def login():
data = request.get_json()
try:
user = User.query.filter_by(email=data.get('email')).first()
if user and bcrypt.check_password_hash(
user.password, data.get('password')
):
token = user.encode_auth_token(user.id)
if token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'is_admin': user.is_admin,
'token': token.decode()
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 400
except Exception as e:
print(e)
responseObject = {
'status': 'fail',
'message': 'Try again'
}
return make_response(jsonify(responseObject)), 500
def check_password(self, passwd):
"""
Check if the passwordhash is in Argon2 or Bcrypt(old) format
Resets the password hash to argon2 format if stored in bcrypt
Returns value for login route
"""
try:
if bcrypt.check_password_hash(self.password, passwd):
bpass = True
except ValueError as error:
print(error)
bpass = False
if argon2.check_password_hash(self.password, passwd):
return True
elif not argon2.check_password_hash(self.password, passwd) and not bpass:
return False
elif not argon2.check_password_hash(self.password, passwd) and bpass:
self.set_password(passwd)
return True
def login():
# get the post data
post_data = request.get_json()
# fetch the user data
user = User.query.filter_by(
email=post_data.get('email')
).first()
if user and bcrypt.check_password_hash(
user.password, post_data.get('password')
):
auth_token = encode_auth_token(user.id, user.admin)
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
'token_max_age': app.config.get('JWT_MAX_AGE')
}
return make_response(jsonify(responseObject)), \
html_codes.HTTP_OK_BASIC
else:
raise InvalidAPIUsage(
message='User does not exist.',
status_code=html_codes.HTTP_BAD_NOTFOUND
)
def check_password(self, value):
"""Check password."""
return bcrypt.check_password_hash(self.password, value)