def post(self): request_json = request.get_json(silent=True) username: str = request_json.get("username") password: str = request_json.get("password") # lookup by username if not username or not password: err_msg = "Please check the credentials." return {"message": err_msg}, 400 if UserRepository.get(username): current_user = UserRepository.get(username) else: err_msg = f"User {username} doesn't exist" return {"message": err_msg}, 404 if not current_user.get("active"): err_msg = "User was deleted. Please contact the admin." return {"message": err_msg}, 404 if UserRepository.verify_hash(password, current_user.get("password")): access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) msg = "Logged in as {}".format(current_user.get("username")) response = { "message": msg, "access_token": access_token, "refresh_token": refresh_token, } return response, 200 else: return {"message": "Wrong password"}, 401
def put(self): request_json = request.get_json(silent=True) username = get_jwt_identity() if not request_json: err_msg = "Body should not be empty" return {"message": err_msg}, 400 old_password: str = request_json.get('old_password') new_password: str = request_json.get('new_password') confirm_password: str = request_json.get('confirmation_password') if not old_password or not new_password or not confirm_password: err_msg = "Please check password fields." return {"message": err_msg}, 400 current_user = UserRepository.get(username) current_password = current_user.get("password") if not current_password: err_msg = "Can't retrieve previous password." return {"message": err_msg}, 400 if not UserRepository.verify_hash(old_password, current_password): err_msg = "Wrong old password value." return {"message": err_msg}, 400 if new_password != confirm_password: err_msg = "New password doesn't match with confirmation password." return {"message": err_msg}, 400 if not new_password: err_msg = "New password is empty. Update didn't pass" return {"message": err_msg}, 400 user = UserRepository.update_password(username, new_password) return user, 200
def post(self): request_json = request.get_json(silent=True) username: str = request_json["username"] password: str = request_json.get("password") # lookup by username if UserRepository.get(username): current_user = UserRepository.get(username) else: return {"message": "User {} doesn't exist".format(username)}, 404 if UserRepository.verify_hash(password, current_user["password"]): access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) return { "message": "Logged in as {}".format(current_user["username"]), "access_token": access_token, "refresh_token": refresh_token, }, 200 else: return {"message": "Wrong password"}, 401