def revoke_token():
jti = get_raw_jwt()["jti"]
RevokedToken.add(jti)
return jsonify({
"status": "success",
"message": "successuflly logged out"
}), 200
def confirm_email():
if current_user.is_authenticated:
#logout_user()
return redirect(request.args.get('next') or url_for('home.index'))
action = request.args.get('action')
if action == 'confirm':
token = request.args.get('token')
if not token:
return render_template('feedback.html', status=False, message=_('此激活链接无效,请准确复制邮件中的链接。'))
if RT.query.get(token):
return render_template('feedback.html', status=False, message=_('此激活链接已被使用过。'))
RT.add(token)
try:
email = ts.loads(token, salt="email-confirm-key", max_age=86400)
except:
abort(404)
user = User.query.filter_by(email=email).first_or_404()
user.confirm()
flash(_('Your email has been confirmed'))
login_user(user)
return redirect(url_for('home.index'))
elif action == 'send':
email = request.args.get('email')
user = User.query.filter_by(email=email).first_or_404()
print(user)
if not user.confirmed:
print(email)
send_confirm_mail(email)
return render_template('feedback.html', status=True, message=_('邮件已经发送,请查收!'))
else:
abort(404)
def post(self):
"""Logout a user using JWT refresh_token.
---
tags:
- User authentication and authorization
security:
$ref: '#/components/securitySchemes/BearAuth'
responses:
200:
description: Log out has been successful!
500:
description: Internal server error
"""
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedToken(jti)
revoked_token.save()
response = jsonify({
'response_message': 'Log out has been successful!',
'status_code': 200
})
return response
except Exception as error:
response = jsonify({
'response_message': str(error),
'status_code': 500
})
return response
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedToken(jti=jti)
revoked_token.add()
return {'msg': 'Token has been revoked'}
except:
return {'msg': 'Something error'}, 500
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedToken(jti = jti)
revoked_token.add()
return {'message': 'Access token has been revoked'},200
except:
return {'message': 'Something went wrong'}, 500
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedToken(jti=jti)
revoked_token.save()
return {'message': 'Revoked refresh token'}
except:
return {'message': 'Error in revoking refresh token'}
def post(self):
jti = get_raw_jwt()['jti']
try:
revoked_token = RevokedToken(jti=jti)
revoked_token.save()
return {'message': 'Refresh token has been revoked'}
except:
return {'message': 'Something went wrong'}, 500
def post(self):
#create new access token for user
current_user = get_jwt_identity()
access_token = create_access_token(identity=current_user)
user = User.objects(username=current_user).first()
in_use = InUseToken.objects(user=user).first()
#revoke last access token
revoked_token = RevokedToken(
jti=decode_token(in_use.jwt_access)['jti'])
revoked_token.save()
#reload access token in in use tokens
in_use.jwt_access = access_token
in_use.save()
return {'access_token': access_token}
def delete(self):
body = request.get_json()
email = body.get('email')
username = body.get('username')
password = body.get('password')
user = UserModel.find_by_email(email)
if not user:
return {'message': 'cannot find user'}, 409
if user.username == username and user.check_password(password):
user.delete_from_db()
jti = get_raw_jwt()['jti']
revoked_token = RevokedToken(jti=jti)
revoked_token.add()
return {'status': 'deleted'}, 200
else:
return {'message': 'invalid data'}, 400
def reset_password(token):
'''重设密码'''
if RT.query.get(token):
return render_template('feedback.html', status=False, message=_('此密码重置链接已被使用过。'))
form = ResetPasswordForm()
if form.validate_on_submit():
RT.add(token)
try:
email = ts.loads(token, salt="password-reset-key", max_age=86400)
except:
return render_template('feedback.html', status=False, message=_('此密码重置链接无效,请准确复制邮件中的链接。'))
user = User.query.filter_by(email=email).first_or_404()
password = form['password'].data
user.set_password(password)
logout_user()
flash('密码已经修改,请使用新密码登录。')
return redirect(url_for('home.signin'))
return render_template('reset-password.html',form=form)
def post(self):
"""This route handles logout """
auth_header = request.headers.get('Authorization')
if auth_header is None:
return jsonify({"message": "No token,"
" please provide a token"}), 401
access_token = auth_header.split()[1]
if access_token:
user_id = User.decode_token(access_token)
if isinstance(user_id, int):
revoked_token = RevokedToken(token=access_token)
revoked_token.save()
return jsonify({'message': 'Your have been logged out.'}), 201
else:
message = user_id
response = {'message': message}
