Firt commit for User Microservice

User_MicroService_Group3/app.yaml

+runtime: python312
+entrypoint: gunicorn -b :$PORT index:app
\ No newline at end of file

User_MicroService_Group3/app/__init__.py

+from flask import Flask
+
+from app.models import login
+
+app = Flask(__name__)
+
+from app import routes
+
+if __name__ == '__main__':
+    app.run(debug=True)
\ No newline at end of file

User_MicroService_Group3/app/controllers/__init__.py

+from flask import Flask
+from flask import Blueprint
+

User_MicroService_Group3/app/controllers/changePasswordController.py

+from flask import Blueprint, jsonify, request, session
+from models.changePassword import check_old_password, set_new_password
+import hashlib
+import secrets
+import hmac
+
+change_password_bp = Blueprint("change_password",__name__)
+
+@change_password_bp.route("/user/change_password", methods=["POST"])
+def change_password():
+
+    user_id = session.get("user_id")
+
+    if user_id:
+
+        if request.method == 'POST':
+
+            #User data from front end
+            data = request.get_json()
+            email = data.get("email")
+            old_password = data.get("old_password")
+            new_password = data.get("new_password")
+
+            new_encoded_password = generate_password_hash(new_password)
+            new_password_hash = new_encoded_password["hash"]
+            new_password_salt = new_encoded_password["salt"]
+            new_password_iterations = new_encoded_password["iterations"]
+
+            
+            old_auth = {
+                "user_id" : user_id,
+                "email" : email,
+                "password": old_password
+            }
+
+            #user_old_auth = check_old_password(old_auth) #Collect user data from database
+            
+
+
+                
+            old_auth_info, value = check_old_password(old_auth) #function returns certain columns collected from database
+
+            if value == 1: #if user exists in database
+
+                old_password_hash = old_auth_info.get("PasswordHash")
+                old_password_salt = old_auth_info.get("PasswordSalt")
+                old_password_iterations = old_auth_info.get("Iterations")
+
+
+                #password authentication
+                old_password_info = generate_password_hash(old_password)
+                is_correct = verify_password(old_password_info, old_password, old_password_salt, old_password_iterations, old_password_hash)
+
+                if is_correct == True:
+
+                    new_auth = {
+                        "user_id" : user_id,
+                        "email" : email,
+                        "password": new_password,
+                        "hash": new_password_hash,
+                        "salt": new_password_salt,
+                        "iterations": new_password_iterations
+                    }
+
+                    new_auth_info = set_new_password(new_auth)
+
+
+
+                    response_data = {"message":"Password is correct"}
+                    return jsonify(new_auth_info, user_id)
+                
+                else:
+                    response_data = {"error":"Old password is incorrect", "email": email}
+                    return jsonify(response_data)
+                
+            else:
+                return {"error" : "Email does not exist"}
+            
+        
+        return {"error" : "null"}
+    
+    else:
+        return {"error" : "User not logged in"}
+
+        
+
+    
+
+
+def generate_password_hash(password):
+    # Generate a 16-byte salt
+    salt = secrets.token_bytes(16)
+    # Define the number of iterations
+    iterations = 100000
+    # Generate the hash using PBKDF2-HMAC-SHA-256
+    hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, iterations)
+    
+    # Return the salt, iterations, and hash, encoded in a way that can be stored in the database
+    return {
+        'salt': salt.hex(),
+        'iterations': iterations,
+        'hash': hash.hex()
+    }
+
+
+def verify_password(stored_password_info, submitted_password, salt, iterations, user_hash):
+    # Convert the stored salt back to bytes
+    salt = bytes.fromhex(salt)
+    # Use the same number of iterations as when the password was hashed
+    iterations = iterations
+    # Hash the submitted password with the stored salt and iterations
+    hash = hashlib.pbkdf2_hmac('sha256', submitted_password.encode(), salt, iterations)
+    
+    # Compare the newly generated hash with the stored hash
+    # Convert the generated hash to hex for comparison
+    
+    return hmac.compare_digest(hash.hex(), user_hash)
\ No newline at end of file

