def graphql_server():
# GraphQL queries are always sent as POST
data = request.get_json()
print(data)
# Note: Passing the request to the context is optional.
# In Flask, the current request is always accessible as flask.request
# if the cookie contains "access_token_cookie" and "refresh_token_cookie"
# set those tokens to tokens global variable
# this way we can make sure every has token
if request.cookies:
set_tokens(request.cookies)
try:
success, result = graphql_sync(
schema,
data,
context_value=request,
debug=app.debug
)
except Exception as e:
return {
"message": "Something went wrong."
}, 500
tokens = get_tokens()
result = jsonify(result)
if tokens:
set_access_cookies(result, tokens["access_token_cookie"])
set_refresh_cookies(result, tokens["refresh_token_cookie"])
else:
unset_access_cookies(result)
unset_refresh_cookies(result)
status_code = 200 if success else 400
return result, status_code
def logout():
if current_user:
current_user.save()
resp = make_response(redirect(url_for("users.login")))
unset_access_cookies(resp)
unset_refresh_cookies(resp)
return resp
def post(self):
resp = make_response({"message": "Signed out"})
unset_access_cookies(resp)
unset_refresh_cookies(resp)
return resp
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedTokenModel(jti=jti)
revoked_token.add()
resp = jsonify(success=True)
unset_refresh_cookies(resp)
return resp
except:
return jsonify(success=False), 500
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedTokenModel(jti=jti)
revoked_token.add()
response = jsonify({"logout_refresh": True})
unset_refresh_cookies(response)
return response
except:
return {'message': 'Something went wrong'}, 500
def logout():
jwt = flask_jwt_extended.get_raw_jwt()
if "jti" not in jwt:
# already unset
return redirect("/", code=302)
app.blacklist.add(jwt['jti'])
response = redirect("/", code=302)
flask_jwt_extended.unset_access_cookies(response)
flask_jwt_extended.unset_refresh_cookies(response)
return response
def my_unauthorized_callback(msg):
current_app.logger.warning('unauthorized_loader activated with JWT token\n')
if 'access_token_cookie' in request.cookies or 'refresh_token_cookie' in request.cookies:
flash("Unauthorized")
if len(request.url) >= 16 and ('invite' in request.url or 'submit' in request.url):
index = request.url.find('potm.rocks')
link = request.url[index + 11:]
session['url_saved'] = link
if 'AJAX' in request.headers:
current_app.logger.warning('AJAX called in unauthorized')
return jsonify(redirect=url_for('index.index')), 200
session.clear()
response = redirect(url_for('index.index'))
unset_refresh_cookies(response)
unset_jwt_cookies(response)
return redirect(url_for('index.index'), 302)
def logout():
'''Logs user out by deleting refresh token associated with account and also
reseting the cookie that stores the refresh token on the client's browser.
:reqheader Cookie: refresh token
:resheader Set-Cookie: deletes refresh token cookie
:status 200: successfully logged out
:status 422: no refresh token present, likely already logged out
'''
id = get_jwt_identity()
jti = get_raw_jwt()['jti']
db.users.update_one(
{ '_id' : ObjectId(id) },
{ '$pull': { 'refresh_tokens' : { '$in': [ jti ] } } },
)
resp = jsonify({'logout': True})
unset_refresh_cookies(resp)
return resp, 200
def logout_user(r):
unset_access_cookies(r)
unset_refresh_cookies(r)
def delete_refresh_tokens():
resp = jsonify(refresh_revoked=True)
unset_refresh_cookies(resp)
return resp
def delete_refresh_tokens():
domain = request.args.get("domain")
resp = jsonify(refresh_revoked=True)
unset_refresh_cookies(resp, domain=domain)
return resp
def logout(api_version):
resp = jsonify({})
unset_access_cookies(resp)
unset_refresh_cookies(resp)
return resp, 200
def logout():
resp = jsonify({'logout': True})
unset_access_cookies(resp)
unset_refresh_cookies(resp)
unset_jwt_cookies(resp)
return redirect(url_for('hello'))
def logout():
session.clear()
response = redirect(url_for('index.index'))
unset_refresh_cookies(response)
unset_jwt_cookies(response)
return response