def post(self): """ User Login/SignIn route """ login_info = request.get_json() if not login_info: return make_response(jsonify({'message': 'Input payload validation failed'}), 400) try: user = User.query.filter_by(email=login_info['email']).first() if not user: return make_response(jsonify({"message": 'User does not exist!'}), 404) if check_password_hash(user.password, login_info['password']): payload = { 'exp': datetime.utcnow() + timedelta(weeks=3), 'iat': datetime.utcnow(), 'sub': user.public_id } token = jwt.encode( payload, APP.config['SECRET_KEY'], algorithm='HS256' ) print(user.username) return jsonify({"message": "Logged in successfully.", "access_token": token.decode('UTF-8'), "username": user.username }) return make_response(jsonify({"message": "Incorrect credentials."}), 401) except Exception as e: print(e) return make_response(jsonify({"message": "An error occurred. Please try again."}), 501)
def lost_password(): form = LostPass() # Password Reset functionality if request.method == 'POST': if form.validate(): # First of all, check if there is a registered email in the DB that matches. # Checking if this e-mail exists in the database. If not, flashes an error to the user. check_user = User.objects(email=form.email.data).first() if check_user: # If a user is found, we'll proceed to generate a JWT-token to pass along with our mail. email = str(form.email.data) exp_time = datetime.datetime.now() + datetime.timedelta(hours=1) token = jwt.encode({'reset_password': form.email.data, 'exp': exp_time}, key=os.getenv('SECRET_KEY')) password_mail = Message("Lost your password?", sender=os.environ['MAIL_USERNAME'], recipients=[email], html=render_template('reset_email.html', token=token)) mail.send(password_mail) # Feedback so the user can see the request went through! flash( "Reset password email sent to the provided email! Please check your email and follow instructions therein.") else: flash("No user found!") return render_template("lost_password.html", form=form)
def generate_auth_token(self, expires_in=600): return jwt.encode({ 'id': self.id, 'exp': time.time() + expires_in }, app.config['SECRET_KEY'], algorithm='HS256')
def post(self): try: parser = reqparse.RequestParser() parser.add_argument('UserName', required=True, help='UserName is Required') parser.add_argument('Password', required=True, help='Password is Required') args = parser.parse_args() cursor = db.cursor() row_count = cursor.execute( 'select Role from users where UserName=\'' + args['UserName'] + '\'' + 'and Password=\'' + args[ 'Password'] + '\'') row = cursor.fetchone() if row_count > 0: payload = { 'UserName': args['UserName'], 'Password': args['Password'], 'Role': row[0] } access_token = jwt.encode(payload, 'secret', algorithm='HS256') print(access_token) message = { 'AuthToken': str(access_token), 'Role': payload['Role'], 'Request': 'Successful' } else: message = { 'AuthToken': 'Null', 'Request': 'Wrong Details' } return (message) except InterfaceError as e: CreateApi.reAssignDb() print(e) except Exception as e: print(e)
def create_token(data): payload = { "exp" : datetime.datetime.utcnow() + datetime.timedelta(days=0,minutes=60), "iat" : datetime.datetime.utcnow(), 'sub' : data } return jwt.encode(payload,app.config.get("SECRET_KEY"),algorithm='HS256')
def create_token(user): payload = { 'sub': user.id, 'iat': datetime.utcnow(), 'exp': datetime.utcnow() + timedelta(days=1), 'scope': user.role } token = jwt.encode(payload, SECRET_KEY) return token.decode('unicode_escape')
def generate_token(): payload = request.get_json() secret = app.config['SECRET_KEY'] token = jwt.encode(payload, secret, algorithm='HS256') return jsonify(error=None, data=[{ 'token': token }], message="Token Generated"), 201
def get_token(): request_data = request.get_json() username = str(request_data['username']) password = str(request_data['password']) match = User.username_password_match(username, password) if match: expiration_date = datetime.datetime.utcnow() + datetime.timedelta(seconds=100) token = jwt.encode({'exp': expiration_date}, booksapp.config['SECRET_KEY'], algorithm='HS256') return token else: return Response('', 401, mimetype='application/json')
def encode_auth_token(app, user_id, days=0, minutes=4): try: payload = { 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=days, minutes=minutes), 'iat': datetime.datetime.utcnow(), 'sub': user_id } return jwt.encode( payload, app.config.get('JWT_SECRET_KEY'), algorithm='HS256' ) except Exception as e: return e
def loginUsuario(cls, datos): from flask import jsonify from werkzeug.security import check_password_hash from datetime import datetime, timedelta from app import app from flask_jwt import jwt LoginUsuario().load(datos) usuario = UsuarioService.find_by_email(datos['email']) usuarioJson = CommonService.json(usuario, UsuarioSchema) if usuario: if check_password_hash(usuario.password, datos['password']): dt = datetime.now() + timedelta(minutes=60 * 12) usuarioJson['exp'] = dt token = jwt.encode(usuarioJson, app.config['SECRET_KEY']) return jsonify({'token': token.decode('UTF-8')}) raise Exception("Las credenciales son incorrectas.") raise Exception("No existe ningún usuario con ese mail.")
