def login(): if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 username = request.json.get('username', None) password = request.json.get('password', None) if not username or not password: return jsonify({"msg": "Missing username or password parameter"}), 400 user = User.query.filter_by(username=username).first() if not user: return jsonify({"msg": "You are not registered"}), 401 expires = datetime.timedelta(minutes=20) access_token = create_access_token( identity=user.username, expires_delta=expires ) refresh_token = create_refresh_token(identity=user.username) add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM']) add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM']) ret = { 'access_token': access_token, 'refresh_token': refresh_token } return jsonify(ret), 201
def refresh(): """Get an access token from a refresh token --- post: tags: - auth parameters: - in: header name: Authorization required: true description: valid refresh token responses: 200: content: application/json: schema: type: object properties: access_token: type: string example: myaccesstoken 400: description: bad request 401: description: unauthorized """ current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) ret = {"access_token": access_token} add_token_to_database(access_token, app.config["JWT_IDENTITY_CLAIM"]) return jsonify(ret), 200
def login(): """Authenticate user and return token """ if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 username = request.json.get('username', None) password = request.json.get('password', None) if not username or not password: return jsonify({"msg": "Missing username or password"}), 400 user = User.query.filter_by(username=username).first() if user is None or not pwd_context.verify(password, user.password): return jsonify({"msg": "Bad credentials"}), 400 access_token = create_access_token(identity=user.id) refresh_token = create_refresh_token(identity=user.id) add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM']) add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM']) ret = { 'access_token': access_token, 'refresh_token': refresh_token } return jsonify(ret), 200
def login(): """Authenticate user and return tokens --- post: tags: - auth requestBody: content: application/json: schema: type: object properties: username: type: string example: myuser required: true password: type: string example: P4$$w0rd! required: true responses: 200: content: application/json: schema: type: object properties: access_token: type: string example: myaccesstoken refresh_token: type: string example: myrefreshtoken 400: description: bad request security: [] """ if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 username = request.json.get('username', None) password = request.json.get('password', None) if not username or not password: return jsonify({"msg": "Missing username or password"}), 400 user = User.query.filter_by(username=username).first() if user is None or not pwd_context.verify(password, user.password): return jsonify({"msg": "Bad credentials"}), 400 access_token = create_access_token(identity=user.id) refresh_token = create_refresh_token(identity=user.id) add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM']) add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM']) ret = { 'access_token': access_token, 'refresh_token': refresh_token } return jsonify(ret), 200
def refresh(): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) ret = { 'access_token': access_token } add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM']) return jsonify(ret), 200