def post(self): username = request.json.get('username', None) password = request.json.get('password', None) secret = request.json.get('secret', None) role = 'admin' if secret != 'iniSECret': return {'message': 'Permission denied'}, 500 if User.find_by_username(username): return {'message': 'Admin already exists: {}'.format(username)} username = username password = User.generate_hash(password) try: new_user = User(username, password, role) db.session.add(new_user) db.session.commit() access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) return { 'message': 'Admin created: {}'.format(username), 'access_token': access_token, 'refresh_token': refresh_token } except Exception as e: return {'message': e}, 500
def get(self): username = get_jwt_identity() current_user = User.find_by_username(username) if not current_user: return {'message': 'User doesn\'t exist: {}'.format(username)} detail = {} for column in current_user.__table__.columns: detail[column.name] = str(getattr(current_user, column.name)) return detail
def wrapper(*args, **kwargs): verify_jwt_in_request() username = get_jwt_identity() current_user = User.find_by_username(username) if current_user.role != 'admin': return { 'message': 'Permission denied. Admin only' }, 403 else: return fn(*args, **kwargs)
def post(self): username = request.json.get('username', None) password = request.json.get('password', None) current_user = User.find_by_username(username) if not current_user: return {'message': 'User doesn\'t exist: {}'.format(username)} if User.verify_hash(password, current_user.password): access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=password) return { 'message': 'Logged in as {}'.format(current_user.username), 'access_token': access_token, 'refresh_token': refresh_token } else: return {'message': 'Wrong credentials'}
def post(self): username = get_jwt_identity() current_user = User.find_by_username(username) if not current_user: return {'message': 'User doesn\'t exist: {}'.format(username)} try: current_user.phone = request.json.get('phone', None) current_user.address = request.json.get('address', None) db.session.commit() return { 'message': 'Data updated: {}'.format(current_user.username) } except Exception as e: return {'message': e}, 500
def login(): if request.method == 'POST': username = request.form.get('username') password = request.form.get('password') current_user = User.find_by_username(username) if not current_user: flash('ERROR! user not found.', 'error') return redirect(url_for('admin.dashboard')) if User.verify_hash(password, current_user.password): current_user.authenticated = True db.session.add(current_user) db.session.commit() login_user(current_user) return redirect(url_for('admin.dashboard')) else: db.session.rollback() flash('ERROR! Incorrect login credentials.', 'error') return render_template('login.html')
def post(self): username = request.json.get('username', None) password = request.json.get('password', None) if User.find_by_username(username): return {'message': 'User already exists: {}'.format(username)} username = username password = User.generate_hash(password) try: new_user = User(username, password) db.session.add(new_user) db.session.commit() access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) return { 'message': 'User created: {}'.format(username), 'access_token': access_token, 'refresh_token': refresh_token } except Exception as e: return {'message': e}, 500
def profile(username): current_user = User.find_by_username(username) return render_template('profiles.html', user=current_user)