def post(self):
"""
User Login/SignIn route
"""
login_info = request.get_json()
if not login_info:
return make_response(jsonify({'message': 'Input payload validation failed'}), 400)
try:
user = User.query.filter_by(email=login_info['email']).first()
if not user:
return make_response(jsonify({"message": 'User does not exist!'}), 404)
if check_password_hash(user.password, login_info['password']):
payload = {
'exp': datetime.utcnow() + timedelta(weeks=3),
'iat': datetime.utcnow(),
'sub': user.public_id
}
token = jwt.encode(
payload,
APP.config['SECRET_KEY'],
algorithm='HS256'
)
print(user.username)
return jsonify({"message": "Logged in successfully.",
"access_token": token.decode('UTF-8'),
"username": user.username
})
return make_response(jsonify({"message": "Incorrect credentials."}), 401)
except Exception as e:
print(e)
return make_response(jsonify({"message": "An error occurred. Please try again."}), 501)
def lost_password():
form = LostPass()
# Password Reset functionality
if request.method == 'POST':
if form.validate():
# First of all, check if there is a registered email in the DB that matches.
# Checking if this e-mail exists in the database. If not, flashes an error to the user.
check_user = User.objects(email=form.email.data).first()
if check_user:
# If a user is found, we'll proceed to generate a JWT-token to pass along with our mail.
email = str(form.email.data)
exp_time = datetime.datetime.now() + datetime.timedelta(hours=1)
token = jwt.encode({'reset_password': form.email.data,
'exp': exp_time},
key=os.getenv('SECRET_KEY'))
password_mail = Message("Lost your password?",
sender=os.environ['MAIL_USERNAME'],
recipients=[email],
html=render_template('reset_email.html', token=token))
mail.send(password_mail)
# Feedback so the user can see the request went through!
flash(
"Reset password email sent to the provided email! Please check your email and follow instructions therein.")
else:
flash("No user found!")
return render_template("lost_password.html", form=form)
def generate_auth_token(self, expires_in=600):
return jwt.encode({
'id': self.id,
'exp': time.time() + expires_in
},
app.config['SECRET_KEY'],
algorithm='HS256')
def post(self):
try:
parser = reqparse.RequestParser()
parser.add_argument('UserName', required=True, help='UserName is Required')
parser.add_argument('Password', required=True, help='Password is Required')
args = parser.parse_args()
cursor = db.cursor()
row_count = cursor.execute(
'select Role from users where UserName=\'' + args['UserName'] + '\'' + 'and Password=\'' + args[
'Password'] + '\'')
row = cursor.fetchone()
if row_count > 0:
payload = {
'UserName': args['UserName'],
'Password': args['Password'],
'Role': row[0]
}
access_token = jwt.encode(payload, 'secret', algorithm='HS256')
print(access_token)
message = {
'AuthToken': str(access_token),
'Role': payload['Role'],
'Request': 'Successful'
}
else:
message = {
'AuthToken': 'Null',
'Request': 'Wrong Details'
}
return (message)
except InterfaceError as e:
CreateApi.reAssignDb()
print(e)
except Exception as e:
print(e)
def create_token(data):
payload = {
"exp" : datetime.datetime.utcnow() + datetime.timedelta(days=0,minutes=60),
"iat" : datetime.datetime.utcnow(),
'sub' : data
}
return jwt.encode(payload,app.config.get("SECRET_KEY"),algorithm='HS256')
def create_token(user):
payload = {
'sub': user.id,
'iat': datetime.utcnow(),
'exp': datetime.utcnow() + timedelta(days=1),
'scope': user.role
}
token = jwt.encode(payload, SECRET_KEY)
return token.decode('unicode_escape')
def generate_token():
payload = request.get_json()
secret = app.config['SECRET_KEY']
token = jwt.encode(payload, secret, algorithm='HS256')
return jsonify(error=None,
data=[{
'token': token
}],
message="Token Generated"), 201
def get_token():
request_data = request.get_json()
username = str(request_data['username'])
password = str(request_data['password'])
match = User.username_password_match(username, password)
if match:
expiration_date = datetime.datetime.utcnow() + datetime.timedelta(seconds=100)
token = jwt.encode({'exp': expiration_date}, booksapp.config['SECRET_KEY'], algorithm='HS256')
return token
else:
return Response('', 401, mimetype='application/json')
def encode_auth_token(app, user_id, days=0, minutes=4):
try:
payload = {
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=days, minutes=minutes),
'iat': datetime.datetime.utcnow(),
'sub': user_id
}
return jwt.encode(
payload,
app.config.get('JWT_SECRET_KEY'),
algorithm='HS256'
)
except Exception as e:
return e
def loginUsuario(cls, datos):
from flask import jsonify
from werkzeug.security import check_password_hash
from datetime import datetime, timedelta
from app import app
from flask_jwt import jwt
LoginUsuario().load(datos)
usuario = UsuarioService.find_by_email(datos['email'])
usuarioJson = CommonService.json(usuario, UsuarioSchema)
if usuario:
if check_password_hash(usuario.password, datos['password']):
dt = datetime.now() + timedelta(minutes=60 * 12)
usuarioJson['exp'] = dt
token = jwt.encode(usuarioJson, app.config['SECRET_KEY'])
return jsonify({'token': token.decode('UTF-8')})
raise Exception("Las credenciales son incorrectas.")
