def login(): #check_password_hash(saved,input) try: username = request.json.get("username", None) password = request.json.get("password", None) client = MongoClient() db = client.naft user = db.users.find_one({"username": username}) if user is None: return jsonify({"status": "error", "error": "User not found"}), 404 if (user['verified'] == "false"): return jsonify({ "status": "error", "error": "Email has not been verified" }), 401 #if not check_password_hash(users[0]['password'],password): if user['password'] != password: return jsonify({ "status": "error", "error": "Username/Password incorrect" }), 401 access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) resp = jsonify({"status": "OK"}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 except Exception as e: return jsonify({"status": "error", "error": str(e)}), 409
def post(self): data = _user_parser.parse_args() user = UserModel.find_by_username(data["username"]) if user and safe_str_cmp(user.password, data["password"]): access_token = create_access_token(identity=user.user_id, fresh=True) refresh_token = create_refresh_token(user.user_id) resp = jsonify({ 'login': True, 'status': 'Sucess', 'access_token': access_token, 'refresh_token': refresh_token, 'user_name': user.name, 'age': user.age, 'area': user.address }) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) #cookies=[ ('Set-Cookie', 'access_token=%s'.format(access_token)), ('Set-Cookie', 'refresh_token=%s'.format(refresh_token)),'Set-Cookie' ] resp.headers['Authorization'] = str('Bearer ' + access_token) print(resp) return resp return {"message": "Invalid credentials!"}, 401
def signin(): username = request.json.get('username', None) password = request.json.get('password', None) model = {'name': username, 'password': password} if UserTb.isUnAuthUser(user=model): return jsonify({"msg": "Bad username or password"}), 401 # Store the tokens in redis with a status of not currently revoked. We # can use the `get_jti()` method to get the unique identifier string for # each token. We can also set an expires time on these tokens in redis, # so they will get automatically removed after they expire. We will set # everything to be automatically removed shortly after the token expires user = UserTb.getUser(user=model) access_token = create_access_token(identity=user['id'], fresh=True) refresh_token = create_refresh_token(identity=user['id']) access_jti = get_jti(encoded_token=access_token) refresh_jti = get_jti(encoded_token=refresh_token) revoked_store.set(access_jti, 'false', ACCESS_EXPIRES * 1.2) revoked_store.set(refresh_jti, 'false', REFRESH_EXPIRES * 1.2) resp = jsonify({'signin': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 201
def authenticate(allow_refresh_token=False, existing_identity=None): data = request.get_json() username = data.get('email', data.get('username')) password = data.get('password') criterion = [username, password] if not all(criterion): return jsonify(error='username or password missing'), 400 identity = jwt_authenticate(username, password) if not identity or (existing_identity and identity != existing_identity): # For fresh login, credentials should match existing user return jsonify(error='Invalid Credentials'), 401 remember_me = data.get('remember-me') include_in_response = data.get('include-in-response') add_refresh_token = allow_refresh_token and remember_me expiry_time = timedelta(minutes=90) if add_refresh_token else None access_token = create_access_token(identity.id, fresh=True, expires_delta=expiry_time) response_data = {'access_token': access_token} if add_refresh_token: refresh_token = create_refresh_token(identity.id) if include_in_response: response_data['refresh_token'] = refresh_token response = jsonify(response_data) if add_refresh_token and not include_in_response: set_refresh_cookies(response, refresh_token) return response
def PUT(cls, request: Request, payload, collection: Collection) -> Response: ''' Create a refresh token ''' identity = get_jwt_identity() if not identity: return JsonError( 'Could not refresh access token, failed to validate refresh token' ) access_token, refresh_token = cls.update_stored_token(identity) response = JsonResponse({ '_id': str(identity['_id']), 'permissions': identity['permissions'], 'session_expires': datetime.now() + timedelta(seconds=int(JWT_Settings.APP_JWT_LIFESPAN)) }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) return response
def oauth2callback(): state = get_jwt_identity() flow = google_auth_oauthlib.flow.Flow.from_client_secrets_file( CLIENT_SECRETS_FILE, scopes=SCOPES, state=state) flow.redirect_uri = flask.url_for('auth_handler.oauth2callback', _external=True, _scheme=os.environ["SCHEME"]) authorization_response = flask.request.url flow.fetch_token(authorization_response=authorization_response) # save user info to mongodb credentials = flow.credentials user_info = get_user_info(credentials) gid = user_info["id"] apiid = save_user_mongo(user_info, credentials) # save user info to redis set_user_info_redis(gid, user_info, apiid) # set JWT Cookie to know that the user of the google id is logged in access_token = create_access_token(identity=gid) refresh_token = create_refresh_token(identity=gid) resp = make_response(flask.redirect(os.environ["RE_URL"] + "/dashboard/")) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp
