def login(): form = LoginForm(request.form) if form.validate_on_submit(): email = form.email.data password = form.password.data user = User.query.filter_by(email=email).first() if not user or not user.verify_password(password): return jsonify({"msg": "Bad username or password"}), 401 access_token = create_access_token(identity=email) refresh_token = create_refresh_token(identity=email) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) revoked_store.set(access_jti, 'false', current_app.config['JWT_ACCESS_TOKEN_EXPIRES']) revoked_store.set(refresh_jti, 'false', current_app.config['JWT_REFRESH_TOKEN_EXPIRES']) return jsonify({ 'accessToken': access_token, 'refreshToken': refresh_token, }), 201 else: return jsonify({'err': form.errors}), 401
def login_user(self, body): ''' User login to retrieve jwt tokens :param body: :return: ''' email, password = body['email'], body['password'] try: user = Users.objects.get(email=email) # "meta.is_deleted" if argon2.verify(password, user['password']): if user['is_active'] is True: user_id = str(user['_id']) access_token = create_access_token(identity=user_id) refresh_token = create_refresh_token(identity=user_id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis_db.set(access_jti, 'false', app.config['JWT_ACCESS_TOKEN_EXPIRES']) redis_db.set(refresh_jti, 'false', app.config['JWT_REFRESH_TOKEN_EXPIRES']) return { "status": 202, "access_token": access_token, "refresh_token": refresh_token }, 202 else: message = "You are missing one step on your activation process, Please check your email for instruction to activate your user" error_handler(code=401, message=message, ui_status=True) else: message = "Your Credentials don't match with our registries" error_handler(code=401, message=message, ui_status=True) except DoesNotExist as e: message = "Your Credentials don't match with our registries" error_handler(code=401, message=message, ui_status=True)
def login(): if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 username = request.json.get('username', None) password = request.json.get('password', None) if username is None: return jsonify({"msg": "Missing username parameter"}), 400 if password is None: return jsonify({"msg": "Missing password parameter"}), 400 user = User.query.filter_by(name=username).first() if user is None: return jsonify({"msg": "Invalid username"}), 400 if not user.check_password(password): return jsonify({"msg": "Invalid password"}), 400 access_token = create_access_token(identity=user, fresh=True) refresh_token = create_refresh_token(identity=user) user.sign_stamp() access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis.set(access_jti, 'false', current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] * 1.2) redis.set(refresh_jti, 'false', current_app.config['JWT_REFRESH_TOKEN_EXPIRES'] * 1.2) data = user.to_dict data.update(access_token=access_token, refresh_token=refresh_token) return jsonify(data), 200
def post(cls): _user_parser = reqparse.RequestParser(bundle_errors=True) _user_parser.add_argument('email', type=non_empty_string, required=True, help="The email field is required!") _user_parser.add_argument('password', type=non_empty_string, required=True, help="The password field is required!") data = _user_parser.parse_args() user = UserModel.find_by_email(data['email']) if user and safe_str_cmp(user.password, data['password']): access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) return { 'access_token': access_token, 'refresh_token': refresh_token, 'user': user.username() }, 200 return {'message': 'Invalid Credential'}, 401
def signin(): username = request.json.get('username', None) password = request.json.get('password', None) model = {'name': username, 'password': password} if UserTb.isUnAuthUser(user=model): return jsonify({"msg": "Bad username or password"}), 401 # Store the tokens in redis with a status of not currently revoked. We # can use the `get_jti()` method to get the unique identifier string for # each token. We can also set an expires time on these tokens in redis, # so they will get automatically removed after they expire. We will set # everything to be automatically removed shortly after the token expires user = UserTb.getUser(user=model) access_token = create_access_token(identity=user['id'], fresh=True) refresh_token = create_refresh_token(identity=user['id']) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) resp = jsonify({'signin': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 201
