def access_token():
"""
Generate an access token. Also do the password check.
Do not handle rate limit.
"""
# this throw a BadRequest if json is not sent
data = request.get_json()
if 'method' in data:
if data['method'] != 'password':
return make_response(get_continuation_token_response(data), status=401)
try:
# max age 5 minutes
# FIXME should be moved to the config file
tokenData = auth.getURLSafeSerializer().loads(data['token'], max_age=300)
except SignatureExpired:
return make_response(get_continuation_token_response(tokenData), status=401)
except BadSignature:
abort(403)
try:
user = User.query.filter_by(username=tokenData['username']).one()
user.checkPwd(data['password'])
except database.NoResultFound:
return make_response(get_continuation_token_response(tokenData), status=401)
except User.BadPassword:
return make_response(get_continuation_token_response(tokenData), status=401)
# getOrCreate
device = Device()
device.setFromArray(tokenData)
device.userId = user.id
device.save()
database.commit()
auth.setUserAndDevice(user, device)
response = get_endpoints()
response['accessToken'] = auth.createAccessToken();
return make_response(response, status=201)
return make_response(get_continuation_token_response(data))
