def post(self):
post_data = request.get_json()
try:
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
elif user and not bcrypt.check_password_hash(
user.password, post_data.get('password')):
responseObject = {
'status': 'fail',
'message': 'Wrong credentials.',
}
return make_response(jsonify(responseObject)), 401
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again.'}
return make_response(jsonify(responseObject)), 500
def test_check_password(self):
# Ensure given password is correct after unhashing.
user = User.query.filter_by(email="*****@*****.**").first()
self.assertTrue(
bcrypt.check_password_hash(user.password, "admin_user")
)
self.assertFalse(bcrypt.check_password_hash(user.password, "foobar"))
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
username = post_data.get('username')
user = User.find_one_by_username(username)
print(user)
if user and bcrypt.check_password_hash(user["password"],
post_data.get('password')):
auth_token = User.encode_auth_token(user["_id"])
auth_token_decoded = auth_token.decode()
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token_decoded
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def login():
# get the post data
post_data = request.get_json()
print(post_data)
try:
registration = Registration.query.filter_by(
email=post_data.get('email')).first()
if registration:
print(registration.id)
user = User.query.filter_by(id=registration.id).first()
if user:
if bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
print(auth_token)
return make_response(
jsonify({
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
'status': 'success',
})), 200
else:
return make_response(
jsonify({
'status': 'fail',
'message': 'User does not exist.'
})), 400
except Exception as e:
print(e)
return make_response(
jsonify({
'message': 'Unknown error logging in.',
'status': 'fail'
})), 500
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(
email=post_data.get('email')
).first()
if user and bcrypt.check_password_hash(
user.password, post_data.get('password')
):
auth_token = user.encode_auth_token(user.id)
if auth_token:
response_object = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
'status_code': 200
}
return make_response(jsonify(response_object)), 200
else:
response_object = {
'status': 'fail',
'message': 'There is a problem with your email and/or password.',
'status_code': 404
}
return make_response(jsonify(response_object)), 404
except Exception as e:
print(e)
response_object = {
'status': 'fail',
'message': 'Try again',
'status_code': 500
}
return make_response(jsonify(response_object)), 500
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'email': user.email,
'auth_token': auth_token
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
# I keep User does not exist instead of wrong password to not allow hackers
# to validate which emails have an account.
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(
username=post_data.get('username')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
token = user.encode_token(user.id)
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'username': user.username,
'token': token.decode()
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
WARN(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def post(self):
# get the post data
post_data = request.get_json()
if post_data is None:
return CommonResponseObject.fail_response(
'Please provide required data', status.HTTP_404_NOT_FOUND)
try:
# fetch the user data
user = User.get_user_by_email(post_data.get('email'))
if user and not user.is_confirmed:
return CommonResponseObject.fail_response(
'Please confirm your email address which is sent to your email',
status.HTTP_403_FORBIDDEN)
mac_address = post_data.get('mac_address')
if not mac_address:
return CommonResponseObject.fail_response(
'Please provide your MAC address',
status.HTTP_412_PRECONDITION_FAILED)
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
device = DeviceList.get_device_by_user_id_and_mac(
user.id, mac_address)
root = DeviceList.get_root_device(user.id)
auth_token = DatabaseCheck.prepare_auth_token(
user.id, mac_address,
None if not device else device.main_key,
True if root else False)
if auth_token:
return CommonResponseObject.login_success(auth_token)
else:
return CommonResponseObject.login_user_not_exist()
except Exception as e:
print(e)
return CommonResponseObject.login_exception()
def post(self):
# Get the post data
post_data = request.get_json()
try:
# Fetch the user data
user = User.query.filter_by(
email = post_data.get('email')
).first()
if user and bcrypt.check_password_hash(
user.password, post_data.get('password')
):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'The username and password combination do not match our records.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
responseObject = {
'status': 'fail',
'message': 'Try again'
}
print(e)
return make_response(jsonify(responseObject)), 500
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
# update user lastlogin
user.lastlogin_on = datetime.datetime.now()
db.session.commit()
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 401
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(
email=post_data.get('email')
).first()
if user and bcrypt.check_password_hash(
user.password, post_data.get('password')
):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {
'status': 'fail',
'message': 'Try again'
}
return make_response(jsonify(responseObject)), 500
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200 #Ok
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404 #Not Found
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(
jsonify(responseObject)), 500 #Internal Server Error
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data.get("email")).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get("password")):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
"status": "success",
"message": "Successfully logged in.",
"auth_token": auth_token.decode(),
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
"status": "fail",
"message": "User does not exist."
