def register():
username = request.get_json()['userName'],
email = request.get_json()['email']
existing_user1 = User.query.filter_by(username=username).first()
existing_user2 = User.query.filter_by(email=email).first()
if existing_user1:
return jsonify({'user_name': None, 'err': 'username'})
elif existing_user2:
return jsonify({'user_name': None, 'err': 'email'})
password = request.get_json()['password']
pw_hash = bcrypt.generate_password_hash(password, 10).decode('utf-8')
new_user = User(username=username, email=email, password=pw_hash)
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=new_user)
data = jsonify({
'user_name': new_user.username,
'user_email': new_user.email
})
set_access_cookies(data, access_token)
return data, 200
def graphql_server():
# GraphQL queries are always sent as POST
data = request.get_json()
print(data)
# Note: Passing the request to the context is optional.
# In Flask, the current request is always accessible as flask.request
# if the cookie contains "access_token_cookie" and "refresh_token_cookie"
# set those tokens to tokens global variable
# this way we can make sure every has token
if request.cookies:
set_tokens(request.cookies)
try:
success, result = graphql_sync(
schema,
data,
context_value=request,
debug=app.debug
)
except Exception as e:
return {
"message": "Something went wrong."
}, 500
tokens = get_tokens()
result = jsonify(result)
if tokens:
set_access_cookies(result, tokens["access_token_cookie"])
set_refresh_cookies(result, tokens["refresh_token_cookie"])
else:
unset_access_cookies(result)
unset_refresh_cookies(result)
status_code = 200 if success else 400
return result, status_code
def login():
username = request.json.get('login', None)
password = request.json.get('password', None)
conn = sql3.connect('accounts.db')
c = conn.cursor()
t = (username, )
# Create the tokens we will be sending back to the user
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
# Set the JWTs and the CSRF double submit protection cookies
# in this response
c.execute('SELECT * FROM users WHERE User=?', t)
answers = c.fetchone()
if username == answers[0] and password == answers[0]:
conn.close()
resp = jsonify({'login': True})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
else:
conn.close()
return jsonify({'login': False}), 401
def refresh():
# Create the new access token
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
resp = jsonify({'refresh': True})
set_access_cookies(resp, access_token)
return resp, 200
def post(self):
current_app.logger.info('Processing LoginRefresh POST')
# Create the new access token
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user, fresh=False)
if not access_token:
current_app.logger.error('Access token failed in LoginRefresh POST')
return {'message': 'Access token failed', 'error': 'true'}, 400
# Set the access JWT and CSRF double submit protection cookies
# in this response
user_id = User.query.filter_by(user_name=current_user).first()
if not user_id:
current_app.logger.error('User not found in LoginRefresh POST')
return {'message': 'Refresh user does not exist', 'error': 'true'}, 400
user_membership = Membership.query.filter_by(related_user_id=user_id.id).first()
if not user_membership:
current_app.logger.error('Membership not found in LoginRefresh POST')
return {'message': 'Refresh membership does not exist', 'error': 'true'}, 400
if user_membership.verified != 1:
current_app.logger.error('Membership not verified in LoginRefresh POST')
return {'message': 'Account must be verified before login', 'error': 'true'}, 400
user_id.related_role_id = user_membership.related_role_id
login_user(user_id)
resp = jsonify({
'refresh': True,
'message': 'Login successful',
'first_name': user_id.first_name,
'last_name': user_id.last_name,
'user_name': user_id.user_name,
'id': user_id.id,
})
set_access_cookies(resp, access_token)
resp.status_code = 200
current_app.logger.info('Successful LoginRefresh POST')
return resp
def post(self):
''' 获取参数 '''
request.get_json(force=True)
parse = reqparse.RequestParser()
parse.add_argument('username', type=str)
parse.add_argument('passwd', type=str)
args = parse.parse_args()
uname = args['username']
challenge = args['passwd']
content, code, msg = LogHandler(uname=uname, challenge=challenge)
''' 生成响应报文 '''
self.response = make_response()
if content == None:
# 错误内容返回
resp = jsonify({"message": msg})
self.response = resp
self.response.status_code = code
else:
# 生成token并设置响应的cookie
userid = content['userid']
access_token = create_access_token(identity=userid)
set_access_cookies(self.response, access_token)
self.response.status_code = code
return self.response
def login():
title = 'login'
form = LoginForm()
if request.method == 'GET':
return render_template('auth/login.html', title=title, form=form)
email = request.form.get('email')
password = request.form.get('password')
user = User.query.filter_by(email=email).first()
# check if user actually exists
# take the user supplied password, hash it, and compare it to the hashed password in DB
if not user or not check_password_hash(user.password, password):
flash('Please check your login details and try again.')
