def post(self):
# get the post data
post_data = request.get_json()
old_password = post_data.get('old_password')
new_password = post_data.get('new_password')
phone = proccess_phone_number(phone_number=post_data.get('phone'), region=post_data.get('region'))
one_time_code = post_data.get('one_time_code')
auth_header = request.headers.get('Authorization')
# Check authorisation using a one time code
if phone and one_time_code:
card = phone[-6:]
user = (User.query.filter_by(phone=phone).execution_options(show_all=True).first() or
User.query.filter_by(public_serial_number=card).execution_options(show_all=True).first()
)
if not user:
response_object = {
'status': 'fail',
'message': 'User not found'
}
return make_response(jsonify(response_object)), 401
if user.is_activated:
response_object = {
'status': 'fail',
'message': 'Account already activated'
}
return make_response(jsonify(response_object)), 401
if str(one_time_code) != user.one_time_code:
response_object = {
'status': 'fail',
'message': 'One time code not valid'
}
return make_response(jsonify(response_object)), 401
user.hash_password(new_password)
user.is_phone_verified = True
user.is_activated = True
user.one_time_code = None
auth_token = user.encode_auth_token()
response_object = create_user_response_object(user, auth_token, 'Successfully set pin')
db.session.commit()
return make_response(jsonify(response_object)), 200
# Check authorisation using regular auth
elif auth_header and auth_header != 'null' and old_password:
auth_token = auth_header.split(" ")[0]
resp = User.decode_auth_token(auth_token)
if isinstance(resp, str):
response_object = {
'status': 'fail',
'message': 'Invalid auth token'
}
return make_response(jsonify(response_object)), 401
user = User.query.filter_by(id=resp.get('user_id')).execution_options(show_all=True).first()
if not user:
response_object = {
'status': 'fail',
'message': 'User not found'
}
return make_response(jsonify(response_object)), 401
if not user.verify_password(old_password):
response_object = {
'status': 'fail',
'message': 'invalid password'
}
return make_response(jsonify(response_object)), 401
# Check authorisation using a reset token provided via email
else:
reset_password_token = post_data.get('reset_password_token')
if not reset_password_token:
response_object = {
'status': 'fail',
'message': 'Missing token.'
}
return make_response(jsonify(response_object)), 401
reset_password_token = reset_password_token.split(" ")[0]
validity_check = User.decode_single_use_JWS(reset_password_token, 'R')
if not validity_check['success']:
response_object = {
'status': 'fail',
'message': validity_check['message']
}
return make_response(jsonify(response_object)), 401
user = validity_check['user']
reuse_check = user.check_reset_token_already_used(
reset_password_token)
if not reuse_check:
response_object = {
'status': 'fail',
'message': 'Token already used'
}
return make_response(jsonify(response_object)), 401
if not new_password or len(new_password) < 6:
response_object = {
'status': 'fail',
'message': 'Password must be at least 6 characters long'
}
return make_response(jsonify(response_object)), 401
user.hash_password(new_password)
user.delete_password_reset_tokens()
db.session.commit()
response_object = {
'status': 'success',
'message': 'Password changed, please log in'
}
return make_response(jsonify(response_object)), 200
def post(self):
# get the post data
post_data = request.get_json()
activation_token = post_data.get('activation_token')
if activation_token and activation_token != 'null':
auth_token = activation_token.split(" ")[0]
else:
auth_token = ''
if auth_token:
validity_check = User.decode_single_use_JWS(activation_token, 'A')
if not validity_check['success']:
response_object = {
'status': 'fail',
'message': validity_check['message']
}
return make_response(jsonify(response_object)), 401
user = validity_check['user']
if user.is_activated:
response_object = {
'status': 'fail',
'message': 'Already activated.'
}
return make_response(jsonify(response_object)), 401
user.is_activated = True
auth_token = user.encode_auth_token()
db.session.flush()
# Possible Outcomes:
# TFA required, but not set up
# TFA not required
tfa_response_oject = tfa_logic(user, tfa_token=None)
if tfa_response_oject:
tfa_response_oject['auth_token'] = auth_token.decode()
db.session.commit() # need to commit here so that is_activated = True
return make_response(jsonify(tfa_response_oject)), 401
# Update the last_seen TS for this user
user.update_last_seen_ts()
response_object = create_user_response_object(user, auth_token, 'Successfully activated.')
db.session.commit()
return make_response(jsonify(response_object)), 201
else:
response_object = {
'status': 'fail',
'message': 'Provide a valid auth token.'
}
return make_response(jsonify(response_object)), 401
