Merge pull request #71 from hcp-uw/Add_endpoint_documentation

Implemented change_user_email() and change_user_password() resources

Author: davidye007

source/backend/model/error.py

@@ -43,6 +43,23 @@ class InvalidReceiptImage(Exception):
 class EdenAIBadRequest(Exception):
     pass
 
+class MissingNewPassword(Exception):
+    pass
+
+class MissingNewEmail(Exception):
+    pass
+
+def handle_missing_new_password(error):
+    response = jsonify({'error': 'Missing new password'})
+    response.status_code = 400
+    return response, response.status_code
+
+def handle_missing_new_email(error):
+    response = jsonify({'error': 'Missing new email'})
+    response.status_code = 400
+    return response, response.status_code
+
+
 def handle_edenai_bad_request(error):
     response = jsonify({'error': 'EdenAI bad request'})
     response.status_code = 500

source/backend/resource/resource_receipt.py

@@ -7,36 +7,44 @@
 from config import Config
 import requests
 import os
+import uuid
+
 receipts_bp = Blueprint('receipts', __name__)
 
-"""
-Parses a receipt image and returns parsed receipt
-return the following:
-{
-    'receipt_date': {date on receipt},
-    'total': {total},
-    'store': {store name},
-    'location': {store address},
-    'purchases': [{'name':{name of item},'price':{unit price},'amount':{amount/quantity}},
-                {'name':{name of item},'price':{unit price},'amount':{amount/quantity}},
-                {'name':{name of item},'price':{unit price},'amount':{amount/quantity}}
-                ...]
-}
-
-"""
+
 @receipts_bp.route('/receipts_parsing', methods=['POST'])
 @login_required
 def receipts_parsing():
+    """
+    Parses a receipt image and returns parsed receipt
+    return the following:
+    {
+        'receipt_date': {date on receipt},
+        'total': {total},
+        'store': {store name},
+        'location': {store address},
+        'purchases': [{'name':{name of item},'price':{unit price},'amount':{amount/quantity}},
+                    {'name':{name of item},'price':{unit price},'amount':{amount/quantity}},
+                    {'name':{name of item},'price':{unit price},'amount':{amount/quantity}}
+                    ...]
+    }
+    """
     receipt_image = request.files.get('receipt_image')
-    if not receipt_image or receipt_image.filename == '':
+    if not receipt_image:
         raise MissingReceiptImage()
 
     # Create temp directory if it doesn't exist
     temp_dir = os.path.join(os.getcwd(), 'temp')
     os.makedirs(temp_dir, exist_ok=True)
 
-    # Save image into temp folder
-    file_path = os.path.join(temp_dir, receipt_image.filename)
+    # Create a unique filename for image that doesn't exist in temp
+    while True:
+        filename = f"{uuid.uuid4()}.jpg"
+        file_path = os.path.join(temp_dir, filename)
+        if not os.path.exists(file_path):
+            break  # Exit the loop if the filename is unique
+
+    # Save image into temp folder   
     receipt_image.save(file_path)
 
     # EdenAI API parameters 
@@ -50,7 +58,7 @@ def receipts_parsing():
     try:
         with open(file_path, 'rb') as file:
             files = {'file': file}
-            response = requests.post(url, data=data, files=files, headers=headers)
+            response = requests.post(url, data=data, files=files, headers=headers) # EdenAI docs says accepts JPG, PNG, or PDF
     except:
         raise EdenAIBadRequest()
     finally:
@@ -64,7 +72,6 @@ def receipts_parsing():
         'location': result['amazon']['extracted_data'][0]['merchant_information']['address'],
         'purchases': []
     }
-    
     # {'name':{name of item},'price':{unit price},'amount':{amount/quantity}},{'name':{name of item},'price':{unit price},'amount':{amount/quantity}}
     items = result['amazon']['extracted_data'][0]['item_lines']
     for item in items:
@@ -82,16 +89,7 @@ def receipts_parsing():
             info['price'] = item['unit_price']
 
         output['purchases'].append(info)
-    print(output)
-    return output
-    ########################################## ADD LOGIC HERE #################################
-
-    # See receipt_parsing.ipynb for sample calls to EdenAI and retrieving data
-
-    ###########################################################################################
-    # return jsonify({'message': 'to be implemented'}), 201
-    return jsonify(result), 201
-
+    return jsonify(output), 201
 
