def reset(): # pragma: no cover
response = {'status': 'ok', 'message': '', 'payload': []}
data = request.get_json()
request_types = {
'username': ['str'],
'email': ['str'],
}
validate_request_data(data, request_types)
user = User.find_by_username(data['username'])
if user and user.email == data['email'] and not user.is_active:
lettersAndDigits = string.ascii_letters + string.digits
newpass = ''.join(random.choice(lettersAndDigits) for i in range(10))
passhash = User.generate_hash(newpass)
user.req_pass_reset = True
user.password = passhash
mailbody = '''
<h2>Password reset information</h2>
<strong>username: </strong>''' + data['username'] + '''<br>
<strong>new pass: </strong>''' + newpass + '''
'''
# SEND EMAIL TO USER ++> Not implemented
db.session.commit()
create_log(current_user, 'modify', 'User requested password reset',
'E-mail sent')
response[
'message'] = 'Password for {} sent to {} if credentials were correct. Check your email for instructions.'.format(
data['username'], data['email'])
return jsonify(response), 201
def user_loader_callback(identity):
user = User.find_by_username(identity)
if not user:
return None
if not user.is_active:
raise UnauthorizedError("This account is deactivated")
return user
def login():
response = {'status': 'ok', 'message': '', 'payload': []}
data = request.get_json()
request_types = {
'username': ['str'],
'password': ['str'],
}
validate_request_data(data, request_types)
user = User.find_by_username(data['username'])
if not user or not User.verify_hash(data['password'], user.password):
raise UnauthorizedError("Wrong Credentials")
elif not user.is_active:
raise UnauthorizedError("This account is deactivated")
response['access_token'] = create_access_token(identity=data['username'])
response['refresh_token'] = create_refresh_token(identity=data['username'])
response['message'] = 'Logged in as {}'.format(data['username'])
return jsonify(response), 201
