def post(self): """Refresh token""" post_data = request.get_json() refresh_token = post_data.get("refresh_token") res = {"status": False, "message": "Invalid payload."} if refresh_token is None: return res, 400 try: resp = User.decode_token(refresh_token) user = get_user_by_id(resp) if not user: res["message"] = "Invalid token." return res, 400 access_token = user.encode_token(user.id, "access") refresh_token = user.encode_token(user.id, "refresh") res = { "access_token": access_token.decode(), "refresh_token": refresh_token.decode(), } return res, 200 except jwt.ExpiredSignatureError: res["message"] = "Signature expired. Please login again." return res, 401 except jwt.InvalidTokenError: res["message"] = "Invalid token. Please login again." return res, 401
def get(self): """Get user status""" auth_header = request.headers.get("Authorization") res = {"status": False, "message": "Invalid payload."} if auth_header: try: access_token = auth_header.split(" ") if len(access_token) > 1: access_token = auth_header.split(" ")[1] resp = User.decode_token(access_token) user = get_user_by_id(resp) else: res["message"] = "Invalid header." return res, 401 if not user: res["message"] = "Invalid token. Please login." return res, 401 return user.to_json(), 200 except jwt.ExpiredSignatureError: res["message"] = "Signature expired. Please login again." return res, 401 except jwt.InvalidTokenError: res["message"] = "Invalid token. Please login again." return res, 401 else: res["message"] = "Access token required." return res, 403
def test_decode_token(test_app, test_db, add_user): user = add_user("*****@*****.**", "password") token = user.encode_token(user.id, "access") assert isinstance(token, bytes) assert User.decode_token(token) == user.id