From 85c07ed4f3965f9d6dfa1b7e533df28a7a80d871 Mon Sep 17 00:00:00 2001
From: Andrew nuark G <me@nuark.xyz>
Date: Wed, 12 Apr 2023 03:04:27 +0700
Subject: [PATCH] Add ability to update user's data - Password - Access token

---
 app.py    | 21 ++++++++++++++++++++-
 dba.py    | 19 +++++++++++++++++++
 models.py |  2 ++
 3 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/app.py b/app.py
index cf0f80e..95d98b3 100644
--- a/app.py
+++ b/app.py
@@ -22,7 +22,6 @@ from models import (
     TableListDefinition,
     UserDefinition,
 )
-from secutils import hash_password
 from utils import (
     check_if_admin_access_token,
     parse_columns_from_definition,
@@ -136,6 +135,26 @@ async def createUser(
     return {"ok": True}
 
 
+@app.post("/api/updateUser")
+async def updateUser(
+    user: UserDefinition,
+    access_token: str | None = Header(default=None),
+):
+    is_admin = check_if_admin_access_token(connector, access_token)
+    if not is_admin:
+        return {"error": "Not allowed"}
+
+    if not user.user_id or not user.password or not user.access_token:
+        return {"error": "Malformed request"}
+
+    try:
+        update_user(connector, user.user_id, user.password, user.access_token)
+    except Exception as e:
+        return {"error": str(e)}
+
+    return {"ok": True}
+
+
 @app.post("/items/{tableName}")
 async def items(
     tableName: str,
diff --git a/dba.py b/dba.py
index ed0cada..b3e5c15 100644
--- a/dba.py
+++ b/dba.py
@@ -96,6 +96,25 @@ def create_user(conn: DBConnector, username: str, password: str):
         return False, e
 
 
+def update_user(conn: DBConnector, id: int, password: str, access_token: str):
+    try:
+        hashedPwd = hash_password(password)
+        conn.updateDataInTable(
+            USERS_TABLE_NAME,
+            [
+                ColumnUpdate("password", hashedPwd),
+                ColumnUpdate("access_token", access_token),
+            ],
+            [
+                ColumnCondition("id", id),
+            ],
+        )
+        return True, None
+    except Exception as e:
+        logger.exception(e)
+        return False, e
+
+
 def get_user_by_username(conn: DBConnector, username: str):
     try:
         users = conn.filterFromTable(
diff --git a/models.py b/models.py
index 93e2564..af42207 100644
--- a/models.py
+++ b/models.py
@@ -17,8 +17,10 @@ class ColumnsDefinitionList(BaseModel):
 
 
 class UserDefinition(BaseModel):
+    user_id: int | None = None
     username: str
     password: str
+    access_token: str | None = None
 
 
 class ColumnDefinition(BaseModel):