def access_token(): """ Generate an access token. Also do the password check. Do not handle rate limit. """ # this throw a BadRequest if json is not sent data = request.get_json() if 'method' in data: if data['method'] != 'password': return make_response(get_continuation_token_response(data), status=401) try: # max age 5 minutes # FIXME should be moved to the config file tokenData = auth.getURLSafeSerializer().loads(data['token'], max_age=300) except SignatureExpired: return make_response(get_continuation_token_response(tokenData), status=401) except BadSignature: abort(403) try: user = User.query.filter_by(username=tokenData['username']).one() user.checkPwd(data['password']) except database.NoResultFound: return make_response(get_continuation_token_response(tokenData), status=401) except User.BadPassword: return make_response(get_continuation_token_response(tokenData), status=401) # getOrCreate device = Device() device.setFromArray(tokenData) device.userId = user.id device.save() database.commit() auth.setUserAndDevice(user, device) response = get_endpoints() response['accessToken'] = auth.createAccessToken(); return make_response(response, status=201) return make_response(get_continuation_token_response(data))