def post(self):
'''Returns a JWT for the user that owns the provided credentials.'''
id_token = request.json.get('id_token')
username = request.json.get('username')
password = request.json.get('password')
user = None
# process OIDC credentials
if id_token:
payload = get_unverified_jwt_payload(id_token)
email = payload['email']
user = User.get_by_email(email)
if not user:
# register the user
user = User(
username=email.split('@')[0],
email=email,
avatar=payload['picture'],
signature='',
name=payload['name'],
password=token_urlsafe(20),
question=0,
answer=token_urlsafe(10),
)
db.session.add(user)
db.session.commit()
# process username and password credentials
elif username and password:
user = User.get_by_username(username)
if user and not user.check_password(password):
user = None
# handle authentication
if user and user.is_enabled:
data = {'user': user.serialize_self()}
# build other claims
claims = {}
path = os.path.join(current_app.config['UPLOAD_FOLDER'],
md5(str(user.id).encode()).hexdigest())
if not os.path.exists(path):
os.makedirs(path)
claims['upload_folder'] = path
# create a JWT
token = encode_jwt(user.id, claims=claims)
# send the JWT as a Bearer token when the feature is enabled
if Config.get_value('BEARER_AUTH_ENABLE'):
data['access_token'] = token
# remove any existing access token cookie
return data, 200, {
'Set-Cookie':
'access_token=; Expires=Thu, 01-Jan-1970 00:00:00 GMT'
}
# default to cookie authentication
# return a CSRF token when using cookie authentication
csrf_obj = CsrfToken(user.id)
csrf_obj.sign(current_app.config['SECRET_KEY'])
data['csrf_token'] = csrf_obj.serialize()
# set the JWT as a HttpOnly cookie
return data, 200, {'Set-Cookie': f"access_token={token}; HttpOnly"}
abort(400, 'Invalid username or password.')
def post(self):
'''Returns a JWT for the user that owns the provided credentials.'''
id_token = request.json.get('id_token')
username = request.json.get('username')
password = request.json.get('password')
user = None
if id_token:
payload = get_unverified_jwt_payload(id_token)
user = User.get_by_email(payload['email'])
elif username and password:
user = User.get_by_username(username)
if user and not user.check_password(password):
user = None
if user and user.is_enabled:
data = {'user': user.serialize()}
# build other claims
claims = {}
path = os.path.join(current_app.config['UPLOAD_FOLDER'],
md5(str(user.id).encode()).hexdigest())
if not os.path.exists(path):
os.makedirs(path)
claims['upload_folder'] = path
# create a JWT
token = encode_jwt(user.id, claims=claims)
# send the JWT as a Bearer token when the feature is enabled
if Config.get_value('BEARER_AUTH_ENABLE'):
data['token'] = token
# remove any existing access token cookie
return data, 200, {
'Set-Cookie':
'access_token=; Expires=Thu, 01-Jan-1970 00:00:00 GMT'
}
# set the JWT as a HttpOnly cookie by default
return data, 200, {
'Set-Cookie': 'access_token=' + token + '; HttpOnly'
}
return {'message': 'Invalid username or password.'}
def config_cors(response):
if Config.get_value('CORS_RESTRICT'):
# apply the CORS whitelist from the config
if not is_allowed_origin(response):
response = remove_cors_headers(response)
return response