raise Exception("No existe ningún usuario con ese mail.")
def encode_auth_token(data):
"""
生成token
:param data:
:return:
"""
try:
payload = {
'exp':
datetime.datetime.utcnow() +
datetime.timedelta(days=7, seconds=0),
'iat':
datetime.datetime.utcnow(),
'iss':
'xxxxx',
'data':
data
}
return jwt.encode(payload, config.SECRET_KEY, algorithm='HS256')
except Exception:
return None
def generate_token(player_id):
"""
Generate Token Method
"""
try:
payload = {
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1),
'iat': datetime.datetime.utcnow(),
'sub': player_id
}
return jwt.encode(
payload,
os.getenv('JWT_SECRET_KEY'),
'HS256'
).decode('utf-8')
except Exception as e:
return Response(
mimetype="application/json",
response=json.dumps({'error': 'error in generating player token'}),
status=400
)
def login(self, username, password):
user = self.get_one('username', username)
if not user:
return make_response(
"incorrect username/password", 401,
{'WWW-Authenticate': 'Basic Realm="Login Required!'})
if check_password_hash(user['password'], password):
token = jwt.encode(
{
"user_":
user,
"exp":
datetime.datetime.utcnow() +
datetime.timedelta(minutes=100000)
}, 'OLURIN ANUOLUWAPO')
return ({"token": f"{token}"})
else:
return make_response(
"invalid password", 401,
{'WWW-Authenticate': 'Basic Realm="Login Required!'})
def create_token(payload):
return jwt.encode(payload, key='super-secret')
def post(self):
set_temporary_password = False
json_input = request.get_json()
keys = ['email', 'password']
if validate_input_data(json_input, keys):
return validate_input_data(json_input, keys)
data, errors = user_login_schema.load(json_input)
if errors:
return moov_errors(errors, 422)
_user = User.query.filter(User.email.like(json_input['email'])).first()
if not _user:
return moov_errors('User does not exist', 404)
if _user.reset_password:
temp_password = ForgotPassword.query.filter(
ForgotPassword.user_id==_user.id
).order_by(
ForgotPassword.created_at.desc()
).first()
# Precautions
if (not temp_password) or (temp_password and temp_password.temp_password != json_input['password']):
return moov_errors("Invalid password", 400)
if temp_password.used:
return moov_errors("Sorry, this password has been used to reset forgotten password details", 400)
if not datetime.datetime.utcnow() <= (temp_password.created_at + timedelta(days=1)):
return moov_errors("Temporary password expired", 400)
set_temporary_password = True
temp_password.used = True
_user.reset_password = False
temp_password.save()
_user.save()
else:
if not _user.check_password(json_input['password']):
return moov_errors("Invalid email/password", 401)
_user_wallet = Wallet.query.filter(Wallet.user_id==_user.id).first()
token_date = datetime.datetime.utcnow()
payload = {
"id": _user.id,
"stamp": str(token_date)
}
_token = jwt.encode(payload, os.getenv("TOKEN_KEY"), algorithm='HS256')
_data, _ = user_schema.dump(_user)
_data["wallet_amount"] = _user_wallet.wallet_amount if _user_wallet else "Unavailable"
_data["school"] = str(_user.school_information.name)
_data["user_type"] = _user.user_type.title
_data["set_temporary_password"] = set_temporary_password
_data.pop('password', None)
_data.pop('user_id', None)
return jsonify({"status": "success",
"data": {
"data": _data,
"message": "Login successful",
"token": str(_token)
}
})
def post(self):
json_input = request.get_json()
keys = [
'user_type',
'firstname',
'lastname',
'email',
'image_url',
'mobile_number',
'password',
'authentication_type',
'school'
]
_user = {}
if validate_input_data(json_input, keys, _user):
