def post(self):
logger.info("request.form: %s", request.form)
user = UserSchema(partial=True).load(request.form).data
logger.info(UserSchema().dump(user))
if user.password is None:
logger.warn("No password is provided during login")
return {"message": UserLogin.message(
"Username and password are required")}, 404
try:
databaseUser = UserModel.find_by_username(username=user.username)
except NoResultFound:
UserModel.verify_hash("randomness",
UserModel.generate_hash(
uuid.uuid4().hex[0:int(random.random()*20)]
))
logger.warn("User did not exist: %s", user.username)
return {'message':
UserLogin.message(
"Unknown User {}".format(user.username))
}, 404
if UserModel.verify_hash(
request.form["password"], databaseUser.password):
access_token = create_access_token(
identity={
"username": databaseUser.username,
"id": databaseUser.id
})
refresh_token = create_refresh_token(
identity={
"username": databaseUser.username,
"id": databaseUser.id
})
return {'access_token': access_token,
'refresh_token': refresh_token,
'username': user.username,
'email': user.email
}
else:
logger.warn("Password did not exist for user: %s", user.username)
return {
"message": UserLogin.message(
"Unknown password {} for user {}".format(
request.form["password"], user.username))}, 404
def post(self):
if "previousPassword" not in request.values \
or request.values.get('previousPassword') is None:
raise UserException("previousPassword is not set")
if "newPassword" not in request.values or \
request.values.get('newPassword') is None:
raise UserException("previousPassword is not set")
currentUserId = get_jwt_identity().get("id")
databaseUser = UserModel.find_by_id(currentUserId)
if not UserModel.verify_hash(
request.values["previousPassword"], databaseUser.password):
return {
"message": PasswordModification.message(
"Previous password was not correct")}, 401
databaseUser.password = \
UserModel.generate_hash(request.values.get("newPassword"))
databaseUser.update()
return {"message": "Updated the password."}