def post(self): logger.info("request.form: %s", request.form) user = UserSchema(partial=True).load(request.form).data logger.info(UserSchema().dump(user)) if user.password is None: logger.warn("No password is provided during login") return {"message": UserLogin.message( "Username and password are required")}, 404 try: databaseUser = UserModel.find_by_username(username=user.username) except NoResultFound: UserModel.verify_hash("randomness", UserModel.generate_hash( uuid.uuid4().hex[0:int(random.random()*20)] )) logger.warn("User did not exist: %s", user.username) return {'message': UserLogin.message( "Unknown User {}".format(user.username)) }, 404 if UserModel.verify_hash( request.form["password"], databaseUser.password): access_token = create_access_token( identity={ "username": databaseUser.username, "id": databaseUser.id }) refresh_token = create_refresh_token( identity={ "username": databaseUser.username, "id": databaseUser.id }) return {'access_token': access_token, 'refresh_token': refresh_token, 'username': user.username, 'email': user.email } else: logger.warn("Password did not exist for user: %s", user.username) return { "message": UserLogin.message( "Unknown password {} for user {}".format( request.form["password"], user.username))}, 404
def post(self): if "previousPassword" not in request.values \ or request.values.get('previousPassword') is None: raise UserException("previousPassword is not set") if "newPassword" not in request.values or \ request.values.get('newPassword') is None: raise UserException("previousPassword is not set") currentUserId = get_jwt_identity().get("id") databaseUser = UserModel.find_by_id(currentUserId) if not UserModel.verify_hash( request.values["previousPassword"], databaseUser.password): return { "message": PasswordModification.message( "Previous password was not correct")}, 401 databaseUser.password = \ UserModel.generate_hash(request.values.get("newPassword")) databaseUser.update() return {"message": "Updated the password."}