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {"status": "fail", "message": "Try again"}
return make_response(jsonify(responseObject)), 500
def login():
"""View function for login view."""
logging.info('usre login start')
params = request.get_json()
email = params.get('email', None)
password = params.get('password', None)
client_ip = params.get('client_ip', None)
logging.info('usre login start db call')
user = Users.query.filter_by(email=email).first()
logging.info('usre login start db call success')
if not user:
return wrapper.wrapper(None, "User not found.", 200), 200
if user:
if user.confirmed is True:
logging.info('usre login start validation user call')
compare = bcrypt.check_password_hash(user.password, password)
# TODO Check from DB here
if compare is False:
return wrapper.wrapper(None, "Bad email or password", 201), 201
else:
user_type = user.user_type
user_group = user.user_group
# sesson = User_Session.query.filter_by(user_id=user.id).first()
# if sesson is not None:
# return wrapper.wrapper(None, "Already Loged In To Ip:" + sesson.client_ip, 201), 201
# else:
# model_session = User_Session(client_ip=client_ip, user_id=user.id, user_name=user.name, user_type=user.user_type,
# status='LogedIn')
# db.session.add(model_session)
# db.session.commit()
# user_type = user.user_type
# user_group = user.user_group
ret = {
'jwt': create_jwt(identity=user_group),
'role': user_type,
'user_id': user.id,
'exp':
datetime.utcnow() + current_app.config['JWT_EXPIRES']
}
return wrapper.wrapper(ret, None, 200), 200
else:
logging.info('usre login success')
return wrapper.wrapper(
None, "Email not validated. Please validate and try again.",
200), 200
if not email:
return wrapper.wrapper(None, "Missing email parameter", 201), 201
if not password:
return wrapper.wrapper(None, "Missing password parameter", 201), 201
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(email=post_data.get('email')).first()
# Check if user exists and provided password matches one stored
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
response_object = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(response_object)), 200
else:
if user is None:
response_object = {
'status': 'fail',
'message': 'User does not exist.'
}
elif not bcrypt.check_password_hash(user.password,
post_data.get('password')):
response_object = {
'status': 'fail',
'message': 'Wrong credentials, please try again.'
}
return make_response(jsonify(response_object)), 404
auth_token = user.encode_auth_token(user.id)
if auth_token:
response_object = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(response_object)), 200
except Exception as e:
# print(e)
response_object = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(response_object)), 500
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user.account', id=user.id))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
request.form['password']):
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user.account', id=user.id))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
def post(self):
post_data = request.get_json()
response_msg = []
if post_data.get('email') == '':
response_msg.append('email must be non-empty')
if post_data.get('password') == '':
response_msg.append('password must be non-empty')
if len(response_msg) > 0:
responseObject = {
'status': 'failed',
'message': response_msg
}
return make_response(jsonify(responseObject)), 403
if not validators.email(post_data.get('email')):
print('hello')
responseObject = {
'status': 'fail',
'message': 'Provide a valid e-mail.'
}
return make_response(jsonify(responseObject)), 403
try:
user = DashboardUser.query.filter_by(
email=post_data.get('email')
).first()
if user and bcrypt.check_password_hash(
user.password, post_data.get('password')
):
auth_token = user.encode_auth_token(user.id)
current_app.logger.info(auth_token)
current_app.logger.info(type(auth_token))
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'E-mail/Password is wrong.'
}
return make_response(jsonify(responseObject)), 400
except Exception as e:
print(e)
responseObject = {
'status': 'fail',
'message': 'User Login Failed because of wrong email/password.'
}
return make_response(jsonify(responseObject)), 400
def post(self):
# check the grant_type
if ('grant_type' not in request.form) or (request.form['grant_type'] !=
'password'):
responseObject = {
'status': 'fail',
'message': 'unsupported_grant_type'
}
return make_response(jsonify(responseObject)), 400
try:
username = request.form['username']
password = request.form['password']
# try to fetch the user data by screen_name
user = User.query.filter_by(screen_name=username).first()
# if that fails, try email
if not user:
user = User.query.filter_by(email=username).first()
if user and bcrypt.check_password_hash(user.password, password):
auth_token, exp = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
'expires': exp
}
return make_response(jsonify(responseObject)), 200
elif user:
responseObject = {
'status': 'fail',
'message': 'Incorrect email or password.'
