def login_cookies():
# Create the tokens we will be sending back to the user
access_token = create_access_token(identity='test')
refresh_token = create_refresh_token(identity='test')
# Set the JWTs and the CSRF double submit protection cookies in this response
resp = jsonify({'login': True})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
def refresh_expired_token(response):
try:
exp_timestamp = get_raw_jwt()['exp']
now = datetime.now(timezone.utc)
target_timestam = datetime.timestamp(now + timedelta(minutes=30))
if target_timestam > exp_timestamp:
access_token = create_access_token(identity=get_jwt_identity())
set_access_cookies(response=response,
encoded_access_token=access_token)
return response
except:
return response
def post(self):
"""User's login view"""
args = user_login_parser.parse_args()
user: User = User.query.filter(
or_(
func.lower(User.email) == args.get("username", "").lower(),
func.lower(User.username) == args.get("username", "").lower(),
)).first()
if not user or user.password != args.get("password", None):
raise UserExceptions.wrong_login_creds()
token = create_access_token(user)
user.token = get_csrf_token(token)
user_session = Session(user=user,
token=get_jti(token),
**extract_request_info(request=request))
user_session.save(True)
response = make_response(marshal(
user,
user_model,
))
set_access_cookies(response=response, encoded_access_token=token)
return response
def login():
try:
body = request.get_json()
user = User.objects.get(email=body.get("email"))
authorized = user.check_password(body.get("password"))
if not authorized:
return {
"status": "fail",
"message": 'Incorrect email or password!'
}, 401
expires = datetime.timedelta(minutes=5)
access_token = create_access_token(identity=str(user.id),
expires_delta=expires)
response = make_response({"status": "Success", "token": access_token})
set_access_cookies(response, access_token)
return response
except DoesNotExist:
return {"status": "fail", "message": "Account does not exist"}, 404
def refresh():
username = get_jwt_identity()
access_token = create_access_token(username, fresh=False)
resp = jsonify({'refresh': True})
set_access_cookies(resp, access_token)
return resp, 200
def bad_login():
access_token = create_access_token('test')
resp = jsonify({'login': True})
set_access_cookies(resp, access_token)
return resp, 200
