def login():
"""Authenticate user and return token
"""
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM'])
ret = {
'access_token': access_token,
'refresh_token': refresh_token
}
return jsonify(ret), 200
def login():
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
uname = form.username.data
hpassword = form.password.data
if not uname or not hpassword:
return jsonify({"msg": "The login form was not filled in correctly!"}), 400
else:
found_usr = False
for u in users:
if u.username == uname:
if check_password_hash(u.password, hpassword): ## stored, hashed pwd first; human entered pwd second
found_usr = True
mung = {
'access_token': create_access_token(identity=uname),
'refresh_token': create_refresh_token(identity=uname)
}
return redirect(url_for('protected', current_user=jsonify(mung), status=200))
else:
flash('The password is wrong. Remember that it is case sensitive!')
return redirect(url_for('login'))
if found_usr == False:
flash('The username is not on file. Maybe you have not registered yet?')
return redirect(url_for('login'))
return render_template('login.html', form=form)
def _authenticate_and_grant_tokens(json_in, with_refresh=False):
username = json_in.get('username', None)
password = json_in.get('password', None)
if not (username and password):
return invalid_username_password_problem
user = User.query.filter_by(username=username).first()
if user is None:
return invalid_username_password_problem
try:
password = password.encode('utf-8')
except UnicodeEncodeError:
return invalid_username_password_problem
if not user.active:
return user_deactivated_problem
if user.verify_password(password):
response = {'access_token': create_access_token(identity=user.id, fresh=True)}
if with_refresh:
user.login(request.environ.get('HTTP_X_REAL_IP', request.remote_addr))
db.session.commit()
response['refresh_token'] = create_refresh_token(identity=user.id)
return response, OBJECT_CREATED
else:
return invalid_username_password_problem
def loginUser():
# If the HTTP Request is a 'GET' request
if request.method == 'POST':
# Show that a GET request is being recieved
print("\n - POST REQUEST RECIEVED - \n")
print("\n - In Route '/Login' - \n")
loginData = request.get_json(force=True)
# See json format
jsonData = loginData['params']
# Pass the jsonData into our function to validate it
jsonData = validateRequest(jsonData)
print(jsonData)
# If the data is in the correct format
if jsonData['ok']:
jsonData = jsonData['data']
user = mongo.db.Users.find_one({'email': jsonData['email']})
print(jsonData)
global currentEmail
currentEmail = jsonData['email']
print(currentEmail)
try:
# If the users password is correct
if user and flask_bcrypt.check_password_hash(user['password'],jsonData['password']):
print("Details correct!")
# Delete their password and give them an access token
del user['password']
access_token = create_access_token(identity=jsonData)
refresh_token = create_refresh_token(identity=jsonData)
user['token'] = access_token
user['refresh'] = refresh_token
# Return the information as JSON with status code 200
return jsonify({'ok': True, 'data': user, 'message': 'Record exists.. Creating access token and Logging in..'}), 200
else:
raise ValueError("Invalid Salt")
print('Caught this error: ' + repr(error))
except Exception as error:
# If the list is empty due to an error with login details, motify the user
return jsonify({'ok': False, 'message': 'Record does not exist. Please check log-in parameters.'}), 201
else:
# Return a bad request response in JSON if the paramaters are incorrect
return jsonify({'ok': False, 'message': 'Bad request parameters!'}), 202
def auth():
username = request.json.get('username', None)
password = request.json.get('password', None)
if username != 'admin' or password != pw:
return jsonify({"msg": "Bad username or password"}), 401
# Use create_access_token() and create_refresh_token() to create our
# access and refresh tokens
ret = {
'access_token': create_access_token(identity=username),
'refresh_token': create_refresh_token(identity=username)
}
return jsonify(ret), 200
def post(self):
data = _user_parser.parse_args()
user = UserModel.find_by_username(data['username'])
if user and safe_str_cmp(user.password, data['password']):
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(user.id)
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 200
return {"message": "Invalid Credentials!"}, 401
def post(self):
data = _user_parser.parse_args()
