def register(): username = request.get_json()['userName'], email = request.get_json()['email'] existing_user1 = User.query.filter_by(username=username).first() existing_user2 = User.query.filter_by(email=email).first() if existing_user1: return jsonify({'user_name': None, 'err': 'username'}) elif existing_user2: return jsonify({'user_name': None, 'err': 'email'}) password = request.get_json()['password'] pw_hash = bcrypt.generate_password_hash(password, 10).decode('utf-8') new_user = User(username=username, email=email, password=pw_hash) db.session.add(new_user) db.session.commit() access_token = create_access_token(identity=new_user) data = jsonify({ 'user_name': new_user.username, 'user_email': new_user.email }) set_access_cookies(data, access_token) return data, 200
def graphql_server(): # GraphQL queries are always sent as POST data = request.get_json() print(data) # Note: Passing the request to the context is optional. # In Flask, the current request is always accessible as flask.request # if the cookie contains "access_token_cookie" and "refresh_token_cookie" # set those tokens to tokens global variable # this way we can make sure every has token if request.cookies: set_tokens(request.cookies) try: success, result = graphql_sync( schema, data, context_value=request, debug=app.debug ) except Exception as e: return { "message": "Something went wrong." }, 500 tokens = get_tokens() result = jsonify(result) if tokens: set_access_cookies(result, tokens["access_token_cookie"]) set_refresh_cookies(result, tokens["refresh_token_cookie"]) else: unset_access_cookies(result) unset_refresh_cookies(result) status_code = 200 if success else 400 return result, status_code
def login(): username = request.json.get('login', None) password = request.json.get('password', None) conn = sql3.connect('accounts.db') c = conn.cursor() t = (username, ) # Create the tokens we will be sending back to the user access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) # Set the JWTs and the CSRF double submit protection cookies # in this response c.execute('SELECT * FROM users WHERE User=?', t) answers = c.fetchone() if username == answers[0] and password == answers[0]: conn.close() resp = jsonify({'login': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 else: conn.close() return jsonify({'login': False}), 401
def refresh(): # Create the new access token current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) resp = jsonify({'refresh': True}) set_access_cookies(resp, access_token) return resp, 200
def post(self): current_app.logger.info('Processing LoginRefresh POST') # Create the new access token current_user = get_jwt_identity() access_token = create_access_token(identity=current_user, fresh=False) if not access_token: current_app.logger.error('Access token failed in LoginRefresh POST') return {'message': 'Access token failed', 'error': 'true'}, 400 # Set the access JWT and CSRF double submit protection cookies # in this response user_id = User.query.filter_by(user_name=current_user).first() if not user_id: current_app.logger.error('User not found in LoginRefresh POST') return {'message': 'Refresh user does not exist', 'error': 'true'}, 400 user_membership = Membership.query.filter_by(related_user_id=user_id.id).first() if not user_membership: current_app.logger.error('Membership not found in LoginRefresh POST') return {'message': 'Refresh membership does not exist', 'error': 'true'}, 400 if user_membership.verified != 1: current_app.logger.error('Membership not verified in LoginRefresh POST') return {'message': 'Account must be verified before login', 'error': 'true'}, 400 user_id.related_role_id = user_membership.related_role_id login_user(user_id) resp = jsonify({ 'refresh': True, 'message': 'Login successful', 'first_name': user_id.first_name, 'last_name': user_id.last_name, 'user_name': user_id.user_name, 'id': user_id.id, }) set_access_cookies(resp, access_token) resp.status_code = 200 current_app.logger.info('Successful LoginRefresh POST') return resp
def post(self): ''' 获取参数 ''' request.get_json(force=True) parse = reqparse.RequestParser() parse.add_argument('username', type=str) parse.add_argument('passwd', type=str) args = parse.parse_args() uname = args['username'] challenge = args['passwd'] content, code, msg = LogHandler(uname=uname, challenge=challenge) ''' 生成响应报文 ''' self.response = make_response() if content == None: # 错误内容返回 resp = jsonify({"message": msg}) self.response = resp self.response.status_code = code else: # 生成token并设置响应的cookie userid = content['userid'] access_token = create_access_token(identity=userid) set_access_cookies(self.response, access_token) self.response.status_code = code return self.response