User_MicroService_Group3/app/controllers/deleteProfileController.py

+from flask import Blueprint, jsonify, request, session
+from models.deleteProfile import delete
+
+deleteProfile_bp = Blueprint("deleteProfile",__name__)
+
+@deleteProfile_bp.route("/user/deleteProfile", methods=["POST"])
+def deleteProfile():
+
+    user_id = session.get("user_id")
+
+    if user_id:
+
+        if request.method == 'POST':
+
+            #User data from front end
+            data = request.get_json()
+            email = data.get("email")
+
+            user_info = {
+                "email" : email,
+                "user_id" : user_id
+            }
+
+            user = delete(user_info) #Collect user data from database
+            
+
+            return jsonify(user, user_id)
+        
+        else:
+            return {"message" : "null"}
+    
+    else:
+        return {"error" : "User not logged in"}
\ No newline at end of file

User_MicroService_Group3/app/controllers/loginController.py

+from flask import Blueprint, jsonify, request, session
+from models.login import fetch_user
+from models.login import fetch_password
+import hashlib
+import secrets
+import hmac
+
+login_bp = Blueprint("login",__name__)
+
+@login_bp.route("/login", methods=["POST"])
+def login():
+
+    if request.method == 'POST':
+
+        #User data from front end
+        data = request.get_json()
+        email = data.get("email")
+        password = data.get("password")
+
+        
+
+        user = fetch_user(email) #Collect user data from database
+        
+        #User authentication
+        if user is not None: #If database found matching email the user entered
+
+            user_email = user.get("Email") #User email from database
+
+
+            if user_email == email: #Checks if email returned from database is the same as what user entered
+                
+                auth = fetch_password(user_email) #function returns certain columns collected from database
+
+                user_hash = auth.get("PasswordHash")
+                user_salt = auth.get("PasswordSalt")
+                user_iterations = auth.get("Iterations")
+
+
+                #password authentication
+                password_info = generate_password_hash(password)
+                is_correct = verify_password(password_info, password, user_salt, user_iterations, user_hash)
+
+                if is_correct == True:
+                    session["user_id"] = user.get("UserID")
+                    response_data = {"message":"Login Sucessful", "email": email, "session" : session["user_id"]}
+                    return jsonify(response_data)
+                
+                else:
+                    response_data = {"message":"Email or password incorrect", "email": email}
+                    return jsonify(response_data)
+
+                
+            else:
+                return ("Email does not exist")
+            
+        else:
+            response_data = {"message":"Email does not exist", "email": email}
+            return jsonify(response_data)
+    
+    return {"message" : "null"}
+    
+
+
+def generate_password_hash(password):
+    # Generate a 16-byte salt
+    salt = secrets.token_bytes(16)
+    # Define the number of iterations
+    iterations = 100000
+    # Generate the hash using PBKDF2-HMAC-SHA-256
+    hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, iterations)
+    
+    # Return the salt, iterations, and hash, encoded in a way that can be stored in the database
+    return {
+        'salt': salt.hex(),
+        'iterations': iterations,
+        'hash': hash.hex()
+    }
+
+
+def verify_password(stored_password_info, submitted_password, salt, iterations, user_hash):
+    # Convert the stored salt back to bytes
+    salt = bytes.fromhex(salt)
+    # Use the same number of iterations as when the password was hashed
+    iterations = iterations
+    # Hash the submitted password with the stored salt and iterations
+    hash = hashlib.pbkdf2_hmac('sha256', submitted_password.encode(), salt, iterations)
+    
+    # Compare the newly generated hash with the stored hash
+    # Convert the generated hash to hex for comparison
+    
+    return hmac.compare_digest(hash.hex(), user_hash)
\ No newline at end of file

User_MicroService_Group3/app/controllers/logoutController.py

+from flask import Blueprint, jsonify, request, json, session, redirect
+
+
+logout_bp = Blueprint("logout",__name__)
+
+@logout_bp.route("/logout", methods=["POST"])
+def logout():
+
+    user_id = session.get("user_id")
+
+    if user_id:
+
+        if request.method == 'POST':
+
+            session.pop("user_id", None)
+            return ({"message" : "Log out successful"})
+        
+        else:
+            return {"error" : "null"}
+    else:
+        return {"error" : "User not logged in"}
\ No newline at end of file