return redirect(url_for('auth.login'))
# it the abobe check passes, then we know the user has the right credentials
resp = make_response(redirect(url_for('home.home_page')))
# Create the tokens we will be sending back to the user
access_token = create_access_token(identity=email)
refresh_token = create_refresh_token(identity=email)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
login_user(user)
session['username'] = current_user.username
return resp
def post(self):
try:
data_json = login_data_validator.load(request.json)
email = data_json['email']
password = data_json['password']
with db_session:
admin = Admin.get(email=email)
if admin is None:
abort(400, message="Email is not registered.")
if not check_password_hash(admin.password, password):
abort(400, message="Invalid password.")
access_token = create_access_token(identity=admin)
response = jsonify(msg="Login successful")
set_access_cookies(response, access_token)
return response
except ValidationError as error:
abort(400, message=error.messages)
def do_admin_login():
"""Log-in for the given user..
:param str email: The mail which is used to identify the user.
:param str password: The user's password.
"""
user_requested = request.form['email'].lower()
password_requested = request.form['password']
target_user = User.query.filter_by(mail=user_requested).first()
if target_user is None:
return Response(
render_template('admin/login.html', message="Unknown Credentials"))
if not target_user.check_password(password_requested):
return Response(
render_template('admin/login.html', message="Unknown Credentials"))
if not target_user.state == StateType.ACTIVE:
return Response(
render_template('admin/login.html',
message="User account deactivated. Cannot login."))
resp = Response(
render_template('admin/admin.html',
user=target_user.name,
message="Login succeeded"))
set_access_cookies(resp, create_access_token(identity=target_user.id))
return resp
def post(self):
content = request.data
if content is None:
return render_template('login.html')
my_json = content.decode('utf8').replace("'", '"')
data = json.loads(my_json)
if data["Login"] is None or data["Password"] is None:
return render_template('login.html')
info = check_login(data)
if info:
js = {
"UserId": info[0],
"FirstName": info[1],
"LastName": info[2],
"Email": info[3],
"Login": info[4],
"Password": info[5],
}
access_token = create_access_token(identity=js)
refresh_token = create_refresh_token(identity=js)
# Set the JWT access cookie in the response
resp = jsonify({'login': True})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
return redirect(url_for('userlogin'))
def login():
username = request.json.get('username', None)
password = request.json.get('password', None)
try:
user = Account.objects(name=username)[0]
except Exception as error:
return jsonify({'login': False}), 401
if not (argon2.verify(password, user.passwd)):
return jsonify({'login': False}), 401
# Create the tokens we will be sending back to the user
time_limit = timedelta(minutes=10) # set limit for user
access_token = create_access_token(identity={
"username": user.name,
"role": user.role
},
expires_delta=time_limit,
fresh=True)
time_limit = timedelta(hours=2)
refresh_token = create_refresh_token(identity={
"username": user.name,
"role": user.role
},
expires_delta=time_limit)
# Set the JWT cookies in the response
resp = jsonify({'login': True, 'next-page': url_for("game.start_game")})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
def login():
try:
payload = request.json
email = payload["email"]
pw = payload["password"].encode("utf-8")
user = UserModel.getUserForEmail(email)
if user is None:
raise(UnauthorizedError)
validated = user.login(pw)
if validated:
accessToken = create_access_token(identity = user.id)
refreshToken = create_refresh_token(identity = user.id)
response = jsonify({"success": True, "msg": "sucessfully logged in", "firstName": user.firstName})
set_access_cookies(response, accessToken)
set_refresh_cookies(response, refreshToken)
return response, 200
else:
raise(UnauthorizedError)
except UnauthorizedError:
raise UnauthorizedError
except Exception as e:
raise InternalServerError(e)
def login():
try:
if request.method == "POST":
email = request.form.get('email')
password = request.form.get("password")