 
 # Adds a receipt to the user

source/backend/resource/resource_user.py

@@ -9,36 +9,43 @@
 # Define the blueprint
 auth_bp = Blueprint('auth', __name__)
 
+### Delete email collection, no dependencies (duplicate data editing, causes consistency issues)
+### check user_id and email, shouldn't be too much more expensive since
+### subcollections don't automatically load
 @auth_bp.route('/login', methods = ['POST'])
 def login():
     db = current_app.db
     data = request.get_json()
-    user_id = data.get('user_id')
+    user_id = data.get('user_id') # either user_id or email
     password = data.get('password')
     if not user_id:
         raise MissingUserIDError()
     if not password:
         raise MissingPasswordError()
-    user_ref = db.collection('Users').document(user_id).get() # checks for UserID
-    if not user_ref.exists:
-        user_ref = db.collection('UserEmails').document(user_id).get() # checks emails
-        if not user_ref.exists:
-            raise UserNotFound()
-        user_id = user_ref.get('user_id')
-    true_password_hash = user_ref.get('passwordHash')
-    if not sha256_crypt.verify(password, true_password_hash):
-        raise InvalidPassword()
-    user = User(user_id)
-    login_user(user)
-    return jsonify({"message": f'{current_user.id} logged in successfully.'}), 200
+    users_ref = db.collection('Users')
+    docs = users_ref.stream()
+    for doc in docs:
+        user_id_db = doc.id
+        email_db = doc.get('email')
+        if user_id == user_id_db or user_id == email_db:
+            true_password_hash = doc.get('passwordHash')
+            if not sha256_crypt.verify(password, true_password_hash):
+                raise InvalidPassword()
+            else:
+                user = User(user_id)
+                login_user(user)
+                return jsonify({"message": f'{current_user.id} logged in successfully.'}), 200
+    raise UserNotFound()
 
 @auth_bp.route('/logout', methods=['POST'])
 @login_required
 def logout():
     logout_user()
     return jsonify({"message": "Logged out successfully"}), 200
 
-
+### Delete email collection, no dependencies (duplicate data editing, causes consistency issues)
+### check user_id and email, shouldn't be too much more expensive since
+### subcollections don't automatically load
 # return email already exists error code 400
 @auth_bp.route('/register', methods=['POST'])
 def register():
@@ -60,21 +67,22 @@ def register():
         date = datetime.strptime(date_joined, '%Y-%m-%d')
     except:
         raise InvalidDateFormat()
-    if db.collection('Users').document(user_id).get().exists:
-        raise UserAlreadyExistsError()
-    if db.collection('UserEmails').document(email).get().exists:
-        raise EmailAlreadyExistsError()
+    users_ref = db.collection('Users')
+    docs = users_ref.stream()
+    for doc in docs:
+        existing_user_id = doc.id
+        existing_email = doc.get('email')
+        if user_id == existing_user_id:
+            raise UserAlreadyExistsError() 
+        if email == existing_email:
+            raise EmailAlreadyExistsError()
     passwordHash = sha256_crypt.hash(password)
     # use set to create new document with specified data (overwrites existing documents)
     db.collection('Users').document(user_id).set({
         'passwordHash': passwordHash,
         'email': email,
         'dateJoined' : date_joined
     })
-    db.collection('UserEmails').document(email).set({
-        'user_id':user_id,
-        'passwordHash': passwordHash
-    })
     user = User(user_id)
     login_user(user)
     return jsonify({"message": f'{current_user.id} logged in successfully.'}), 200
@@ -84,48 +92,52 @@ def get_user_info(user_id):
     user_ref = db.collection('Users').document(user_id).get()
     email = user_ref.get('email')
     date_joined = user_ref.get('dateJoined')
-    return jsonify({"user_id": user_id, "email":email, "date_joined":date_joined}), 200
+    return jsonify({"user_id": user_id, "email":email, "date_joined":date_joined})
 