def delete_the_user(): # jti = get_raw_jwt()['jti'] refresh_token_from_header = None access_token_from_header = None if 'refresh_token' in request.headers: refresh_token_from_header = request.headers['refresh_token'] if 'access_token' in request.headers: access_token_from_header = request.headers['access_token'] request_data = request.get_json(force=True) refresh_token = refresh_token_from_header refresh_token_jti = get_jti(refresh_token) access_token = access_token_from_header access_token_jti = get_jti(access_token) refresh_identity = get_jwt_identity() person_id = refresh_identity['id'] print(person_id, type(person_id)) # token_type = decoded_token['type'] # Store the tokens in our store with a status of not currently revoked. db.session.query(TokenBlacklist).filter_by(jti=refresh_token_jti).delete() db.session.query(TokenBlacklist).filter_by(jti=access_token_jti).delete() db.session.query(UserHealth).filter_by(person_id=person_id).delete() db.session.query(LastLocationPostGis).filter_by(person_id=person_id).delete() db.session.query(InteractedUsers).filter_by(interacted_id=person_id).delete() db.session.query(InteractedUsers).filter_by(person_id=person_id).delete() db.session.query(User).filter_by(id=person_id).delete() db.session.query(TokenBlacklist).filter_by(user_identity=str(person_id)).delete() db.session.commit() print('deleted the user') return jsonify({"message": str("your account\ has been deleted\nstay safe keep your family safe!!!")}), 200
def post(self): data = request.get_json() # lets get username and email from request username = data.get('username') email = data.get('email') password = data.get('password') # either username and email was provided if username: user = User.get_by_username(username) elif email: user = User.get_by_email(email) else: return {'message':'Provide either username and email for authentication'}, HTTPStatus.BAD_REQUEST # now check the validity of the user and password if not user or not utils.check_password(password, user.password): return {'message': 'username or password is incorrect'}, HTTPStatus.UNAUTHORIZED access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(identity=user.id) # add the refresh token to the dict reftoken_dict[get_jti(access_token)] = get_jti(refresh_token) return {'access_token': access_token, 'refresh_token': refresh_token}, HTTPStatus.OK
def post(self): _user_schema = UserSchema(only=( "email", "password", )) data = request.get_json() args = _user_schema.load(data) user = User.query.filter_by(email=args['email']).first() if user and user.password and user.check_pass(args['password']): if user.confirmation.activated: access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(identity=user.id) # encode jti token to store database redis access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) # store to database redis conn_redis.set(access_jti, 'false', _ACCESS_EXPIRES) conn_redis.set(refresh_jti, 'false', _REFRESH_EXPIRES) return { "access_token": access_token, "refresh_token": refresh_token, "username": user.username }, 200 return {"message": "Check your email to activated user."}, 400 return {"message": "Invalid credential"}, 422
def login(): username = request.json.get('username', None) password = request.json.get('password', None) #check this user in redis, if yes then revoke if user_store.exists(username) > 0: access_jti = user_store.get(username) jti = get_jti(access_jti) revoked_store.set(jti, 'true', ACCESS_EXPIRES * 0.1) #if no , login first #check this user in user.json , if no , return "This user was rejected" else: with open('user.json', 'r') as f: jsonfile = json.loads(f.read()) if username not in jsonfile['user']: return "This user was rejected" # Create our JWTs access_token = create_access_token(identity=username) access_jti = get_jti(encoded_token=access_token) revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) user_store.set(username, access_token, ACCESS_EXPIRES * 1.2) ret = {'access_token': access_token} return jsonify(ret), 201
def login(self, payload): """ Login Function to return access and refresh token :param payload: :return: """ email, password = payload['email'], payload['password'] count, records = base_obj.get(Collections.USERS, {"email": email}) if count > 0: if sha256_crypt.verify(password, records[0]['password']): if records[0]['is_active'] is True: access_token = create_access_token(identity=email) refresh_token = create_refresh_token(identity=email) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis_store.set( access_jti, 'false', application.config['JWT_ACCESS_TOKEN_EXPIRES']) redis_store.set( refresh_jti, 'false', application.config['JWT_REFRESH_TOKEN_EXPIRES']) return { 'access_token': access_token, 'refresh_token': refresh_token } else: abort( 401, Message="User is not activated. Activate User to Login" ) else: abort(401, Message="Password is incorrect") else: abort(404, Message='Email does not exists')
