def post(self):
"""
login
Endpoint used for requesting JWT token via a username and password
"""
if not request.is_json:
api.abort(400, "Missing JSON in request")
username = request.json.get("username", None)
password = request.json.get("password", None)
if not username:
api.abort(400, "Missing username parameter in request body")
if not password:
api.abort(400, "Missing password parameter in request body")
user = User.get(username, auth_handler)
if user is None:
api.abort(400, "Bad username or password")
if user is not None and user.authenticate(password):
access_token = create_access_token(
identity="user_{}".format(user.id))
access_jti = get_jti(encoded_token=access_token)
token_blacklist.set(access_jti, "false", ACCESS_EXPIRES * 1.2)
ret = {"access_token": access_token}
return ret
else:
api.abort(400, "Bad username or password")
def get(self):
"""
logout
Endpoint used for logging out and revoking the used JWT token
"""
jti = get_jwt()["jti"]
token_blacklist.set(jti, "true", ACCESS_EXPIRES * 1.2)
return {"message": "Logout successful"}