def change_password():
data = request.get_json()
old_password = data.get('old_password', None)
new_password = data.get('new_password', None)
user = try_log_in(current_user.email, old_password)
if not user:
return jsonify({'msg': 'Incorrect password'}), 401
try:
update_user(user, password=new_password)
resp = jsonify({'msg': 'Password changed successfully'})
logout_jwt(request, resp)
return resp, 200
except ValueError as e:
return jsonify({'msg': str(e)}), 400
def activate():
token = request.args.get('id')
if not token:
return jsonify({'msg': 'Invalid Data'}), 400
expired, invalid, action, email = decode_url_token(token)
if expired:
return jsonify({'msg': 'token expired'}), 400
elif invalid:
return jsonify({'msg': 'token invalid'}), 400
elif action != 'invite':
return jsonify({'msg': 'action mismatch'}), 400
user = get_by_email(email)
if not user:
return jsonify({'msg': 'email mismatch'}), 400
if user.active:
return jsonify({'msg': 'account already active'}), 400
if user.disabled:
return jsonify({'msg': 'account disabled'}), 400
if request.method == 'GET':
return jsonify({'token': token}), 200
data = request.get_json()
post_email = data.get('email', None)
username = data.get('username', None)
password = data.get('password', None)
if post_email != email:
return jsonify({'msg': 'email mismatch'}), 400
try:
update_user(user, username=username, password=password, active=True)
return jsonify({'msg': 'Account activated'}), 200
except ValueError as e:
return jsonify({'msg': str(e)}), 400
def login():
data = request.get_json()
email = data.get('email', None)
password = data.get('password', None)
try:
if email and password:
user = try_log_in(email, password)
if user:
resp = jsonify({'login': True})
set_login_jwt(user, resp)
update_user(user,
last_login=datetime.utcnow(),
last_access=datetime.utcnow())
return resp, 200
return jsonify({'login': False}), 401
except Exception as e:
print(e)
return jsonify({'login': False}), 401
def reset_password():
token = request.args.get('id')
if not token:
return jsonify({'msg': 'Invalid Data'}), 400
expired, invalid, action, email = decode_url_token(token)
if expired:
return jsonify({'msg': 'token expired'}), 400
elif invalid:
return jsonify({'msg': 'token invalid'}), 400
elif action != 'password':
return jsonify({'msg': 'action mismatch'}), 400
user = get_active_by_email(email)
if not user:
return jsonify({'msg': 'email mismatch'}), 400
if request.method == 'GET':
return jsonify({'token': token}), 200
data = request.get_json()
post_email = data.get('email', None)
password = data.get('password', None)
if post_email != email:
return jsonify({'msg': 'email mismatch'}), 400
try:
update_user(user, password=password)
return jsonify({'msg': 'Password changed successfully'}), 200
except ValueError as e:
return jsonify({'msg': str(e)}), 400
def refresh():
# Create the new access token
resp = jsonify({'refresh': True})
set_refresh_jwt(current_user, resp)
update_user(current_user, last_access=datetime.utcnow())
return resp, 200