user = UserModel.find_by_username(data['username'])
# this is what the `authenticate()` function did in security.py
if user and safe_str_cmp(user.password, data['password']):
# identity= is what the identity() function did in security.py—now stored in the JWT
access_token = create_access_token(identity=user.id, fresh=True)
refresh_token = create_refresh_token(user.id)
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 200
return {"message": "Invalid Credentials!"}, 401
def post(self):
"""Authenticates and generates a token"""
schema = TokenSchema()
data, errors = schema.load(current_app.api.payload)
if errors:
return errors, 400
try:
user = User.get(email=data.email)
except User.DoesNotExist:
abort(403, 'No such user, or wrong password')
if not user or not user.active:
abort(403, 'No such user, or wrong password')
if not verify_password(data.password, user.password):
abort(403, 'No such user, or wrong password')
access_token = create_access_token(identity=user.email)
refresh_token = create_refresh_token(identity=user.email)
access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES']
refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES']
resp = jsonify(
{
'access': access_token,
'refresh': refresh_token,
'accessExpire': int(access_expire.total_seconds()),
'refreshExpire': int(refresh_expire.total_seconds()),
}
)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH']
refresh_secure = current_app.config['JWT_COOKIE_SECURE']
refresh_expire_date = datetime.now() + refresh_expire
resp.set_cookie(
'refresh_expire',
value=str(refresh_expire_date),
expires=refresh_expire_date,
path=refresh_path,
httponly=True,
secure=refresh_secure,
)
return resp
def post(self):
json_data = request.get_json(force=True)
_account_login = json_data.get('login')
_account_password = json_data.get('password')
#need to add password encrypting, and comparison
if _account_login:
if validate_email(str(_account_login)):
cursor = client.db.accounts.find_one(
{'email': str(_account_login)})
else:
cursor = client.db.accounts.find_one(
{'username': str(_account_login)})
else:
abort(422, message='Please provide a valid username/email.')
if cursor == None:
abort(
422,
message=
'The username/email provided is not associated with an active account.'
)
if cursor.get('password') == _account_password:
_access_token = create_access_token(
identity=cursor.get('username'))
_refresh_token = create_refresh_token(
identity=cursor.get('username'))
bson_to_json = dumps(cursor)
true_json_data = json.loads(bson_to_json)
true_json_data['access_token'] = _access_token
true_json_data['refresh_token'] = _refresh_token
resp = jsonify({'user': true_json_data})
resp.status_code = 200
return resp
else:
abort(422,
message=
'The current password does not match the password provided.')
def post() -> Response:
"""
POST response method for retrieving user web token.
:return: JSON object
"""
data = request.get_json()
user = Users.objects.get(email=data.get('email'))
auth_success = user.check_pw_hash(data.get('password'))
if not auth_success:
return unauthorized()
else:
expiry = datetime.timedelta(days=5)
access_token = create_access_token(identity=str(user.id),
expires_delta=expiry)
refresh_token = create_refresh_token(identity=str(user.id))
return jsonify({
'result': {
'access_token': access_token,
'refresh_token': refresh_token,
'logged_in_as': f"{user.email}"
}
})
def post(self, args):
"""Authenticates and generates a token"""
email = args.get('email', None)
password = args.get('password', None)
if email is None:
abort(403, message='Email not provided')
User = current_app.user_datastore.user_model
try:
user = User.get(email=email)
except User.DoesNotExist:
abort(403, message='No such user, or wrong password')
if not user or not user.active:
abort(403, message='No such user, or wrong password')
if not verify_password(password, user.password):
abort(403, message='No such user, or wrong password')
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES']
refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES']
resp = jsonify({
'access': access_token,
'refresh': refresh_token,
'accessExpire': int(access_expire.total_seconds()),
'refreshExpire': int(refresh_expire.total_seconds()),
})
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH']
refresh_secure = current_app.config['JWT_COOKIE_SECURE']
refresh_expire_date = datetime.now() + refresh_expire
resp.set_cookie(
'refresh_expire',
value=str(refresh_expire_date),