def login(): title = 'login' form = LoginForm() if request.method == 'GET': return render_template('auth/login.html', title=title, form=form) email = request.form.get('email') password = request.form.get('password') user = User.query.filter_by(email=email).first() # check if user actually exists # take the user supplied password, hash it, and compare it to the hashed password in DB if not user or not check_password_hash(user.password, password): flash('Please check your login details and try again.') return redirect(url_for('auth.login')) # it the abobe check passes, then we know the user has the right credentials resp = make_response(redirect(url_for('home.home_page'))) # Create the tokens we will be sending back to the user access_token = create_access_token(identity=email) refresh_token = create_refresh_token(identity=email) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) login_user(user) session['username'] = current_user.username return resp
def post(self): try: data_json = login_data_validator.load(request.json) email = data_json['email'] password = data_json['password'] with db_session: admin = Admin.get(email=email) if admin is None: abort(400, message="Email is not registered.") if not check_password_hash(admin.password, password): abort(400, message="Invalid password.") access_token = create_access_token(identity=admin) response = jsonify(msg="Login successful") set_access_cookies(response, access_token) return response except ValidationError as error: abort(400, message=error.messages)
def do_admin_login(): """Log-in for the given user.. :param str email: The mail which is used to identify the user. :param str password: The user's password. """ user_requested = request.form['email'].lower() password_requested = request.form['password'] target_user = User.query.filter_by(mail=user_requested).first() if target_user is None: return Response( render_template('admin/login.html', message="Unknown Credentials")) if not target_user.check_password(password_requested): return Response( render_template('admin/login.html', message="Unknown Credentials")) if not target_user.state == StateType.ACTIVE: return Response( render_template('admin/login.html', message="User account deactivated. Cannot login.")) resp = Response( render_template('admin/admin.html', user=target_user.name, message="Login succeeded")) set_access_cookies(resp, create_access_token(identity=target_user.id)) return resp
def post(self): content = request.data if content is None: return render_template('login.html') my_json = content.decode('utf8').replace("'", '"') data = json.loads(my_json) if data["Login"] is None or data["Password"] is None: return render_template('login.html') info = check_login(data) if info: js = { "UserId": info[0], "FirstName": info[1], "LastName": info[2], "Email": info[3], "Login": info[4], "Password": info[5], } access_token = create_access_token(identity=js) refresh_token = create_refresh_token(identity=js) # Set the JWT access cookie in the response resp = jsonify({'login': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 return redirect(url_for('userlogin'))
def login(): username = request.json.get('username', None) password = request.json.get('password', None) try: user = Account.objects(name=username)[0] except Exception as error: return jsonify({'login': False}), 401 if not (argon2.verify(password, user.passwd)): return jsonify({'login': False}), 401 # Create the tokens we will be sending back to the user time_limit = timedelta(minutes=10) # set limit for user access_token = create_access_token(identity={ "username": user.name, "role": user.role }, expires_delta=time_limit, fresh=True) time_limit = timedelta(hours=2) refresh_token = create_refresh_token(identity={ "username": user.name, "role": user.role }, expires_delta=time_limit) # Set the JWT cookies in the response resp = jsonify({'login': True, 'next-page': url_for("game.start_game")}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200
def login(): try: payload = request.json email = payload["email"] pw = payload["password"].encode("utf-8") user = UserModel.getUserForEmail(email) if user is None: raise(UnauthorizedError) validated = user.login(pw) if validated: accessToken = create_access_token(identity = user.id) refreshToken = create_refresh_token(identity = user.id) response = jsonify({"success": True, "msg": "sucessfully logged in", "firstName": user.firstName}) set_access_cookies(response, accessToken) set_refresh_cookies(response, refreshToken) return response, 200 else: raise(UnauthorizedError) except UnauthorizedError: raise UnauthorizedError except Exception as e: raise InternalServerError(e)
