def login():
"""Authenticate user and return token
"""
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM'])
ret = {
'access_token': access_token,
'refresh_token': refresh_token
}
return jsonify(ret), 200
def login():
"""Authenticate user and return tokens
---
post:
tags:
- auth
requestBody:
content:
application/json:
schema:
type: object
properties:
username:
type: string
example: myuser
required: true
password:
type: string
example: P4$$w0rd!
required: true
responses:
200:
content:
application/json:
schema:
type: object
properties:
access_token:
type: string
example: myaccesstoken
refresh_token:
type: string
example: myrefreshtoken
400:
description: bad request
security: []
"""
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM'])
ret = {
'access_token': access_token,
'refresh_token': refresh_token
}
return jsonify(ret), 200
async def authenticate_user(form_data):
user = await User.query.where(User.username == form_data.username).gino.first()
exception = HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
try:
if not user or not pwd_context.verify(form_data.password, user.password):
raise exception
except ValueError:
raise exception
return user
def login():
'''Authenticate user and return token
'''
if not request.is_json:
return make_response(
jsonify(msg='Missing JSON in request'), 400)
username = request.json.get('username')
password = request.json.get('password')
if not username or not password:
return make_response(
jsonify(msg='Missing username or password'), 400)
user = Users.objects.get_or_404(username=username)
if not pwd_context.verify(password, user.passwd_digest):
return make_response(
jsonify(msg='User creds invalid'), 400)
access_token = create_access_token(identity=str(user.id))
return jsonify(access_token=access_token), 200
def test_put_user(client, db, user, admin_headers):
# test 404
user_url = url_for('users.user_by_id', user_id="100000")
rep = client.put(user_url, headers=admin_headers)
assert rep.status_code == 404
db.session.add(user)
db.session.commit()
data = {"username": "******", "password": "******"}
user_url = url_for('users.user_by_id', user_id=user.id)
# test update user
rep = client.put(user_url, json=data, headers=admin_headers)
assert rep.status_code == 200
data = rep.get_json()["user"]
assert data["username"] == "updated"
assert data["email"] == user.email
assert data["active"] == user.active
db.session.refresh(user)
assert pwd_context.verify("new_password", user.password)
def login():
"""Authenticate user and return tokens
---
post:
tags:
- auth
requestBody:
content:
application/json:
schema:
type: object
properties:
username:
type: string
example: myuser
required: true
password:
type: string
example: P4$$w0rd!
required: true
responses:
200:
content:
application/json:
schema:
type: object
properties:
access_token:
type: string
example: myaccesstoken
refresh_token:
type: string
example: myrefreshtoken
400:
description: bad request
security: []
"""
if not request.is_json:
return status_code.JSON_PARSE_FAIL.d, 200
ret = {}
try:
username = request.json.get("username", None)
password = request.json.get("password", None)
if not username or not password:
return status_code.USER_NOT_FOUND.d, 200
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return status_code.NAME_PWD_INVALID.d, 200
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
# add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
# add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM'])
ret = {
'token': access_token,
'refresh_token': refresh_token
}
except BaseException as e:
logger.exception(e)
return status_code.UNKNOWN_ERROR.d, 200
return status_code.SUCCESS.set_data(ret).d, 200
