def login(): """ Login the user to the server :return: user json with id and API key """ user_json = request.json username = user_json[UserKeys.USERNAME_KEY] password = user_json[UserKeys.HASHED_PASSWORD] user = UserService.get_user_by_name(username) if user is None: abort(404) if user[UserKeys.HASHED_PASSWORD] != password: abort(404) token, refresh_token = create_user_token(str(user.id)) user_json[ID_KEY] = str(user.id) user_json[UserKeys.API_KEY] = token UserService.set_refresh_cookie(str(user.id), refresh_token) res = make_response(token) res.set_cookie("refresh_token", refresh_token, httponly=True) return res