data = {'email': email, 'password': password}
user = users_db.find_one({'email': data['email']})
if not user:
# we need to change this part to display incorrect email
del data['password']
data['error'] = "Invalid email and password"
flash(data.get('error'))
return render_template('login.html', data=data)
if (not check_password_hash(user['password'], data['password'])):
# same for this place
data['error'] = "Invalid email and password"
flash(data.get('error'))
return render_template('login.html', data=data)
resp = make_response(redirect('/'))
resp.headers.set('CONTENT-TYPE', 'text/html')
token = create_access_token(identity={
'email': email,
'username': user['username']
})
users_db.update_one({'email': email}, {"$set": {"token": token}})
set_access_cookies(resp, token)
return resp
return render_template('login.html', data={}, logged_in=False)
except:
return render_template('500.html')
def PUT(cls, request: Request, payload,
collection: Collection) -> Response:
''' Create a refresh token '''
identity = get_jwt_identity()
if not identity:
return JsonError(
'Could not refresh access token, failed to validate refresh token'
)
access_token, refresh_token = cls.update_stored_token(identity)
response = JsonResponse({
'_id':
str(identity['_id']),
'permissions':
identity['permissions'],
'session_expires':
datetime.now() +
timedelta(seconds=int(JWT_Settings.APP_JWT_LIFESPAN))
})
set_access_cookies(response, access_token)
set_refresh_cookies(response, refresh_token)
return response
def POST(cls, request: Request, payload,
collection: Collection) -> Response:
''' Attempt to log in for a specified user '''
user = collection.find_one({'username': payload.get('username')})
if not user:
return JsonError(f"User [{payload.get('username')}] not found",
404)
if not sha256.verify(payload.get('password'), user['password']):
return JsonError("Incorrect Password", 400)
permissions = user.get('permissions')
if isinstance(permissions, str): permissions = [permissions]
identity = {
'username': user['username'],
'_id': str(user['_id']),
'permissions': permissions
}
access_token, refresh_token = cls.update_stored_token(identity)
response = JsonResponse({
'_id':
str(user['_id']),
'permissions':
permissions,
'session_expires':
datetime.now() +
timedelta(seconds=int(JWT_Settings.APP_JWT_LIFESPAN))
})
set_access_cookies(response, access_token)
set_refresh_cookies(response, refresh_token)
return response
def login():
body = request.get_json()
if body is None:
return jsonify({'message': 'Invalid username and password'}), 401
username = body.get('username', None)
password = body.get('password', None)
if username == '':
return jsonify({'message': 'Username can not be blank'}), 401
if password == '':
return jsonify({'message': 'Password can not be blank'}), 401
# Create the tokens we will be sending back to the user
nor_username = username.strip().lower()
try:
user = User.objects.get(username=nor_username)
except errors.DoesNotExist:
return jsonify({'message': 'username or password is not match'}), 401
if user.check_password(password) is False:
return jsonify({'message': 'username or password is not match'}), 401
user = JWTUser(str(user.id), user.role)
expires = datetime.timedelta(days=7)
access_token = create_access_token(identity=user, expires_delta=expires)
refresh_token = create_refresh_token(identity=user)
# Set the JWT cookies in the response
resp = jsonify({'login': '******'})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
def post(self):
"""Refresh access token"""
email = get_jwt_identity()
try:
user = User.objects.get(email=email)
except User.DoesNotExist:
abort(403, 'No such user, or wrong password')
if not user.active:
abort(403, 'No such user, or wrong password')
access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES']
access_token = create_access_token(identity=user.email)
refresh_expire_date = datetime.strptime(
request.cookies['refreshExpire'],
'%Y-%m-%d %H:%M:%S.%f'
)
refresh_delta = refresh_expire_date - datetime.now()
resp = jsonify(
{
'access': access_token,
'accessExpire': int(access_expire.total_seconds()),
'refreshExpire': int(refresh_delta.total_seconds()),
}
)
set_access_cookies(resp, access_token)
return resp
def refresh():
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
