def revoke_token(token_type='refresh'):
"""
Method responsible for blacklisting tokens.
Currently it only supports blacklisting refresh tokens.
@return bool True: if token revoked successfully
False: Failed to revoke the token
"""
try:
raw = get_raw_jwt()
jti = raw['jti']
exp = raw['exp']
time_diff = exp - int(time())
revoked_store.set(jti, time_diff, time_diff)
except Exception as e:
logger.error(e, exc_info=traceback.format_exc())
return False
else:
return True
def auth():
auth = request.authorization
if not auth or not auth.username or not auth.password:
return jsonify({
'message': 'could not verify',
'WWW-Authenticate': 'Basic auth="Login required"'
}), 401
user = get_user_by_username(auth.username)
if not user:
return jsonify({
'message': 'Wrong username or password',
'data': {}
}), 401
if user and check_password_hash(user.password, auth.password):
jti = uuid.uuid4().hex
token = jwt.encode(
{
'id': user.id,
'username': user.username,
'exp': datetime.datetime.now() + datetime.timedelta(hours=12)
},
app.config['SECRET_KEY'],
headers={'jti': jti})
revoked_store.set(jti, 'false', app.config['ACCESS_EXPIRES'] * 1.2)
return jsonify({
'message':
'Successfully authenticated',
'token':
token.decode('UTF-8'),
'exp':
datetime.datetime.now() + datetime.timedelta(hours=12)
}), 200
return jsonify({
'message': 'Authentication Failure',
'WWW-Authenticate': 'Basic auth="Login Required'
}), 401
def AddTokenToBlacklist():
access_token = request.cookies.get('access_token_cookie')
access_jti = get_jti(encoded_token=access_token)
revoked_store.set(access_jti, 'false')
return 0
def post(self):
args = request.get_json()
validator = MyValidator()
dovalidate = validator.wrp_validate(
args, {
'username': {
'type': 'string',
'required': True,
'empty': False
},
'password': {
'type': 'string',
'required': True,
'empty': False
}
})
if (dovalidate['status'] is False):
return self.response({
'title': 'Error',
'body': dovalidate['messages'],
'status_code': 422
})
user = UserModel.getByUsername(args['username'])
# Check Max Login Attempt Mode
max_login_attempt = int(app.config['MAX_LOGIN_ATTEMPT'])
if user is not None:
user = user.serialize()
if user['login_attempt'] >= max_login_attempt or user[
'status'] == VariableConstant.USER_STATUS_BLOCKED:
return self.response(VariableConstant.USER_BLOCKED_RESPONSE)
password = util.generate_password(args['username'],
args['password'],
user['password_salt'])
if password != user['password']:
app.logger.error('ERROR LOGIN : '******'msg': 'Wrong Username or Password'})
# Auto Increment Login Attempt
la = UserModel.incrementLoginAttempt(user['id'])
if (user['login_attempt'] + 1) >= max_login_attempt:
# Block user
UserModel.doUpdate(
user['id'], {
'status': VariableConstant.USER_STATUS_BLOCKED,
'isloggedin': 0,
'login_attempt': 0
})
return self.response(
VariableConstant.USER_BLOCKED_RESPONSE)
return self.response(
VariableConstant.USER_LOGIN_FAILED_RESPONSE)
else:
app.logger.error('ERROR LOGIN : '******'msg': 'User Not Found '})
return self.response(VariableConstant.USER_LOGIN_FAILED_RESPONSE)
user['access_token'] = create_access_token(identity=args['username'])
user['refresh_token'] = create_refresh_token(identity=args['username'])
access_jti = get_jti(encoded_token=user['access_token'])
refresh_jti = get_jti(encoded_token=user['refresh_token'])
revoked_store.set(access_jti, 'false',
app.config['JWT_ACCESS_TOKEN_EXPIRES'] * 1.2)
revoked_store.set(refresh_jti, 'false',
app.config['JWT_REFRESH_TOKEN_EXPIRES'] * 1.2)
#update last logged in
UserModel.doUpdate(
user['id'], {
'last_loggedin_at':
datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
'is_loggedin': 1
})
result = {}
result['access_token'] = user['access_token']
result['refresh_token'] = user['refresh_token']
return self.response({'data': result})
def logout():
token = request.headers.get('Authorization').split(" ")[1]
jti = jwt.get_unverified_header(token)['jti']
revoked_store.set(jti, 'true', app.config['ACCESS_EXPIRES'] * 1.2)
return jsonify({"msg": "Access token revoked"}), 200