def login(): username = request.json.get('username', None) print(username) password = request.json.get('password', None) org = request.json.get('organization', None) # first verify user in database if username not in {u.name: u for u in UserBusiness.find_all_users()}: return jsonify({"msg": "Username is not exists!"}), 401 # then verify the user password if UserBusiness.verify_password(org, username, password) is False: return jsonify({"msg": "Bad password"}), 401 # user = UserBusiness.find_user_by_name(username) if username != 'mysql' or password != '123456': return jsonify({'login': False}), 401 ret = { 'access_token': create_access_token(identity=username), 'refresh_token': create_refresh_token(identity=username) } # Create the tokens we will be sending back to the user access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) # Set the JWT cookies in the response resp = jsonify({'login': True}) print(ret['access_token']) set_access_cookies(resp, access_token, 123456789) set_refresh_cookies(resp, refresh_token) print("done") return jsonify(ret), 200
def login(): username = request.json.get('login', None) password = request.json.get('password', None) conn = sql3.connect('accounts.db') c = conn.cursor() t = (username, ) # Create the tokens we will be sending back to the user access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) # Set the JWTs and the CSRF double submit protection cookies # in this response c.execute('SELECT * FROM users WHERE User=?', t) answers = c.fetchone() if username == answers[0] and password == answers[0]: conn.close() resp = jsonify({'login': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 else: conn.close() return jsonify({'login': False}), 401
def login(self, db, admin, password): cursor = db.cursor() sql = ''' SELECT id, password FROM admin WHERE admin_login = %s ''' try: cursor.execute(sql, (admin, )) except OperationalError as e: print(e) return abort(500) result = cursor.fetchone() if not result: return {'message': 'Admin not exist'}, 401 uid, password_hash = result check = bcrypt.check_password_hash(password_hash.decode('UTF-8'), password) if not check: return {'message': 'incorrect admin/password combination'}, 401 access_token = create_access_token(identity={ 'id': uid, 'role': 'admin' }) refresh_token = create_refresh_token(identity={ 'id': uid, 'role': 'admin' }) resp_body = {'message': f'admin {admin} ' f'logged in successfully'} resp = jsonify(resp_body) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp
def post(self): body = request.get_json() username = body.get('username').lower() try: user = User.objects.get(username=username) # Checking if users password is correct authorized = user.check_password(body.get('password')) if not authorized: resp = make_response( { "error": "Username or password invalid", "logged_in": False }, 401) return resp access_token = create_access_token(identity=str(user.username)) refresh_token = create_refresh_token(identity=str(user.username)) resp_user = user.generate_return_object() resp = make_response(resp_user, 201) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp except User.DoesNotExist: resp = make_response({"logged_in": False}, 403) return resp
def post(self): json_data = _user_parser.parse_args() username = json_data.get("username") current_user = UserModel.find_user_by_username(username) if not current_user: return {"message": f"User {username} doesn't exist"} if current_user.check_password(json_data.get("password")): access_token = create_access_token(identity=username, expires_delta=False) refresh_token = create_refresh_token(identity=username) response = jsonify({ "login": True, "access_token": access_token, "refresh_token": refresh_token, }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) current_user.save_to_db(save_time_for="login") return response else: return {"message": "Provided invalid credentials"}, 401
def post(self): json_data = _user_parser.parse_args() if UserModel.find_user_by_username(json_data["username"]): return {"message": "User with this username already exists"}, 400 user = UserModel(**json_data) try: access_token = create_access_token(identity=json_data['username'], expires_delta=False) refresh_token = create_refresh_token( identity=json_data['username']) user.save_to_db(save_time_for="login") response = jsonify({ "register": True, "access_token": access_token, "refresh_token": refresh_token, }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) return response except: return {"message": "Something went wrong"}, 500
