From 290f1dcf5d6a13d1a10a33cbd00bd51d41075fe8 Mon Sep 17 00:00:00 2001 From: Edgar Silva <23741809+edgar-simao@users.noreply.github.com> Date: Mon, 12 Jul 2021 17:24:24 +0100 Subject: [PATCH 01/11] update tag.yml with correct docker hub repo --- .github/workflows/tag.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml index b30092d..aaccaac 100644 --- a/.github/workflows/tag.yml +++ b/.github/workflows/tag.yml @@ -50,7 +50,7 @@ jobs: context: ./ file: ./Dockerfile push: true - tags: edgar1simao/keycloak_extension_api:${{ env.RELEASE_VERSION }},edgar1simao/keycloak_extension_api:latest + tags: irpinesctec/keycloak_extension_api:${{ env.RELEASE_VERSION }},irpinesctec/keycloak_extension_api:latest build-args: | RELEASE_VERSION=${{ env.RELEASE_VERSION }} From c73f0acdeadb9e7cde8620d549ef1db160033dd0 Mon Sep 17 00:00:00 2001 From: Edgar Silva <23741809+edgar-simao@users.noreply.github.com> Date: Wed, 29 Sep 2021 19:17:14 +0100 Subject: [PATCH 02/11] adding change ownership functionality --- api.py | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/api.py b/api.py index cd4ba1e..cf8ba2f 100644 --- a/api.py +++ b/api.py @@ -124,11 +124,56 @@ def give_access(where): return jsonify("Ticket created successfully") +@app.route('/change_owner//', methods=['POST']) +def change_owner(resource_id, new_owner): + auth_header = request.headers.get('Authorization') + + conn = start_connection() + + cursor = conn.cursor() + + try: + cursor.execute("SELECT owner FROM resource_server_resource WHERE id LIKE '{0}'".format(resource_id)) + + resource_owner_id = cursor.fetchone()[0] + except: + abort(404, "Could not find resource") + + if resource_owner_id != get_user_info(auth_header[7:])['sub']: + abort(401, "Not owner of resource") + + try: + cursor.execute("SELECT id FROM user_entity WHERE email LIKE '{0}' OR username LIKE '{0}' OR id LIKE '{0}'".format(new_owner)) + + new_owner_id = cursor.fetchone()[0] + except: + abort(401, "Could not find user") + + try: + owner_update = "UPDATE resource_server_resource " + \ + "SET owner = '{0}' " + \ + "WHERE id LIKE '{1}'" + cursor.execute(owner_update.format(new_owner_id, resource_id)) + except: + abort(401, "Update failed") + + conn.commit() + + cursor.close() + + conn.close() + + return jsonify("Owner changed successfully") + @app.errorhandler(401) def unauthorized(error): response = jsonify({'message': error.description}) response.status_code = 401 return response +@app.errorhandler(500) +def internal_error(error): + return "Uncaught exception: is keycloak reachable?" + if __name__ == '__main__': app.run(host='0.0.0.0', port=5000, debug=True) From 03f4d6ddccd235a41637a1f079350507d0c648e8 Mon Sep 17 00:00:00 2001 From: Edgar Silva <23741809+edgar-simao@users.noreply.github.com> Date: Mon, 25 Oct 2021 16:24:08 +0100 Subject: [PATCH 03/11] adding scopes to user id method and create change ownership method --- api.py | 69 ++++++++++++++-------------------------------------------- 1 file changed, 16 insertions(+), 53 deletions(-) diff --git a/api.py b/api.py index cf8ba2f..9935190 100644 --- a/api.py +++ b/api.py @@ -1,28 +1,11 @@ -import json import jsonify import requests from flask import Flask, request, abort, jsonify import psycopg2 -import random -import string -import uuid -import time import os app = Flask(__name__) -SERVERS = ['adc-middleware'] - -POLICY_INSERT = "INSERT INTO resource_server_policy " + \ - "(id, name, type, resource_server_id, owner) " + \ - "VALUES " + \ - "('{0}', '{1}', 'uma', '{2}', '{3}')" - -TICKET_INSERT = "INSERT INTO resource_server_perm_ticket " + \ - "(id, owner, requester, created_timestamp, granted_timestamp, resource_id, scope_id, resource_server_id, policy_id) " + \ - "VALUES " + \ - "('{0}', '{1}', '{2}', '{3}', '{3}', '{4}', '{5}', '{6}', '{7}')" - def start_connection(): try: return psycopg2.connect( @@ -32,13 +15,10 @@ def start_connection(): except: