def post(self): # get the post data post_data = request.get_json() old_password = post_data.get('old_password') new_password = post_data.get('new_password') phone = proccess_phone_number(phone_number=post_data.get('phone'), region=post_data.get('region')) one_time_code = post_data.get('one_time_code') auth_header = request.headers.get('Authorization') # Check authorisation using a one time code if phone and one_time_code: card = phone[-6:] user = (User.query.filter_by(phone=phone).execution_options(show_all=True).first() or User.query.filter_by(public_serial_number=card).execution_options(show_all=True).first() ) if not user: response_object = { 'status': 'fail', 'message': 'User not found' } return make_response(jsonify(response_object)), 401 if user.is_activated: response_object = { 'status': 'fail', 'message': 'Account already activated' } return make_response(jsonify(response_object)), 401 if str(one_time_code) != user.one_time_code: response_object = { 'status': 'fail', 'message': 'One time code not valid' } return make_response(jsonify(response_object)), 401 user.hash_password(new_password) user.is_phone_verified = True user.is_activated = True user.one_time_code = None auth_token = user.encode_auth_token() response_object = create_user_response_object(user, auth_token, 'Successfully set pin') db.session.commit() return make_response(jsonify(response_object)), 200 # Check authorisation using regular auth elif auth_header and auth_header != 'null' and old_password: auth_token = auth_header.split(" ")[0] resp = User.decode_auth_token(auth_token) if isinstance(resp, str): response_object = { 'status': 'fail', 'message': 'Invalid auth token' } return make_response(jsonify(response_object)), 401 user = User.query.filter_by(id=resp.get('user_id')).execution_options(show_all=True).first() if not user: response_object = { 'status': 'fail', 'message': 'User not found' } return make_response(jsonify(response_object)), 401 if not user.verify_password(old_password): response_object = { 'status': 'fail', 'message': 'invalid password' } return make_response(jsonify(response_object)), 401 # Check authorisation using a reset token provided via email else: reset_password_token = post_data.get('reset_password_token') if not reset_password_token: response_object = { 'status': 'fail', 'message': 'Missing token.' } return make_response(jsonify(response_object)), 401 reset_password_token = reset_password_token.split(" ")[0] validity_check = User.decode_single_use_JWS(reset_password_token, 'R') if not validity_check['success']: response_object = { 'status': 'fail', 'message': validity_check['message'] } return make_response(jsonify(response_object)), 401 user = validity_check['user'] reuse_check = user.check_reset_token_already_used( reset_password_token) if not reuse_check: response_object = { 'status': 'fail', 'message': 'Token already used' } return make_response(jsonify(response_object)), 401 if not new_password or len(new_password) < 6: response_object = { 'status': 'fail', 'message': 'Password must be at least 6 characters long' } return make_response(jsonify(response_object)), 401 user.hash_password(new_password) user.delete_password_reset_tokens() db.session.commit() response_object = { 'status': 'success', 'message': 'Password changed, please log in' } return make_response(jsonify(response_object)), 200
def post(self): # get the post data post_data = request.get_json() activation_token = post_data.get('activation_token') if activation_token and activation_token != 'null': auth_token = activation_token.split(" ")[0] else: auth_token = '' if auth_token: validity_check = User.decode_single_use_JWS(activation_token, 'A') if not validity_check['success']: response_object = { 'status': 'fail', 'message': validity_check['message'] } return make_response(jsonify(response_object)), 401 user = validity_check['user'] if user.is_activated: response_object = { 'status': 'fail', 'message': 'Already activated.' } return make_response(jsonify(response_object)), 401 user.is_activated = True auth_token = user.encode_auth_token() db.session.flush() # Possible Outcomes: # TFA required, but not set up # TFA not required tfa_response_oject = tfa_logic(user, tfa_token=None) if tfa_response_oject: tfa_response_oject['auth_token'] = auth_token.decode() db.session.commit() # need to commit here so that is_activated = True return make_response(jsonify(tfa_response_oject)), 401 # Update the last_seen TS for this user user.update_last_seen_ts() response_object = create_user_response_object(user, auth_token, 'Successfully activated.') db.session.commit() return make_response(jsonify(response_object)), 201 else: response_object = { 'status': 'fail', 'message': 'Provide a valid auth token.' } return make_response(jsonify(response_object)), 401