def post(cls): try: user_data = user_schema.load(request.get_json(), partial=("email", )) except ValidationError: username = request.form["username"] password = request.form["password"] user_data = user_schema.load( { "username": username, "password": password }, partial=("email", )) user = UserModel.find_by_username(user_data.username) # this is what the `authenticate()` function did in security.py if user and safe_str_cmp(user.password, user_data.password): confirmation = user.most_recent_confirmation if not confirmation.confirmed: return {"message": gettext("user_not_yet_activated")}, 400 access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) resp = make_response(redirect("/login/success", code=302)) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp return redirect("/login/fail", code=401)
def token_login(): username = request.json.get('username', None) password = request.json.get('password', None) if not request.is_json: return jsonify({"msg": "Missing JSON in request"}), 400 if not username: return jsonify({"msg": "Missing username parameter"}), 400 if not password: return jsonify({"msg": "Missing password parameter"}), 400 user = User.query.filter_by(username=username).first() if user: if not user.check_password(password): return jsonify({"msg": "Bad username or password"}), 401 else: return jsonify({"msg": "Bad username"}), 401 # Create the tokens we will be sending back to the user access_token = create_access_token(identity=username) refresh_token = create_refresh_token(identity=username) # Set the JWTs and the CSRF double submit protection cookies # in this response resp = jsonify({'login': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200
def post(cls): user_json = request.get_json() user_data = user_schema.load(user_json) user = UserModel.find_by_username(user_json['username']) if user and user.check_password(user_json['password']): access_token = create_access_token(identity=user.id, fresh=True) refresh_token = create_refresh_token(user.id) access_decoded_token = decode_token(access_token) entry = { "jti": access_decoded_token["jti"], "token_type": 'access', "fresh": True, "blacklisted": False, "never_expire": False, } data = token_schema.load(entry) data.user_id = user.id data.expiration_date = datetime.fromtimestamp( access_decoded_token['exp']) data.save_to_db() resp = jsonify({ "message": "Successfully logged in!", "login": True }) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 return {"message": INVALID_CREDENTIALS, 'login': False}, 401
def login(): title = 'login' form = LoginForm() if request.method == 'GET': return render_template('auth/login.html', title=title, form=form) email = request.form.get('email') password = request.form.get('password') user = User.query.filter_by(email=email).first() # check if user actually exists # take the user supplied password, hash it, and compare it to the hashed password in DB if not user or not check_password_hash(user.password, password): flash('Please check your login details and try again.') return redirect(url_for('auth.login')) # it the abobe check passes, then we know the user has the right credentials resp = make_response(redirect(url_for('home.home_page'))) # Create the tokens we will be sending back to the user access_token = create_access_token(identity=email) refresh_token = create_refresh_token(identity=email) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) login_user(user) session['username'] = current_user.username return resp
def post(self): req_body, email, password = None, None, None try: req_body = request.get_json() email = req_body['email'] password = req_body['password'] except Exception: data = {"message": "Please login with your email and password"} return custom_json_response(data, 400) user = User.authenticate(email, password) if user: access_token = create_access_token( identity={"id": user.id}, expires_delta=timedelta(days=30)) refresh_token = create_refresh_token( identity={"id": user.id}, expires_delta=timedelta(days=30)) response = custom_json_response( { "message": "Authenticated", 'user': user_schema.dump(user) }, 200) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) return response else: data = {"message": "Incorrect username or password."} return custom_json_response(data, 401)
def graphql_server(): # GraphQL queries are always sent as POST data = request.get_json() print(data) # Note: Passing the request to the context is optional. # In Flask, the current request is always accessible as flask.request # if the cookie contains "access_token_cookie" and "refresh_token_cookie" # set those tokens to tokens global variable # this way we can make sure every has token if request.cookies: set_tokens(request.cookies) try: success, result = graphql_sync( schema, data, context_value=request, debug=app.debug ) except Exception as e: return { "message": "Something went wrong." }, 500 tokens = get_tokens() result = jsonify(result) if tokens: set_access_cookies(result, tokens["access_token_cookie"]) set_refresh_cookies(result, tokens["refresh_token_cookie"]) else: unset_access_cookies(result) unset_refresh_cookies(result) status_code = 200 if success else 400 return result, status_code
