def login():
# lookup user from username/email
try:
username = request.json.get('username', None) or request.json['email']
password = request.json['password']
except KeyError:
raise ApiError("must supply 'username' and 'password'", 401)
user = User.check_credentials(username, password)
if not user:
raise ApiError("Invalid username or password", 401)
# if email verification is enforced, deny login and send email
if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified:
hash = str(uuid4())
send_confirmation(user, hash)
user.set_email_hash(hash)
raise ApiError('email not verified', 401)
# check allowed domain
if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]):
raise ApiError("unauthorized domain", 403)
# assign customers
customers = get_customers(user.email, groups=[user.domain])
# generate token
token = create_token(user.id, user.name, user.email, provider='basic', customers=customers,
roles=user.roles, email=user.email, email_verified=user.email_verified)
return jsonify(token=token.tokenize)
def signup():
if not current_app.config['SIGNUP_ENABLED']:
raise ApiError('user signup is disabled', 401)
try:
user = User.parse(request.json)
except Exception as e:
raise ApiError(str(e), 400)
# set sign-up defaults
user.roles = ['user']
user.email_verified = False
# check allowed domain
if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]):
raise ApiError('unauthorized domain', 403)
if User.find_by_email(email=user.email):
raise ApiError('username already exists', 409)
try:
user = user.create()
except Exception as e:
ApiError(str(e), 500)
# if email verification is enforced, deny login and send email
if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified:
send_confirmation(user)
raise ApiError('email not verified', 401)
# check user is active & update last login
if user.status != 'active':
raise ApiError('user not active', 403)
user.update_last_login()
# assign customers
customers = get_customers(user.email, groups=[user.domain])
# generate token
token = create_token(user.id,
user.name,
user.email,
provider='basic',
customers=customers,
roles=user.roles,
email=user.email,
email_verified=user.email_verified)
return jsonify(token=token.tokenize)
def create_user():
try:
user = User.parse(request.json)
except Exception as e:
raise ApiError(str(e), 400)
# check allowed domain
if not_authorized('ALLOWED_EMAIL_DOMAINS', groups=[user.domain]):
raise ApiError('unauthorized domain', 403)
if User.find_by_email(email=user.email):
raise ApiError('username already exists', 409)
try:
user = user.create()
except Exception as e:
ApiError(str(e), 500)
# if email verification is enforced, deny login and send email
if current_app.config['EMAIL_VERIFICATION'] and not user.email_verified:
hash = str(uuid4())
send_confirmation(user, hash)
user.set_email_hash(hash)
raise ApiError('email not verified', 401)
# check user is active
if user.status != 'active':
raise ApiError('user not active', 403)
# assign customers & update last login time
customers = get_customers(user.email, groups=[user.domain])
user.update_last_login()
# generate token
token = create_token(user.id,
user.name,
user.email,
provider='basic',
customers=customers,
roles=user.roles,
email=user.email,
email_verified=user.email_verified)
return jsonify(token=token.tokenize)
def send_confirmation(self) -> None:
token = utils.generate_email_token(email=self.email, salt='confirm')
self._set_email_hash(token)
utils.send_confirmation(self, token)