}
return make_response(jsonify(responseObject)), 405
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
request.form["password"]):
login_user(user)
flash("You are logged in. Welcome!", "success")
return redirect(url_for("user.members"))
else:
flash("Invalid email and/or password.", "danger")
return render_template("user/login.html", form=form)
return render_template("user/login.html", title="Please Login", form=form)
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
login_user(user)
flash('Bienvenido', 'success')
return redirect(url_for('main.home'))
else:
flash('Password o usuario incorrectos', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', title='Please Login', form=form)
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
login_user(user)
user.last_login = datetime.datetime.now()
db.session.commit()
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user.members'))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', title='Please Login', form=form)
def post(self):
# get the post data
post_data = request.get_json()
if iroha_health_check():
try:
print(post_data)
user = User.query.filter_by(
account_id=post_data["account_id"]).first()
# write login tx to iroha
print(f"user {user}")
account_id = user.account_id
transaction = post_data.get("transaction")
# print(transaction)
transaction["payload"]["reducedPayload"][
"commands"] = transaction["payload"]["reducedPayload"].pop(
"commandsList")
transaction["signatures"] = transaction.pop("signaturesList")
if user and bcrypt.check_password_hash(
user.password, post_data.get("password")):
auth_token = user.encode_auth_token(user.id)
if auth_token:
submit_tx_to_iroha(account_id, transaction)
responseObject = {
"status": "success",
"email": user.email,
"message": "Successfully logged in.",
"auth_token": auth_token.decode(),
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
"status": "fail",
"message": "User does not exist.",
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {"status": "fail", "message": "Try again"}
return make_response(jsonify(responseObject)), 500
else:
responseObject = {
"status":
"fail",
"message":
"Blockchain Service is offline. Please Contact Support or wait a few minutes and try again",
}
return make_response(jsonify(responseObject)), 405
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(username=form.username.data).first()
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
login_user(user)
user.last_login = datetime.datetime.utcnow()
db.session.commit()
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user_model.members'))
else:
flash('Invalid username and/or password.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', title='Please Login', form=form)
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(
email=post_data.get('email')
).first()
if user:
if bcrypt.check_password_hash(
user.password, post_data.get('password')
):
if user.confirmed:
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
'confirmed': user.confirmed
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'Please confirm your email before logging in.'
}
return make_response(jsonify(responseObject)), 500
else:
responseObject = {
'status': 'fail',
'message': 'Incorrect password. Please try again.'
}
return make_response(jsonify(responseObject)), 500
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist. Please Register.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {
'status': 'fail',
'message': 'Try again'
}
return make_response(jsonify(responseObject)), 500
def post(self):
response_msg = []
email = request.json.get('email', None)
password = request.json.get('password', None)
if not email:
response_msg.append('email must be non-empty')
if not password:
response_msg.append('password must be non-empty')
if len(response_msg) > 0:
responseObject = {
'status': 'failed',
'message': response_msg
}
return make_response(jsonify(responseObject)), 400
try:
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(
user.password, password
):
auth_token = user.encode_auth_token(user.id, user.is_admin)
# app.logger.debug(auth_token)
if auth_token:
# app.logger.debug(user.first_name + ' successfully logged in')
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode(),
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
app.logger.debug(e)
responseObject = {
'status': 'fail',
'message': 'Try again'
}
return make_response(jsonify(responseObject)), 500
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(
user.password, request.form['password']):
# Flask allows use of global variables
# here I store the user email for further queries
session["user"] = user.__dict__["email"]
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('user.members'))
else:
flash('Invalid email and/or password.', 'danger')
return render_template('user/login.html', form=form)
return render_template('user/login.html', title='Please Login', form=form)
def post(self):
try:
check_request_body_keys(request.json, ['username', 'system_name', 'system_token', 'password'])
post_data = request.json
system = System.query.filter_by(name=post_data['system_name']).first()
if system is None or system.token != post_data['system_token']:
raise UnauthorizedError("Invalid system/token pair.")
user = User.query.filter_by(username=post_data['username'], system_name=post_data['system_name']).first()
if not user or not bcrypt.check_password_hash(user.password, post_data['password']):
raise UnauthorizedError('Incorrect user credentials.')
return make_response(jsonify(user.encode_auth_token())), 200
except BadRequestError as e:
return make_response(jsonify({'message': str(e)})), 400
except UnauthorizedError as e:
return make_response(jsonify({'message': str(e)})), 401
def login():
form = LoginForm(request.form)
if form.validate_on_submit():
user = User.query.filter_by(email=form.email.data).first()
if user and bcrypt.check_password_hash(user.password,
request.form['password']):
login_user(user)
flash('You are logged in. Welcome!', 'success')
return redirect(url_for('imagery.my_pictures'))
else:
flash('Invalid email and/or password.', 'danger')
return render_template(
'user/login.html',
form=form,
is_authenticated=current_user.is_authenticated)
return render_template('user/login.html',
title='Please Login',
form=form,
is_authenticated=current_user.is_authenticated)
def post(self):