expires=refresh_expire_date,
path=refresh_path,
httponly=True,
secure=refresh_secure,
)
return resp
def post(self):
"""
Authentication endpoint
"""
username = api.payload.get('username')
password = api.payload.get('password')
user = mongo.db.users.find_one({'username': username}, {'_id': 0})
if not user:
api.abort(404, 'User not found')
if not check_password(password, user.get('password')):
api.abort(401, 'Unauthorized')
access_token = create_access_token(identity=user)
refresh_token = create_refresh_token(identity=user)
return {
'access_token': access_token,
'refresh_token': refresh_token,
'name': user.get('name'),
}
def post(cls):
user_json = request.get_json()
user_data = user_schema.load(user_json, partial=("email", ))
user = UserModel.find_by_username(user_data.username)
if user and safe_str_cmp(user.password, user_data.password):
confirmation = user.most_recent_confirmation
if confirmation and confirmation.confirmed:
access_token = create_access_token(identity=user.id,
fresh=True)
refresh_token = create_refresh_token(identity=user.id)
return {
"access_token": access_token,
"refresh_token": refresh_token
}, 200
return {
"message":
gettext("user_not_confirmed_error").format(user.username)
}, 400
return {"message": gettext("user_invalid_credentials")}, 401
def post(self):
print(request.headers)
data = parser.parse_args()
current_user = UserModel.find_by_username(data['username'])
if not current_user:
return {
'message': 'User {} doesn\'t exist'.format(data['username'])
}, 500
if UserModel.verify_hash(data['password'], current_user.password):
expires = timedelta(seconds=3600)
access_token = create_access_token(identity=data['username'],
expires_delta=expires)
refresh_token = create_refresh_token(identity=data['username'])
return {
'message': 'Logged in as {}'.format(current_user.username),
'access_token': access_token,
'refresh_token': refresh_token,
'user_id': data['username']
}
else:
return {'message': 'Wrong credentials'}, 500
def login():
"""
Connexion de l'utilisateur
"""
json_data = request.get_json()
if not json_data:
return jsonify({'message': 'No input data provided'}), 400
# Validate and deserialize input
try:
data, errors = user_schema.load(json_data)
print('username', data['username'])
except:
return jsonify({'message': 'Problème utilisation params'}), 400
username, password = data['username'], data['password']
if not username:
return jsonify({"msg": "Missing username parameter"}), 400
if not password:
return jsonify({"msg": "Missing password parameter"}), 400
current_user = UserModel.find_by_username(data['username'])
if not current_user:
return jsonify(
{'message':
'User {} doesn\'t exist'.format(data['username'])}), 400
if UserModel.verify_hash(password, current_user.password):
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return jsonify({
'message':
'Logged in as {}'.format(current_user.username),
'access_token':
access_token,
'refresh_token':
refresh_token
}), 200
else:
return jsonify({'message': 'Wrong credentials'}), 401
def post(self, *args, **kwargs):
req_data = request.get_json() or None
user = None
login_schema = LoginSchema()
schema = UserSchema()
if req_data is None:
return resp_data_invalid('Users', [], msg=MSG_NO_DATA)
data, errors = login_schema.load(req_data)
if errors:
return resp_data_invalid('Users', errors)
user = get_user_by_email(data.get('email'))
if not isinstance(user, User):
return user
if not user.is_active():
return resp_notallowed_user('Auth')
if checkpw(
data.get('senha').encode('utf-8'), user.senha.encode('utf-8')):
extras = {
'token': create_access_token(identity=user.email),
'refresh': create_refresh_token(identity=user.email)
}
result = schema.dump(user)
return resp_ok('Auth',
MSG_TOKEN_CREATED,
data=result.data,
**extras)
return resp_notallowed_user('Auth')
def authorize():
token_resp = oauth.openstreetmap.authorize_access_token()
token = token_resp["oauth_token"]
token_secret = token_resp["oauth_token_secret"]
resp = oauth.openstreetmap.get("user/details")
if resp.status_code != 200:
# Bad request of some kind - report failure
# FIXME: Use proper status code
return jsonify(msg="Bad Oauth Request"), 400
xml = resp.text
etree = ET.fromstring(xml)
user = etree.findall("user")[0]
osm_uid = user.attrib["id"]
display_name = user.attrib["display_name"]
osm_token_row = OpenStreetMapToken.save(
osm_uid=osm_uid,
display_name=display_name,
oauth_token=token,
oauth_token_secret=token_secret
)