def get(self, token: str): confirmation = Confirmation.query.filter_by(id=token).first_or_404( description='Token not found') if confirmation.activated: return {"message": "Your account already activated."}, 200 if not confirmation.token_is_expired: confirmation.activated = True confirmation.save_to_db() # set access token access_token = create_access_token(identity=confirmation.user.id, fresh=True) refresh_token = create_refresh_token(identity=confirmation.user.id) # encode jti token to store database redis access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) # store to database redis revoked_store.set(access_jti, 'false', _ACCESS_EXPIRES) revoked_store.set(refresh_jti, 'false', _REFRESH_EXPIRES) return { "access_token": access_token, "refresh_token": refresh_token, "username": confirmation.user.username }, 200 return { "message": "Upps token expired, you can resend email confirm again" }, 400
def logout(): '''Revokes the current user's tokens to logout user''' arw = ApiResponseWrapper() try: access_token = request.cookies.get('access_token_cookie') access_jti = get_jti((access_token)) revoked_store.set(access_jti, 'true', JWT_ACCESS_EXPIRES) refresh_token = request.cookies.get('refresh_token_cookie') refresh_jti = get_jti((refresh_token)) revoked_store.set(refresh_jti, 'true', JWT_ACCESS_EXPIRES) final_response, status_code, headers = arw.to_json(None, 201) unset_jwt_cookies(final_response) except (BadRequestsError, UnauthorizedError, MethodNotAllowedError, InternalServerError, NotFoundError) as e: arw.add_errors(e.messages) if arw.has_errors(): return arw.to_json(None, 400) return final_response, status_code, headers
def login(): data = request.json username = data['username'] password = data['password'] user = User.query.filter_by(username=username).first() if not user: raise UsernameOrPasswordWrong if not user.verify_password(password): raise UsernameOrPasswordWrong user.ping() access_token = create_access_token(identity=user.id) refresh_token = create_refresh_token(identity=user.id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) access_key = merge_jit_key(user.id, access_jti) refresh_key = merge_jit_key(user.id, refresh_jti) redis_store.set(access_key, 'false', current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] * 1.1) redis_store.set(refresh_key, 'false', current_app.config['JWT_REFRESH_TOKEN_EXPIRES'] * 1.1) res = { "access_token": access_token, "refresh_token": refresh_token } return success_resp(res)
def login(): """ POST endpoint that logs in an existing officer user. """ json = g.clean_json email = json['email'] password = json['password'] potential_user = NewOfficerUser.objects(email=email).first() if potential_user is None: raise JsonError(status='error', reason='The user does not exist.') if not hash_manager.verify(password, potential_user.password): raise JsonError(status='error', reason='The password is incorrect.') access_token = create_access_token(identity=potential_user) refresh_token = create_refresh_token(identity=potential_user) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) AccessJTI(owner=potential_user, token_id=access_jti).save() RefreshJTI(owner=potential_user, token_id=refresh_jti).save() return { 'access': access_token, 'access_expires_in': int(CurrentConfig.JWT_ACCESS_TOKEN_EXPIRES.total_seconds()), 'refresh': refresh_token, 'refresh_expires_in': int(CurrentConfig.JWT_REFRESH_TOKEN_EXPIRES.total_seconds()) }
def post(self): data = UserLogin.parser.parse_args() user = UserModel.find_user(data['usernameOrEmail']) # this is what the `authenticate()` function did in securityJWT.py if user and Verify_Password(user.password, data['password']): # check if the email has been Activated if user.email_active is False: return {"message": "Please Active your Account"}, 200 # identity= is what the identity() function did in securityJWT.py, now stored in the JWT access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) # Store the tokens in redis with a status of not currently revoked. We # can use the `get_jti()` method to get the unique identifier string for # each token. We can also set an expires time on these tokens in redis, # so they will get automatically removed after they expire. We will set # everything to be automatically removed shortly after the token expires access_jti = get_jti(encoded_token=access_token) # get the curent id of the access Token refresh_jti = get_jti(encoded_token=refresh_token) # get the curent id of the refresh access Token revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) return { "username": user.username, "email": user.email, 'access_token': access_token, 'refresh_token': refresh_token }, 200 return {"message": "Invalid Credentials!"}, 401
def post(self): log_event("POST: /login") body = request.get_json(force=True) err_response_message = 'Incorrect login details' for user in UserModel.scan(UserModel.email == (body['email'])): email = user.email password_hash = user.password password = body['password'] if pbkdf2_sha256.verify(password, password_hash): access_token = create_access_token(identity=email) refresh_token = create_refresh_token(identity=email) access_token_jti = get_jti(access_token) refresh_token_jti = get_jti(refresh_token) user.update(actions=[ UserModel.accessToken.set(access_token_jti), UserModel.refreshToken.set(refresh_token_jti), UserModel.updated_at.set( datetime.datetime.utcnow().isoformat()), ]) return success_response({ 'uuid': user.uuid, 'accessToken': access_token, 'refreshToken': refresh_token }) else: return err_response(err_response_message, 404) return err_response(err_response_message, 404)