def post(self): json_data = request.get_json() try: data = login_schema.load(json_data) except ma.ValidationError as err: return {'msg': '400 Bad Request', 'errors': err.messages}, 400 email = data.get('email') password = data.get('password') user = User.get_by_email(email) if user and user.check_password(password): if not user.is_activated: return {'msg': 'Activeer je account'}, 403 access_token = jwt.create_access_token(identity=user.id) refresh_token = jwt.create_refresh_token(identity=user.id) response = jsonify({ 'success': True, 'a-csrf-token': jwt.get_csrf_token(access_token), 'r-csrf-token': jwt.get_csrf_token(refresh_token) }) jwt.set_access_cookies(response, access_token) jwt.set_refresh_cookies(response, refresh_token) return response return {'msg': 'Fout e-mailadres of wachtwoord'}, 401
def POST(cls, request: Request, payload, collection: Collection) -> Response: ''' Attempt to log in for a specified user ''' user = collection.find_one({'username': payload.get('username')}) if not user: return JsonError(f"User [{payload.get('username')}] not found", 404) if not sha256.verify(payload.get('password'), user['password']): return JsonError("Incorrect Password", 400) permissions = user.get('permissions') if isinstance(permissions, str): permissions = [permissions] identity = { 'username': user['username'], '_id': str(user['_id']), 'permissions': permissions } access_token, refresh_token = cls.update_stored_token(identity) response = JsonResponse({ '_id': str(user['_id']), 'permissions': permissions, 'session_expires': datetime.now() + timedelta(seconds=int(JWT_Settings.APP_JWT_LIFESPAN)) }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) return response
def auth_user(): ''' auth endpoint ''' data = validate_user(request.get_json()) if data['ok']: data = data['data'] user = User.query.filter(User.username == data['username']).first() if user and user.check_password(data['password']): access_token = create_access_token(identity=user.username) refresh_token = create_refresh_token(identity=user.username) user.token = access_token user.refresh = refresh_token db.session.flush() db.session.commit() resp = jsonify({'ok': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 else: return jsonify({ 'ok': False, 'message': 'invalid username or password' }), 401 else: return jsonify({ 'ok': False, 'message': 'Bad request parameters: {}'.format(data['message']) }), 400
def signup(): data = request.get_json() or {} if 'email' not in data or 'password' not in data: raise BadRequest('must include email and password fields') if User.query.filter_by(email=data['email']).first(): raise BadRequest('please use a different email address') new_user = User(data['email'].lower(), data['password']) db.session.add(new_user) db.session.commit() token = new_user.generate_confirmation_token() confirmation_url = f'http://{current_app.config["CLIENT_BASE_URL"]}/auth/confirm/{token}' send_email(new_user.email, 'Confirm Your Account', 'email/confirm', user=new_user, url=confirmation_url) refresh_token = create_refresh_token(identity=new_user) # Add Refresh Token to Blacklist with status not revoked blacklisted_token = TokenBlacklist( refresh_token, current_app.config['JWT_IDENTITY_CLAIM']) db.session.add(blacklisted_token) db.session.commit() response_data = { 'access_token': create_access_token(identity=new_user, expires_delta=datetime.timedelta(minutes=15)) } response = jsonify(response_data) set_refresh_cookies(response, refresh_token) return response, 201
def postlogin(): try: email = request.json["email"] password = request.json["password"] user = Player.get_or_none(Player.email == email) if not user: return jsonify({ "status": "not found", }) if check_password_hash(user.password_hash, password): access_token = flask_jwt_extended.create_access_token(identity=user.id) refresh_token = flask_jwt_extended.create_refresh_token(identity=user.id) response = jsonify({"status": "ok"}) flask_jwt_extended.set_access_cookies(response, access_token) flask_jwt_extended.set_refresh_cookies(response, refresh_token) return response return jsonify({ "status": "password incorrect" }) except Exception as e: raise print(f"An error occurred: {e}") return jsonify({ "status": "server error" })
def login(): if current_user: return redirect("/") form = LoginForm() title = _("Login") if form.validate_on_submit(): user_data = form.data.copy() for field in ("submit", "csrf_token"): user_data.pop(field) response = ApiPost.make_request("login", json=user_data) if response.status_code == 200: resp = make_response(redirect("/")) access_token, refresh_token = (response.json()[field] for field in ("access_token", "refresh_token")) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp error = response.json()["error"] code = error["code"] if errors.InvalidRequestError.sub_code_match(code): fields = error["fields"] for field in fields: if field in form: form[field].errors += fields[field] elif errors.UserNotFoundError.sub_code_match(code): flash(_("User not found."), "danger") elif errors.WrongCredentialsError.sub_code_match(code): flash(_("Wrong password."), "danger") else: flash(INTERNAL_ERROR_MSG, "danger") return render_template("login.html", title=title, form=form)
