def post(args):
if not safe_str_cmp(args['password'], args['password_confirmation']):
return {
'success': False,
'errors': {
'password':
['Password and password confirmation do not match']
}
}, 409
user = UserModel.find_by_email(args['email'])
if user:
return {
'success': False,
'error': 'Email has already been taken'
}, 409
is_admin = False
if UserModel.count_all() < 1:
is_admin = True
phone = None
if 'phone' in args:
phone = args['phone']
hashed_password = UserModel.generate_hash(args['password'])
user = UserModel(args['name'], hashed_password, args['email'], phone,
is_admin)
user.save_to_db()
return {'success': True, 'user': user_summary.dump(user).data}, 201
def post(cls):
data = request.get_json()
if UserModel.find_by_email(data["email"]):
return {
"message": response_quote("user_email_taken")
}, 400 # TODO:
user = UserModel(username=data["username"],
password=b_crypt.generate_password_hash(
data["password"]).decode("utf-8"),
email=data["email"],
sha_private=hashlib.sha256(str.encode(
data["email"])).hexdigest())
try:
user.save_to_db()
confirmation = ConfirmationModel(user.id)
confirmation.save_to_db()
user.confirm()
return {"message": response_quote("user_been_created")}, 201
except MailGunException as e:
user.delete_from_db() # rollback
return {"message": str(e)}, 500
except:
traceback.print_exc()
user.delete_from_db()
return {"message": response_quote("operation_fatal_error")}, 500
def post(self):
data = UserRegister.parser.parse_args()
user = UserModel.find_by_email(data['email'])
if user:
return {'message': "User already exists"}, 400
user = UserModel(data['email'], data['password'])
user.save()
return {'message': 'User is created'}, 201
def post(cls):
data = request.get_json()
user = UserModel.find_by_email(data["email"])
if user:
try:
token = hashlib.sha256(str.encode(user.email)).hexdigest()
code = EmailSecondFA.generate_2fa_code(token)
user.token_2fa = token
user.save_to_db()
user.password_reset_request(code)
return {"request_token": token}, 200
except MailGunException as e:
return {"message": str(e)}, 500
return {"message": response_quote("user_not_exist")}, 404
def post(self):
parser = reqparse.RequestParser()
parser.add_argument('identification', help='This field cannot be blank', required=True, type=str)
data = parser.parse_args()
user = UserModel.find_by_username(data['identification'])
if not user:
user = UserModel.find_by_email(data['identification'])
if not user:
abort(401, message=USER_NOT_FOUND)
try:
user.reset_password_hash = uuid4()
user.reset_password_hash_created = datetime.now()
user.persist()
send_forgot_password_email(user)
return SimpleMessage(RESET_PASSWORD_MAIL_SENT), 200
except:
abort(500, message=INTERNAL_SERVER_ERROR)
def post(cls):
data = request.get_json()
if UserModel.find_by_email(data["email"]):
return {"message": response_quote("user_email_taken")}, 400
password_salt, password_hash = PassCrypt.generate_password_hash(
data["password"])
user = UserModel(username=data["username"],
password_hash=password_hash,
password_salt=password_salt,
email=data["email"])
try:
user.save_to_db()
confirmation = ConfirmationModel(user.id)
confirmation.save_to_db()
user.confirm()
return {"message": response_quote("user_been_created")}, 201
except MailGunException as e:
user.delete_from_db() # rollback
return {"message": str(e)}, 500
except:
traceback.print_exc()
user.delete_from_db()
return {"message": response_quote("operation_fatal_error")}, 500
def post(cls):
data = request.get_json()
user = UserModel.find_by_email(data["email"])
if user and PassCrypt.check_password_hash(
user.password_hash, user.password_salt, data["password"]):
confirmation = user.most_recent_confirmation
if confirmation and confirmation.confirmed:
# в ключ сессии закладывается текущее время сервера во время авторизации.
user.session_key = hashlib.sha256(
str.encode(str(datetime.datetime.now()))).hexdigest()
user.save_to_db()
access_token = create_access_token(identity=user.session_key,
expires_delta=EXPIRES_DELTA)
refresh_token = create_refresh_token(identity=user.session_key)
if user.second_fa_enabled:
try:
token = hashlib.sha256(str.encode(
user.email)).hexdigest()
code = EmailSecondFA.generate_2fa_code(token)
user.token_2fa = token
user.session_key = None
user.save_to_db()
user.send_email_2fa_code(code)
return {"verification_token": token}, 202
except MailGunException as e:
return {"message": str(e)}
return {
"access_token": access_token,
"refresh_token": refresh_token
}, 201
else:
return {
"message":
response_quote("user_not_confirmed").format(user.username)
}, 400
else:
return {"message": response_quote("user_invalid_credentials")}, 401
def post(cls):
"""
:return: access_token, refresh_token
"""
data = request.get_json()
user = UserModel.find_by_email(data["email"])
if user and b_crypt.check_password_hash(user.password,
data["password"]):
confirmation = user.most_recent_confirmation
if confirmation and confirmation.confirmed:
access_token = create_access_token(identity=user.sha_private,
expires_delta=EXPIRES_DELTA)
refresh_token = create_refresh_token(identity=user.sha_private)
if user.second_fa_enabled:
try:
token = hashlib.sha256(str.encode(
user.sha_private)).hexdigest()
code = EmailSecondFA.generate_2fa_code(
token) # еще подумать над этим функционалом
user.token_2fa = token
user.save_to_db()
user.send_email_2fa_code(code)
return {"verification_token": token}
except MailGunException as e:
return {"message": str(e)}
return {
"access_token": access_token,
"refresh_token": refresh_token
}, 201
else:
return {
"message":
response_quote("user_not_confirmed").format(user.username)
}, 400
else:
return {"message": response_quote("user_invalid_credentials")}, 401
def authenticate(email, password):
user = UserModel.find_by_email(email)
if user and UserModel.verify_hash(password, user.password):
return user