def login(): response = dict() email = request.json.get('email') password = request.json.get('password') user = User.find_one({'email': email, 'enabled': True}) if user.verify_password(password): # Creates session and persists it in Redis access_token = create_access_token(user.id) refresh_token = create_refresh_token(user.id) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis.set(access_jti, 'false', ConfigJWT.JWT_ACCESS_TOKEN_EXPIRES * 1.2) redis.set(refresh_jti, 'false', ConfigJWT.JWT_REFRESH_TOKEN_EXPIRES * 1.2) response['access_token'] = access_token response['refresh_token'] = refresh_token response['expires_in'] = datetime.now( ) + ConfigJWT.JWT_ACCESS_TOKEN_EXPIRES code = 201 else: response['message'] = 'unauthorized' code = 401 return response, code
def login(): logger.info(request.is_json) if not request.is_json: raise GeneralError(message="Empty JSON") username = request.json.get("username", None) password = request.json.get("password", None) if not username or not password: raise GeneralError(message="Empty password or username") current_user = User.find(user_identity=username) if current_user is None or bcrypt.hashpw( password.encode("utf-8"), current_user.password.encode( "utf-8")) != current_user.password.encode("utf-8"): logger.error("User's {} pass or email not correct".format(username)) raise WrongCreds() logger.info("User {} logged in".format(current_user.username)) access_token = create_access_token(identity=current_user) refresh_token = create_refresh_token(identity=current_user) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis.set(access_jti, "false", app.config["JWT_ACCESS_TOKEN_EXPIRES"] * 1.2) redis.set(refresh_jti, "false", app.config["JWT_REFRESH_TOKEN_EXPIRES"] * 1.2) ret = {"access_token": access_token, "refresh_token": refresh_token} return jsonify(ret), 201
def test_jwt_is_invalid(self): """Ensure that the token provided is in the correct format.""" data_test = { "name": "juan", "email": "*****@*****.**", "password": "******", } user = User(**data_test) user.insert() with self.client: response = self.client.post( "/user/login", data=json.dumps({ "email": data_test["email"], "password": data_test["password"] }), content_type="application/json" ) data = json.loads(response.data) token = data.get("token") with self.assertRaises(Exception) as context: get_jti(token + "something-invalid") self.assertIn( "Signature verification failed", str(context.exception) )
def post(self, **request): username = request.get('username') password = request.get('password') _redis = get_client() with DBSessionForRead() as session: user = session.query(User).filter( User.username == username).scalar() is_pass = user.verify_password(password) if is_pass: user_ditc = {"username": user.username, "email": user.email} access_token = create_access_token(identity=user_ditc, fresh=True) refresh_token = create_refresh_token(identity=user_ditc) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) access_expires = current_app.config.get('JWT_ACCESS_TOKEN_EXPIRES') refresh_expires = current_app.config.get( 'JWT_REFRESH_TOKEN_EXPIRES') _redis.set(access_jti, 'false', access_expires) _redis.set(refresh_jti, 'false', refresh_expires) ret = { 'access_token': access_token, 'refresh_token': refresh_token } return self.make_response(ret) return self.make_response(resp_code=ERROR, resp_desc='用户或密码错误')
def login(): params = {'username': FieldString(), 'password': FieldString()} json_data = parse_req(params) username = json_data.get('username').strip().lower() password = json_data.get('password') user = client.db.user.find_one({'username': username, 'deleted': False}) if user: activate = user['status'] if activate == 'activated' and check_password_hash( user['password'], password): access_token = create_access_token(identity=user['_id'], expires_delta=ACCESS_EXPIRES) refresh_token = create_refresh_token(identity=user['_id'], expires_delta=REFRESH_EXPIRES) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) user_token = dict(_id=str(ObjectId()), user_id=user['_id'], access_jti=access_jti, refresh_jti=refresh_jti) client.db.token.insert_one(user_token) return send_result(data={ 'access_token': access_token, 'refresh_token': refresh_token, 'role': user['role'] }, message='login_successfully') else: return 'Login failed'
def logout(access_token, refresh_token): """Logout refresh token""" access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) redis.set(access_jti, 'true', ACCESS_EXPIRE) redis.set(refresh_jti, 'true', REFRESH_EXPIRE) return success(204, "User logout success.")