User_MicroService_Group3/app/controllers/signupController.py

+from flask import Blueprint, jsonify, request, json
+from models.signup import new_user
+import hashlib
+import secrets
+import hmac
+
+signup_bp = Blueprint("signup",__name__)
+
+@signup_bp.route("/signup", methods=["POST"])
+def signup():
+
+    if request.method == 'POST':
+
+        #User data from front end
+        data = request.get_json()
+        email = data.get("email")
+        first_name = data.get("first_name")
+        last_name = data.get("last_name")
+        location = data.get("location")
+        gender = data.get("gender")
+        password = data.get("password")
+        encoded_password = generate_password_hash(password)
+        hash = encoded_password["hash"]
+        salt = encoded_password["salt"]
+        iterations = encoded_password["iterations"]
+
+        if email.strip() != "":
+            
+            # Create a dictionary from user data
+            user_data = {
+                "email": email,
+                "first_name": first_name,
+                "last_name": last_name,
+                "location": location,
+                "gender": gender,
+                "password": password,
+                "hash": hash,
+                "salt": salt,
+                "iterations": iterations
+            }
+
+            # Convert to JSON
+            json_user_data = json.dumps(user_data)
+
+
+            update = new_user(user_data) #Send user info to database
+
+            return jsonify(update)
+        
+        else:
+            return {"message" : "email cannot be empty"}
+    
+    return {"message" : "null"}
+    
+
+#This function encrypts the user's password
+def generate_password_hash(password):
+    # Generate a 16-byte salt
+    salt = secrets.token_bytes(16)
+    # Define the number of iterations
+    iterations = 100000
+    # Generate the hash using PBKDF2-HMAC-SHA-256
+    hash = hashlib.pbkdf2_hmac('sha256', password.encode(), salt, iterations)
+    
+    # Return the salt, iterations, and hash, encoded in a way that can be stored in the database
+    return {
+        'salt': salt.hex(),
+        'iterations': iterations,
+        'hash': hash.hex()
+    }

User_MicroService_Group3/app/controllers/updateProfileController.py

+from flask import Blueprint, jsonify, request, json, session
+from models.updateProfile import update_user
+from models.updateProfile import fetch_user_info
+
+update_profile_bp = Blueprint("update",__name__)
+
+@update_profile_bp.route("/user/update", methods=["POST"])
+def update_profile():
+
+    user_id = session.get("user_id")
+
+    if user_id:
+
+        user_info = fetch_user_info(user_id)
+        print(jsonify(user_info))
+
+        if request.method == 'POST':
+
+            #User data from front end
+            data = request.get_json()
+            email = data.get("email")
+            first_name = data.get("first_name")
+            last_name = data.get("last_name")
+            location = data.get("location")
+            gender = data.get("gender")
+
+                
+            # Create a dictionary from user data
+            user_data = {
+                "user_id" : user_id,
+                "email": email,
+                "first_name": first_name,
+                "last_name": last_name,
+                "location": location,
+                "gender": gender,
+            }
+
+            # Convert to JSON
+            json_user_data = json.dumps(user_data)
+
+
+            update = update_user(user_data) #Send user info to database
+
+            return jsonify(update, user_id)
+        
+        else:
+            return {"error" : "null"}
+    else:
+        return {"error" : "User not logged in"}
\ No newline at end of file

User_MicroService_Group3/app/index.py

+from flask import Flask, redirect, url_for, request, render_template, make_response, session, abort
+from flask_cors import CORS
+from flask import jsonify
+from controllers.loginController import login_bp
+from controllers.signupController import signup_bp
+from controllers.updateProfileController import update_profile_bp
+from controllers.changePasswordController import change_password_bp
+from controllers.deleteProfileController import deleteProfile_bp
+from controllers.logoutController import logout_bp
+
+
+
+app = Flask(__name__)
+CORS(app)
+
+app.secret_key = 'Group3'
+
+@app.route('/')
+def index():
+    return render_template("index.html")
+
+
+@app.route("/hello/<int:score>")
+def hello_user(score):
+    return render_template("hello.html", marks=score)
+
+
+app.register_blueprint(login_bp)
+
+app.register_blueprint(signup_bp)
+
+app.register_blueprint(update_profile_bp)
+
+app.register_blueprint(change_password_bp)
+
+app.register_blueprint(deleteProfile_bp)
+
+app.register_blueprint(logout_bp)
+
+
+if __name__ == '__main__':
+    app.run(debug=True, port=5000)
\ No newline at end of file

User_MicroService_Group3/app/models/__init__.py

+from flask import Flask
+from flask_cors import CORS
+
+
+#from app.models import models
+
+app = Flask(__name__)
+CORS(app)
+
+#db = sqlAlchemy
+
+#from app import routes
+
+if __name__ == '__main__':
+    app.run(debug=True)
\ No newline at end of file