Beispiel #1
0
def reset():  # pragma: no cover
    response = {'status': 'ok', 'message': '', 'payload': []}
    data = request.get_json()

    request_types = {
        'username': ['str'],
        'email': ['str'],
    }
    validate_request_data(data, request_types)

    user = User.find_by_username(data['username'])
    if user and user.email == data['email'] and not user.is_active:
        lettersAndDigits = string.ascii_letters + string.digits
        newpass = ''.join(random.choice(lettersAndDigits) for i in range(10))
        passhash = User.generate_hash(newpass)

        user.req_pass_reset = True
        user.password = passhash

        mailbody = '''
        <h2>Password reset information</h2>
        <strong>username: </strong>''' + data['username'] + '''<br>
        <strong>new pass: </strong>''' + newpass + '''
        '''
        # SEND EMAIL TO USER ++> Not implemented
        db.session.commit()
        create_log(current_user, 'modify', 'User requested password reset',
                   'E-mail sent')
    response[
        'message'] = 'Password for {} sent to {} if credentials were correct. Check your email for instructions.'.format(
            data['username'], data['email'])

    return jsonify(response), 201
Beispiel #2
0
 def user_loader_callback(identity):
     user = User.find_by_username(identity)
     if not user:
         return None
     if not user.is_active:
         raise UnauthorizedError("This account is deactivated")
     return user
Beispiel #3
0
def login():
    response = {'status': 'ok', 'message': '', 'payload': []}
    data = request.get_json()

    request_types = {
        'username': ['str'],
        'password': ['str'],
    }
    validate_request_data(data, request_types)

    user = User.find_by_username(data['username'])
    if not user or not User.verify_hash(data['password'], user.password):
        raise UnauthorizedError("Wrong Credentials")
    elif not user.is_active:
        raise UnauthorizedError("This account is deactivated")

    response['access_token'] = create_access_token(identity=data['username'])
    response['refresh_token'] = create_refresh_token(identity=data['username'])
    response['message'] = 'Logged in as {}'.format(data['username'])

    return jsonify(response), 201