return make_response(jsonify(response)), 401
else:
return jsonify({'message': 'please provide a valid token'})
def post(self):
data = login_parser.parse_args()
user = User.objects(username=data['username']).first()
if user is None or not user.check_password(data['password']):
return {'message': 'Username or password are incorrect'}
elif not user.check_unique_id(data['unique_id']):
#phone who is sending request is not registered
return {'message': 'This telephone is not registered'}
try:
login_user(user)
in_use = InUseToken.objects(user=user).first()
if in_use is not None:
print('in_use')
access_token = in_use.jwt_access
print('get access')
try:
revoked_token = RevokedToken(
jti=decode_token(access_token)['jti'])
revoked_token.save()
print('revoked')
except ExpiredSignatureError:
print('already been revoked')
access_token = create_access_token(identity=data['username'])
in_use.jwt_access = access_token
in_use.save()
refresh_token = in_use.jwt_refresh
else:
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
new_in_use = InUseToken(jwt_access=access_token,
jwt_refresh=refresh_token,
user=user)
new_in_use.hash_unique_id(data['unique_id'])
new_in_use.save()
return {
'message': 'Login was succesful',
'access_token': access_token,
'refresh_token': refresh_token
}
except:
print(sys.exc_info())
return {'message': 'Unknown error'}
def delete(self):
try:
jti = get_raw_jwt()['jti']
revoked_token = RevokedToken(jti=jti)
db.session.add(revoked_token)
db.session.commit()
return {'message': 'Revoked access token', 'code': 200}
except Exception as err:
print(err)
return {'message': 'Internal server error', 'code': 500}
def post(self):
try:
user = User.objects(username=current_user.username).first()
in_use = InUseToken.objects(user=user).first()
jti_access = decode_token(in_use.jwt_access)['jti']
jti_refresh = decode_token(in_use.jwt_refresh)['jti']
revoked_access_token = RevokedToken(jti=jti_access)
revoked_access_token.save()
revoked_refresh_token = RevokedToken(jti=jti_refresh)
revoked_refresh_token.save()
in_use.delete()
logout_user()
return {'message': 'User was log out its tokens revoked'}
except:
try:
logout_user()
return {'message': 'User was log out'}
except:
return {'message': 'Error when logging out user'}
def token_black_listed_loader(dec_token):
jti = dec_token["jti"]
return RevokedToken.is_blacklisted(jti)
def post(self):
"""Post Method to logout user"""
jti = get_raw_jwt()['jti']
revoked_token = RevokedToken(jti=jti)
revoked_token.add_token()
return {"message": "You are logged out."}, 200
def post(self):
errors = 0
data = register_parser.parse_args()
#This is the worst idea to deal with already in use data
if User.objects(username=data['username']):
errors += 1
if User.objects(email=data['email']):
errors += 2
if User.objects(phone_number=data['phone_number']):
errors += 4
if (errors == 0):
new_user = User(username=data['username'],
email=data['email'],
first_name=data['first_name'],
last_name=data['last_name'],
phone_number=data['phone_number'])
new_user.hash_password(data['password'])
new_user.hash_unique_id(data['unique_id'])
try:
new_user.save()
login_user(new_user)
in_use = InUseToken.objects(user=new_user).first()
if in_use is None:
access_token = in_use.jwt_access
try:
revoked_token = RevokedToken(
jti=decode_token(access_token)['jti'])
revoked_token.save()
except ExpiredSignatureError:
print('already been revoked')
access_token = create_access_token(
identity=data['username'])
in_use.jwt_access = access_token
in_use.save()
refresh_token = in_use.jwt_refresh
else:
access_token = create_access_token(
identity=data['username'])
refresh_token = create_refresh_token(
identity=data['username'])
in_use = InUseToken(jti_access=access_token,
jti_refresh=refresh_token,
user=new_user)
in_use.hash_unique_id(data['unique_id'])
in_use.save()
return {
'message': 'User registered',
'access_token': access_token,
'refresh_token': refresh_token
}
except:
return {'message': 'Unknown error'}
elif (errors == 1):
return {'message': 'Username is already in use'}
elif (errors == 2):
return {'message': 'Email is already in use'}
elif (errors == 3):
return {'message': 'Username and email are already in use'}
elif (errors == 4):
return {'message': 'Phone number is already in use'}
elif (errors == 5):
return {'message': 'Phone number and username are already in use'}
elif (errors == 6):
return {'message': 'Phone number and email are already in use'}
elif (errors == 7):
return {
'message':
'Phone number, email and username are already in use'
}
def check_if_token_in_blacklist(decrypted_token):
jti = decrypted_token['jti']
return RevokedToken.is_jti_blacklisted(jti)