def register_tokens(app, access_token, refresh_token=None): access_jti = get_jti(encoded_token=access_token) auth_tokens_store.add(access_jti, 'false', app.config["JWT_ACCESS_TOKEN_EXPIRES"]) if refresh_token is not None: refresh_jti = get_jti(encoded_token=refresh_token) auth_tokens_store.add(refresh_jti, 'false', app.config["JWT_REFRESH_TOKEN_EXPIRES"])
def jwt_create_token(publicKey): # Create our JWTs access_token = create_access_token(identity=publicKey) refresh_token = create_refresh_token(identity=publicKey) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) ret = {'access_token': access_token, 'refresh_token': refresh_token} return ret
def logout(): data = request.get_json() access_token = data["access_token"] refresh_token = data["refresh_token"] access_jti = get_jti(access_token) refresh_jti = get_jti(refresh_token) redis.set("is_revoked_jti:" + access_jti, "true", ACCESS_TOKEN_EXPIRES * 1.2) redis.set("is_revoked_jti:" + refresh_jti, "true", REFRESH_TOKEN_EXPIRES * 1.2) return Success("Logout successful.")
def get_token(cls, user_id: int) -> Dict[str, str]: # create access_token & refresh_token access_token = create_access_token(identity=user_id, fresh=True) refresh_token = create_refresh_token(identity=user_id) # encode jti token to store database redis access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) # store to database redis conn_redis.set(access_jti, 'false', cls._ACCESS_EXPIRES) conn_redis.set(refresh_jti, 'false', cls._REFRESH_EXPIRES) return {"access_token": access_token, "refresh_token": refresh_token}
def add_to_store(access_token, refresh_token): """ Store the tokens in redis with a status of not currently revoked. We can use the `get_jti()` method to get the unique identifier string for each token. We can also set an expires time on these tokens in redis, so they will get automatically removed after they expire. We will set everything to be automatically removed shortly after the token expires """ access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) blacklist_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) blacklist_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2)
def post(self): data = parser_refresh.parse_args() old_access_token = data.get('access_token') old_access_jti = get_jti(encoded_token=old_access_token) current_user = get_jwt_identity() # Refresh new access token access_token = create_access_token(identity=current_user) access_jti = get_jti(encoded_token=access_token) blacklist_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) # Revoke old access token blacklist_store.set(old_access_jti, 'true', ACCESS_EXPIRES * 1.2) return {'access_token': access_token}
def register_tokens(app, access_token, refresh_token=None): """ Register access and refresh tokens to auth token store. That way they can be used like a session. """ access_jti = get_jti(encoded_token=access_token) auth_tokens_store.add(access_jti, 'false', app.config["JWT_ACCESS_TOKEN_EXPIRES"]) if refresh_token is not None: refresh_jti = get_jti(encoded_token=refresh_token) auth_tokens_store.add(refresh_jti, 'false', app.config["JWT_REFRESH_TOKEN_EXPIRES"])
def login(request: LoginRequest, context: Context) -> (str, str, str): """Given user login request, check if provided username and password are valid. If yes, provide a tuple consisting user_id, username, access token and refresh token. If username doesn't exist, raise `DatabaseQueryError`; if username is valid but password doesn't match, raise `BadRequestError`. """ user = context.postgres_gateway.read_user(username=request.username) if hash_password_with_salt(request.password, user.salt) != user.password: raise BadRequestError access_token = flask_jwt_extended.create_access_token(identity=user.user_id, fresh=True) refresh_token = flask_jwt_extended.create_refresh_token(identity=user.user_id) context.redis_gateway.set(flask_jwt_extended.get_jti(encoded_token=access_token), "login", ACCESS_EXPIRES * 1.2) context.redis_gateway.set(flask_jwt_extended.get_jti(encoded_token=refresh_token), "login", REFRESH_EXPIRES * 1.2) return user.user_id, user.username, access_token, refresh_token