def login_user(): post_data = request.get_json() try: # fetch the user data user = User.query.filter( or_(User.username == post_data.get('username'), User.email == post_data.get('username'))).first() if user and bcrypt.check_password_hash(user.password, post_data.get('password')): if user.admin_validation != 1: return errors.forbidden('access_not_granted') if user.confirmed: auth_token = create_access_token(identity=user) user.last_login_at = datetime.now() db.session.add(user) db.session.commit() user = user.to_dictionary() if auth_token: return {'auth_token': auth_token, 'roles': user['roles']} else: return errors.forbidden('email_not_confirmed') else: return errors.not_found('invalid_user') except Exception as e: print(e) return errors.server_error('unknown_error')
def logout_user(): auth_token = get_auth_token(request) if auth_token: verify_jwt_in_request() # check if user already exists existing_blacklisted_token = BlacklistToken.query.filter_by( token=auth_token).first() if existing_blacklisted_token: return try: # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) # insert the token db.session.add(blacklist_token) db.session.commit() except Exception as e: return errors.server_error(e) else: return errors.forbidden('provide_valid_token')
def logout_user(): auth_token = get_auth_token(request) if auth_token: verify_jwt_in_request() # check if user already exists existing_blacklisted_token = BlacklistToken.query.filter_by( token=auth_token).first() if existing_blacklisted_token: # insert the token return jsonify({ 'status': 'success', }), 201 try: # mark the token as blacklisted blacklist_token = BlacklistToken(token=auth_token) # insert the token db.session.add(blacklist_token) db.session.commit() return jsonify({ 'status': 'success', }), 200 except Exception as e: return errors.server_error(e) else: return errors.forbidden('Provide a valid auth token.')
def resend_email_confirmation(): post_data = request.get_json() try: email = __confirm_token(post_data['token']) send_confirmation_email(app, email) except Exception as e: return errors.forbidden('invalid_confirmation_token')
def confirm_user_reset_password(): post_data = request.get_json() try: email = __confirm_token(post_data['token'], expiration=3600) except Exception as e: return errors.forbidden('invalid_confirmation_token') if isinstance(email, str): user = User.query.filter_by(email=email).first() user.confirmed = True user.confirmed_on = datetime.now() user.password = encrypt_password(post_data['password']) db.session.commit() else: return errors.forbidden('expired_confirmation_token')
def confirm_user_email(): post_data = request.get_json() try: email = __confirm_token(post_data['token'], expiration=3600) except Exception as e: return errors.forbidden('invalid_confirmation_token') if isinstance(email, str): user = User.query.filter_by(email=email).first() user.confirmed = True user.confirmed_on = datetime.now() db.session.add(user) db.session.commit() send_new_user_email(user, [ "*****@*****.**", "*****@*****.**", "*****@*****.**" ]) else: return errors.forbidden('expired_confirmation_token')
def confirm_user_email(): post_data = request.get_json() try: email = __confirm_token(post_data['token'], expiration=3600) except Exception as e: return errors.forbidden('invalid_confirmation_token') if isinstance(email, str): user = User.query.filter_by(email=email).first() user.confirmed = True user.confirmed_on = datetime.now() db.session.add(user) db.session.commit() return jsonify({ 'status': 'success', }), 200 return errors.forbidden('expired_confirmation_token')
def change_current_password(): # username = get_jwt_identity() data = request.get_json() user = User.query.filter_by(username=data.get("username")).first() current_password = data.get('current_password') new_password, new_confirm_password = data.get('new_password'), data.get( 'new_password') if bcrypt.check_password_hash(user.password, current_password): if new_password == new_confirm_password: user.password = encrypt_password(new_password) db.session.commit() return {"user": user.to_dictionary()} else: return errors.server_error(message="password_not_matching") return errors.forbidden(message='wrong_password')
def login_user(): post_data = request.get_json() try: # fetch the user data user = User.query.filter_by(username=post_data.get('username')).first() if user and bcrypt.check_password_hash(user.password, post_data.get('password')): if user.confirmed: auth_token = create_access_token(identity=user) if auth_token: return jsonify({ 'status': 'success', 'data': { 'auth_token': auth_token } }), 200 else: return errors.forbidden('email_not_confirmed') else: return errors.not_found('invalid_user') except Exception as e: print(e) return errors.server_error('Try again')