return validate_input_data(json_input, keys, _user)
data, errors = user_schema.load(json_input)
if errors:
return moov_errors(errors, 422)
if validate_empty_string(json_input['password']):
return moov_errors('Password cannot be empty', 400)
# verify email
if User.is_user_data_taken(json_input['email']):
return moov_errors('User already exists', 400)
# verify empty request fields
if is_empty_request_fields(json_input):
return moov_errors("Empty strings are not allowed, exception for image urls", 400)
# verify school
school = get_school(str(json_input['school']).lower())
if not school:
return moov_errors('{0} (school) does not exist'.format(str(json_input['school'])), 400)
user_type = UserType.query.filter(UserType.title==data['user_type'].lower()).first()
user_type_id = user_type.id if user_type else None
unauthorized_list = ["super_admin", "admin", "school", "car_owner", "moov"]
if is_user_type_authorized(unauthorized_list, data['user_type'].lower()):
return moov_errors("Unauthorized, you cannot create a/an {0}".format(data['user_type']), 401)
if not user_type_id:
return moov_errors("User type can only be student or driver", 400)
moov_email = os.environ.get("MOOV_EMAIL")
moov_user = User.query.filter(User.email==moov_email).first()
if not moov_user:
return not_found_errors(moov_email)
_transaction_icon = "https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973461_1280.png"
transaction_icon = Icon.query.filter(Icon.operation_type=="moov_operation").first()
if transaction_icon:
_transaction_icon_id = transaction_icon.id
authentication_type = "email" if "authentication_type" not in json_input else json_input['authentication_type']
authentication_type = get_authentication_type(authentication_type)
new_user = User(
password=data['password'],
school_id=school.id,
user_type_id=user_type_id,
authentication_type=authentication_type,
firstname=data['firstname'],
lastname=data['lastname'],
email=data['email'],
image_url=data['image_url'] if json_input.get('image_url') else \
"https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973461_1280.png",
mobile_number=data['mobile_number'] if json_input.get('mobile_number') else ""
)
new_user.save()
user_wallet = Wallet(
wallet_amount= 0.00,
user_id = new_user.id,
description = "{0} {1}'s Wallet".format((new_user.lastname).title(), (new_user.firstname).title())
)
user_wallet.save()
user_notification = Notification(
message="Welcome to MOOV app.",
recipient_id=new_user.id,
sender_id=moov_user.id,
transaction_icon_id=_transaction_icon_id
)
user_notification.save()
token_date = datetime.datetime.utcnow()
payload = {
"id": new_user.id,
"stamp": str(token_date)
}
_token = jwt.encode(payload, os.getenv("TOKEN_KEY"), algorithm='HS256')
message = "The profile with email {0} has been created succesfully".format(new_user.email)
_data, _ = user_schema.dump(new_user)
_data["wallet_amount"] = user_wallet.wallet_amount
_data["school"] = str(new_user.school_information.name)
_data["user_type"] = new_user.user_type.title
_data.pop('password', None)
_data.pop('user_id', None)
if user_type.title.lower() == "driver":
new_driver_info = DriverInfo(
driver_id=new_user.id
)
new_driver_info.save()
user_notification = Notification(
message="Thank you for registering to be a MOOV driver. \
Your request is waiting approval, we will get back to you soon",
recipient_id=new_user.id,
sender_id=moov_user.id,
transaction_icon_id=_transaction_icon_id
)
user_notification.save()
return {
'status': 'success',
'data': {
'user': _data,
'message': message,
'token': _token
}
}, 201