 @auth_bp.route('/user_info', methods=['GET'])
 @login_required
 def user_info():
-    return get_user_info(current_user.id)
-
+    return get_user_info(current_user.id), 200
 
-# input json includes 'old_email', 'new_email', old_user_id', 'new_user_id'
-@auth_bp.route('/change_user_info', methods=['POST'])
+### Resource for changing an email
+# input json includes 'new_email'
+@auth_bp.route('/change_user_email', methods=['POST'])
 @login_required
-def change_user_info():
+def change_user_email():
     db = current_app.db
     user_id = current_user.id
     data = request.get_json()
-    new_user_id = data.get('new_user_id')
     new_email = data.get('new_email')
-    if new_user_id != "":
-        # In Users collection: create new document with {new_user_id} loaded with old user data, then delete old {user_id} document
-        # see here: https://stackoverflow.com/questions/47885921/can-i-change-the-name-of-a-document-in-firestore
-        # In UserEmails collection: update {user_id} field for the corresponding email
-        user_id = new_user_id
-        user = User(user_id) # create a new object with the new user_id
-        login_user(user) # login user using new user_id
-        pass
+    if not new_email:
+        raise MissingNewEmail()
     if new_email != "":
-        # Get old {email} from {user_id} document
-        # In UserEmails collection: create new document with {new_email} loaded with old {email} data, then delete old {email} document
-        # In Users collection: find document {user_id} amd change the email to {new_email}
-        pass
-    return get_user_info(new_user_id)
+        db.collection('Users').document(user_id).update({
+            'email': new_email,
+        })
+    return jsonify({"message": "Email changed successfully."}), 201
 
-# input json includes 'old_password', 'new_password'
+# input json includes 'current_password', 'new_password'
 @auth_bp.route('/change_user_password', methods=['POST'])
 @login_required
 def change_user_password():
     db = current_app.db
     user_id = current_user.id
     data = request.get_json()
-    old_password = data.get('old_password')
+    current_password = data.get('current_password')
     new_password = data.get('new_password')
-    # In Users collection: find current user and get the {passwordHash}. Check if the hashed {old_password} matches {passwordHash} (similar to login endpoint).
-    # If not matches, raise InvalidPassword()
-    # If matches, hash the {new_password} and replace old value for {passwordHash} with new value for {passwordHash} on database.
+    user_doc = db.collection('Users').document(user_id).get()
+    if not current_password:
+        raise MissingPasswordError()
+    if not new_password:
+        raise MissingNewPasswordError()
+    true_password_hash = user_doc.get('passwordHash')
+    if not sha256_crypt.verify(current_password, true_password_hash):
+        raise InvalidPassword()
+    newPasswordHash = sha256_crypt.hash(new_password)
+    db.collection('Users').document(user_id).update({
+        'passwordHash': newPasswordHash,
+    })
+    return jsonify({"message": 'Password changed successfully.'}), 201
+   
 
+### FUTURE TODO: Reset password functionality

source/backend/server_main.py

@@ -46,6 +46,8 @@
     (MissingUserDate, handle_missing_user_date),
     (MissingReceiptImage, handle_missing_receipt_image),
     (InvalidReceiptImage, handle_invalid_receipt_image),
+    (MissingNewPassword, handle_missing_new_password),
+    (MissingNewEmail, handle_missing_new_email),
     (Exception, handle_general_error)
 ]