def revoke_token(token_type='refresh'): """ Method responsible for blacklisting tokens. Currently it only supports blacklisting refresh tokens. @return bool True: if token revoked successfully False: Failed to revoke the token """ try: raw = get_raw_jwt() jti = raw['jti'] exp = raw['exp'] time_diff = exp - int(time()) revoked_store.set(jti, time_diff, time_diff) except Exception as e: logger.error(e, exc_info=traceback.format_exc()) return False else: return True
def auth(): auth = request.authorization if not auth or not auth.username or not auth.password: return jsonify({ 'message': 'could not verify', 'WWW-Authenticate': 'Basic auth="Login required"' }), 401 user = get_user_by_username(auth.username) if not user: return jsonify({ 'message': 'Wrong username or password', 'data': {} }), 401 if user and check_password_hash(user.password, auth.password): jti = uuid.uuid4().hex token = jwt.encode( { 'id': user.id, 'username': user.username, 'exp': datetime.datetime.now() + datetime.timedelta(hours=12) }, app.config['SECRET_KEY'], headers={'jti': jti}) revoked_store.set(jti, 'false', app.config['ACCESS_EXPIRES'] * 1.2) return jsonify({ 'message': 'Successfully authenticated', 'token': token.decode('UTF-8'), 'exp': datetime.datetime.now() + datetime.timedelta(hours=12) }), 200 return jsonify({ 'message': 'Authentication Failure', 'WWW-Authenticate': 'Basic auth="Login Required' }), 401
def AddTokenToBlacklist(): access_token = request.cookies.get('access_token_cookie') access_jti = get_jti(encoded_token=access_token) revoked_store.set(access_jti, 'false') return 0
def post(self): args = request.get_json() validator = MyValidator() dovalidate = validator.wrp_validate( args, { 'username': { 'type': 'string', 'required': True, 'empty': False }, 'password': { 'type': 'string', 'required': True, 'empty': False } }) if (dovalidate['status'] is False): return self.response({ 'title': 'Error', 'body': dovalidate['messages'], 'status_code': 422 }) user = UserModel.getByUsername(args['username']) # Check Max Login Attempt Mode max_login_attempt = int(app.config['MAX_LOGIN_ATTEMPT']) if user is not None: user = user.serialize() if user['login_attempt'] >= max_login_attempt or user[ 'status'] == VariableConstant.USER_STATUS_BLOCKED: return self.response(VariableConstant.USER_BLOCKED_RESPONSE) password = util.generate_password(args['username'], args['password'], user['password_salt']) if password != user['password']: app.logger.error('ERROR LOGIN : '******'msg': 'Wrong Username or Password'}) # Auto Increment Login Attempt la = UserModel.incrementLoginAttempt(user['id']) if (user['login_attempt'] + 1) >= max_login_attempt: # Block user UserModel.doUpdate( user['id'], { 'status': VariableConstant.USER_STATUS_BLOCKED, 'isloggedin': 0, 'login_attempt': 0 }) return self.response( VariableConstant.USER_BLOCKED_RESPONSE) return self.response( VariableConstant.USER_LOGIN_FAILED_RESPONSE) else: app.logger.error('ERROR LOGIN : '******'msg': 'User Not Found '}) return self.response(VariableConstant.USER_LOGIN_FAILED_RESPONSE) user['access_token'] = create_access_token(identity=args['username']) user['refresh_token'] = create_refresh_token(identity=args['username']) access_jti = get_jti(encoded_token=user['access_token']) refresh_jti = get_jti(encoded_token=user['refresh_token']) revoked_store.set(access_jti, 'false', app.config['JWT_ACCESS_TOKEN_EXPIRES'] * 1.2) revoked_store.set(refresh_jti, 'false', app.config['JWT_REFRESH_TOKEN_EXPIRES'] * 1.2) #update last logged in UserModel.doUpdate( user['id'], { 'last_loggedin_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'), 'is_loggedin': 1 }) result = {} result['access_token'] = user['access_token'] result['refresh_token'] = user['refresh_token'] return self.response({'data': result})
def logout(): token = request.headers.get('Authorization').split(" ")[1] jti = jwt.get_unverified_header(token)['jti'] revoked_store.set(jti, 'true', app.config['ACCESS_EXPIRES'] * 1.2) return jsonify({"msg": "Access token revoked"}), 200