def post(self):
# get payload
payload = User.parser.parse_args()
# check user
user = UserService.getDataByUsername(payload['username'])
if user and safe_str_cmp(user.password, payload['password']):
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(user.id)
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 200
return {'message': 'invalid credentials'}, 401
