def login(): """Authenticate user and return token """ if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 username = request.json.get('username', None) password = request.json.get('password', None) if not username or not password: return jsonify({"msg": "Missing username or password"}), 400 user = User.query.filter_by(username=username).first() if user is None or not pwd_context.verify(password, user.password): return jsonify({"msg": "Bad credentials"}), 400 access_token = create_access_token(identity=user.id) refresh_token = create_refresh_token(identity=user.id) add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM']) add_token_to_database(refresh_token, app.config['JWT_IDENTITY_CLAIM']) ret = { 'access_token': access_token, 'refresh_token': refresh_token } return jsonify(ret), 200
def refresh(self): """ Security endpoint for the refresh token, so we can obtain a new token without forcing the user to login again --- post: responses: 200: description: Refresh Successful content: application/json: schema: type: object properties: refresh_token: type: string 401: $ref: '#/components/responses/401' 500: $ref: '#/components/responses/500' """ resp = { API_SECURITY_REFRESH_TOKEN_KEY: create_access_token( identity=get_jwt_identity(), fresh=False ) } return self.response(200, **resp)
def refresh(): current_user = get_jwt_identity() try: return makeResponse(payload={'access_token': create_access_token(identity=current_user)}) except Exception as e: return makeResponse(error=e)
def post(self): """Refresh access token""" email = get_jwt_identity() try: user = User.objects.get(email=email) except User.DoesNotExist: abort(403, 'No such user, or wrong password') if not user.active: abort(403, 'No such user, or wrong password') access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] access_token = create_access_token(identity=user.email) refresh_expire_date = datetime.strptime( request.cookies['refreshExpire'], '%Y-%m-%d %H:%M:%S.%f' ) refresh_delta = refresh_expire_date - datetime.now() resp = jsonify( { 'access': access_token, 'accessExpire': int(access_expire.total_seconds()), 'refreshExpire': int(refresh_delta.total_seconds()), } ) set_access_cookies(resp, access_token) return resp
def login(): '''Route to login''' if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 data = request.get_json() username = data.get('username') password = data.get('password') dict_data = {'username': username, 'password': password} if validate.val_none(**dict_data): result = validate.val_none(**dict_data) return jsonify(result), 406 if validate.empty(**dict_data): result = validate.empty(**dict_data) return jsonify(result), 406 person = User.users.items() existing_user = { k: v for k, v in person if data['username'] == v['username']} if existing_user: valid_user = [v for v in existing_user.values() if check_password_hash(v['password'], password)] if valid_user: access_token = create_access_token( identity=username) if access_token: response = { 'message': 'You are logged in successfully', 'access_token': access_token } return make_response(jsonify(response)), 200 else: return jsonify({'message': 'Wrong password'}), 400 else: return jsonify({'message': 'Non-existent user. Try signing up'}), 404
def login(): """ Login the user using their Active Directory credentials. :rtype: flask.Response """ req_json = request.get_json(force=True) _validate_api_input(req_json, 'username', string_types) _validate_api_input(req_json, 'password', string_types) ad = adreset.ad.AD() ad.login(req_json['username'], req_json['password']) username = ad.get_loggedin_user() guid = ad.get_guid(username) user = User.query.filter_by(ad_guid=guid).first() # If the user doesn't exist in the database, this must be their first time logging in, # therefore, an entry for that user must be added to the database if not user: ad.log('debug', 'The user doesn\'t exist in the database, so it will be created') user = User(ad_guid=guid) db.session.add(user) db.session.commit() ad.log('debug', 'The user was successfully created in the database') # The token's identity has the user's GUID since that is unique across the AD Forest and won't # change if the account gets renamed token = create_access_token(identity={'guid': user.ad_guid, 'username': username}) return jsonify({'token': token})
