def login(): # lookup user from username/email try: username = request.json.get('username', None) or request.json['email'] password = request.json['password'] except KeyError: raise ApiError("must supply 'username' and 'password'", 401) user = User.check_credentials(username, password) if not user: raise ApiError("Invalid username or password", 401) # if email verification is enforced, deny login and send email if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified: hash = str(uuid4()) send_confirmation(user, hash) user.set_email_hash(hash) raise ApiError('email not verified', 401) # check allowed domain if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]): raise ApiError("unauthorized domain", 403) # assign customers customers = get_customers(user.email, groups=[user.domain]) # generate token token = create_token(user.id, user.name, user.email, provider='basic', customers=customers, roles=user.roles, email=user.email, email_verified=user.email_verified) return jsonify(token=token.tokenize)
def signup(): if not current_app.config['SIGNUP_ENABLED']: raise ApiError('user signup is disabled', 401) try: user = User.parse(request.json) except Exception as e: raise ApiError(str(e), 400) # set sign-up defaults user.roles = ['user'] user.email_verified = False # check allowed domain if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]): raise ApiError('unauthorized domain', 403) if User.find_by_email(email=user.email): raise ApiError('username already exists', 409) try: user = user.create() except Exception as e: ApiError(str(e), 500) # if email verification is enforced, deny login and send email if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified: send_confirmation(user) raise ApiError('email not verified', 401) # check user is active & update last login if user.status != 'active': raise ApiError('user not active', 403) user.update_last_login() # assign customers customers = get_customers(user.email, groups=[user.domain]) # generate token token = create_token(user.id, user.name, user.email, provider='basic', customers=customers, roles=user.roles, email=user.email, email_verified=user.email_verified) return jsonify(token=token.tokenize)
def create_user(): try: user = User.parse(request.json) except Exception as e: raise ApiError(str(e), 400) # check allowed domain if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]): raise ApiError('unauthorized domain', 403) if User.find_by_email(email=user.email): raise ApiError('username already exists', 409) try: user = user.create() except Exception as e: ApiError(str(e), 500) # if email verification is enforced, deny login and send email if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified: hash = str(uuid4()) send_confirmation(user, hash) user.set_email_hash(hash) raise ApiError('email not verified', 401) # check user is active if user.status != 'active': raise ApiError('user not active', 403) # assign customers & update last login time customers = get_customers(user.email, groups=[user.domain]) user.update_last_login() # generate token token = create_token(user.id, user.name, user.email, provider='basic', customers=customers, roles=user.roles, email=user.email, email_verified=user.email_verified) return jsonify(token=token.tokenize)
def send_confirmation(self) -> None: token = utils.generate_email_token(email=self.email, salt='confirm') self._set_email_hash(token) utils.send_confirmation(self, token)