def post(self): """Logout a user using JWT refresh_token. --- tags: - User authentication and authorization security: $ref: '#/components/securitySchemes/BearAuth' responses: 200: description: Log out has been successful! 500: description: Internal server error """ jti = get_raw_jwt()['jti'] try: revoked_token = RevokedToken(jti) revoked_token.save() response = jsonify({ 'response_message': 'Log out has been successful!', 'status_code': 200 }) return response except Exception as error: response = jsonify({ 'response_message': str(error), 'status_code': 500 }) return response
def post(self): jti = get_raw_jwt()['jti'] try: revoked_token = RevokedToken(jti=jti) revoked_token.save() return {'message': 'Refresh token has been revoked'} except: return {'message': 'Something went wrong'}, 500
def post(self): jti = get_raw_jwt()['jti'] try: revoked_token = RevokedToken(jti = jti) revoked_token.add() return {'message': 'Access token has been revoked'},200 except: return {'message': 'Something went wrong'}, 500
def post(self): jti = get_raw_jwt()['jti'] try: revoked_token = RevokedToken(jti=jti) revoked_token.add() return {'msg': 'Token has been revoked'} except: return {'msg': 'Something error'}, 500
def post(self): jti = get_raw_jwt()['jti'] try: revoked_token = RevokedToken(jti=jti) revoked_token.save() return {'message': 'Revoked refresh token'} except: return {'message': 'Error in revoking refresh token'}
def post(self): try: user = User.objects(username=current_user.username).first() in_use = InUseToken.objects(user=user).first() jti_access = decode_token(in_use.jwt_access)['jti'] jti_refresh = decode_token(in_use.jwt_refresh)['jti'] revoked_access_token = RevokedToken(jti=jti_access) revoked_access_token.save() revoked_refresh_token = RevokedToken(jti=jti_refresh) revoked_refresh_token.save() in_use.delete() logout_user() return {'message': 'User was log out its tokens revoked'} except: try: logout_user() return {'message': 'User was log out'} except: return {'message': 'Error when logging out user'}
def delete(self): try: jti = get_raw_jwt()['jti'] revoked_token = RevokedToken(jti=jti) db.session.add(revoked_token) db.session.commit() return {'message': 'Revoked access token', 'code': 200} except Exception as err: print(err) return {'message': 'Internal server error', 'code': 500}
def post(self): #create new access token for user current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) user = User.objects(username=current_user).first() in_use = InUseToken.objects(user=user).first() #revoke last access token revoked_token = RevokedToken( jti=decode_token(in_use.jwt_access)['jti']) revoked_token.save() #reload access token in in use tokens in_use.jwt_access = access_token in_use.save() return {'access_token': access_token}
def delete(self): body = request.get_json() email = body.get('email') username = body.get('username') password = body.get('password') user = UserModel.find_by_email(email) if not user: return {'message': 'cannot find user'}, 409 if user.username == username and user.check_password(password): user.delete_from_db() jti = get_raw_jwt()['jti'] revoked_token = RevokedToken(jti=jti) revoked_token.add() return {'status': 'deleted'}, 200 else: return {'message': 'invalid data'}, 400
def post(self): """This route handles logout """ auth_header = request.headers.get('Authorization') if auth_header is None: return jsonify({"message": "No token," " please provide a token"}), 401 access_token = auth_header.split()[1] if access_token: user_id = User.decode_token(access_token) if isinstance(user_id, int): revoked_token = RevokedToken(token=access_token) revoked_token.save() return jsonify({'message': 'Your have been logged out.'}), 201 else: message = user_id response = {'message': message} return make_response(jsonify(response)), 401 else: return jsonify({'message': 'please provide a valid token'})
def post(self): data = login_parser.parse_args() user = User.objects(username=data['username']).first() if user is None or not user.check_password(data['password']): return {'message': 'Username or password are incorrect'} elif not user.check_unique_id(data['unique_id']): #phone who is sending request is not registered return {'message': 'This telephone is not registered'} try: login_user(user) in_use = InUseToken.objects(user=user).first() if in_use is not None: print('in_use') access_token = in_use.jwt_access print('get access') try: revoked_token = RevokedToken( jti=decode_token(access_token)['jti']) revoked_token.save() print('revoked') except ExpiredSignatureError: print('already been revoked') access_token = create_access_token(identity=data['username']) in_use.jwt_access = access_token in_use.save() refresh_token = in_use.jwt_refresh else: access_token = create_access_token(identity=data['username']) refresh_token = create_refresh_token(identity=data['username']) new_in_use = InUseToken(jwt_access=access_token, jwt_refresh=refresh_token, user=user) new_in_use.hash_unique_id(data['unique_id']) new_in_use.save() return { 'message': 'Login was succesful', 'access_token': access_token, 'refresh_token': refresh_token } except: print(sys.exc_info()) return {'message': 'Unknown error'}
def post(self): errors = 0 data = register_parser.parse_args() #This is the worst idea to deal with already in use data if User.objects(username=data['username']): errors += 1 if User.objects(email=data['email']): errors += 2 if User.objects(phone_number=data['phone_number']): errors += 4 if (errors == 0): new_user = User(username=data['username'], email=data['email'], first_name=data['first_name'], last_name=data['last_name'], phone_number=data['phone_number']) new_user.hash_password(data['password']) new_user.hash_unique_id(data['unique_id']) try: new_user.save() login_user(new_user) in_use = InUseToken.objects(user=new_user).first() if in_use is None: access_token = in_use.jwt_access try: revoked_token = RevokedToken( jti=decode_token(access_token)['jti']) revoked_token.save() except ExpiredSignatureError: print('already been revoked') access_token = create_access_token( identity=data['username']) in_use.jwt_access = access_token in_use.save() refresh_token = in_use.jwt_refresh else: access_token = create_access_token( identity=data['username']) refresh_token = create_refresh_token( identity=data['username']) in_use = InUseToken(jti_access=access_token, jti_refresh=refresh_token, user=new_user) in_use.hash_unique_id(data['unique_id']) in_use.save() return { 'message': 'User registered', 'access_token': access_token, 'refresh_token': refresh_token } except: return {'message': 'Unknown error'} elif (errors == 1): return {'message': 'Username is already in use'} elif (errors == 2): return {'message': 'Email is already in use'} elif (errors == 3): return {'message': 'Username and email are already in use'} elif (errors == 4): return {'message': 'Phone number is already in use'} elif (errors == 5): return {'message': 'Phone number and username are already in use'} elif (errors == 6): return {'message': 'Phone number and email are already in use'} elif (errors == 7): return { 'message': 'Phone number, email and username are already in use' }
def post(self): """Post Method to logout user""" jti = get_raw_jwt()['jti'] revoked_token = RevokedToken(jti=jti) revoked_token.add_token() return {"message": "You are logged out."}, 200