def login(): form = LoginForm(request.form) if request.method == 'POST' and form.validate(): uname = form.username.data hpassword = form.password.data if not uname or not hpassword: return jsonify({"msg": "The login form was not filled in correctly!"}), 400 else: found_usr = False for u in users: if u.username == uname: if check_password_hash(u.password, hpassword): ## stored, hashed pwd first; human entered pwd second found_usr = True mung = { 'access_token': create_access_token(identity=uname), 'refresh_token': create_refresh_token(identity=uname) } return redirect(url_for('protected', current_user=jsonify(mung), status=200)) else: flash('The password is wrong. Remember that it is case sensitive!') return redirect(url_for('login')) if found_usr == False: flash('The username is not on file. Maybe you have not registered yet?') return redirect(url_for('login')) return render_template('login.html', form=form)
def _authenticate_and_grant_tokens(json_in, with_refresh=False): username = json_in.get('username', None) password = json_in.get('password', None) if not (username and password): return invalid_username_password_problem user = User.query.filter_by(username=username).first() if user is None: return invalid_username_password_problem try: password = password.encode('utf-8') except UnicodeEncodeError: return invalid_username_password_problem if not user.active: return user_deactivated_problem if user.verify_password(password): response = {'access_token': create_access_token(identity=user.id, fresh=True)} if with_refresh: user.login(request.environ.get('HTTP_X_REAL_IP', request.remote_addr)) db.session.commit() response['refresh_token'] = create_refresh_token(identity=user.id) return response, OBJECT_CREATED else: return invalid_username_password_problem
def loginUser(): # If the HTTP Request is a 'GET' request if request.method == 'POST': # Show that a GET request is being recieved print("\n - POST REQUEST RECIEVED - \n") print("\n - In Route '/Login' - \n") loginData = request.get_json(force=True) # See json format jsonData = loginData['params'] # Pass the jsonData into our function to validate it jsonData = validateRequest(jsonData) print(jsonData) # If the data is in the correct format if jsonData['ok']: jsonData = jsonData['data'] user = mongo.db.Users.find_one({'email': jsonData['email']}) print(jsonData) global currentEmail currentEmail = jsonData['email'] print(currentEmail) try: # If the users password is correct if user and flask_bcrypt.check_password_hash(user['password'],jsonData['password']): print("Details correct!") # Delete their password and give them an access token del user['password'] access_token = create_access_token(identity=jsonData) refresh_token = create_refresh_token(identity=jsonData) user['token'] = access_token user['refresh'] = refresh_token # Return the information as JSON with status code 200 return jsonify({'ok': True, 'data': user, 'message': 'Record exists.. Creating access token and Logging in..'}), 200 else: raise ValueError("Invalid Salt") print('Caught this error: ' + repr(error)) except Exception as error: # If the list is empty due to an error with login details, motify the user return jsonify({'ok': False, 'message': 'Record does not exist. Please check log-in parameters.'}), 201 else: # Return a bad request response in JSON if the paramaters are incorrect return jsonify({'ok': False, 'message': 'Bad request parameters!'}), 202
def refresh(): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) ret = { 'access_token': access_token } add_token_to_database(access_token, app.config['JWT_IDENTITY_CLAIM']) return jsonify(ret), 200
def post(self): username = request.json.get('username') password = request.json.get('password') user = authenticate(username, password) if user is not None: #token = user.generate_auth_token() #return make_response(jsonify({'auth_token': token.decode('ascii')}), 200) return make_response(jsonify({'auth_token': create_access_token(identity=username), 'success': 'true', 'profile': UserSchema().dump(user).data}), 200) return abort(401, error="user not found")
def post(self): """ Get new token with valid token """ current_identity = import_user() ret = { 'access_token': create_access_token(identity=current_identity) } return ret
def logged_in_headers(mock_user_ad): """Pytest fixture that creates a valid token for a user.""" # This is the GUID for "testuser2" which is a member of "ADReset Users" guid = '10385a23-6def-4990-84a8-32444e36e496' user = User(ad_guid=guid) db.session.add(user) db.session.commit() token = create_access_token(identity={'guid': guid, 'username': '******'}) return { 'Authorization': 'Bearer {0}'.format(token), 'Content-Type': 'application/json' }
def admin_logged_in_headers(mock_admin_ad): """Pytest fixture that creates a valid token for an admin.""" # This is the GUID for "testuser" which is a member of "ADReset Admins" guid = '5609c5ec-c0df-4480-a94b-b6eb0fc4c066' user = User(ad_guid=guid) db.session.add(user) db.session.commit() token = create_access_token(identity={'guid': guid, 'username': '******'}) return { 'Authorization': 'Bearer {0}'.format(token), 'Content-Type': 'application/json' }