identity=osm_token_row.user_id
# FIXME: identity should be a hash, not user ID.
# FIXME: User ID should also be a hash - though not the same as identity.
access_token = create_access_token(identity)
refresh_token = create_refresh_token(identity)
# TODO: create a whitelist of callback URIs, allow callback URI to be issued at
# /login endpoint. Should also create an API key that is associated with a given
# callback URI - new clients are registered by creating a new pair of:
# - API Key
# - (short) list of allowed callback URIs
consumer_callback_uri = current_app.config.get("CONSUMER_CALLBACK_URI")
url = "{}?access_token={}&refresh_token={}".format(consumer_callback_uri, access_token, refresh_token)
return redirect(url)
def post(cls):
# get data from parser
try:
user_json = request.get_json()
user_data = user_schema.load(user_json)
except ValidationError as err:
return err.messages, 400
# find the user in DB.
user = UserModel.find_by_username(user_data.username)
# check password
if user and safe_str_cmp(user.password, user_data.password):
# Black list all old refresh tokens before making new ones.
BlacklistToken.revoke_all_old_refresh_tokens(user.id)
# create access token
access_token = create_access_token(identity=user.id, fresh=True)
# create refresh token
refresh_token = create_refresh_token(identity=user.id)
# Lets store the tokens in the DB, as non-expired.
new_access_token = BlacklistToken.create_new_token(access_token)
new_refresh_token = BlacklistToken.create_new_token(refresh_token)
new_access_token.save_to_db()
new_refresh_token.save_to_db()
return (
{
"code": "login_success",
"message": USER_LOGIN_SUCCESSFULLY,
"access_token": access_token,
"refresh_token": refresh_token,
},
200,
)
return {"error": TOKEN_AUTH_INVALID_CREDENTIALS}, 401
def register():
user_data = request.get_json()
new_user = User(firstname=user_data['firstname'],
lastname=user_data['lastname'],
email=user_data['email'],
password=user_data['password'])
if User.query.filter_by(email=new_user.email).first():
return {"error": "Email address already taken"}
db.session.add(new_user)
db.session.commit()
access_token = create_access_token(identity=user_data['email'])
refresh_token = create_refresh_token(identity=user_data['email'])
return {
'email': user_data['email'],
'access_token': access_token,
'refresh_token': refresh_token
}
def post(self):
data = parser.parse_args()
user_in_db = db.user.find_one({'username': data['username']})
print(data['password'])
print(user_in_db)
if user_in_db:
if self.verify_hash(data['password'], user_in_db['hash']):
# token_cursor = db.tokens.find({'username': data['username'], 'isActive': True})
# if token_cursor.count() > 0:
# print(decode_token(token_cursor[0]['access_token'])['exp'])
# if decode_token(token_cursor[0]['access_token'])['exp'] < datetime.datetime.utcnow():
# my_query = {'_id': token_cursor[0]['_id']}
# new_values = {"$set": {'isActive': False}}
# db.tokens.update_one(my_query, new_values)
# print("access token expired")
# # print(decode_token(token_cursor[0]['refresh_token'])['exp'])
# else:
access_token = create_access_token(identity=data['username'],
expires_delta=ACCESS_EXPIRE)
refresh_token = create_refresh_token(
identity=data['username'], expires_delta=REFRESH_EXPIRE)
print(decode_token(access_token))
print(decode_token(refresh_token))
return {
'message':
'you are logged in as {}'.format(data['username']),
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': 'password mismatch'}, 400
else:
return {
'message':
'no user present with username as {}'.format(data['username'])
}
def post(self):
data = parser.parse_args() # 接收参数
if UserModel.find_by_username(data['username']):
return {
'message': f'User {data["username"]} already exists',
'code': 1
}
new_user = UserModel(username=data['username'],
password=UserModel.generate_hash(
data['password']))
try:
new_user.save_to_db()
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return {
'message': f'User {data["username"]} .was created',
'access_token': access_token,
'refresh_token': refresh_token,
'code': 0
}
except:
return {'messaeg': 'Something went wrong', 'code': 1}, 500
def post(self):
TAG = "Refresh:"
start_time = time.time()
current_user = get_jwt_identity()
print(TAG, "current_user="******"iss": "chp-lab", "sub": "testuid", "aud": 1}
result = {
'access_token': create_access_token(identity=payload),
'refresh_token': create_refresh_token(identity=payload)
}
elapsed_time = (time.time() - start_time) * 1000
print(TAG, "times=", elapsed_time, "ms")
return {
'type': True,
'message': "success",
'elapsed_time_ms': elapsed_time,
'len': len(result),
'result': result,
}, 200
def login():
obj = request.get_json(silent=True)
if 'username' not in obj:
err = helpers.generateError('username missing', 400)
return helpers.handleResponse(err)
if 'password' not in obj:
err = helpers.generateError('password missing', 400)
return helpers.handleResponse(err)
if not verifyLogin(obj['username'], obj['password']):
err = helpers.generateError('incorrect username or password', 400)
return helpers.handleResponse(err)
access_token = create_access_token(identity=obj['username'])
refresh_token = create_refresh_token(identity=obj['username'])
res = {}
res['data'] = {
'accessToken': access_token,
'refreshToken': refresh_token,
}
return helpers.handleResponse(res, 200)
def test_fresh_jwt_required(app):
jwtM = get_jwt_manager(app)
url = '/fresh_protected'
test_client = app.test_client()
with app.test_request_context():
access_token = create_access_token('username')
fresh_access_token = create_access_token('username', fresh=True)
refresh_token = create_refresh_token('username')
response = test_client.get(url, headers=make_headers(fresh_access_token))
json_data = json.loads(response.get_data(as_text=True))
assert response.status_code == 200
assert json_data == {'foo': 'bar'}
response = test_client.get(url, headers=make_headers(access_token))
json_data = json.loads(response.get_data(as_text=True))
assert response.status_code == 401
assert json_data == {'msg': 'Fresh token required'}
response = test_client.get(url, headers=None)
json_data = json.loads(response.get_data(as_text=True))
assert response.status_code == 401
assert json_data == {'msg': 'Missing Authorization Header'}
response = test_client.get(url, headers=make_headers(refresh_token))
json_data = json.loads(response.get_data(as_text=True))
assert response.status_code == 422
assert json_data == {'msg': 'Only access tokens can access this endpoint'}
# Test with custom response
@jwtM.needs_fresh_token_loader
def custom_response():
return jsonify(msg='foobar'), 201
response = test_client.get(url, headers=make_headers(access_token))
json_data = json.loads(response.get_data(as_text=True))
assert response.status_code == 201
assert json_data == {'msg': 'foobar'}
def post(cls):
# get data from parser
data = _user_parser_.parse_args()
# find user in databse
user = UserModel.find_by_username(data['username'])
# check password
# This is what the 'authenticate()' function used to do.
if user and safe_str_cmp(user.password, data['password']):
# create access token
# identity= is what the 'identity()' function used to do
access_token = create_access_token(identity=user.id, fresh=True)
# create refresh token (we will look at this later!)
refresh_token = create_refresh_token(user.id)
# return them
return {
'access_token': access_token,
'refresh_token': refresh_token
}, 200
return {'msg': 'Invalid credentials'}, 401
def login():
"""Authenticate user and return token
"""
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM'])
ret = {'access_token': access_token, 'refresh_token': refresh_token}
return jsonify(ret), 200
def handle_user_creation(code, oauth_data) -> str:
"""
Handles user creation
:parameters oauth application code and oauthdata(name, email)
:returns success response or exception that is upper method catched
"""
name = oauth_data[0]
email = oauth_data[1]
image = oauth_data[2]
local_access_token = ''
user = User.query.filter_by(email=email).first()
if user is None:
user = User(name=name,
email=email,
imageUrl=image,
password=None,
role=UserRoles.NORMAL)
try:
db.session.add(user)
db.session.commit()
except Exception as ex:
db.session.rollback()
raise ex
serialized_user = super(User, user).as_dict()
local_access_token = create_access_token(identity=serialized_user)
local_refresh_token = create_refresh_token(identity=serialized_user)
return {
'access_token': local_access_token,
'refresh_token': local_refresh_token,
'user_id': user.id,
'code': 200
}, 200
def post(self):
username = request.form.get('username', None)
password = request.form.get('password', None)
result = ConnectionModel.connect("user_info").find_one(
{"username": username})
print(result)
if not username:
return jsonify({"message": "Username can't be kept empty"})
if not password:
return jsonify({"message": "password can't be kept empty"})
if username and safe_str_cmp(result['password'], password):
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
# Set the JWT cookies in the response
resp = jsonify({"login": True})
print(type(resp))
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return make_response(resp)
def novo_usuario():
session = current_app.db.session
data = request.get_json()
nome = data.get("nome")
email = data.get("email")
password = data.get("senha")
usuario = UserModel(nome=nome, email=email, usuario_pontos=0)
usuario.password = password