abort(401, "Could not connect to DB") -def check_request_validity(auth_header, where): +def check_request_validity(auth_header): if auth_header == None: abort(401, 'No token') - if where not in SERVERS: - abort(401, 'Server does not exist') - if get_user_info(auth_header[7:])['sub'] != request.form['owner_id']: abort(401, 'Request can only be made by the resource owner') @@ -76,58 +56,41 @@ def get_user_id(email_user): return id -@app.route('/give_access/', methods=['POST']) -def give_access(where): - auth_header = request.headers.get('Authorization') - - check_request_validity(auth_header, where) - +def get_scope_id(scope_name): conn = start_connection() cursor = conn.cursor() try: - cursor.execute("SELECT id FROM client WHERE client_id LIKE '{0}'".format(where)) - - resource_server_id = cursor.fetchone()[0] - except: - abort(401, "Could not find client") - - policy_id = uuid.uuid1() - - try: - cursor.execute(POLICY_INSERT.format(policy_id, uuid.uuid1(), resource_server_id, request.form['owner_id'])) - except: - abort(401, "Could not create ticket, maybe permission already exists?") - - try: - cursor.execute("SELECT id FROM resource_server_scope WHERE name LIKE '{0}' AND resource_server_id LIKE '{1}'".format(request.form['scope_name'], resource_server_id)) + cursor.execute("SELECT id FROM resource_server_scope WHERE name LIKE '{0}'".format(scope_name)) - scope_id = cursor.fetchone()[0] + id = cursor.fetchone()[0] except: abort(401, "Could not find scope") - current_time = int(round(time.time() * 1000)) + cursor.close() + conn.close() - requester_id = get_user_id(request.form['requester']) + return id - try: - cursor.execute(TICKET_INSERT.format(uuid.uuid1(), request.form['owner_id'], requester_id, current_time, request.form['resource_id'], scope_id, resource_server_id, policy_id)) - except: - abort(401, "Could not create ticket, maybe permission already exists?") +@app.route('/get_user_scope_id/', methods=['POST']) +def get_user_scope_id(email_user): + auth_header = request.headers.get('Authorization') - conn.commit() + check_request_validity(auth_header) - cursor.close() + user_id = get_user_id(email_user) - conn.close() + scope_id = get_scope_id(request.form['scope_name']) - return jsonify("Ticket created successfully") + return jsonify([user_id, scope_id]) @app.route('/change_owner//', methods=['POST']) def change_owner(resource_id, new_owner): auth_header = request.headers.get('Authorization') + check_request_validity(auth_header) + conn = start_connection() cursor = conn.cursor() From caacab47c47322e0b842422c09218f5fbab92b69 Mon Sep 17 00:00:00 2001 From: Edgar Silva <23741809+edgar-simao@users.noreply.github.com> Date: Mon, 8 Nov 2021 11:34:04 +0000 Subject: [PATCH 04/11] get user id by email --- api.py | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/api.py b/api.py index 9935190..79bd4c3 100644 --- a/api.py +++ b/api.py @@ -85,6 +85,16 @@ def get_user_scope_id(email_user): return jsonify([user_id, scope_id]) +@app.route('/get_user_id/', methods=['POST']) +def get_user_id_rest(email_user): + auth_header = request.headers.get('Authorization') + + check_request_validity(auth_header) + + user_id = get_user_id(email_user) + + return jsonify(user_id) + @app.route('/change_owner//', methods=['POST']) def change_owner(resource_id, new_owner): auth_header = request.headers.get('Authorization') From 16ae2514f222057e1516cab66ec6b079e464d54b Mon Sep 17 00:00:00 2001 From: Alexandre Costa Date: Tue, 22 Mar 2022 12:05:05 +0000 Subject: [PATCH 05/11] Removed irrelevant packages; --- requirements.txt | 23 ++--------------------- 1 file changed, 2 insertions(+), 21 deletions(-) diff --git a/requirements.txt b/requirements.txt index 6a56db0..50a249d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,23 +1,4 @@ -astroid==2.4.2 -certifi==2020.4.5.1 -chardet==3.0.4 -click==7.1.2 -Flask==1.1.2 -gunicorn==20.0.4 -idna==2.9 -isort==4.3.21 -itsdangerous==1.1.0 -Jinja2==2.11.2 jsonify==0.5 -lazy-object-proxy==1.4.3 -MarkupSafe==1.1.1 -mccabe==0.6.1 -psycopg2-binary==2.8.5 -pylint==2.5.3 -python-dotenv==0.14.0 requests==2.23.0 -six==1.15.0 -toml==0.10.1 -urllib3==1.25.9 -Werkzeug==1.0.1 -wrapt==1.12.1 +Flask==1.1.2 +psycopg2-binary==2.8.5 \ No newline at end of file From 1aa10b29690fbc0c9eb64bb2fd51c3c3a87424dc Mon Sep 17 00:00:00 2001 From: Alexandre Costa Date: Tue, 22 Mar 2022 12:21:36 +0000 Subject: [PATCH 06/11] Added documentation; Removed shameful display of credentials; --- README.md | 31 +++++++++++++++++++++++++++++++ db_connection.env.example | 11 +++++------ 2 files changed, 36 insertions(+), 6 deletions(-) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..4cc8fb1 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +# Keycloak Extension API + +Service that extends the features of Keycloak by providing additional endpoints. The service connects directly to Keycloak's database. + +Docker image availible at: https://hub.docker.com/r/irpinesctec/keycloak_extension_api + +### Requirements + +- Python 3 +- Keycloak running based on a PostreSQL database +- Check `requirements.txt` for additional package requirements. Can be installed through PIP or Conda. + +### Running + +#### Natively + +1. Copy the `db_connection.env.example`and rename it to `db_connection.env`. + Open the file and edit it to match your environment. + +2. Install requirements using your Python package manager of choice. With PIP: + `pip install -r requirements.txt` + +3. `python3 api.py` + +#### Docker +1. Copy the `db_connection.env.example`and rename it to `db_connection.env`. + Open the file and edit it to match your environment. + +2. Edit the `docker-compose.yml` to match your requirements` + +3. `docker-compose up` \ No newline at end of file diff --git a/db_connection.env.example b/db_connection.env.example index 244ac00..0009c51 100644 --- a/db_connection.env.example +++ b/db_connection.env.example @@ -1,8 +1,7 @@ DB_DATABASE=keycloak DB_USER=keycloak -DB_PASSWORD=capaCh4v3 -DB_HOST=ireceptorplus.inesctec.pt -DB_PORT=9005 - -KEYCLOAK_URL=https://ireceptorplus.inesctec.pt/auth/ -REALM=iReceptorPlus \ No newline at end of file +DB_PASSWORD=databasepassphrase +DB_HOST=keycloakdb_url +DB_PORT=5432 +KEYCLOAK_URL=http://localhost:8080/auth +REALM=master \ No newline at end of file From 84839db4e0f8f02b61e5518792af52e659fe6bf1 Mon Sep 17 00:00:00 2001 From: Alexandre Costa Date: Wed, 23 Mar 2022 12:40:12 +0000 Subject: [PATCH 07/11] Updated requirements.txt; Added database connection pooling; Updated default configurations; Changed default port to be more consistent with other environments; --- Dockerfile | 2 +- api.py | 71 ++++++++++++++++++++++++++------------- db_connection.env.example | 7 ++-- requirements.txt | 8 ++--- 4 files changed, 57 insertions(+), 31 deletions(-) diff --git a/Dockerfile b/Dockerfile index ceffdb8..410b517 100644 --- a/Dockerfile +++ b/Dockerfile @@ -15,4 +15,4 @@ EXPOSE 5000 ENTRYPOINT [ "gunicorn" ] -CMD [ "--workers=4", "--bind=0.0.0.0:8000", "api:app" ] \ No newline at end of file +CMD [ "--workers=4", "--bind=0.0.0.0:5000", "api:app" ] \ No newline at end of file diff --git a/api.py b/api.py index 79bd4c3..5a1298b 100644 --- a/api.py +++ b/api.py @@ -1,30 +1,45 @@ -import jsonify import requests from flask import Flask, request, abort, jsonify import psycopg2 -import os +from psycopg2 import pool +import os, sys app = Flask(__name__) +db_connection_pool = None -def start_connection(): +def init_db_pool(): try: - return psycopg2.connect( - database=os.environ['DB_DATABASE'], user=os.environ['DB_USER'], password=os.environ['DB_PASSWORD'], - host=os.environ['DB_HOST'], port=os.environ['DB_PORT'] + global db_connection_pool + db_connection_pool = psycopg2.pool.SimpleConnectionPool(1, 