def login(): try: if request.method == "POST": email = request.form.get('email') password = request.form.get("password") data = {'email': email, 'password': password} user = users_db.find_one({'email': data['email']}) if not user: # we need to change this part to display incorrect email del data['password'] data['error'] = "Invalid email and password" flash(data.get('error')) return render_template('login.html', data=data) if (not check_password_hash(user['password'], data['password'])): # same for this place data['error'] = "Invalid email and password" flash(data.get('error')) return render_template('login.html', data=data) resp = make_response(redirect('/')) resp.headers.set('CONTENT-TYPE', 'text/html') token = create_access_token(identity={ 'email': email, 'username': user['username'] }) users_db.update_one({'email': email}, {"$set": {"token": token}}) set_access_cookies(resp, token) return resp return render_template('login.html', data={}, logged_in=False) except: return render_template('500.html')
def PUT(cls, request: Request, payload, collection: Collection) -> Response: ''' Create a refresh token ''' identity = get_jwt_identity() if not identity: return JsonError( 'Could not refresh access token, failed to validate refresh token' ) access_token, refresh_token = cls.update_stored_token(identity) response = JsonResponse({ '_id': str(identity['_id']), 'permissions': identity['permissions'], 'session_expires': datetime.now() + timedelta(seconds=int(JWT_Settings.APP_JWT_LIFESPAN)) }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) return response
def POST(cls, request: Request, payload, collection: Collection) -> Response: ''' Attempt to log in for a specified user ''' user = collection.find_one({'username': payload.get('username')}) if not user: return JsonError(f"User [{payload.get('username')}] not found", 404) if not sha256.verify(payload.get('password'), user['password']): return JsonError("Incorrect Password", 400) permissions = user.get('permissions') if isinstance(permissions, str): permissions = [permissions] identity = { 'username': user['username'], '_id': str(user['_id']), 'permissions': permissions } access_token, refresh_token = cls.update_stored_token(identity) response = JsonResponse({ '_id': str(user['_id']), 'permissions': permissions, 'session_expires': datetime.now() + timedelta(seconds=int(JWT_Settings.APP_JWT_LIFESPAN)) }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) return response
def login(): body = request.get_json() if body is None: return jsonify({'message': 'Invalid username and password'}), 401 username = body.get('username', None) password = body.get('password', None) if username == '': return jsonify({'message': 'Username can not be blank'}), 401 if password == '': return jsonify({'message': 'Password can not be blank'}), 401 # Create the tokens we will be sending back to the user nor_username = username.strip().lower() try: user = User.objects.get(username=nor_username) except errors.DoesNotExist: return jsonify({'message': 'username or password is not match'}), 401 if user.check_password(password) is False: return jsonify({'message': 'username or password is not match'}), 401 user = JWTUser(str(user.id), user.role) expires = datetime.timedelta(days=7) access_token = create_access_token(identity=user, expires_delta=expires) refresh_token = create_refresh_token(identity=user) # Set the JWT cookies in the response resp = jsonify({'login': '******'}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200
def post(self): """Refresh access token""" email = get_jwt_identity() try: user = User.objects.get(email=email) except User.DoesNotExist: abort(403, 'No such user, or wrong password') if not user.active: abort(403, 'No such user, or wrong password') access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] access_token = create_access_token(identity=user.email) refresh_expire_date = datetime.strptime( request.cookies['refreshExpire'], '%Y-%m-%d %H:%M:%S.%f' ) refresh_delta = refresh_expire_date - datetime.now() resp = jsonify( { 'access': access_token, 'accessExpire': int(access_expire.total_seconds()), 'refreshExpire': int(refresh_delta.total_seconds()), } ) set_access_cookies(resp, access_token) return resp
def refresh(): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) resp = jsonify({'msg': 'token refreshed'}) set_access_cookies(resp, access_token) return resp, 200
def post(self): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) resp = jsonify({'refresh': True}) set_access_cookies(resp, access_token) resp.status_code = 200 return resp
