def post(self):
username = request.json.get('username', None)
password = request.json.get('password', None)
current_user = User.find_by_username(username)
if not current_user:
return {'message': 'User doesn\'t exist: {}'.format(username)}
if User.verify_hash(password, current_user.password):
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=password)
return {
'message': 'Logged in as {}'.format(current_user.username),
'access_token': access_token,
'refresh_token': refresh_token
}
else:
return {'message': 'Wrong credentials'}
def login():
if request.method == 'POST':
username = request.form.get('username')
password = request.form.get('password')
current_user = User.find_by_username(username)
if not current_user:
flash('ERROR! user not found.', 'error')
return redirect(url_for('admin.dashboard'))
if User.verify_hash(password, current_user.password):
current_user.authenticated = True
db.session.add(current_user)
db.session.commit()
login_user(current_user)
return redirect(url_for('admin.dashboard'))
else:
db.session.rollback()
flash('ERROR! Incorrect login credentials.', 'error')
return render_template('login.html')