# Needed to add this check due to change in request type.
# When running unit tests, requests come in as a dict
# However, in server mode, requests come in as ImmutableMultiDict
if type(request.get_json()) is dict:
post_data = request.get_json()
user = User.query.filter_by(email=post_data.get('email')).first()
email = post_data.get('email')
password = post_data.get('password')
else:
# get the post data
post_data = (request.get_json()
or request.form).to_dict(flat=False)
# check if user already exists
user = User.query.filter_by(
email=post_data.get('email')[0]).first()
email = post_data.get('email')[0],
password = post_data.get('password')[0]
try:
# fetch the user data
user = User.query.filter_by(email=email).first()
if user and bcrypt.check_password_hash(user.password, password):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def post(self):
post_data = request.get_json()
if not post_data:
return make_bad_request_response(APIError.NOT_JSON)
data = post_data.get('data')
if not data:
return make_bad_request_response(APIError.WRONG_API)
the_type = data.get('type')
if not the_type or the_type != 'auth':
return make_bad_request_response(APIError.WRONG_API)
attributes = data.get('attributes')
if not attributes:
return make_bad_request_response(APIError.WRONG_API)
email = attributes.get('email')
password = attributes.get('password')
if not email or not password:
return make_bad_request_response(APIError.WRONG_API)
try:
user = User.query.filter_by(email=email).first()
if not user:
return make_not_found_response(APIError.USER_DOES_NOT_EXIST)
if not bcrypt.check_password_hash(user.password, password):
return make_forbidden_response(APIError.WRONG_PASSWORD)
auth_token = User.encode_auth_token(user.id)
if auth_token:
token = Token(auth_token.decode(), user.id)
db.session.add(token)
db.session.commit()
response_object = default_response_object()
response_object['data'] = {
'type': 'auth',
'attributes': {
'token': auth_token.decode()
},
'links': {
'self': url_for('auth.login_api')
}
}
return make_success_response(response_object, 200)
except Exception:
return make_internal_server_error_response(
APIError.UNKNOWN_EXCEPTION)
def post(self):
# get the post data
post_data = request.get_json()
try:
# fetch the user data
if post_data.get('Email') == '':
user = User.query.filter_by(
screen_name=post_data.get('ScreenName')).first()
else:
user = User.query.filter_by(
email=post_data.get('Email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('Password')):
auth_token, exp = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 'success',
'message': 'Successfully logged in.',
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
elif user:
responseObject = {
'status': 'fail',
'message': 'Incorrect email or password.'
}
return make_response(jsonify(responseObject)), 405
else:
responseObject = {
'status': 'fail',
'message': 'User does not exist.'
}
return make_response(jsonify(responseObject)), 404
except Exception as e:
print(e)
responseObject = {'status': 'fail', 'message': 'Try again'}
return make_response(jsonify(responseObject)), 500
def check_password(self, value):
"""Check password."""
return bcrypt.check_password_hash(self.password, value)
def post(self):
try:
# Get the post data
post_data = request.get_json()
if not post_data: # Request isn't JSON type
raise BadRequest
# Check if data is incorrect
if not post_data.get('email') or not isinstance(
post_data.get('email'), str):
raise ValueError(
{
'status':
1,
'message':
'You have forgotten to specify email or its type is incorrect!'
}, 400)
if not post_data.get('password') or not isinstance(
post_data.get('password'), str):
raise ValueError(
{
'status':
1,
'message':
'You have forgotten to specify password or its type is incorrect!'
}, 400)
if (post_data.get('body') != {}):
raise ValueError(
{
'status': 1,
'message': 'You have forgotten to specify body!'
}, 400)
if len(post_data) != 3:
raise ValueError(
{
'status': 1,
'message': 'Too many arguments!'
}, 400)
# Fetch the user data
user = User.query.filter_by(email=post_data.get('email')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
auth_token = user.encode_auth_token(user.id)
if auth_token:
responseObject = {
'status': 0,
'message': 'Successfully logged in.',
'email': post_data.get('email'),
'auth_token': auth_token.decode()
}
return make_response(jsonify(responseObject)), 200
elif user and not bcrypt.check_password_hash( # If incorrect password
user.password, post_data.get('password')):
return make_response(
jsonify({
'status': 1,
'message': 'Incorrect password.'
})), 404
else:
return make_response(
jsonify({
'status': 1,
'message': 'User does not exist.'
})), 404
except ValueError as responseObject:
return make_response(jsonify(
responseObject.args[0])), responseObject.args[1]
except BadRequest:
return make_response(
jsonify({
'status': 1,
'message': 'Request should be JSON type!'
})), 400
except Exception as e:
return make_response(jsonify({
'status': 1,
'message': 'Try again'
})), 500
def test_check_password(self):
# Ensure given password is correct after unhashing.
admin = User.query.filter_by(email='*****@*****.**').first()
self.assertTrue(
bcrypt.check_password_hash(admin.password, 'admin_user'))
self.assertFalse(bcrypt.check_password_hash(admin.password, 'foobar'))
def test_check_password(self):
# Ensure given password is correct after unhashing.
user = User.query.filter_by(username='******').first()
self.assertTrue(bcrypt.check_password_hash(user.password, 'admin_user'))
self.assertFalse(bcrypt.check_password_hash(user.password, 'foobar'))