resp = jsonify({'msg': 'token refreshed'})
set_access_cookies(resp, access_token)
return resp, 200
def post(self):
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
resp = jsonify({'refresh': True})
set_access_cookies(resp, access_token)
resp.status_code = 200
return resp
def post(self):
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
resp = jsonify({'success': True, 'msg': 'refreshed cookie'})
set_access_cookies(resp, access_token)
return resp
def post(self):
data = _user_parser.parse_args()
user = UserModel.find_by_username(data["username"])
if user and safe_str_cmp(user.password, data["password"]):
access_token = create_access_token(identity=user.user_id,
fresh=True)
refresh_token = create_refresh_token(user.user_id)
resp = jsonify({
'login': True,
'status': 'Sucess',
'access_token': access_token,
'refresh_token': refresh_token,
'user_name': user.name,
'age': user.age,
'area': user.address
})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
#cookies=[ ('Set-Cookie', 'access_token=%s'.format(access_token)), ('Set-Cookie', 'refresh_token=%s'.format(refresh_token)),'Set-Cookie' ]
resp.headers['Authorization'] = str('Bearer ' + access_token)
print(resp)
return resp
return {"message": "Invalid credentials!"}, 401
def login():
email = ""
password = ""
try:
post_data = request.get_json()
email = post_data.get('email')
password = post_data.get('password')
except Exception as e:
return jsonify({'error': str(e)}), 400
# Check if user exists
user = User.get(email)
if not user:
return jsonify(ERROR_BAD_AUTH), 422
# Compare password hashes
password_hash = bcrypt.checkpw(
password.encode('utf-8'), user['password'].encode('utf-8')
)
if not password_hash:
return jsonify(ERROR_BAD_AUTH), 422
try:
response = jsonify(SUCCESS_LOGIN)
access_token = create_access_token(identity=user.username)
set_access_cookies(response, access_token)
return response, 201
except Exception as e:
return jsonify({'error': {'internal': e}}), 500
def login():
if current_user:
return redirect(url_for('feed.news'))
if request.method == 'GET':
return render_template('user/login.html', form=forms.LoginForm())
email_or_username = request.form['email_or_username']
token_or_password = request.form['token_or_password']
user = models.User.query.filter_by(email=email_or_username).first()
if not user:
user = models.User.query.filter_by(username=email_or_username).first()
login_success = False
if not user:
app.logger.info("User not found: %s", email_or_username)
else:
if user.verify_totp(token_or_password):
app.logger.info("Login success token: %s", email_or_username)
login_success = True
if user.verify_password(token_or_password):
app.logger.info("Login success password: %s", email_or_username)
login_success = True
if login_success:
response = redirect(url_for('feed.news'))
set_access_cookies(response, create_access_token(identity=user.email))
set_refresh_cookies(response,
create_refresh_token(identity=user.email))
return response
else:
flash("Incorrect email or password or one-time token")
return redirect(url_for('user.login'))
def login():
#check_password_hash(saved,input)
try:
username = request.json.get("username", None)
password = request.json.get("password", None)
client = MongoClient()
db = client.naft
user = db.users.find_one({"username": username})
if user is None:
return jsonify({"status": "error", "error": "User not found"}), 404
if (user['verified'] == "false"):
return jsonify({
"status": "error",
"error": "Email has not been verified"
}), 401
#if not check_password_hash(users[0]['password'],password):
if user['password'] != password:
return jsonify({
"status": "error",
"error": "Username/Password incorrect"
}), 401
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
resp = jsonify({"status": "OK"})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 200
except Exception as e:
return jsonify({"status": "error", "error": str(e)}), 409
def register():
try:
post_data = request.get_json()
username = post_data.get('username')
email = post_data.get('email')
password = post_data.get('password')
except Exception as e:
return jsonify({'error': str(e)}), 400
# Server-side field validation
errors = {}
if len(username) < 2:
errors['username'] = "******"
if len(password) < 6:
errors['password'] = "******"
if len(errors.keys()) != 0:
