def login():
"""Authenticate user and return token
---
tags:
- Login
"""
# if not request.is_json:
# return jsonify({"msg": "Missing JSON in request"}), 400
username = request.form.get('username', None)
password = request.form.get('password', None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
ret = {
'access_token': access_token,
'refresh_token': refresh_token
}
return jsonify(ret), 200
def login():
"""Authenticate user and return tokens
---
post:
tags:
- auth
requestBody:
content:
application/json:
schema:
type: object
properties:
username:
type: string
example: myuser
required: true
password:
type: string
example: P4$$w0rd!
required: true
responses:
200:
content:
application/json:
schema:
type: object
properties:
access_token:
type: string
example: myaccesstoken
refresh_token:
type: string
example: myrefreshtoken
400:
description: bad request
security: []
"""
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get("username", None)
password = request.json.get("password", None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
add_token_to_database(access_token,
current_app.config["JWT_IDENTITY_CLAIM"])
add_token_to_database(refresh_token,
current_app.config["JWT_IDENTITY_CLAIM"])
ret = {"access_token": access_token, "refresh_token": refresh_token}
return jsonify(ret), 200
def login():
"""Authenticate user and return token
"""
if not request.is_json:
return jsonify({"msg": "Missing JSON in request"}), 400
username = request.json.get('username', None)
password = request.json.get('password', None)
if not username or not password:
return jsonify({"msg": "Missing username or password"}), 400
user = User.query.filter_by(username=username).first()
if user is None or not pwd_context.verify(password, user.password):
return jsonify({"msg": "Bad credentials"}), 400
access_token = create_access_token(identity=user.id)
refresh_token = create_refresh_token(identity=user.id)
add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM'])
add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM'])
ret = {'access_token': access_token, 'refresh_token': refresh_token}
return jsonify(ret), 200
def test_put_user(client, db, user, admin_headers):
# test 404
user_url = url_for('api.user_by_id', user_id="100000")
rep = client.put(user_url, headers=admin_headers)
assert rep.status_code == 404
db.session.add(user)
db.session.commit()
data = {"username": "******", "password": "******"}
user_url = url_for('api.user_by_id', user_id=user.id)
# test update user
rep = client.put(user_url, json=data, headers=admin_headers)
assert rep.status_code == 200
data = rep.get_json()["user"]
assert data["username"] == "updated"
assert data["email"] == user.email
assert data["active"] == user.active
db.session.refresh(user)
assert pwd_context.verify("new_password", user.password)