def authorize():
"""
Authorize a user with username and password
When success, return json object with access and refresh token
"""
# get username and password from request header
if "application/x-www-form-urlencoded" in request.content_type:
username = request.form.get("username")
password = request.form.get("password")
else:
username = request.headers.get("username")
password = request.headers.get("password")
if username is None or password is None:
raise BadRequest()
# check user exists
user = Users().find_one({"username": username})
if user is None:
raise Unauthorized("Username incorrect")
# check password is valid
password_hash = user.pop("password_hash")
is_valid = check_password_hash(password_hash, password)
if not is_valid:
raise Unauthorized("Password incorrect")
# check that user is active
if not user.get("active", False):
raise Unauthorized("Account is disabled.")
# generate token
access_token = AccessToken.encode(user)
refresh_token = uuid4()
# store refresh token in database
RefreshTokens().insert_one({
"token":
refresh_token,
"user_id":
user["_id"],
"expire_time":
datetime.now() + timedelta(days=30),
})
# send response
response_json = {
"access_token": access_token,
"refresh_token": refresh_token
}
response = jsonify(response_json)
response.headers["Cache-Control"] = "no-store"
response.headers["Pragma"] = "no-cache"
return response
def authorize():
"""
Authorize a user with username and password
When success, return json object with access and refresh token
"""
# get username and password from request header
if 'application/x-www-form-urlencoded' in request.content_type:
username = request.form.get('username')
password = request.form.get('password')
else:
username = request.headers.get('username')
password = request.headers.get('password')
if username is None or password is None:
raise BadRequest()
# check user exists
user = Users().find_one({'username': username})
if user is None:
raise Unauthorized()
# check password is valid
password_hash = user.pop('password_hash')
is_valid = check_password_hash(password_hash, password)
if not is_valid:
raise Unauthorized()
# generate token
access_token = AccessToken.encode(user)
refresh_token = uuid4()
# store refresh token in database
RefreshTokens().insert_one({
'token': refresh_token,
'user_id': user['_id'],
'expire_time': datetime.now() + timedelta(days=30)
})
# send response
response_json = {
'access_token': access_token,
'refresh_token': refresh_token
}
response = jsonify(response_json)
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
return response
