def blacklist_auth_token(current_user): """blacklist token""" auth_header = None if 'Authorization' in request.headers: auth_header = request.headers.get('Authorization') if auth_header: auth_token = list(filter(None, auth_header.split(" ")))[1] else: auth_token = '' if not auth_token: response = jsonify({'error': True, 'message': 'token is missing!'}) response.status_code = 401 return response is_token_blacklisted = BlacklistToken.blacklisted(auth_token) if is_token_blacklisted: response = jsonify({ 'error': True, 'message': 'Token already blacklisted' }) response.status_code = 401 return response try: data = jwt.decode(auth_token, current_app.config['SECRET'], algorithms=['HS256']) _current_user = User.get_by_public_id(data['public_id']) if not _current_user: response = jsonify({'error': True, 'message': 'token is invalid'}) response.status_code = 401 return response blacklist_token = BlacklistToken(auth_token) blacklist_token.save() return jsonify({"error": False, "message": "logout successful"}) except jwt.ExpiredSignatureError: response = jsonify({'error': True, 'message': 'token has expired'}) response.status_code = 401 return response except jwt.InvalidTokenError: response = jsonify({'error': True, 'message': 'token is invalid'}) response.status_code = 401 return response
def validate_token(): """validates user token""" auth_header = None if 'Authorization' in request.headers: auth_header = request.headers.get('Authorization') if auth_header: auth_token = list(filter(None, auth_header.split(" ")))[1] else: auth_token = '' if not auth_token: response = jsonify({'error': True, 'message': 'token is missing!'}) response.status_code = 401 return response is_token_blacklisted = BlacklistToken.blacklisted(auth_token) if is_token_blacklisted: response = jsonify({ 'error': True, 'message': 'Token is blacklisted. Please login again' }) response.status_code = 401 return response try: data = jwt.decode(auth_token, current_app.config['SECRET'], algorithms=['HS256']) user = User.get_by_public_id(data['public_id']) if not user: response = jsonify({'error': True, 'message': 'token is invalid'}) response.status_code = 401 return response if user.status == STATUS_USER_DEACTIVATED: response = jsonify({ 'error': True, 'message': 'You have been deactivated' }) response.status_code = 401 return response if user.status == STATUS_USER_PENDING: response = jsonify({ 'error': True, 'message': 'Your account is pending' }) response.status_code = 401 return response except jwt.ExpiredSignatureError: response = jsonify({'error': True, 'message': 'token has expired'}) response.status_code = 401 return response except jwt.InvalidTokenError: response = jsonify({'error': True, 'message': 'token is invalid'}) response.status_code = 401 return response response = jsonify({"error": False, "message": "token is valid"}) response.status_code = 200 return response