20, + host=os.environ['DB_HOST'], + port=os.environ['DB_PORT'], + database=os.environ['DB_DATABASE'], + user=os.environ['DB_USER'], + password=os.environ['DB_PASSWORD'] ) - except: - abort(401, "Could not connect to DB") + except (Exception, psycopg2.DatabaseError) as error: + print("Error while connecting to PostgreSQL. Please check your environment settings.", error) + sys.exit(-1) + +def start_connection(): + try: + return db_connection_pool.getconn() + except Exception as error: + abort(401, "Could not connect to DB: {}".format(e)) def check_request_validity(auth_header): if auth_header == None: abort(401, 'No token') + if 'owner_id' not in request.form: + abort(401, "'owner_id' is not present in form request") + if get_user_info(auth_header[7:])['sub'] != request.form['owner_id']: abort(401, 'Request can only be made by the resource owner') def get_user_info(token): url = os.environ['KEYCLOAK_URL'] \ - + 'realms/' \ + + '/realms/' \ + os.environ['REALM'] \ + '/protocol/openid-connect/userinfo' @@ -41,24 +56,34 @@ def get_user_info(token): def get_user_id(email_user): conn = start_connection() - cursor = conn.cursor() try: cursor.execute("SELECT id FROM user_entity WHERE email LIKE '{0}' OR username LIKE '{0}' OR id LIKE '{0}'".format(email_user)) + id = cursor.fetchone()[0] + except: + abort(401, "Could not find user") + + cursor.close() + + return id + +def get_user_email(user_id): + conn = start_connection() + cursor = conn.cursor() + try: + cursor.execute("SELECT id FROM user_entity WHERE id = {0} OR email = {0}".format(user_id)) id = cursor.fetchone()[0] except: abort(401, "Could not find user") cursor.close() - conn.close() return id def get_scope_id(scope_name): conn = start_connection() - cursor = conn.cursor() try: @@ -69,18 +94,14 @@ def get_scope_id(scope_name): abort(401, "Could not find scope") cursor.close() - conn.close() return id @app.route('/get_user_scope_id/', methods=['POST']) def get_user_scope_id(email_user): auth_header = request.headers.get('Authorization') - check_request_validity(auth_header) - user_id = get_user_id(email_user) - scope_id = get_scope_id(request.form['scope_name']) return jsonify([user_id, scope_id]) @@ -88,13 +109,20 @@ def get_user_scope_id(email_user): @app.route('/get_user_id/', methods=['POST']) def get_user_id_rest(email_user): auth_header = request.headers.get('Authorization') - check_request_validity(auth_header) - user_id = get_user_id(email_user) return jsonify(user_id) +@app.route('/get_user_email/', methods=['GET']) +def get_user_email(user_id): + auth_header = request.headers.get('Authorization') + check_request_validity(auth_header) + + user_email = user_id(user_id) + + return jsonify(user_email) + @app.route('/change_owner//', methods=['POST']) def change_owner(resource_id, new_owner): auth_header = request.headers.get('Authorization') @@ -102,7 +130,6 @@ def change_owner(resource_id, new_owner): check_request_validity(auth_header) conn = start_connection() - cursor = conn.cursor() try: @@ -129,13 +156,10 @@ def change_owner(resource_id, new_owner): cursor.execute(owner_update.format(new_owner_id, resource_id)) except: abort(401, "Update failed") - + conn.commit() - cursor.close() - conn.close() - return jsonify("Owner changed successfully") @app.errorhandler(401) @@ -149,4 +173,5 @@ def internal_error(error): return "Uncaught exception: is keycloak reachable?" if __name__ == '__main__': + init_db_pool() app.run(host='0.0.0.0', port=5000, debug=True) diff --git a/db_connection.env.example b/db_connection.env.example index 0009c51..90474cb 100644 --- a/db_connection.env.example +++ b/db_connection.env.example @@ -1,7 +1,8 @@ DB_DATABASE=keycloak DB_USER=keycloak -DB_PASSWORD=databasepassphrase -DB_HOST=keycloakdb_url -DB_PORT=5432 +DB_PASSWORD=password +DB_HOST=localhost +DB_PORT=5433 +DB_POOL_SIZE=20 KEYCLOAK_URL=http://localhost:8080/auth REALM=master \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 50a249d..54e5999 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,4 @@ -jsonify==0.5 -requests==2.23.0 -Flask==1.1.2 -psycopg2-binary==2.8.5 \ No newline at end of file +requests==2.27.1 +Flask==2.0.3 +psycopg2-binary==2.9.3 +python-dotenv==0.19.2 \ No newline at end of file From 23b003ad1ba8efa7fb6f3991d378ccd1b23e875e Mon Sep 17 00:00:00 2001 From: Alexandre Costa Date: Wed, 23 Mar 2022 12:42:36 +0000 Subject: [PATCH 08/11] Made the env file an actual dotenv file; --- db_connection.env.example => .env.example | 0 README.md | 2 +- 2 files changed, 1 insertion(+), 1 deletion(-) rename db_connection.env.example => .env.example (100%) diff --git a/db_connection.env.example b/.env.example similarity index 100% rename from db_connection.env.example rename to .env.example diff --git a/README.md b/README.md index 4cc8fb1..ec4c7d1 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Docker image availible at: https://hub.docker.com/r/irpinesctec/keycloak_extensi #### Natively -1. Copy the `db_connection.env.example`and rename it to `db_connection.env`. +1. Copy the `.env.example`and rename it to `.env`. Open the file and edit it to match your environment. 2. Install requirements using your Python package manager of choice. With PIP: From 6270e189643941bf51a99687e4ec106507611567 Mon Sep 17 00:00:00 2001 From: Alexandre Costa Date: Wed, 23 Mar 2022 15:36:19 +0000 Subject: [PATCH 09/11] Fixed DB connections not returning to the pool; --- api.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/api.py b/api.py index 5a1298b..c61389a 100644 --- a/api.py +++ b/api.py @@ -65,6 +65,7 @@ def get_user_id(email_user): abort(401, "Could not find user") cursor.close() + db_connection_pool.putconn(conn) return id @@ -79,6 +80,7 @@ def get_user_email(user_id): abort(401, "Could not find user") cursor.close() + db_connection_pool.putconn(conn) return id @@ -94,6 +96,7 @@ def get_scope_id(scope_name): abort(401, "Could not find scope") cursor.close() + db_connection_pool.putconn(conn) return id @@ -159,6 +162,7 @@ def change_owner(resource_id, new_owner): conn.commit() cursor.close() + db_connection_pool.putconn(conn) return jsonify("Owner changed successfully") From 07c90a42224ba3595ee52f09b40fedb6b3b2826c Mon Sep 17 00:00:00 2001 From: Alexandre Costa Date: Wed, 30 Mar 2022 12:00:01 +0100 Subject: [PATCH 10/11] Drastic docker image size reduction; Updated database connection pool to a thread-safe behaviour to match operations managed by gunicorn; --- Dockerfile | 14 ++++++-------- README.md | 2 +- api.py | 40 ++++++++++++++++++---------------------- requirements.txt | 3 ++- 4 files changed, 27 insertions(+), 32 deletions(-) diff --git a/Dockerfile b/Dockerfile index 410b517..9817e03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,15 @@ -FROM ubuntu:20.04 +FROM python:3.9-alpine3.15 -RUN apt-get update -y && \ - apt-get install -y build-essential python3-pip python3-dev +COPY requirements.txt /tmp/requirements.txt -WORKDIR /app - -COPY ./requirements.txt ./requirements.txt +RUN apk add --no-cache --virtual .build-deps gcc libc-dev \ + && pip install --no-cache-dir -r /tmp/requirements.txt \ + && apk del .build-deps gcc libc-dev -RUN pip3 install -r requirements.txt +WORKDIR /app COPY . /app -EXPOSE 5000 ENTRYPOINT [ "gunicorn" ] diff --git a/README.md b/README.md index ec4c7d1..6713ed2 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Service that extends the features of Keycloak by providing additional endpoints. The service connects directly to Keycloak's database. -Docker image availible at: https://hub.docker.com/r/irpinesctec/keycloak_extension_api +Docker image available at: https://hub.docker.com/r/irpinesctec/keycloak_extension_api ### Requirements diff --git a/api.py b/api.py index c61389a..3c7c6f2 100644 --- a/api.py +++ b/api.py @@ -5,27 +5,24 @@ import os, sys app = Flask(__name__) -db_connection_pool = None -def init_db_pool(): - try: - global db_connection_pool - db_connection_pool = psycopg2.pool.SimpleConnectionPool(1, 20, - host=os.environ['DB_HOST'], - port=os.environ['DB_PORT'], - database=os.environ['DB_DATABASE'], - user=os.environ['DB_USER'], - password=os.environ['DB_PASSWORD'] - ) - except (Exception, psycopg2.DatabaseError) as error: - print("Error while connecting to PostgreSQL. Please check your environment settings.", error) - sys.exit(-1) +try: + app.config["pool"] = psycopg2.pool.ThreadedConnectionPool(1, 20, + host=os.environ['DB_HOST'], + port=os.environ['DB_PORT'], + database=os.environ['DB_DATABASE'], + user=os.environ['DB_USER'], + password=os.environ['DB_PASSWORD'] + ) +except (Exception, psycopg2.DatabaseError) as error: + print("Error while connecting to PostgreSQL. Please check your environment settings.", error) + sys.exit(-1) def start_connection(): try: - return db_connection_pool.getconn() + return app.config["pool"].getconn() except Exception as error: - abort(401, "Could not connect to DB: {}".format(e)) + abort(401, "Could not connect to Keycloak's database. Please check Keycloak Extension's environment settings.: {}".format(error)) def check_request_validity(auth_header): if auth_header == None: @@ -50,7 +47,7 @@ def get_user_info(token): response = requests.get(url, headers=headers) if response.status_code != 200: - abort(401, 'Invalid token') + abort(401, response.json()) return response.json() @@ -65,7 +62,7 @@ def get_user_id(email_user): abort(401, "Could not find user") cursor.close() - db_connection_pool.putconn(conn) + app.config["pool"].putconn(conn) return id @@ -80,7 +77,7 @@ def get_user_email(user_id): abort(401, "Could not find user") cursor.close() - db_connection_pool.putconn(conn) + app.config["pool"].putconn(conn) return id @@ -96,7 +93,7 @@ def get_scope_id(scope_name): abort(401, "Could not find scope") cursor.close() - db_connection_pool.putconn(conn) + app.config["pool"].putconn(conn) return id @@ -162,7 +159,7 @@ def change_owner(resource_id, new_owner): conn.commit() cursor.close() - db_connection_pool.putconn(conn) + app.config["pool"].putconn(conn) return jsonify("Owner changed successfully") @@ -177,5 +174,4 @@ def internal_error(error): return "Uncaught exception: is keycloak reachable?" if __name__ == '__main__': - init_db_pool() app.run(host='0.0.0.0', port=5000, debug=True) diff --git a/requirements.txt b/requirements.txt index 54e5999..d4115a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,4 +1,5 @@ requests==2.27.1 Flask==2.0.3 psycopg2-binary==2.9.3 -python-dotenv==0.19.2 \ No newline at end of file +python-dotenv==0.19.2 +gunicorn==20.1.0 \ No newline at end of file From 9d6c80e9b2a6505bd7b91d844539f046bfc74596 Mon Sep 17 00:00:00 2001 From: edgar <23741809+edgar-simao@users.noreply.github.com> Date: Wed, 27 Jul 2022 19:58:54 +0100 Subject: [PATCH 11/11] correcting email from id methods --- api.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api.py b/api.py index 3c7c6f2..5fec311 100644 --- a/api.py +++ b/api.py @@ -71,7 +71,7 @@ def get_user_email(user_id): cursor = conn.cursor() try: - cursor.execute("SELECT id FROM user_entity WHERE id = {0} OR email = {0}".format(user_id)) + cursor.execute("SELECT email FROM user_entity WHERE id LIKE '{0}' OR username LIKE '{0}'".format(user_id)) id = cursor.fetchone()[0] except: abort(401, "Could not find user") @@ -114,12 +114,12 @@ def get_user_id_rest(email_user): return jsonify(user_id) -@app.route('/get_user_email/', methods=['GET']) -def get_user_email(user_id): +@app.route('/get_user_email/', methods=['POST']) +def get_user_email_rest(user_id): auth_header = request.headers.get('Authorization') check_request_validity(auth_header) - user_email = user_id(user_id) + user_email = get_user_email(user_id) return jsonify(user_email)