def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("token", type=str, required=True)
args = parser.parse_args()
data = Token.validate(args["token"])
if not data["valid"]:
return abort("general", "token-invalid-type")
account = UserService.get_by_username(data["payload"]["meta"])
if account is None:
return abort("account", "not-found")
if data["payload"]["action"] != "activation":
return abort("general", "token-invalid-type")
activated = PermissionService.check(account, "global", "activated")
if activated:
return abort("account", "activated")
PermissionService.add(account, "global", "activated")
result["data"] = {"username": account.username, "activated": True}
return result
def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("password", type=str, required=True)
parser.add_argument("email", type=str, required=True)
args = parser.parse_args()
account = UserService.get_by_email(args["email"])
if account is None:
return abort("account", "not-found")
login = UserService.login(args["password"], account.password)
if not login:
return abort("account", "login-failed")
UserService.update(account, login=datetime.now)
token = Token.create("login", account.username)
data = Token.validate(token)
result["data"] = {
"token": token,
"expire": data["payload"]["expire"],
"username": data["payload"]["meta"]
}
return result
def activate(args):
result = {"error": None, "data": {}}
if not Token.validate(args["token"]):
return abort("general", "token-invalid")
payload = Token.payload(args["token"])
if not (account := UserService.get_by_username(payload["meta"])):
return abort("account", "not-found")
def auth(cls, token: str):
data = Token.validate(token)
if data["valid"] and data["payload"]["action"] == "login":
user = cls.get_by_username(data["payload"]["meta"])
if user is not None:
if PermissionService.check(user, "global", "activated"):
return user
return None
def auth(cls, token: str):
valid = Token.validate(token)
payload = Token.payload(token)
if valid and payload["action"] == "login":
user = cls.get_by_username(payload["meta"])
if user:
if PermissionService.check(user, "global", "activated"):
return user
return None
def reset(args):
result = {"error": None, "data": {}}
payload = Token.payload(args["token"])
if "meta" not in payload:
return abort("general", "token-invalid")
if payload["action"] != "reset":
return abort("general", "token-invalid-type")
account = UserService.get_by_username(payload["meta"])
if not Token.validate(args["token"], account.password):
return abort("general", "token-invalid")
account.password = auth.hashpwd(args["password"])
result["data"] = {
"username": account.username,
"success": True
}
return result
def decorator(*args, **kwargs):
token = request.headers.get("Authentication")
valid = Token.validate(token)
payload = Token.payload(token)
if valid and payload["action"] == "login":
account = UserService.get_by_username(payload["meta"])
if account is None:
return abort("account", "login-failed")
if not account.activated:
return abort("account", "not-activated")
account.login = datetime.utcnow()
request.account = account
return view_function(*args, **kwargs)
return abort("account", "login-failed")