async def login(
form_data: OAuth2PasswordRequestForm = Depends(),
) -> Dict[str, Union[str, bytes]]:
db_user = await authenticate_user(
username=form_data.username,
password=form_data.password,
)
if not db_user:
raise HTTPException(
status_code=status.HTTP_400_BAD_REQUEST,
detail='Неверное имя пользователя или пароль',
)
if not db_user['is_active']:
raise HTTPException(
status_code=status.HTTP_409_CONFLICT,
detail='Учётная запись не подтверждена',
)
if db_user['is_banned']:
raise HTTPException(
status_code=status.HTTP_410_GONE,
detail='Учётная запись заблокирована',
)
access_token = create_access_token(data={'sub': db_user['username']})
return {'access_token': access_token, 'token_type': 'bearer'}
async def refresh_route(refresh_token: str):
refresh_tokens = redis.lrange('refresh_tokens', 0,
redis.llen('refresh_tokens'))
if refresh_token.encode('utf-8') not in refresh_tokens:
print('NOT IN CACHE')
raise HTTPException(status_code=401, detail='Invalid Refresh Token')
try:
refresh_data = jwt.decode(refresh_token,
SECRET_KEY,
algorithms=[ALGORITHM])
except jwt.exceptions.InvalidTokenError as e:
if isinstance(e, jwt.exceptions.ExpiredSignatureError):
raise HTTPException(status_code=401,
detail='Refresh Token is expired')
else:
raise HTTPException(status_code=401,
detail='Refresh Token is invalid')
user = db.query(User).filter(User.id == refresh_data['userid']).first()
access_token_data = {
"user": {
"id": user.id,
"username": user.username,
"admin": user.admin
}
}
access_token = create_access_token(access_token_data)
return {"access_token": access_token, "token_type": "bearer"}
def test_create_access_token_with_default_expiration():
"""Check whether token expiration date is created with default timedelta"""
data = {'sub': 'some_username'}
secret_key = 'notsosecret'
with patch('app.auth.SECRET_KEY', secret_key):
token = create_access_token(data)
decoded = jwt.decode(token, secret_key, algorithms=[ALGORITHM])
assert decoded['sub'] == data['sub']
assert decoded['exp'] == (date + timedelta(minutes=15)).timestamp()
def test_create_access_token_with_expiration():
"""Check whether token expiration date considers passed timedelta"""
data = {'sub': 'some_username'}
delta = timedelta(days=1)
secret_key = 'notsosecret'
with patch('app.auth.SECRET_KEY', secret_key):
token = create_access_token(data, delta)
decoded = jwt.decode(token, secret_key, algorithms=[ALGORITHM])
assert decoded['sub'] == data['sub']
assert decoded['exp'] == (date + delta).timestamp()
async def login_for_access_token(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db)):
user = auth.authenticate_user(db, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token_expires = timedelta(minutes=auth.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = auth.create_access_token(data={"sub": user.username},
expires_delta=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
async def login(db: Session = Depends(deps.get_db),
form_data: OAuth2PasswordRequestForm = Depends()) -> Any:
user = authenticate(email=form_data.username,
password=form_data.password,
db=db)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect username or password")
user_jwt_payload = get_user_jwt_payload(user)
return {
"access_token": create_access_token(user.id, user_jwt_payload),
"token_type": "bearer",
}
async def token_route(username: str, password: str):
user = db.query(User).filter(User.username == username).first()
if not user:
raise HTTPException(status_code=401,
detail='Incorrect username or password')
if not pwd_context.verify(password, user.password):
raise HTTPException(status_code=401,
detail='Incorrect username or password')
access_token_data = {
"user": {
"id": user.id,
"username": user.username,
"admin": user.admin
}
}
access_token = create_access_token(access_token_data)
refresh_token = create_access_token({'userid': user.id},
timedelta(minutes=60 * 24))
redis.lpush('refresh_tokens', refresh_token)
return {
"access_token": access_token,
"token_type": "bearer",
"refresh_token": refresh_token
}
async def login(form_data: LoginSchema):
user = await UserModel.query.where(UserModel.email == form_data.email
).gino.first()
if not user:
raise HTTPException(status_code=400,
detail="Incorrect username or password")
if not verify_password(form_data.password, user.password_hash):
raise HTTPException(status_code=400,
detail="Incorrect username or password")
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = create_access_token(data={"user_id": user.id},
expires_delta=access_token_expires)
return {"access_token": access_token, "token_type": "bearer"}
def login(db=Depends(get_db),
form_data: OAuth2PasswordRequestForm = Depends()):
user = authenticate_user(db,
email=form_data.username,
password=form_data.password)
if not user:
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED,
detail='Incorrect username or password',
headers={'Authenticate': 'Bearer'})
access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRES_MINUTES)
access_token = create_access_token(data={'sub': user.email},
expires_delta=access_token_expires)
return {'access_token': access_token, 'token_type': 'bearer'}
async def login_for_access_token(
form_data: OAuth2PasswordRequestForm = Depends(),
db: Session = Depends(get_db)):
"""
Authentication.
:param form_data: Form Data {login, password}
:param db: db Session
:return: Token object
"""
user = authenticate_user(db, form_data.username, form_data.password)
if not user:
raise HTTPException(
status_code=401,
detail="Incorrect username or password",
headers={"WWW-Authenticate": "Bearer"},
)
access_token = create_access_token(data={"sub": user.nickname})
return {"access_token": access_token, "token_type": "bearer"}
def login(db: Session = Depends(dependencies.get_db),
form_data: OAuth2PasswordRequestForm = Depends()) -> Any:
"""
OAuth2 compatible token login, get an access token for future requests
"""
user = models.User.authenticate_user(db,
email=form_data.username,
password=form_data.password)
if not user:
raise HTTPException(status_code=400,
detail="Incorrect email or password")
access_token_expires = timedelta(
minutes=config.ACCESS_TOKEN_EXPIRE_MINUTES)
access_token = auth.create_access_token(data={
"sub": str(user.id),
"email": user.email
},
expires_delta=access_token_expires)
return {
"access_token": access_token,
"token_type": "Bearer",
}
def create_auth_header(username: str) -> Dict[str, str]:
token = create_access_token(data={'sub': username})
return {'Authorization': f'Bearer {token}'}