def post(self): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) resp = jsonify({'success': True, 'msg': 'refreshed cookie'}) set_access_cookies(resp, access_token) return resp
def post(self): data = _user_parser.parse_args() user = UserModel.find_by_username(data["username"]) if user and safe_str_cmp(user.password, data["password"]): access_token = create_access_token(identity=user.user_id, fresh=True) refresh_token = create_refresh_token(user.user_id) resp = jsonify({ 'login': True, 'status': 'Sucess', 'access_token': access_token, 'refresh_token': refresh_token, 'user_name': user.name, 'age': user.age, 'area': user.address }) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) #cookies=[ ('Set-Cookie', 'access_token=%s'.format(access_token)), ('Set-Cookie', 'refresh_token=%s'.format(refresh_token)),'Set-Cookie' ] resp.headers['Authorization'] = str('Bearer ' + access_token) print(resp) return resp return {"message": "Invalid credentials!"}, 401
def login(): email = "" password = "" try: post_data = request.get_json() email = post_data.get('email') password = post_data.get('password') except Exception as e: return jsonify({'error': str(e)}), 400 # Check if user exists user = User.get(email) if not user: return jsonify(ERROR_BAD_AUTH), 422 # Compare password hashes password_hash = bcrypt.checkpw( password.encode('utf-8'), user['password'].encode('utf-8') ) if not password_hash: return jsonify(ERROR_BAD_AUTH), 422 try: response = jsonify(SUCCESS_LOGIN) access_token = create_access_token(identity=user.username) set_access_cookies(response, access_token) return response, 201 except Exception as e: return jsonify({'error': {'internal': e}}), 500
def login(): if current_user: return redirect(url_for('feed.news')) if request.method == 'GET': return render_template('user/login.html', form=forms.LoginForm()) email_or_username = request.form['email_or_username'] token_or_password = request.form['token_or_password'] user = models.User.query.filter_by(email=email_or_username).first() if not user: user = models.User.query.filter_by(username=email_or_username).first() login_success = False if not user: app.logger.info("User not found: %s", email_or_username) else: if user.verify_totp(token_or_password): app.logger.info("Login success token: %s", email_or_username) login_success = True if user.verify_password(token_or_password): app.logger.info("Login success password: %s", email_or_username) login_success = True if login_success: response = redirect(url_for('feed.news')) set_access_cookies(response, create_access_token(identity=user.email)) set_refresh_cookies(response, create_refresh_token(identity=user.email)) return response else: flash("Incorrect email or password or one-time token") return redirect(url_for('user.login'))
def login(): #check_password_hash(saved,input) try: username = request.json.get("username", None) password = request.json.get("password", None) client = MongoClient() db = client.naft user = db.users.find_one({"username": username}) if user is None: return jsonify({"status": "error", "error": "User not found"}), 404 if (user['verified'] == "false"): return jsonify({ "status": "error", "error": "Email has not been verified" }), 401 #if not check_password_hash(users[0]['password'],password): if user['password'] != password: return jsonify({ "status": "error", "error": "Username/Password incorrect" }), 401 access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) resp = jsonify({"status": "OK"}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 except Exception as e: return jsonify({"status": "error", "error": str(e)}), 409
def register(): try: post_data = request.get_json() username = post_data.get('username') email = post_data.get('email') password = post_data.get('password') except Exception as e: return jsonify({'error': str(e)}), 400 # Server-side field validation errors = {} if len(username) < 2: errors['username'] = "******" if len(password) < 6: errors['password'] = "******" if len(errors.keys()) != 0: return jsonify({'status': "fail", 'error': errors}), 422 # Attempt to add user to db. Hash and salted pass. hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt()) add_user_response = User.add(username, email, hashed_password) if add_user_response['status'] == "error": errors.update(add_user_response) if len(errors.keys()) != 0: return jsonify(errors), 422 else: try: user = User.get(email) response = jsonify(SUCCESS_REGISTER) access_token = create_access_token(identity=user.username) set_access_cookies(response, access_token) return response, 201 except Exception as e: return jsonify({'error': {'internal': e}}), 500