def signin(): data = json.loads(request.data.decode('utf-8')) username = data['username'] #request.json.get('username', None) password = data['password'] # request.json.get('password', None) if User.get_user_with_username_and_password(username, password) is None: return jsonify({"msg": "Bad username or password"}), 401 # Identity can be any data that is json serializable ret = {'access_token': create_access_token(identity=username), 'username': username} return jsonify(ret), 200
def post(self): """ Get a new access token without requiring username and password—only the 'refresh token' provided in the /login endpoint. Note that refreshed access tokens have a `fresh=False`, which means that the user may have not given us their username and password for potentially a long time (if the token has been refreshed many times over). """ current_user = get_jwt_identity() new_token = create_access_token(identity=current_user, fresh=False) return {'access_token': new_token}, 200
def refresh(body=None, token_info=None, user=None): current_user_id = get_jwt_identity() user = User.query.filter(User.id == current_user_id).first() if user is None: revoke_token(get_raw_jwt()) return Problem( UNAUTHORIZED_ERROR, 'Could not grant access token.', 'User {} from refresh JWT identity could not be found.'.format(current_user_id)) if user.active: return {'access_token': create_access_token(identity=current_user_id, fresh=False)}, OBJECT_CREATED else: return user_deactivated_problem
def auth(): username = request.json.get('username', None) password = request.json.get('password', None) if username != 'admin' or password != pw: return jsonify({"msg": "Bad username or password"}), 401 # Use create_access_token() and create_refresh_token() to create our # access and refresh tokens ret = { 'access_token': create_access_token(identity=username), 'refresh_token': create_refresh_token(identity=username) } return jsonify(ret), 200
def post(self): data = _user_parser.parse_args() user = UserModel.find_by_username(data['username']) if user and safe_str_cmp(user.password, data['password']): access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) return { 'access_token': access_token, 'refresh_token': refresh_token }, 200 return {"message": "Invalid Credentials!"}, 401
def login(username, password): if username is not None and password is not None: db_user = db.run( "MATCH (n:Person) WHERE n.email={username} RETURN n.name AS name, n.email AS email, n.password AS password, ID(n) AS user_id", {"username": username}) for person in db_user: if sha256_crypt.verify(password, person['password']): return {"access_token": create_access_token(identity=username), "refresh_token": create_refresh_token(identity=username), "user_id": person["user_id"]} raise AuthError("Username or password is incorrect") else: raise AuthError("Username and Password are required") raise AuthError("Authentication failed")
def post(self): """ Get Json Web Token """ request_data = request.get_json() username = request_data['username'] password = request_data['password'] user = User.query.filter_by(username=username).first() if not user or not user.verify_password(password): api.abort(code=401, message='Incorrect user or password') ret = {'access_token': create_access_token(identity=user)} return ret
def post(self): data = _user_parser.parse_args() user = UserModel.find_by_username(data['username']) # this is what the `authenticate()` function did in security.py if user and safe_str_cmp(user.password, data['password']): # identity= is what the identity() function did in security.py—now stored in the JWT access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) return { 'access_token': access_token, 'refresh_token': refresh_token }, 200 return {"message": "Invalid Credentials!"}, 401
def post(self): # global options data = Authentication.parser.parse_args() username = data['username'] password = data['password'] current_path = os.path.dirname(os.path.realpath(__file__)) options = utils.reading_json(current_path + '/storages/options.json') if username == options.get('USERNAME'): if password == options.get('PASSWORD'): expires = datetime.timedelta(days=365) token = create_access_token(username, expires_delta=expires) return {'access_token': token} return {'error': "Credentials Incorrect"}
def home(): """Home page.""" form = LoginForm(request.form) # Handle logging in if request.method == 'POST': if form.validate_on_submit(): login_user(form.user) flash('You are logged in.', 'success') # acquire rest api token session['token'] = create_access_token(identity=form.user.id) current_app.logger.debug('grant user {} rest api token {}'.format(form.user, session['token'])) redirect_url = request.args.get('next') or url_for('provider.apps') return redirect(redirect_url) else: flash_errors(form) return render_template('public/home.html', form=form)