access_token = create_access_token(identity=usuario.id,
expires_delta=timedelta(days=5))
fresh_token = create_refresh_token(identity=usuario.id,
expires_delta=timedelta(days=15))
session.add(usuario)
session.commit()
serialized = usario_serializer(usuario.id)
return serialized, HTTPStatus.CREATED
def post(self):
try:
data = parser.parse_args()
current_user = User.query.filter(
User.username == data['username']).first()
if not current_user:
return {"error": "User not in DB. Register as a new user"}
password = hashlib.md5(data['password'].encode()).hexdigest()
if current_user.password == password:
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return {
'username': current_user.username,
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'error': 'Wrong credentials'}
except:
raise Exception("Cannot login user")
def post(self):
data = _user_parser.parse_args()
gestor = GestorModel.find_by_email(data['email'])
# this is what the `authenticate()` function did in security.py
if gestor and safe_str_cmp(gestor.password, data['password']):
# identity= is what the identity() function did in security.py—now stored in the JWT
access_token = create_access_token(identity2=gestor.id, fresh=True)
refresh_token = create_refresh_token(gestor.id)
return {
'access_token': access_token,
'refresh_token': refresh_token,
'username': gestor.username,
'id_gestor': gestor.id,
'tipo': gestor.tipo,
'message': 'dsfsdfsdf',
'msg': 'ok',
'st': '1'
}, 200
return {"message": "Usuário ou senha inválido!"}, 401
def post(self):
data = request.form
data2 = json.dumps(data)
data3 = json.loads(data2)
email = data3["email"]
password = data3["password"]
user = User.get_by_email(email=email)
if not user or not check_password(password, user.password):
return {
'message': 'Email or password is incorrect'
}, HTTPStatus.UNAUTHORIZED
access_token = create_access_token(identity=user.username)
refresh_token = create_refresh_token(identity=user.username)
resp = make_response(redirect(url_for('dashboard')))
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
def login(args):
"""Log in to this server, receiving an authentication token in response."""
username = args['username']
password = args['password']
login = Login.query.filter_by(username=username).first()
if login is None or not login.check_password(password):
# Best security practice is to avoid telling a user whether
# the username or password is incorrect.
raise APIError(401, "Invalid username or password")
login.last_login = datetime.now()
login.last_action = datetime.now()
db.session.add(login)
db.session.commit()
token = create_access_token(username)
refresh = create_refresh_token(username)
return jsonify(access_token=token,
refresh_token=refresh,
role=login.role.name), 200
def post(self):
data = register_parser.parse_args()
if models.UserModel.find_by_username(data['username']):
return {'message': '{} exists'.format(data['username'])}
new_user = models.UserModel(
username=data['username'],
password=models.UserModel.generate_hash(data['password']),
name=data['name']
)
try:
new_user.save_to_db()
a_token = create_access_token(identity=data['username'])
r_token = create_refresh_token(identity=data['username'])
return {
'access_token': a_token,
'refresh_token': r_token,
'name': new_user.name
}
except:
return {'message': 'Register Error'}, 500
def post(self):
args = login_parser.parse_args()
if len(args['userid']) > 100:
return {
'message':
'username or email should be '
'less than 100 characters'
}, 400
try:
cursor = mysql.get_db().cursor()
sql = '''
SELECT user.id, password, username FROM user JOIN email
ON user.id = email.user_id
WHERE email.address = %s or user.username = %s
'''
cursor.execute(sql, (args['userid'], args['userid']))
result = cursor.fetchone()
except OperationalError as e:
return error_resp(e)
if not result:
return ({'message': 'incorrect userid/password combination'}, 409)
user_id, password, username = result
if bcrypt.check_password_hash(password.decode('utf-8'),
args['password']):
access_token = create_access_token(identity=user_id)
refresh_token = create_refresh_token(identity=user_id)
resp_body = {
'message': f'username {username} '
f'logged in successfully'
}
resp = jsonify(resp_body)
set_access_cookies(resp, access_token)
set_refresh_cookies(resp, refresh_token)
return resp
return ({'message': 'incorrect userid/password combination'}, 409)
def post(self):
data = parser.parse_args()
new_user = UserModel(username=data['username'],
password=UserModel.generate_hash(
data['password']))
try:
if UserModel.find_by_username(data['username']):
return {
'message':
'User {} already exists'.format(data['username'])
}, 401
new_user.save_to_db()
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return {
