def login():
"""
Enables log in verification and provides authentication token.
Method Type
-----------
POST
JSON Parameters
---------------
email : str
Email of the user
password : str
(Un-hashed) Password of the user
Restrictions
------------
User log in information must be correct
JSON Returns
------------
status : int
Status code representing success status of the request
message : str
Message explaining the response status
user : dict, optional
Dictionary with information about the user
id : int
ID of the user
auth_token : str
Authentication token of the user
name : str
Name of the user
email : str
Email of the user
access_level : int
Access level of the user
"""
request_json = request.get_json()
email = request_json['email']
password = request_json['password']
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password, password):
user_info = {
'id': user.id,
'auth_token': user.get_auth_token(),
'name': user.name,
'email': user.email,
'access_level': user.access_level
}
final_dict = {
'user': user_info,
'status': 0,
'message': "Log in successful"
}
return json.dumps(final_dict)
else:
final_dict = {
'status':
1,
'message':
"The provided combination of email and password is incorrect."
}
return json.dumps(final_dict)
def check_password(self, password):
"""This is a helper function for checking the user's password."""
return bcrypt.check_password_hash(self.password, password)
# More models can be added here...
def login():
incoming_data = request.data.decode('utf-8')
login_form = json.loads(incoming_data)
user = User.query.filter_by(email=login_form["Email"]).first()
if user is None:
print("failure to log in")
return {"result": "User does not exist"}
if bcrypt.check_password_hash(user.password, login_form["Password"]):
login_user(user)
get_settings = Settings.query.filter_by(
user_id=current_user.id).first()
settings = settings_sql_dict(get_settings)
print("logged in")
return {
"result": "success",
"user": {
"id": current_user.id,
"playername": user.playername,
"email": user.email,
"displaypicture": user.display_picture,
"settings": settings
}
}
else:
return {"result": "Incorrect Password"}
def login():
try:
auth = request.authorization
if not auth:
return jsonify({
"status": 401,
"field": "common",
"msg": "Autherization required!"
})
username = base64.b64decode(auth.username).decode('utf-8')
password = base64.b64decode(auth.password).decode('utf-8')
if not username or not password:
return jsonify({
"status": 401,
"field": "common",
"msg": "Both Credentials required!"
})
user = User.query.filter_by(username=username).first()
if user != None:
# check password
if bcrypt.check_password_hash(user.password, password):
# valid password
# validation done
token = jwt.encode({
'public_id': user.public_id,
'exp': datetime.datetime.utcnow() + datetime.timedelta(days=30)
}, app.secret_key)
return jsonify({
"status": 200,
"token": token.decode('utf-8'),
"msg": "You are now logged in!"
}), 200
else:
# invalid password
return jsonify({
"status": 401,
"field": "password",
"msg": "Password doesn't match!"
}), 401
else:
return jsonify({
"status": 401,
"field": "username",
"msg": "Invalid Username"
}), 401
except:
return jsonify({
"status": 500,
"field": "common",
"msg": "Oops, Some error happened! Try Again..."
}), 500
def login():
if current_user.is_authenticated:
return redirect(url_for('home'))
form = LoginForm()
if form.validate_on_submit():
user = User.query.filter_by(eth_address=form.eth_address.data).first()
if user and bcrypt.check_password_hash(user.password, form.password.data):
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(url_for('event_index'))
else:
flash('Login Unsuccessful. Please check email and password', 'danger')
return render_template('login.html', title='Login', form=form)
def login():
if current_user.is_authenticated:
abort(404)
user_data = request.get_json()
if not user_data or not 'password' in user_data or not 'email' in user_data:
abort(400)
user = User.query.filter_by(email=user_data['email']).first()
if user and bcrypt.check_password_hash(user.password,
user_data['password']):
login_user(user, remember=True)
access_token = create_access_token(identity={'id': user.id})
result = access_token
else:
abort(400)
return result
def login():
if current_user.is_authenticated:
return redirect(url_for('events.show_game'))
form = LoginForm()
if form.validate_on_submit():
email = form.email.data
password = form.password.data
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password, password):
logged_in_user = LoggedInUser(id=user.id, name=user.name, email=user.email, auth_token=user.get_auth_token())
db.session.add(logged_in_user)
db.session.commit()
login_user(user, remember=form.remember.data)
next_page = request.args.get('next')
return redirect(next_page) if next_page else redirect(url_for('events.show_games'))
else:
flash("Authentication Failed", 'danger')
return render_template('login.html', title='Login', form=form)
def login():
request_json = request.get_json()
if request_json.get('isSnap'):
display_name = request_json['display_name']
snap_pic = request_json['snap_pic']
user = User.query.filter_by(name=display_name,
snapPic=snap_pic).first()
if user:
final_dict = {
'id': user.id,
'auth_token': user.get_auth_token(),
'name': user.name,
'email': user.email,
'isParent': user.isParent,
'status': 1
}
return json.dumps(final_dict)
else:
return json.dumps({
'status':
0,
'error':
"You need to register before you can log in."
})
email = request_json['email']
password = request_json['password']
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password, password):
final_dict = {
'id': user.id,
'auth_token': user.get_auth_token(),
'name': user.name,
'email': user.email,
'isParent': user.isParent,
'status': 1
}
return json.dumps(final_dict)
else:
final_dict = {
'status': 0,
'error':
"The provided combination of email and password is incorrect."