def signup(): data = json.loads(request.data.decode('utf-8')) username = data['username'] #request.json.get('username', None) password = data['password'] # request.json.get('password', None) if username is None or password is None: return jsonify({"msg": "You must supply username and password"}), 401 u = User.query.filter_by(username=username).first() if u: return jsonify({"msg": "A user with the name " + username + " already exists"}), 401 u = User(username=username, password=password) db.session.add(u) db.session.commit() # Identity can be any data that is json serializable ret = {'access_token': create_access_token(identity=username)} return jsonify(ret), 200
def post(self): """Authenticates and generates a token""" schema = TokenSchema() data, errors = schema.load(current_app.api.payload) if errors: return errors, 400 try: user = User.get(email=data.email) except User.DoesNotExist: abort(403, 'No such user, or wrong password') if not user or not user.active: abort(403, 'No such user, or wrong password') if not verify_password(data.password, user.password): abort(403, 'No such user, or wrong password') access_token = create_access_token(identity=user.email) refresh_token = create_refresh_token(identity=user.email) access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES'] resp = jsonify( { 'access': access_token, 'refresh': refresh_token, 'accessExpire': int(access_expire.total_seconds()), 'refreshExpire': int(refresh_expire.total_seconds()), } ) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH'] refresh_secure = current_app.config['JWT_COOKIE_SECURE'] refresh_expire_date = datetime.now() + refresh_expire resp.set_cookie( 'refresh_expire', value=str(refresh_expire_date), expires=refresh_expire_date, path=refresh_path, httponly=True, secure=refresh_secure, ) return resp
def authorize(): token_resp = oauth.openstreetmap.authorize_access_token() token = token_resp["oauth_token"] token_secret = token_resp["oauth_token_secret"] resp = oauth.openstreetmap.get("user/details") if resp.status_code != 200: # Bad request of some kind - report failure # FIXME: Use proper status code return jsonify(msg="Bad Oauth Request"), 400 xml = resp.text etree = ET.fromstring(xml) user = etree.findall("user")[0] osm_uid = user.attrib["id"] display_name = user.attrib["display_name"] osm_token_row = OpenStreetMapToken.save( osm_uid=osm_uid, display_name=display_name, oauth_token=token, oauth_token_secret=token_secret ) identity=osm_token_row.user_id # FIXME: identity should be a hash, not user ID. # FIXME: User ID should also be a hash - though not the same as identity. access_token = create_access_token(identity) refresh_token = create_refresh_token(identity) # TODO: create a whitelist of callback URIs, allow callback URI to be issued at # /login endpoint. Should also create an API key that is associated with a given # callback URI - new clients are registered by creating a new pair of: # - API Key # - (short) list of allowed callback URIs consumer_callback_uri = current_app.config.get("CONSUMER_CALLBACK_URI") url = "{}?access_token={}&refresh_token={}".format(consumer_callback_uri, access_token, refresh_token) return redirect(url)
def login(): data = jsonify({'Authorized' : completion}) resp = get_response(data) if request.method == 'POST': json = request.json username = json.get("email") password = json.get("password") global completion completion = auth.authenticate(username, password) if completion == False: data = jsonify({'Authorized' : completion, "msg": "Bad username or password"}) return get_response(data), 401 data = jsonify({ 'Authorized' : completion, 'access_token' : create_access_token(identity=username), 'refresh_token' : create_refresh_token(identity=username) }) return get_response(data), 200 return resp
def post(cls): current_user = get_jwt_identity() new_token = create_access_token(identity=current_user, fresh=False) return generate_message_json(HttpStatusCode.OK.value, new_token, "access_token")
def refresh_access_token(): return jsonify( {'access_token': create_access_token(identity=get_jwt_identity())}), 200
def post(self): current_user = get_jwt_identity() token = create_access_token(identity=current_user, fresh=False) return {'token': token}, HTTPStatus.OK
def refresh_token(): current_user = get_jwt_identity() return jsonify( SessionResponse( None, create_access_token(identity=current_user), create_refresh_token(identity=current_user)).to_dict()), 200
