def post(self): result = {"error": None, "data": {}} parser = reqparse.RequestParser() parser.add_argument("password", type=str, required=True) parser.add_argument("email", type=str, required=True) args = parser.parse_args() account = UserService.get_by_email(args["email"]) if account is None: return abort("account", "not-found") login = UserService.login(args["password"], account.password) if not login: return abort("account", "login-failed") UserService.update(account, login=datetime.now) token = Token.create("login", account.username) data = Token.validate(token) result["data"] = { "token": token, "expire": data["payload"]["expire"], "username": data["payload"]["meta"] } return result
def activate(args): result = {"error": None, "data": {}} if not Token.validate(args["token"]): return abort("general", "token-invalid") payload = Token.payload(args["token"]) if not (account := UserService.get_by_username(payload["meta"])): return abort("account", "not-found")
def auth(cls, token: str): valid = Token.validate(token) payload = Token.payload(token) if valid and payload["action"] == "login": user = cls.get_by_username(payload["meta"]) if user: if PermissionService.check(user, "global", "activated"): return user return None
def join(args): result = {"error": None, "data": {}} if UserService.get_by_username(args["username"]): return abort("account", "username-exist") if UserService.get_by_email(args["email"]): return abort("account", "email-exist") account = UserService.create( args["username"], auth.hashpwd(args["password"]), args["email"] ) email = mail.Email() activation_token = Token.create("activation", account.username) email.account_confirmation(account, activation_token) result["data"] = { "login": int(datetime.timestamp(account.login)), "username": account.username } # Display activation code only in debug mode if config.debug: result["data"]["code"] = activation_token # ToDo: Add permissions here return result
def post(self): result = {"error": None, "data": {}} parser = reqparse.RequestParser() parser.add_argument("token", type=str, required=True) args = parser.parse_args() data = Token.validate(args["token"]) if not data["valid"]: return abort("general", "token-invalid-type") account = UserService.get_by_username(data["payload"]["meta"]) if account is None: return abort("account", "not-found") if data["payload"]["action"] != "activation": return abort("general", "token-invalid-type") activated = PermissionService.check(account, "global", "activated") if activated: return abort("account", "activated") PermissionService.add(account, "global", "activated") result["data"] = {"username": account.username, "activated": True} return result
def auth(cls, token: str): data = Token.validate(token) if data["valid"] and data["payload"]["action"] == "login": user = cls.get_by_username(data["payload"]["meta"]) if user is not None: if PermissionService.check(user, "global", "activated"): return user return None
def reset(args): result = {"error": None, "data": {}} payload = Token.payload(args["token"]) if "meta" not in payload: return abort("general", "token-invalid") if payload["action"] != "reset": return abort("general", "token-invalid-type") account = UserService.get_by_username(payload["meta"]) if not Token.validate(args["token"], account.password): return abort("general", "token-invalid") account.password = auth.hashpwd(args["password"]) result["data"] = { "username": account.username, "success": True } return result
def decorator(*args, **kwargs): token = request.headers.get("Authentication") valid = Token.validate(token) payload = Token.payload(token) if valid and payload["action"] == "login": account = UserService.get_by_username(payload["meta"]) if account is None: return abort("account", "login-failed") if not account.activated: return abort("account", "not-activated") account.login = datetime.utcnow() request.account = account return view_function(*args, **kwargs) return abort("account", "login-failed")
def post(self): result = {"error": None, "data": {}} parser = reqparse.RequestParser() parser.add_argument("username", type=str, required=True) parser.add_argument("password", type=str, required=True) parser.add_argument("email", type=str, required=True) args = parser.parse_args() account = UserService.get_by_username(args["username"]) if account is not None: return abort("account", "username-exist") account_check = UserService.get_by_email(args["email"]) if account_check is not None: return abort("account", "email-exist") admin = len(UserService.list()) == 0 account = UserService.signup(args["username"], args["email"], args["password"]) # Make first registered user admin if admin: PermissionService.add(account, "global", "activated") PermissionService.add(account, "global", "admin") result["data"] = {"username": account.username} activation_token = Token.create("activation", account.username) # Display activation code only in debug mode if config.debug: result["data"]["code"] = activation_token mail = Email() mail.account_confirmation(account.email, activation_token) return result
@use_args(login_args, location="json") @orm.db_session def login(args): result = {"error": None, "data": {}} if not (account := UserService.get_by_email(args["email"])): return abort("account", "not-found") if not auth.checkpwd(args["password"], account.password): return abort("account", "login-failed") if not account.activated: return abort("account", "not-activated") account.login = datetime.utcnow() login_token = Token.create("login", account.username) data = Token.payload(login_token) result["data"] = { "token": login_token, "expire": data["expire"], "username": data["meta"] } return result @blueprint.route("/activate", methods=["POST"]) @use_args(activate_args, location="json") @orm.db_session def activate(args): result = {"error": None, "data": {}}