def encode_auth_token(data): """ 生成token :param data: :return: """ try: payload = { 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=7, seconds=0), 'iat': datetime.datetime.utcnow(), 'iss': 'xxxxx', 'data': data } return jwt.encode(payload, config.SECRET_KEY, algorithm='HS256') except Exception: return None
def generate_token(player_id): """ Generate Token Method """ try: payload = { 'exp': datetime.datetime.utcnow() + datetime.timedelta(days=1), 'iat': datetime.datetime.utcnow(), 'sub': player_id } return jwt.encode( payload, os.getenv('JWT_SECRET_KEY'), 'HS256' ).decode('utf-8') except Exception as e: return Response( mimetype="application/json", response=json.dumps({'error': 'error in generating player token'}), status=400 )
def login(self, username, password): user = self.get_one('username', username) if not user: return make_response( "incorrect username/password", 401, {'WWW-Authenticate': 'Basic Realm="Login Required!'}) if check_password_hash(user['password'], password): token = jwt.encode( { "user_": user, "exp": datetime.datetime.utcnow() + datetime.timedelta(minutes=100000) }, 'OLURIN ANUOLUWAPO') return ({"token": f"{token}"}) else: return make_response( "invalid password", 401, {'WWW-Authenticate': 'Basic Realm="Login Required!'})
def create_token(payload): return jwt.encode(payload, key='super-secret')
def post(self): set_temporary_password = False json_input = request.get_json() keys = ['email', 'password'] if validate_input_data(json_input, keys): return validate_input_data(json_input, keys) data, errors = user_login_schema.load(json_input) if errors: return moov_errors(errors, 422) _user = User.query.filter(User.email.like(json_input['email'])).first() if not _user: return moov_errors('User does not exist', 404) if _user.reset_password: temp_password = ForgotPassword.query.filter( ForgotPassword.user_id==_user.id ).order_by( ForgotPassword.created_at.desc() ).first() # Precautions if (not temp_password) or (temp_password and temp_password.temp_password != json_input['password']): return moov_errors("Invalid password", 400) if temp_password.used: return moov_errors("Sorry, this password has been used to reset forgotten password details", 400) if not datetime.datetime.utcnow() <= (temp_password.created_at + timedelta(days=1)): return moov_errors("Temporary password expired", 400) set_temporary_password = True temp_password.used = True _user.reset_password = False temp_password.save() _user.save() else: if not _user.check_password(json_input['password']): return moov_errors("Invalid email/password", 401) _user_wallet = Wallet.query.filter(Wallet.user_id==_user.id).first() token_date = datetime.datetime.utcnow() payload = { "id": _user.id, "stamp": str(token_date) } _token = jwt.encode(payload, os.getenv("TOKEN_KEY"), algorithm='HS256') _data, _ = user_schema.dump(_user) _data["wallet_amount"] = _user_wallet.wallet_amount if _user_wallet else "Unavailable" _data["school"] = str(_user.school_information.name) _data["user_type"] = _user.user_type.title _data["set_temporary_password"] = set_temporary_password _data.pop('password', None) _data.pop('user_id', None) return jsonify({"status": "success", "data": { "data": _data, "message": "Login successful", "token": str(_token) } })