def get_access_token(grantType, identifier): identity = {'grantType': grantType, 'identifier': identifier} token = create_access_token(identity=identity) return {'accessToken': token}
def post(self): """Refresh token for user to maintain user identity""" current_user = get_jwt_identity() ret = {'access_token': create_access_token(identity=current_user)} return ret
def post(self): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) return {'access_token': access_token}
def login(): ''' This router function attempts to fulfill a login request. During its attempt, it returns a json string, with two values: - username, user attempting to login - integer, codified indicator of login attempt: - 0, successful login - 1, username does not exist - 2, username does not have a password - 3, supplied password does not match stored password - 4, generic login failure: - https://www.owasp.org/index.php/Authentication_Cheat_Sheet Note: token authentication is stateless, since it doesn't require anything to be queried from the server, to verify the user. The token is setup, in such a way, where it is known, if the token is valid or not, and if the token has been tampered with. Note: more information on basic flask-jwt token authentication: http://flask-jwt-extended.readthedocs.io/en/latest/basic_usage.html ''' if request.method == 'POST': account = Account() # programmatic-interface: implement flask-jwt token if request.get_json(): results = request.get_json() username = results['user[login]'] password = results['user[password]'] # validate: check username exists if ( account.check_username(username)['result'] and account.get_uid(username)['result'] ): # database query: get hashed password, and userid hashed_password = account.get_password(username)['result'] uid = account.get_uid(username)['result'] # notification: verify hashed password exists if hashed_password: # notification: verify password if verify_pass(str(password), hashed_password): # create and serialize uid token access_token = create_access_token(identity=uid) # return status return json.dumps({'status': 0, 'access_token': access_token}) # notification: incorrect password else: return json.dumps({'status': 4}) # notification: user does not have a password else: return json.dumps({'status': 4}) # notification: username does not exist else: return json.dumps({'status': 4})
def __init__(self, username, password): self.jwt = None if username and password: user = Users.objects(username=username, password=password) if user: self.jwt = create_access_token(identity=password)
def refresh(): user_id = flask_jwt_extended.get_jwt_identity() access_token = flask_jwt_extended.create_access_token(identity=user_id) return flask.json.jsonify(access_token=access_token), 200
def post(self): current_user_id = get_jwt_identity() # Gets Identity from JWT new_token = create_access_token(identity=current_user_id, fresh=False) return { "access_token": new_token, }, 200
def refresh(): current_user = get_jwt_identity() ret = {'access_token': create_access_token(identity=current_user)} return jsonify(ret), 200
def post(self): current_user = get_jwt_identity() new_token = create_access_token(identity=current_user, fresh=False) return {'access_token': new_token}, 200
def refresh(): current_user = get_jwt_identity() return rest('success', {"access_token": create_access_token(identity=current_user)})
def refresh(): user = User.query.get(get_jwt_identity()) if not user: return error_response(401, "Unknown user.") access_token = create_access_token(identity=user.id) return jsonify(access_token=access_token)
def post(self): # retrive the user's identity from the refresh token using a Flask-JWT-Extended built-in method current_user = get_jwt_identity() # return a non-fresh token for the user new_token = create_access_token(identity=current_user, fresh=False) return {'access_token': new_token}, 200
def create_token(id_user): expires = datetime.timedelta(days=1) return create_access_token(identity=id_user, expires_delta=expires)
def post(self): current_user = get_jwt_identity() claims = get_jwt_claims() token = create_access_token(identity=current_user, user_claims=claims) return {'token': token}, 200
def post(self): current_user = get_jwt_identity() new_access_token = create_access_token(identity=current_user) return {'message': 'Refreshed token', 'access_token': new_access_token}