'message': 'User {} was created'.format(data['username']),
'access_token': access_token,
'refresh_token': refresh_token
}, 200
except Exception as e:
logger.error(f"There was an error: {e}")
return {'message': 'Something went wrong'}, 500
def post(self):
data = parser.parse_args()
if UserModel.find_by_username(data['username']):
return {'message': 'User {} already exists'.format(data['username'])}
new_user = UserModel(
username=data['username'],
password=UserModel.generate_hash(data['password'])
)
try:
new_user.save_to_db()
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return {
'message': 'User {} was created'.format(data['username']),
'access_token': access_token,
'refresh_token': refresh_token
}
except:
return {'message': 'Something went wrong'}, 500
def post(self):
data = parser.parse_args()
current_user = UserModel.find_by_username(data['username'])
print(data)
if not current_user:
return {
'message': 'User {} doesn\'t exist'.format(data['username'])
}
if UserModel.verify_hash(data['password'], current_user.password):
access_token = create_access_token(identity=data['username'])
refresh_token = create_refresh_token(identity=data['username'])
return json.dumps({
'message':
'Logged in as {}'.format(current_user.username),
'access_token':
access_token,
'refresh_token':
refresh_token
})
else:
return {'message': 'Wrong credentials'}
def login():
email=request.json.get('email','')
password=request.json.get('password','')
user=User.query.filter_by(email=email).first()
if user:
pass_correct=check_password_hash(user.password,password)
if pass_correct:
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
return jsonify({'user':{
'username':user.username,
'email':user.email,
'token':access_token,
'refresh_token':refresh_token,
}}),HTTP_200_OK
return jsonify({
'message':"Invalid credentials",
}),HTTP_401_UNAUTHORIZED
def login():
data = jsonify({'Authorized' : completion})
resp = get_response(data)
if request.method == 'POST':
json = request.json
username = json.get("email")
password = json.get("password")
global completion
completion = auth.authenticate(username, password)
if completion == False:
data = jsonify({'Authorized' : completion, "msg": "Bad username or password"})
return get_response(data), 401
data = jsonify({
'Authorized' : completion,
'access_token' : create_access_token(identity=username),
'refresh_token' : create_refresh_token(identity=username)
})
return get_response(data), 200
return resp
def login(username, password):
if username is not None and password is not None:
db_user = db.run(
"MATCH (n:Person) WHERE n.email={username} RETURN n.name AS name, n.email AS email, n.password AS password, ID(n) AS user_id",
{"username": username})
for person in db_user:
if sha256_crypt.verify(password, person['password']):
return {"access_token": create_access_token(identity=username), "refresh_token": create_refresh_token(identity=username), "user_id": person["user_id"]}
raise AuthError("Username or password is incorrect")
else:
raise AuthError("Username and Password are required")
raise AuthError("Authentication failed")
def login(self):
"""Login endpoint for the API returns a JWT and optionally a refresh token
---
post:
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
username:
type: string
password:
type: string
provider:
type: string
enum:
- db
- ldap
refresh:
type: boolean
responses:
200:
description: Authentication Successful
content:
application/json:
schema:
type: object
properties:
access_token:
type: string
refresh_token:
type: string
400:
$ref: '#/components/responses/400'
401:
$ref: '#/components/responses/401'
500:
$ref: '#/components/responses/500'
"""
if not request.is_json:
return self.response_400(message="Request payload is not JSON")
username = request.json.get(API_SECURITY_USERNAME_KEY, None)
password = request.json.get(API_SECURITY_PASSWORD_KEY, None)
provider = request.json.get(API_SECURITY_PROVIDER_KEY, None)
refresh = request.json.get(API_SECURITY_REFRESH_KEY, False)
if not username or not password or not provider:
return self.response_400(message="Missing required parameter")
# AUTH
if provider == API_SECURITY_PROVIDER_DB:
user = self.appbuilder.sm.auth_user_db(username, password)
elif provider == API_SECURITY_PROVIDER_LDAP:
user = self.appbuilder.sm.auth_user_ldap(username, password)
else:
return self.response_400(
message="Provider {} not supported".format(provider)
)
if not user:
return self.response_401()
# Identity can be any data that is json serializable
resp = dict()
resp[API_SECURITY_ACCESS_TOKEN_KEY] = create_access_token(
identity=user.id, fresh=True
)
if refresh:
resp[API_SECURITY_REFRESH_TOKEN_KEY] = create_refresh_token(
identity=user.id
)
return self.response(200, **resp)