def post(self): json_input = request.get_json() keys = [ 'user_type', 'firstname', 'lastname', 'email', 'image_url', 'mobile_number', 'password', 'authentication_type', 'school' ] _user = {} if validate_input_data(json_input, keys, _user): return validate_input_data(json_input, keys, _user) data, errors = user_schema.load(json_input) if errors: return moov_errors(errors, 422) if validate_empty_string(json_input['password']): return moov_errors('Password cannot be empty', 400) # verify email if User.is_user_data_taken(json_input['email']): return moov_errors('User already exists', 400) # verify empty request fields if is_empty_request_fields(json_input): return moov_errors("Empty strings are not allowed, exception for image urls", 400) # verify school school = get_school(str(json_input['school']).lower()) if not school: return moov_errors('{0} (school) does not exist'.format(str(json_input['school'])), 400) user_type = UserType.query.filter(UserType.title==data['user_type'].lower()).first() user_type_id = user_type.id if user_type else None unauthorized_list = ["super_admin", "admin", "school", "car_owner", "moov"] if is_user_type_authorized(unauthorized_list, data['user_type'].lower()): return moov_errors("Unauthorized, you cannot create a/an {0}".format(data['user_type']), 401) if not user_type_id: return moov_errors("User type can only be student or driver", 400) moov_email = os.environ.get("MOOV_EMAIL") moov_user = User.query.filter(User.email==moov_email).first() if not moov_user: return not_found_errors(moov_email) _transaction_icon = "https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973461_1280.png" transaction_icon = Icon.query.filter(Icon.operation_type=="moov_operation").first() if transaction_icon: _transaction_icon_id = transaction_icon.id authentication_type = "email" if "authentication_type" not in json_input else json_input['authentication_type'] authentication_type = get_authentication_type(authentication_type) new_user = User( password=data['password'], school_id=school.id, user_type_id=user_type_id, authentication_type=authentication_type, firstname=data['firstname'], lastname=data['lastname'], email=data['email'], image_url=data['image_url'] if json_input.get('image_url') else \ "https://cdn.pixabay.com/photo/2015/10/05/22/37/blank-profile-picture-973461_1280.png", mobile_number=data['mobile_number'] if json_input.get('mobile_number') else "" ) new_user.save() user_wallet = Wallet( wallet_amount= 0.00, user_id = new_user.id, description = "{0} {1}'s Wallet".format((new_user.lastname).title(), (new_user.firstname).title()) ) user_wallet.save() user_notification = Notification( message="Welcome to MOOV app.", recipient_id=new_user.id, sender_id=moov_user.id, transaction_icon_id=_transaction_icon_id ) user_notification.save() token_date = datetime.datetime.utcnow() payload = { "id": new_user.id, "stamp": str(token_date) } _token = jwt.encode(payload, os.getenv("TOKEN_KEY"), algorithm='HS256') message = "The profile with email {0} has been created succesfully".format(new_user.email) _data, _ = user_schema.dump(new_user) _data["wallet_amount"] = user_wallet.wallet_amount _data["school"] = str(new_user.school_information.name) _data["user_type"] = new_user.user_type.title _data.pop('password', None) _data.pop('user_id', None) if user_type.title.lower() == "driver": new_driver_info = DriverInfo( driver_id=new_user.id ) new_driver_info.save() user_notification = Notification( message="Thank you for registering to be a MOOV driver. \ Your request is waiting approval, we will get back to you soon", recipient_id=new_user.id, sender_id=moov_user.id, transaction_icon_id=_transaction_icon_id ) user_notification.save() return { 'status': 'success', 'data': { 'user': _data, 'message': message, 'token': _token } }, 201