def refresh(): # Refreshing expired Access token user_id = get_jwt_identity() access_token = create_access_token(identity=str(user_id)) resp = make_response(redirect(app.config['BASE_URL'] + '/', 302)) set_access_cookies(resp, access_token) return resp
def assign_access_refresh_tokens(user_id, url): access_token = create_access_token(identity=str(user_id), fresh=True) refresh_token = create_refresh_token(identity=str(user_id)) resp = make_response(redirect(url, 302)) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp
def login(): if current_user: return redirect("/") form = LoginForm() title = _("Login") if form.validate_on_submit(): user_data = form.data.copy() for field in ("submit", "csrf_token"): user_data.pop(field) response = ApiPost.make_request("login", json=user_data) if response.status_code == 200: resp = make_response(redirect("/")) access_token, refresh_token = (response.json()[field] for field in ("access_token", "refresh_token")) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp error = response.json()["error"] code = error["code"] if errors.InvalidRequestError.sub_code_match(code): fields = error["fields"] for field in fields: if field in form: form[field].errors += fields[field] elif errors.UserNotFoundError.sub_code_match(code): flash(_("User not found."), "danger") elif errors.WrongCredentialsError.sub_code_match(code): flash(_("Wrong password."), "danger") else: flash(INTERNAL_ERROR_MSG, "danger") return render_template("login.html", title=title, form=form)
def signin(): username = request.json.get('username', None) password = request.json.get('password', None) model = {'name': username, 'password': password} if UserTb.isUnAuthUser(user=model): return jsonify({"msg": "Bad username or password"}), 401 # Store the tokens in redis with a status of not currently revoked. We # can use the `get_jti()` method to get the unique identifier string for # each token. We can also set an expires time on these tokens in redis, # so they will get automatically removed after they expire. We will set # everything to be automatically removed shortly after the token expires user = UserTb.getUser(user=model) access_token = create_access_token(identity=user['id'], fresh=True) refresh_token = create_refresh_token(identity=user['id']) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) resp = jsonify({'signin': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 201
def oauth2callback(): state = get_jwt_identity() flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=SCOPES, state=state) flow.redirect_uri = flask.url_for('auth_handler.oauth2callback', _external=True, _scheme=os.environ["SCHEME"]) authorization_response = flask.request.url flow.fetch_token(authorization_response=authorization_response) # save user info to mongodb credentials = flow.credentials user_info = get_user_info(credentials) gid = user_info["id"] apiid = save_user_mongo(user_info, credentials) # save user info to redis set_user_info_redis(gid, user_info, apiid) # set JWT Cookie to know that the user of the google id is logged in access_token = create_access_token(identity=gid) refresh_token = create_refresh_token(identity=gid) resp = make_response(flask.redirect(os.environ["RE_URL"] + "/dashboard/")) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp
def refresh_token(old_route): gid = get_jwt_identity() access_token = create_access_token(identity=gid) old_route = old_route.replace("*", "/") resp = make_response(flask.redirect(os.environ["RE_URL"] + old_route)) set_access_cookies(resp, access_token) return resp
def post(self): """Authenticates and generates a token""" schema = TokenSchema() data, errors = schema.load(current_app.api.payload) if errors: return errors, 400 try: user = User.get(email=data.email) except User.DoesNotExist: abort(403, 'No such user, or wrong password') if not user or not user.active: abort(403, 'No such user, or wrong password') if not verify_password(data.password, user.password): abort(403, 'No such user, or wrong password') access_token = create_access_token(identity=user.email) refresh_token = create_refresh_token(identity=user.email) access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES'] resp = jsonify( { 'access': access_token, 'refresh': refresh_token, 'accessExpire': int(access_expire.total_seconds()), 'refreshExpire': int(refresh_expire.total_seconds()), } ) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH'] refresh_secure = current_app.config['JWT_COOKIE_SECURE'] refresh_expire_date = datetime.now() + refresh_expire resp.set_cookie( 'refresh_expire', value=str(refresh_expire_date), expires=refresh_expire_date, path=refresh_path, httponly=True, secure=refresh_secure, ) return resp