}
return json.dumps(final_dict)
def post(self):
data = trainer_login_parser.parse_args()
current_trainer = Trainer.find_by_email(data['email'])
if not current_trainer:
return {'msg': f'Trainer {current_trainer} not found'}, 401
if bcrypt.check_password_hash(current_trainer.password, data['password']):
access_token = create_access_token(identity=data['email'])
refresh_token = create_refresh_token(identity=data['email'])
return {'message':
f'Trainer Logged in with email {current_trainer.email}',
'access_token': access_token,
'refresh_token': refresh_token,
'id': current_trainer.trainer_id,
'trainer': to_json_trainer(current_trainer)
}
else:
# create log for wrong credentials
return {'msg': 'wrong credentials'}, 401
def login():
request_json = request.get_json()
email = request_json['email']
password = request_json['password']
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password, password):
final_dict = {
'id': user.id,
'auth_token': user.get_auth_token(),
'name': user.name,
'email': user.email,
'isAdmin': user.isAdmin,
'status': 1
}
return json.dumps(final_dict)
else:
final_dict = {
'status': 0,
'error':
"The provided combination of email and password is incorrect."
}
return json.dumps(final_dict)
def login():
if current_user.is_authenticated:
return redirect(url_for("home"))
form = LoginForm()
# if the data is valid then flash a success prompt
if form.validate_on_submit():
# get user email
user = User.query.filter_by(email=form.email.data).first()
# User initial page selected before login
next_page = request.args.get("next")
if user and bcrypt.check_password_hash(user.password,
form.password.data):
login_user(user, remember=form.remember.data)
# Redirect user to next page if there is any or just home if none
return redirect(next_page) if next_page else redirect(
url_for('home'))
else:
flash("Login failed. Please check your email and password",
"danger")
return render_template('login.html', title="Login", form=form)
def check_password(self, password: str) -> bool:
return bcrypt.check_password_hash(self.password, password)
def login():
body = request.get_json(force=True)
# trim the email to remove unnecessary spaces
email = body['email'].strip()
# convert input email to lowercase
email = email.lower()
# Validate that the email is the correct format
try:
v = validate_email(email) # validate and get info
email = v["email"] # replace with normalized form
except EmailNotValidError as e:
# email is not valid, return error code
return {"error": "Invalid Email Format"}, 406
# Grab user from the database given email and password combination
user = User.query.filter_by(email=email).first()
if user == None:
return {"error": "Invalid username or password"}, 404
# Check that the passwords match
if not bcrypt.check_password_hash(
user.password, body['password'].encode(encoding='utf-8')):
return {"error": "Invalid username or password"}, 404
token = ''
# If the users access_token is empty, create a new one for them
if user.access_token == '' or user.access_token == None:
token = user.encode_auth_token({'id': user.id, 'role': user.role})
# Update the users access_token
user.access_token = token
db.session.commit()
else:
# If the user has an access token, check if it is expired
payload = user.decode_auth_token(user.access_token)
if payload == 'Expired':
token = user.encode_auth_token({'id': user.id, 'role': user.role})
# Update the users access_token
user.access_token = token
db.session.commit()
elif payload == 'Invalid':
# Invalid tokens are intolerable
print('User with email ' + user.email +
' has invalid access_token')
return {"error": "Internal Server Error"}, 500
else:
# If the access_token is valid and is non empty, we use this token
token = user.access_token
# Set the access_token in the session
session['access_token'] = token
# Parse the result of the user query
result = user_schema.dump(user)
# Delete the sensitive information
del result['password']
del result['access_token']
del result['verification_token']
db.session.close()
return {"user": result}
def check_password(pw, hashed):
return bcrypt.check_password_hash(hashed, pw)
def updateProfile(token_claims):
body = request.get_json(force=True)
# retrieve user with id passed in
user = User()
user = User.query.get(token_claims['id'])
# check which parameters were passed into this function
if 'email' in body:
newEmail = True
try:
v = validate_email(body["email"]) # validate and get info
email = v["email"] # replace with normalized form
except EmailNotValidError as e:
# email is not valid, return error code
return {
"error": "Invalid Email Format"
}, 406
else:
newEmail = False
if 'first_name' in body:
newFirstName = True
else:
newFirstName = False
if 'last_name' in body:
newLastName = True
else:
newLastName = False
if 'newPassword' in body:
# check that the current password field was entered
if 'oldPassword' not in body:
return{
"error": "User must enter old password"
}
# check that oldPassword matches the password in the database
if not bcrypt.check_password_hash(user.password, body['oldPassword'].encode(encoding='utf-8')):
return {
"error": "The old password doesn't match the password in the database"
}, 400
newPassword = True
encodedPassword = bcrypt.generate_password_hash(body['newPassword']).decode(encoding="utf-8")
else:
newPassword = False
# update the requested fields for this user
try:
if newEmail == True:
user.email = email
if newFirstName == True:
user.first_name = body['first_name']
if newLastName == True:
user.last_name = body['last_name']
if newPassword == True:
user.password = encodedPassword
db.session.commit()
except Exception as e:
return {
"error": "Internal Server Error"
}, 500
raise
# Refresh the user to grab the id
db.session.refresh(user)
# Grab the user from the database and dump the result into a user schema
user = User.query.get(user.id)
result = user_schema.dump(user)
# remove the sensitive data fields
del result['password']
del result['access_token']
del result['verification_token']
# Return the user
db.session.close()
return {
"user": result
}
def check_password(self, password):
"""This is a helper function for checking the user's password."""
return bcrypt.check_password_hash(self.password, password)
def check_password(self, password):
return bcrypt.check_password_hash(self.password, password)
def verify_password(hash, attempted_password):
return bcrypt.check_password_hash(hash, attempted_password)
def get_token(cls, email: str, password: str) -> str:
user = cls.query.filter_by(email=email).first()
if not user or not bcrypt.check_password_hash(user.password, password):
flask.abort(403, "Invalid credentials.")
return flask_jwt_extended.create_access_token(identity=user.id)
