def post(self, **kwargs): session = kwargs['session'] data = request.get_json() password = data['password'] nickname = data['nickname'] user = session.query(User).filter(User.nickname == nickname).first() if not user: return {'status': 'failed'}, 400 check_password = verify_password(user.password, password) if nickname == user.nickname and check_password and user.is_active: token = jwt.encode( { 'user_id': user.id, 'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=60), }, app.config.get('SECRET_KEY')) new_token = Session(user_id=user.id, session_token=token) session.add(new_token) session.commit() return {'token': token.decode('UTF-8')}, 201 return {'status': 'failed'}, 400
def initialize(self): self.db = dbSession try: session_id = self.get_secure_cookie('session_id').decode() self.session = self.db.query(Session).filter_by( session_key=session_id).first() if self.session.expire_date < datetime.datetime.utcnow(): self.db.delete(self.session) self.db.commit() raise SessionExpired('Session Expired') except (AttributeError, SessionExpired): session_id = str(uuid.uuid4()) self.set_secure_cookie('session_id', session_id) self.session = Session(session_key=session_id, expire_date=datetime.datetime.utcnow() + datetime.timedelta(days=1))
def lost_password(): """ Send a one time login link to authenticate the user. The link will contain an Session token that can be used directly from the app. """ form = LostPasswordForm.load(request) form.validate() account = Account.find_by_email(form.email.data) if account: ot = Session(account.id) ot.save(True) ot.send() return jsonify({ 'success': True })
def validate_email(token): ae = AccountEmail.find_by_token(token) if not ae: abort(404) body = request.get_json(silent=True) if not body: body = {} account_id = ae.account_id ae.validate() from auth.models import Session ot = Session(account_id).save(True) return jsonify({ 'success': True, 'token': ot.token })
def login(): """ Authenticate the user via the provided login/password """ form = AuthForm.load(request) form.validate() account = Account.find_by_email(form.email.data) if not account: form.error('email', 'Invalid email/password credentials provided.') if not account.verify_password(form.password.data): form.error('email', 'Invalid email/password credentials provided.') ot = Session(account.id).save(True) return jsonify({ 'success': True, 'token': ot.token, 'account': account.serialize() })