def post(self): result = {"error": None, "data": {}} parser = reqparse.RequestParser() parser.add_argument("token", type=str, required=True) args = parser.parse_args() data = Token.validate(args["token"]) if not data["valid"]: return abort("general", "token-invalid-type") account = UserService.get_by_username(data["payload"]["meta"]) if account is None: return abort("account", "not-found") if data["payload"]["action"] != "activation": return abort("general", "token-invalid-type") activated = PermissionService.check(account, "global", "activated") if activated: return abort("account", "activated") PermissionService.add(account, "global", "activated") result["data"] = {"username": account.username, "activated": True} return result
def post(self): result = {"error": None, "data": {}} parser = reqparse.RequestParser() parser.add_argument("password", type=str, required=True) parser.add_argument("email", type=str, required=True) args = parser.parse_args() account = UserService.get_by_email(args["email"]) if account is None: return abort("account", "not-found") login = UserService.login(args["password"], account.password) if not login: return abort("account", "login-failed") UserService.update(account, login=datetime.now) token = Token.create("login", account.username) data = Token.validate(token) result["data"] = { "token": token, "expire": data["payload"]["expire"], "username": data["payload"]["meta"] } return result
def activate(args): result = {"error": None, "data": {}} if not Token.validate(args["token"]): return abort("general", "token-invalid") payload = Token.payload(args["token"]) if not (account := UserService.get_by_username(payload["meta"])): return abort("account", "not-found")
def auth(cls, token: str): data = Token.validate(token) if data["valid"] and data["payload"]["action"] == "login": user = cls.get_by_username(data["payload"]["meta"]) if user is not None: if PermissionService.check(user, "global", "activated"): return user return None
def auth(cls, token: str): valid = Token.validate(token) payload = Token.payload(token) if valid and payload["action"] == "login": user = cls.get_by_username(payload["meta"]) if user: if PermissionService.check(user, "global", "activated"): return user return None
def reset(args): result = {"error": None, "data": {}} payload = Token.payload(args["token"]) if "meta" not in payload: return abort("general", "token-invalid") if payload["action"] != "reset": return abort("general", "token-invalid-type") account = UserService.get_by_username(payload["meta"]) if not Token.validate(args["token"], account.password): return abort("general", "token-invalid") account.password = auth.hashpwd(args["password"]) result["data"] = { "username": account.username, "success": True } return result
def decorator(*args, **kwargs): token = request.headers.get("Authentication") valid = Token.validate(token) payload = Token.payload(token) if valid and payload["action"] == "login": account = UserService.get_by_username(payload["meta"]) if account is None: return abort("account", "login-failed") if not account.activated: return abort("account", "not-activated") account.login = datetime.utcnow() request.account = account return view_function(*args, **kwargs) return abort("account", "login-failed")