return jsonify({'status': "fail", 'error': errors}), 422
# Attempt to add user to db. Hash and salted pass.
hashed_password = bcrypt.hashpw(password.encode('utf-8'), bcrypt.gensalt())
add_user_response = User.add(username, email, hashed_password)
if add_user_response['status'] == "error":
errors.update(add_user_response)
if len(errors.keys()) != 0:
return jsonify(errors), 422
else:
try:
user = User.get(email)
response = jsonify(SUCCESS_REGISTER)
access_token = create_access_token(identity=user.username)
set_access_cookies(response, access_token)
return response, 201
except Exception as e:
return jsonify({'error': {'internal': e}}), 500
def refresh():
# Refreshing expired Access token
user_id = get_jwt_identity()
access_token = create_access_token(identity=str(user_id))
resp = make_response(redirect(app.config['BASE_URL'] + '/', 302))
set_access_cookies(resp, access_token)
return resp
def assign_access_refresh_tokens(user_id, url):
access_token = create_access_token(identity=str(user_id), fresh=True)
refresh_token = create_refresh_token(identity=str(user_id))
resp = make_response(redirect(url, 302))
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
def login():
if current_user:
return redirect("/")
form = LoginForm()
title = _("Login")
if form.validate_on_submit():
user_data = form.data.copy()
for field in ("submit", "csrf_token"):
user_data.pop(field)
response = ApiPost.make_request("login", json=user_data)
if response.status_code == 200:
resp = make_response(redirect("/"))
access_token, refresh_token = (response.json()[field] for field in ("access_token", "refresh_token"))
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
error = response.json()["error"]
code = error["code"]
if errors.InvalidRequestError.sub_code_match(code):
fields = error["fields"]
for field in fields:
if field in form:
form[field].errors += fields[field]
elif errors.UserNotFoundError.sub_code_match(code):
flash(_("User not found."), "danger")
elif errors.WrongCredentialsError.sub_code_match(code):
flash(_("Wrong password."), "danger")
else:
flash(INTERNAL_ERROR_MSG, "danger")
return render_template("login.html", title=title, form=form)
def signin():
username = request.json.get('username', None)
password = request.json.get('password', None)
model = {'name': username, 'password': password}
if UserTb.isUnAuthUser(user=model):
return jsonify({"msg": "Bad username or password"}), 401
# Store the tokens in redis with a status of not currently revoked. We
# can use the `get_jti()` method to get the unique identifier string for
# each token. We can also set an expires time on these tokens in redis,
# so they will get automatically removed after they expire. We will set
# everything to be automatically removed shortly after the token expires
user = UserTb.getUser(user=model)
access_token = create_access_token(identity=user['id'], fresh=True)
refresh_token = create_refresh_token(identity=user['id'])
access_jti = get_jti(encoded_token=access_token)
refresh_jti = get_jti(encoded_token=refresh_token)
revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2)
revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2)
resp = jsonify({'signin': True})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp, 201
def oauth2callback():
state = get_jwt_identity()
flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file(
CLIENT_SECRETS_FILE, scopes=SCOPES, state=state)
flow.redirect_uri = flask.url_for('auth_handler.oauth2callback',
_external=True,
_scheme=os.environ["SCHEME"])
authorization_response = flask.request.url
flow.fetch_token(authorization_response=authorization_response)
# save user info to mongodb
credentials = flow.credentials
user_info = get_user_info(credentials)
gid = user_info["id"]
apiid = save_user_mongo(user_info, credentials)
# save user info to redis
set_user_info_redis(gid, user_info, apiid)
# set JWT Cookie to know that the user of the google id is logged in
access_token = create_access_token(identity=gid)
refresh_token = create_refresh_token(identity=gid)
resp = make_response(flask.redirect(os.environ["RE_URL"] + "/dashboard/"))
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
def refresh_token(old_route):
gid = get_jwt_identity()
access_token = create_access_token(identity=gid)
old_route = old_route.replace("*", "/")
resp = make_response(flask.redirect(os.environ["RE_URL"] + old_route))
set_access_cookies(resp, access_token)
return resp
def post(self):
"""Authenticates and generates a token"""
schema = TokenSchema()
data, errors = schema.load(current_app.api.payload)
if errors:
return errors, 400
try:
user = User.get(email=data.email)
except User.DoesNotExist:
abort(403, 'No such user, or wrong password')
if not user or not user.active:
abort(403, 'No such user, or wrong password')
if not verify_password(data.password, user.password):
abort(403, 'No such user, or wrong password')
access_token = create_access_token(identity=user.email)
refresh_token = create_refresh_token(identity=user.email)
access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES']
refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES']
resp = jsonify(
{
'access': access_token,
'refresh': refresh_token,
'accessExpire': int(access_expire.total_seconds()),
'refreshExpire': int(refresh_expire.total_seconds()),
}
)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH']
refresh_secure = current_app.config['JWT_COOKIE_SECURE']
refresh_expire_date = datetime.now() + refresh_expire
resp.set_cookie(
'refresh_expire',
value=str(refresh_expire_date),
expires=refresh_expire_date,
path=refresh_path,
httponly=True,
secure=refresh_secure,
)
return resp
