def access_token():
"""
Generate an access token. Also do the password check.
Do not handle rate limit.
"""
# this throw a BadRequest if json is not sent
data = request.get_json()
if data is None:
abort(400)
if 'method' not in data:
for param in ['username', 'clientVersion', 'clientName', 'deviceName']:
if param not in data or data[param] == '':
abort(400)
else:
if data['method'] != 'password':
return make_response(get_continuation_token_response(data),
status=401)
try:
# max age 5 minutes
# FIXME should be moved to the config file
tokenData = auth.getURLSafeSerializer().loads(data['token'],
max_age=300)
except SignatureExpired:
return make_response(get_continuation_token_response(tokenData),
status=401)
except BadSignature:
abort(403)
try:
user = User.query.filter_by(username=tokenData['username']).one()
user.checkPwd(data['password'])
except database.NoResultFound:
return make_response(get_continuation_token_response(tokenData),
status=401)
except User.BadPassword:
return make_response(get_continuation_token_response(tokenData),
status=401)
# getOrCreate
device = Device.findOrCreate(user.id, tokenData)
device.save()
database.commit()
auth.setUserAndDevice(user, device)
response = get_endpoints()
response['accessToken'] = auth.createAccessToken()
return make_response(response, status=201)
return make_response(get_continuation_token_response(data))
def access_token():
"""
Generate an access token. Also do the password check.
Do not handle rate limit.
"""
# this throw a BadRequest if json is not sent
data = request.get_json()
if data is None:
abort(400)
if 'method' not in data:
for param in ['username', 'clientVersion', 'clientName', 'deviceName']:
if param not in data or data[param] == '':
abort(400)
else:
if data['method'] != 'password':
return make_response(get_continuation_token_response(data), status=401)
try:
# max age 5 minutes
# FIXME should be moved to the config file
tokenData = auth.getURLSafeSerializer().loads(data['token'], max_age=300)
except SignatureExpired:
return make_response(get_continuation_token_response(tokenData), status=401)
except BadSignature:
abort(403)
try:
user = User.query.filter_by(username=tokenData['username']).one()
user.checkPwd(data['password'])
except database.NoResultFound:
return make_response(get_continuation_token_response(tokenData), status=401)
except User.BadPassword:
return make_response(get_continuation_token_response(tokenData), status=401)
# getOrCreate
device = Device.findOrCreate(user.id, tokenData)
device.save()
database.commit()
auth.setUserAndDevice(user, device)
response = get_endpoints()
response['accessToken'] = auth.createAccessToken();
return make_response(response, status=201)
return make_response(get_continuation_token_response(data))
def get_continuation_token_response(data):
return {
'continuationToken': auth.getURLSafeSerializer().dumps(data),
'methods': ['password'],
'prompt': None
}
def get_continuation_token_response(data):
return {
'continuationToken': auth.getURLSafeSerializer().dumps(data),
'methods': ['password'],
'prompt': None
}