def login_user():
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter(
or_(User.username == post_data.get('username'),
User.email == post_data.get('username'))).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
if user.admin_validation != 1:
return errors.forbidden('access_not_granted')
if user.confirmed:
auth_token = create_access_token(identity=user)
user.last_login_at = datetime.now()
db.session.add(user)
db.session.commit()
user = user.to_dictionary()
if auth_token:
return {'auth_token': auth_token, 'roles': user['roles']}
else:
return errors.forbidden('email_not_confirmed')
else:
return errors.not_found('invalid_user')
except Exception as e:
print(e)
return errors.server_error('unknown_error')
def logout_user():
auth_token = get_auth_token(request)
if auth_token:
verify_jwt_in_request()
# check if user already exists
existing_blacklisted_token = BlacklistToken.query.filter_by(
token=auth_token).first()
if existing_blacklisted_token:
return
try:
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
# insert the token
db.session.add(blacklist_token)
db.session.commit()
except Exception as e:
return errors.server_error(e)
else:
return errors.forbidden('provide_valid_token')
def logout_user():
auth_token = get_auth_token(request)
if auth_token:
verify_jwt_in_request()
# check if user already exists
existing_blacklisted_token = BlacklistToken.query.filter_by(
token=auth_token).first()
if existing_blacklisted_token:
# insert the token
return jsonify({
'status': 'success',
}), 201
try:
# mark the token as blacklisted
blacklist_token = BlacklistToken(token=auth_token)
# insert the token
db.session.add(blacklist_token)
db.session.commit()
return jsonify({
'status': 'success',
}), 200
except Exception as e:
return errors.server_error(e)
else:
return errors.forbidden('Provide a valid auth token.')
def resend_email_confirmation():
post_data = request.get_json()
try:
email = __confirm_token(post_data['token'])
send_confirmation_email(app, email)
except Exception as e:
return errors.forbidden('invalid_confirmation_token')
def confirm_user_reset_password():
post_data = request.get_json()
try:
email = __confirm_token(post_data['token'], expiration=3600)
except Exception as e:
return errors.forbidden('invalid_confirmation_token')
if isinstance(email, str):
user = User.query.filter_by(email=email).first()
user.confirmed = True
user.confirmed_on = datetime.now()
user.password = encrypt_password(post_data['password'])
db.session.commit()
else:
return errors.forbidden('expired_confirmation_token')
def confirm_user_email():
post_data = request.get_json()
try:
email = __confirm_token(post_data['token'], expiration=3600)
except Exception as e:
return errors.forbidden('invalid_confirmation_token')
if isinstance(email, str):
user = User.query.filter_by(email=email).first()
user.confirmed = True
user.confirmed_on = datetime.now()
db.session.add(user)
db.session.commit()
send_new_user_email(user, [
"*****@*****.**", "*****@*****.**",
"*****@*****.**"
])
else:
return errors.forbidden('expired_confirmation_token')
def confirm_user_email():
post_data = request.get_json()
try:
email = __confirm_token(post_data['token'], expiration=3600)
except Exception as e:
return errors.forbidden('invalid_confirmation_token')
if isinstance(email, str):
user = User.query.filter_by(email=email).first()
user.confirmed = True
user.confirmed_on = datetime.now()
db.session.add(user)
db.session.commit()
return jsonify({
'status': 'success',
}), 200
return errors.forbidden('expired_confirmation_token')
def change_current_password():
# username = get_jwt_identity()
data = request.get_json()
user = User.query.filter_by(username=data.get("username")).first()
current_password = data.get('current_password')
new_password, new_confirm_password = data.get('new_password'), data.get(
'new_password')
if bcrypt.check_password_hash(user.password, current_password):
if new_password == new_confirm_password:
user.password = encrypt_password(new_password)
db.session.commit()
return {"user": user.to_dictionary()}
else:
return errors.server_error(message="password_not_matching")
return errors.forbidden(message='wrong_password')
def login_user():
post_data = request.get_json()
try:
# fetch the user data
user = User.query.filter_by(username=post_data.get('username')).first()
if user and bcrypt.check_password_hash(user.password,
post_data.get('password')):
if user.confirmed:
auth_token = create_access_token(identity=user)
if auth_token:
return jsonify({
'status': 'success',
'data': {
'auth_token': auth_token
}
}), 200
else:
return errors.forbidden('email_not_confirmed')
else:
return errors.not_found('invalid_user')
except Exception as e:
print(e)
return errors.server_error('Try again')