Docs
Routes
Users.routes

Users Routes

routes.users_routes.check_session_route()

Checks if a user session is currently valid by verifying the user session cookie.

URL:

  • POST /check_session
  • Returns: Contains a message indicating the validity of the session along with the logged-in user’s information, if available.
  • Return type: JSON response (dict)

Status Codes:

  • 200 OK: Session valid.

routes.users_routes.create_user_route()

Creates a new user in the database after checking for a duplicate name.

URL:

  • POST /create_user
  • Parameters:
    • username (str) – The name of the user to create.
    • password (str) – The password of the user to create (will be hashed before storage).
    • roles (list of str) – The roles assigned to the new user.
    • assistants (list of str) – IDs of assistants the user will have access to.
  • Returns: A message indicating the success or failure of the creation process.
  • Return type: JSON response (dict)

Status Codes:

  • 200 OK: User created successfully.
  • 400 Bad Request: Invalid request payload or an error occurred.

Access Control:

  • Either Admin or Master roles are required to create new users.

routes.users_routes.delete_user_route()

Deletes a user from the database after verifying that the user is not the current logged-in user.

URL:

  • POST /delete_user
  • Parameters: user_id (str) – Unique identifier of the user to be deleted.
  • Returns: A message indicating the success or failure of the deletion process.
  • Return type: JSON response (dict)

Status Codes:

  • 200 OK: User deleted successfully.
  • 400 Bad Request: Invalid request payload or an error occurred.

Access Control:

  • Either Admin or Master roles are required to delete users.

routes.users_routes.get_roles()

Retrieves all roles from the database.

URL:

  • GET /get_all_roles
  • Returns:
    • A successful response returns a list of roles (status code 200).
    • An error response returns an error message (status code 400).
  • Return type: JSON response (dict)

Status Codes:

  • 200 OK: Roles retrieved successfully.
  • 400 Bad Request: Invalid request payload or an error occurred.

Access Control:

  • Either Admin or Master roles are required to obtain roles.

Example

bash
curl -X GET http://<server>/get_all_roles
Response: {"roles": ["Admin", "User", "Guest"]}

routes.users_routes.get_users()

Retrieves all users from the database.

  • URL: GET /get_all_users
  • Returns: A list of users or an error message, depending on the outcome.
  • Return Type: JSON response (dict)

Status Codes:

  • 200 OK: Users retrieved successfully.
  • 400 Bad Request: Invalid request payload or an error occurred.

Access Control: Either Admin or Master roles are required to obtain users.

routes.users_routes.login_route()

Logs in a user by validating the provided credentials against the database. The method hashes the raw input password and checks the hash against the stored value in the database. A secure HTTPOnly cookie is set in the browser if the login was successful to keep a user session.

  • URL: POST /login
  • Parameters:
    • username (str) – The name of the user attempting to log in.
    • password (str) – The password of the user attempting to log in.
    • remember (bool) – Flag to determine if the user should remain logged in for an extended period.
  • Returns: A message indicating the success or failure of the login process, including user details if successful.
  • Return Type: JSON response (dict)
  • Status Codes:
  • 200 OK: Login successful.
  • 401 Unauthorized: Invalid credentials provided.
  • Note: Uses a Flask limiter to restrict login attempts to 10 per minute.

routes.users_routes.logout_route()

Logs out a user by deleting the user session cookie. This method does not handle bad request or unauthorized errors directly as these are managed by a decorator method.

  • URL: POST /logout
  • Returns: A message indicating the success of the logout process.
  • Return Type: JSON response (dict)
  • Status Codes:
  • 200 OK: Logout successful.

routes.users_routes.update_user_route()

Updates an existing user in the database based on provided parameters.

  • URL: PATCH /update_user
  • Parameters:
    • user_id (str) – Unique identifier of the user to be updated.
    • username (str) – New username for the user.
    • password (str) – New password for the user.
    • roles (list of str) – List of roles assigned to the user.
    • assistants (list of str) – IDs of assistants accessible to the user.
  • Returns: A message indicating the success or failure of the update process.
  • Return type: JSON response (dict)
  • Status Codes:
    • 200 OK: User updated successfully.
    • 400 Bad Request: Invalid request payload or an error occurred.
    • 404 Not Found: No user found with the specified ID.
  • Access Control:
    • Either Admin or Master roles are required to update user details.
Transcript.routesVoiceflow.routes