def register(): #if not request.is_form: # return jsonify({"msg": "Missing Form request"}), 400 nombre = request.form.get('nombre', '') apellido = request.form.get('apellido', '') rut = request.form.get('rut', '') email = request.form.get('email', None) pais = request.form.get('pais', '') ciudad = request.form.get('ciudad', '') sexo = request.form.get('sexo', '') password = request.form.get('password', None) #avatar = request.json.get('avatar', '') #VALIDACIONES OBLIGATORIAS if not nombre or nombre == '': return jsonify({"msg": "Missing nombre"}), 400 if not apellido or apellido == '': return jsonify({"msg": "Missing apellido"}), 400 if not rut or rut == '': return jsonify({"msg": "Missing rut"}), 400 if not email or email == '': return jsonify({"msg": "Missing email"}), 400 if not pais or pais == '': return jsonify({"msg": "Missing País"}), 400 if not ciudad or ciudad == '': return jsonify({"msg": "Missing Ciudad"}), 400 if not password or password == '': return jsonify({"msg": "Missing password."}), 400 user = User.query.filter_by(email=email).first() if user: return jsonify({"msg": "email already exist"}), 400 userrut = User.query.filter_by(rut=rut).first() if userrut: return jsonify({"msg": "rut already exist"}), 400 file = request.files['avatar'] if file and file.filename != '' and allowed_file( file.filename, ALLOWED_EXTENSIONS_IMAGES ): #si existe el archivo y esta dentro de las extensiones permitidas filename = secure_filename(file.filename) file.save( os.path.join( os.path.join(app.config['UPLOAD_FOLDER'], 'images/avatars'), filename)) else: return jsonify({ "msg": "Archivo no permitido, debe ser de extensión png, jpg, jpeg, gif o svg" }), 400 user = User() # se crea una instancia de la clase User #asignando valores a los campos corresp. user.nombre = nombre user.apellido = apellido user.rut = rut user.email = email user.pais = pais user.ciudad = ciudad user.sexo = sexo user.password = bcrypt.generate_password_hash(password) if file: user.avatar = filename db.session.add(user) #se agrega todo lo anterior y se hace commit db.session.commit() access_token = create_access_token(identity=user.email) data = {"access_token": access_token, "user": user.serialize()} return jsonify(data), 201
def login(): if not (('uid' in session) and ('type' in session)): fields = ['name', 'hno', 'sector', 'register'] dic = {} data = request.get_json() types = data.get('type') print(types) if data.get('type') == 'Shop Owner': collection = database.Shops else: collection = database.Costumers results = collection.find({ 'email': data.get('email'), 'password': data.get('password') }) if results.count() == 1: products = [] orders = [] #session['uid']=results[0]['_id'] session['type'] = types if types == 'Shop Owner': session['shopcode'] = results[0]['code'] dic['shope'] = results[0]['sname'] obj = database.Products.find({'scode': results[0]['code']}) orj = database.Orders.find({'scode': results[0]['code']}) for objs in obj: objs['_id'] = '' products.append(objs) for orjs in orj: orjs['_id'] = '' orders.append(orjs) dic['products'] = products dic['orders'] = orders else: orj = database.Orders.find({'ofname': data.get('email')}) obj = database.Products.find({}) for objs in obj: objs['_id'] = '' products.append(objs) for orjs in orj: orjs['_id'] = '' orders.append(orjs) dic['products'] = products dic['orders'] = orders for field in fields: dic[field] = results[0][field] access_token = create_access_token(identity={ 'data': dic, 'types': types }) return access_token #return render_template('index.html',data=dic,types=types) else: flash('check username and password') return jsonify({'error': 'Incorrect username and password'}) else: return jsonify({'error': 'Incorrect'})
def generate_access_token_for_user(username: str, is_admin: bool): """Generate JWT token for user""" return create_access_token(identity={ 'username:'******'is_admin': is_admin })
def token_refresh(): user_id = get_jwt_identity() access_token = create_access_token(identity=user_id) data = {'access_token': access_token} return generate_success_response(data)
def test_image_get(client, access_token, sessions, lng, test_word, test_word_01, test_word_02): '''All possibilities are tested here.''' image_id = '01_vblock_pix_001' view_id = 'testing' path_name = (f'./application/images/static/images/for_{view_id}/' f'{image_id}.jpg') if not os.path.exists(path_name): if not os.path.exists(os.path.dirname(path_name)): os.mkdir(os.path.dirname(path_name)) pix = open(path_name, 'w') pix.close() _uuid = uuid4() sessions.setter(str(_uuid)) _tech_token = create_access_token(_uuid, expires_delta=False) '''success''' _headers = { 'Authorization': f'Bearer {_tech_token}', 'Content-Type': 'application/json', 'Accept-Language': lng } _params = {'view_id': view_id, 'identity': image_id} resp = client.get(url_for('images_bp.imageshandling', **_params), headers=_headers) assert resp.status_code == 200 '''illigal chracters''' _params = {'view_id': '_illigal_view_id', 'identity': image_id} resp = client.get(url_for('images_bp.imageshandling', **_params), headers=_headers) assert resp.status_code == 400 assert resp.json.get('message').find(test_word) != -1 _params = {'view_id': view_id, 'identity': '_illigal_image_id'} resp = client.get(url_for('images_bp.imageshandling', **_params), headers=_headers) assert resp.status_code == 400 assert resp.json.get('message').find(test_word) != -1 '''not found''' _params = {'view_id': 'wrong_view_id', 'identity': image_id} resp = client.get(url_for('images_bp.imageshandling', **_params), headers=_headers) assert resp.status_code == 404 assert resp.json.get('message').find(test_word_01) != -1 _params = {'view_id': view_id, 'identity': 'wrong_image_id'} resp = client.get(url_for('images_bp.imageshandling', **_params), headers=_headers) assert resp.status_code == 404 assert resp.json.get('message').find(test_word_01) != -1 '''no token''' _params = {'view_id': view_id, 'identity': image_id} _headers.pop('Authorization') resp = client.get(url_for('images_bp.imageshandling', **_params), headers=_headers) assert resp.status_code == 401 assert resp.json.get('description').find(test_word_02) != -1 # print('\ntest_images_get, resp ->', resp.status_code) # print('test_images_get, resp ->', resp.json) if os.path.exists(path_name): os.remove(path_name)
def get_token(user, password): if compare(user.get('password'), password): return {'access_token': create_access_token(user.get('id'))}, 200 else: return {'error': 'wrong data'}, 401
def post(cls): merchant_id = get_jwt_identity() new_access_token = create_access_token( identity=merchant_id, fresh=True) # creating new fresh token return {"access_token": new_access_token}, 200
def provide_token(user): return create_access_token(identity=user), create_refresh_token( identity=user)
def get_refresh_token(): current_user = get_jwt_identity() access_token = create_access_token(identity=current_user) return jsonify({'access_token': access_token})
def post(self): current_user = get_jwt_identity() # fresh=True, means that all tokens would be fresh. new_token = create_access_token(identity=current_user, fresh=False) return {"access_token": new_token}, 200
def refresh_access_token(): current_user = get_jwt_identity() return { 'access_token': create_access_token(identity=current_user), 'expires': app.config['JWT_ACCESS_TOKEN_EXPIRES'] }
def confirm_email(token): '''This route takes in a token from the confirmation email link to authenticate the user. It returns the user json object as well as access and refresh token cookies and csrf headers Arg {string} token Returns {Object<json>} 200 success: {string} user: {Object<json>} ''' # Try to decode the jwt token token = token.encode("utf-8") try: data = jwt.decode(token, app.config.get('SECRET_KEY'), algorithm='HS256') # If the token is expired, return error except jwt.ExpiredSignatureError: # Signature has expired return jsonify({'error': 'Reset token is expired. Please try again.'}), 400 # Get the user's id from the token public_id = data['public_id'] # Try to get the user from the database query = User.query.filter_by(public_id=public_id) try: user = query.one() # If no user found, return error except NoResultFound: return jsonify( {'error': ('Could not identify the user. ' ' Please try again.')}), 404, {'WWW-Authentication': 'Basic realm="Login required!"'} # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Add a confirmation date to user and make status active user.confirmed_at = datetime.utcnow() user.is_active = True # Try to add updated user to database try: db.session.commit() # If username already in database, return error except IntegrityError: return jsonify({'error': 'Could not confirm user. Please try again.'}), 400 # If some other sqlalchemy error is thrown, return error except SQLAlchemyError: return jsonify({'error': 'Some problem occurred!'}), 400 # Serialize the user user_schema = UserSchema() output = user_schema.dump(user).data # Create the tokens to be sent to the user expires = timedelta(seconds=1800) access_token = create_access_token(identity=user.public_id, expires_delta=expires) refresh_token = create_refresh_token(identity=user.public_id) # Get the new csrf tokens to be sent as headers csrf_access_token = get_csrf_token(access_token) csrf_refresh_token = get_csrf_token(refresh_token) # Create json response response = make_response( jsonify({ 'user': output, 'success': 'Login successful!' }), 200) # Set access and refresh cookies and headers and return response set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) response.set_cookie('public_id', user.public_id) response.headers['access'] = csrf_access_token response.headers['refresh'] = csrf_refresh_token return response