def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("password", type=str, required=True)
parser.add_argument("email", type=str, required=True)
args = parser.parse_args()
account = UserService.get_by_email(args["email"])
if account is None:
return abort("account", "not-found")
login = UserService.login(args["password"], account.password)
if not login:
return abort("account", "login-failed")
UserService.update(account, login=datetime.now)
token = Token.create("login", account.username)
data = Token.validate(token)
result["data"] = {
"token": token,
"expire": data["payload"]["expire"],
"username": data["payload"]["meta"]
}
return result
def activate(args):
result = {"error": None, "data": {}}
if not Token.validate(args["token"]):
return abort("general", "token-invalid")
payload = Token.payload(args["token"])
if not (account := UserService.get_by_username(payload["meta"])):
return abort("account", "not-found")
def auth(cls, token: str):
valid = Token.validate(token)
payload = Token.payload(token)
if valid and payload["action"] == "login":
user = cls.get_by_username(payload["meta"])
if user:
if PermissionService.check(user, "global", "activated"):
return user
return None
def join(args):
result = {"error": None, "data": {}}
if UserService.get_by_username(args["username"]):
return abort("account", "username-exist")
if UserService.get_by_email(args["email"]):
return abort("account", "email-exist")
account = UserService.create(
args["username"],
auth.hashpwd(args["password"]),
args["email"]
)
email = mail.Email()
activation_token = Token.create("activation", account.username)
email.account_confirmation(account, activation_token)
result["data"] = {
"login": int(datetime.timestamp(account.login)),
"username": account.username
}
# Display activation code only in debug mode
if config.debug:
result["data"]["code"] = activation_token
# ToDo: Add permissions here
return result
def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("token", type=str, required=True)
args = parser.parse_args()
data = Token.validate(args["token"])
if not data["valid"]:
return abort("general", "token-invalid-type")
account = UserService.get_by_username(data["payload"]["meta"])
if account is None:
return abort("account", "not-found")
if data["payload"]["action"] != "activation":
return abort("general", "token-invalid-type")
activated = PermissionService.check(account, "global", "activated")
if activated:
return abort("account", "activated")
PermissionService.add(account, "global", "activated")
result["data"] = {"username": account.username, "activated": True}
return result
def auth(cls, token: str):
data = Token.validate(token)
if data["valid"] and data["payload"]["action"] == "login":
user = cls.get_by_username(data["payload"]["meta"])
if user is not None:
if PermissionService.check(user, "global", "activated"):
return user
return None
def reset(args):
result = {"error": None, "data": {}}
payload = Token.payload(args["token"])
if "meta" not in payload:
return abort("general", "token-invalid")
if payload["action"] != "reset":
return abort("general", "token-invalid-type")
account = UserService.get_by_username(payload["meta"])
if not Token.validate(args["token"], account.password):
return abort("general", "token-invalid")
account.password = auth.hashpwd(args["password"])
result["data"] = {
"username": account.username,
"success": True
}
return result
def decorator(*args, **kwargs):
token = request.headers.get("Authentication")
valid = Token.validate(token)
payload = Token.payload(token)
if valid and payload["action"] == "login":
account = UserService.get_by_username(payload["meta"])
if account is None:
return abort("account", "login-failed")
if not account.activated:
return abort("account", "not-activated")
account.login = datetime.utcnow()
request.account = account
return view_function(*args, **kwargs)
return abort("account", "login-failed")
def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("username", type=str, required=True)
parser.add_argument("password", type=str, required=True)
parser.add_argument("email", type=str, required=True)
args = parser.parse_args()
account = UserService.get_by_username(args["username"])
if account is not None:
return abort("account", "username-exist")
account_check = UserService.get_by_email(args["email"])
if account_check is not None:
return abort("account", "email-exist")
admin = len(UserService.list()) == 0
account = UserService.signup(args["username"], args["email"],
args["password"])
# Make first registered user admin
if admin:
PermissionService.add(account, "global", "activated")
PermissionService.add(account, "global", "admin")
result["data"] = {"username": account.username}
activation_token = Token.create("activation", account.username)
# Display activation code only in debug mode
if config.debug:
result["data"]["code"] = activation_token
mail = Email()
mail.account_confirmation(account.email, activation_token)
return result
@use_args(login_args, location="json")
@orm.db_session
def login(args):
result = {"error": None, "data": {}}
if not (account := UserService.get_by_email(args["email"])):
return abort("account", "not-found")
if not auth.checkpwd(args["password"], account.password):
return abort("account", "login-failed")
if not account.activated:
return abort("account", "not-activated")
account.login = datetime.utcnow()
login_token = Token.create("login", account.username)
data = Token.payload(login_token)
result["data"] = {
"token": login_token,
"expire": data["expire"],
"username": data["meta"]
}
return result
@blueprint.route("/activate", methods=["POST"])
@use_args(activate_args, location="json")
@orm.db_session
def activate(args):
result = {"error": None, "data": {}}