does not exist.") return None return users_list + @classmethod + def set_office_user_password(cls, user_id, username,password_hash): + selected_user = cls.query.filter_by(id=int(user_id), username=str(username)).first() + if not selected_user: + logger.error(f"users_list with ID {user_id} does not exist.") + return None + logger.info(f"Password Settings Action = > {user_id}, {username}, {password_hash} ") + selected_user.password = password_hash + return selected_user def to_dict(self): return {