def activate(args): result = {"error": None, "data": {}} if not Token.validate(args["token"]): return abort("general", "token-invalid") payload = Token.payload(args["token"]) if not (account := UserService.get_by_username(payload["meta"])): return abort("account", "not-found")
def auth(cls, token: str): valid = Token.validate(token) payload = Token.payload(token) if valid and payload["action"] == "login": user = cls.get_by_username(payload["meta"]) if user: if PermissionService.check(user, "global", "activated"): return user return None
def reset(args): result = {"error": None, "data": {}} payload = Token.payload(args["token"]) if "meta" not in payload: return abort("general", "token-invalid") if payload["action"] != "reset": return abort("general", "token-invalid-type") account = UserService.get_by_username(payload["meta"]) if not Token.validate(args["token"], account.password): return abort("general", "token-invalid") account.password = auth.hashpwd(args["password"]) result["data"] = { "username": account.username, "success": True } return result
def decorator(*args, **kwargs): token = request.headers.get("Authentication") valid = Token.validate(token) payload = Token.payload(token) if valid and payload["action"] == "login": account = UserService.get_by_username(payload["meta"]) if account is None: return abort("account", "login-failed") if not account.activated: return abort("account", "not-activated") account.login = datetime.utcnow() request.account = account return view_function(*args, **kwargs) return abort("account", "login-failed")
@orm.db_session def login(args): result = {"error": None, "data": {}} if not (account := UserService.get_by_email(args["email"])): return abort("account", "not-found") if not auth.checkpwd(args["password"], account.password): return abort("account", "login-failed") if not account.activated: return abort("account", "not-activated") account.login = datetime.utcnow() login_token = Token.create("login", account.username) data = Token.payload(login_token) result["data"] = { "token": login_token, "expire": data["expire"], "username": data["meta"] } return result @blueprint.route("/activate", methods=["POST"]) @use_args(activate_args, location="json") @orm.db_session def activate(args): result = {"error": None, "data": {}}