def post(args): if not safe_str_cmp(args['password'], args['password_confirmation']): return { 'success': False, 'errors': { 'password': ['Password and password confirmation do not match'] } }, 409 user = UserModel.find_by_email(args['email']) if user: return { 'success': False, 'error': 'Email has already been taken' }, 409 is_admin = False if UserModel.count_all() < 1: is_admin = True phone = None if 'phone' in args: phone = args['phone'] hashed_password = UserModel.generate_hash(args['password']) user = UserModel(args['name'], hashed_password, args['email'], phone, is_admin) user.save_to_db() return {'success': True, 'user': user_summary.dump(user).data}, 201
def post(cls): data = request.get_json() if UserModel.find_by_email(data["email"]): return { "message": response_quote("user_email_taken") }, 400 # TODO: user = UserModel(username=data["username"], password=b_crypt.generate_password_hash( data["password"]).decode("utf-8"), email=data["email"], sha_private=hashlib.sha256(str.encode( data["email"])).hexdigest()) try: user.save_to_db() confirmation = ConfirmationModel(user.id) confirmation.save_to_db() user.confirm() return {"message": response_quote("user_been_created")}, 201 except MailGunException as e: user.delete_from_db() # rollback return {"message": str(e)}, 500 except: traceback.print_exc() user.delete_from_db() return {"message": response_quote("operation_fatal_error")}, 500
def post(self): data = UserRegister.parser.parse_args() user = UserModel.find_by_email(data['email']) if user: return {'message': "User already exists"}, 400 user = UserModel(data['email'], data['password']) user.save() return {'message': 'User is created'}, 201
def post(cls): data = request.get_json() user = UserModel.find_by_email(data["email"]) if user: try: token = hashlib.sha256(str.encode(user.email)).hexdigest() code = EmailSecondFA.generate_2fa_code(token) user.token_2fa = token user.save_to_db() user.password_reset_request(code) return {"request_token": token}, 200 except MailGunException as e: return {"message": str(e)}, 500 return {"message": response_quote("user_not_exist")}, 404
def post(self): parser = reqparse.RequestParser() parser.add_argument('identification', help='This field cannot be blank', required=True, type=str) data = parser.parse_args() user = UserModel.find_by_username(data['identification']) if not user: user = UserModel.find_by_email(data['identification']) if not user: abort(401, message=USER_NOT_FOUND) try: user.reset_password_hash = uuid4() user.reset_password_hash_created = datetime.now() user.persist() send_forgot_password_email(user) return SimpleMessage(RESET_PASSWORD_MAIL_SENT), 200 except: abort(500, message=INTERNAL_SERVER_ERROR)
def post(cls): data = request.get_json() if UserModel.find_by_email(data["email"]): return {"message": response_quote("user_email_taken")}, 400 password_salt, password_hash = PassCrypt.generate_password_hash( data["password"]) user = UserModel(username=data["username"], password_hash=password_hash, password_salt=password_salt, email=data["email"]) try: user.save_to_db() confirmation = ConfirmationModel(user.id) confirmation.save_to_db() user.confirm() return {"message": response_quote("user_been_created")}, 201 except MailGunException as e: user.delete_from_db() # rollback return {"message": str(e)}, 500 except: traceback.print_exc() user.delete_from_db() return {"message": response_quote("operation_fatal_error")}, 500
def post(cls): data = request.get_json() user = UserModel.find_by_email(data["email"]) if user and PassCrypt.check_password_hash( user.password_hash, user.password_salt, data["password"]): confirmation = user.most_recent_confirmation if confirmation and confirmation.confirmed: # в ключ сессии закладывается текущее время сервера во время авторизации. user.session_key = hashlib.sha256( str.encode(str(datetime.datetime.now()))).hexdigest() user.save_to_db() access_token = create_access_token(identity=user.session_key, expires_delta=EXPIRES_DELTA) refresh_token = create_refresh_token(identity=user.session_key) if user.second_fa_enabled: try: token = hashlib.sha256(str.encode( user.email)).hexdigest() code = EmailSecondFA.generate_2fa_code(token) user.token_2fa = token user.session_key = None user.save_to_db() user.send_email_2fa_code(code) return {"verification_token": token}, 202 except MailGunException as e: return {"message": str(e)} return { "access_token": access_token, "refresh_token": refresh_token }, 201 else: return { "message": response_quote("user_not_confirmed").format(user.username) }, 400 else: return {"message": response_quote("user_invalid_credentials")}, 401
def post(cls): """ :return: access_token, refresh_token """ data = request.get_json() user = UserModel.find_by_email(data["email"]) if user and b_crypt.check_password_hash(user.password, data["password"]): confirmation = user.most_recent_confirmation if confirmation and confirmation.confirmed: access_token = create_access_token(identity=user.sha_private, expires_delta=EXPIRES_DELTA) refresh_token = create_refresh_token(identity=user.sha_private) if user.second_fa_enabled: try: token = hashlib.sha256(str.encode( user.sha_private)).hexdigest() code = EmailSecondFA.generate_2fa_code( token) # еще подумать над этим функционалом user.token_2fa = token user.save_to_db() user.send_email_2fa_code(code) return {"verification_token": token} except MailGunException as e: return {"message": str(e)} return { "access_token": access_token, "refresh_token": refresh_token }, 201 else: return { "message": response_quote("user_not_confirmed").format(user.username) }, 400 else: return {"message": response_quote("user_invalid_credentials")}, 401
def authenticate(email, password): user = UserModel.find_by_email(email) if user and UserModel.verify_hash(password, user.password): return user