def get(self):
token = get_token()
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
response_obj = dict(status='Success',
data=dict(username=user.username,
registered_on=user.registered_on,
admin=user.admin,
anonymous=user.anonymous))
return make_response(jsonify(response_obj), 200)
def test_decode_refresh_token(self):
user = UserModel(username='******', password='******')
db.session.add(user)
db.session.commit()
access_token, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
self.assertTrue(isinstance(access_token, bytes))
self.assertTrue(isinstance(refresh_token, bytes))
self.assertTrue(isinstance(refresh_token_id, str))
response = UserModel.decode_refresh_token(refresh_token)
self.assertTrue(isinstance(response, str))
def post(self):
token = get_token()
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
blacklisted_token = BlackListTokenModel(token_id=user.token_id)
user.token_id = ''
if user.anonymous:
db.session.delete(user)
db.session.commit()
response_obj = dict(status='Success',
message='Successfully logged out')
return make_response(jsonify(response_obj), 200)
def get(self):
token = get_token()
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
if payload_dict.get('admin'):
users = UserModel.query.all()
users[:] = [(user.username, user.registered_on) for user in users]
response_obj = dict(status='Success', message=users)
return make_response(jsonify(response_obj), 200)
else:
response_obj = dict(status='Fail',
message=str(UnauthorizedAccess()),
error=UnauthorizedAccess.__name__)
return make_response(jsonify(response_obj), 403)
def post(self):
token = get_token()
try:
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
access_token = user.encode_access_token(user.username)
response_obj = dict(status='Success',
message='Generated new access token',
refresh_token_renewed=False,
access_token=access_token.decode())
return make_response(jsonify(response_obj), 200)
except ExpiredToken as e:
payload = UserModel.decode_expired_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
access_token, refresh_token, refresh_token_id = user.encode_auth_tokens(
user.username)
blacklisted_token = BlackListTokenModel(
token_id=payload_dict.get('token_id'))
user.token_id = refresh_token_id
db.session.add(blacklisted_token)
db.session.commit()
response_obj = dict(
status='Success',
message='Generated new refresh and access tokens',
refresh_token_renewed=True,
access_token=access_token.decode(),
refresh_token=refresh_token.decode())
return make_response(jsonify(response_obj), 200)
except InvalidToken as err:
blacklisted_token = create_blacklisted_token(err, token)
db.session.add(blacklisted_token)
db.session.commit()
response_obj = dict(status='Fail',
message=str(UnauthorizedAccess()),
error=UnauthorizedAccess.__name__)
return make_response(jsonify(response_obj), 403)
except (BlacklistedToken, Exception) as err:
error = None
if isinstance(err, BlacklistedToken):
error = BlacklistedToken.__name__
else:
error = OtherError.__name__
response_obj = dict(status='Fail', message=str(err), error=error)
return make_response(jsonify(response_obj), 500)
def post(self):
token = get_token()
post_data = request.get_json()
if any([
'typeOfChange' not in post_data.keys(), 'message'
not in post_data.keys()
]):
response_obj = dict(
status='Fail',
message=
'You are missing either "typeOfChange" or "message" or both',
error=OtherError.__name__)
return make_response(jsonify(response_obj), 500)
payload = UserModel.decode_refresh_token(token)
payload_dict = json.loads(payload)
user = UserModel.query.filter_by(
public_id=payload_dict.get('name')).first()
if post_data.get('typeOfChange') == 'password':
user.change_password(post_data.get('message'))
if post_data.get('typeOfChange') == 'username':
user.change_username(post_data.get('message'))
if post_data.get('typeOfChange') == 'both':
user.change_password(post_data.get('message').get('password'))
user.change_username(post_data.get('message').get('username'))
blacklisted_token = BlackListTokenModel(token_id=user.token_id)
user.token_id = ''
db.session.add(blacklisted_token)
db.session.commit()
message = ''
if post_data.get('typeOfChange') == 'password':
message = 'Changed your password'
if post_data.get('typeOfChange') == 'username':
message = 'Changed your username'
if post_data.get('typeOfChange') == 'both':
message = 'Changed your username and password'
response_obj = dict(status='Success', message=message)
return make_response(jsonify(response_obj), 200)
def decorated(*args, **kwargs):
token = get_token()
try:
payload = UserModel.decode_refresh_token(token)
return func(*args, **kwargs)
except (InvalidToken, ExpiredToken) as e:
blacklisted_token = create_blacklisted_token(e, token)
db.session.add(blacklisted_token)
db.session.commit()
response_obj = dict(status='Fail',
message=str(UnauthorizedAccess()),
error=UnauthorizedAccess.__name__)
return make_response(jsonify(response_obj), 403)
except (BlacklistedToken, Exception) as err:
if isinstance(err, BlacklistedToken):
response_obj = dict(status='Fail',
message=str(BlacklistedToken()),
error=BlacklistedToken.__name__)
return make_response(jsonify(response_obj), 403)
response_obj = dict(status='Fail',
message=str(err),
error=OtherError.__name__)
return make_response(jsonify(response_obj), 500)