def login(): try: payload = request.json email = payload["email"] pw = payload["password"].encode("utf-8") user = UserModel.getUserForEmail(email) if user is None: raise(UnauthorizedError) validated = user.login(pw) if validated: accessToken = create_access_token(identity = user.id) refreshToken = create_refresh_token(identity = user.id) response = jsonify({"success": True, "msg": "sucessfully logged in", "firstName": user.firstName}) set_access_cookies(response, accessToken) set_refresh_cookies(response, refreshToken) return response, 200 else: raise(UnauthorizedError) except UnauthorizedError: raise UnauthorizedError except Exception as e: raise InternalServerError(e)
def assign_access_refresh_tokens(user_id, url): access_token = create_access_token(identity=str(user_id), fresh=True) refresh_token = create_refresh_token(identity=str(user_id)) resp = make_response(redirect(url, 302)) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp
def login(): username = request.json.get('username', None) password = request.json.get('password', None) try: user = Account.objects(name=username)[0] except Exception as error: return jsonify({'login': False}), 401 if not (argon2.verify(password, user.passwd)): return jsonify({'login': False}), 401 # Create the tokens we will be sending back to the user time_limit = timedelta(minutes=10) # set limit for user access_token = create_access_token(identity={ "username": user.name, "role": user.role }, expires_delta=time_limit, fresh=True) time_limit = timedelta(hours=2) refresh_token = create_refresh_token(identity={ "username": user.name, "role": user.role }, expires_delta=time_limit) # Set the JWT cookies in the response resp = jsonify({'login': True, 'next-page': url_for("game.start_game")}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200
def login(): if current_user: return redirect(url_for('feed.news')) if request.method == 'GET': return render_template('user/login.html', form=forms.LoginForm()) email_or_username = request.form['email_or_username'] token_or_password = request.form['token_or_password'] user = models.User.query.filter_by(email=email_or_username).first() if not user: user = models.User.query.filter_by(username=email_or_username).first() login_success = False if not user: app.logger.info("User not found: %s", email_or_username) else: if user.verify_totp(token_or_password): app.logger.info("Login success token: %s", email_or_username) login_success = True if user.verify_password(token_or_password): app.logger.info("Login success password: %s", email_or_username) login_success = True if login_success: response = redirect(url_for('feed.news')) set_access_cookies(response, create_access_token(identity=user.email)) set_refresh_cookies(response, create_refresh_token(identity=user.email)) return response else: flash("Incorrect email or password or one-time token") return redirect(url_for('user.login'))
def post(self): content = request.data if content is None: return render_template('login.html') my_json = content.decode('utf8').replace("'", '"') data = json.loads(my_json) if data["Login"] is None or data["Password"] is None: return render_template('login.html') info = check_login(data) if info: js = { "UserId": info[0], "FirstName": info[1], "LastName": info[2], "Email": info[3], "Login": info[4], "Password": info[5], } access_token = create_access_token(identity=js) refresh_token = create_refresh_token(identity=js) # Set the JWT access cookie in the response resp = jsonify({'login': True}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200 return redirect(url_for('userlogin'))
def login(): body = request.get_json() if body is None: return jsonify({'message': 'Invalid username and password'}), 401 username = body.get('username', None) password = body.get('password', None) if username == '': return jsonify({'message': 'Username can not be blank'}), 401 if password == '': return jsonify({'message': 'Password can not be blank'}), 401 # Create the tokens we will be sending back to the user nor_username = username.strip().lower() try: user = User.objects.get(username=nor_username) except errors.DoesNotExist: return jsonify({'message': 'username or password is not match'}), 401 if user.check_password(password) is False: return jsonify({'message': 'username or password is not match'}), 401 user = JWTUser(str(user.id), user.role) expires = datetime.timedelta(days=7) access_token = create_access_token(identity=user, expires_delta=expires) refresh_token = create_refresh_token(identity=user) # Set the JWT cookies in the response resp = jsonify({'login': '******'}) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) return resp, 200
def post(self): """Authenticates and generates a token""" schema = TokenSchema() data, errors = schema.load(current_app.api.payload) if errors: return errors, 400 try: user = User.get(email=data.email) except User.DoesNotExist: abort(403, 'No such user, or wrong password') if not user or not user.active: abort(403, 'No such user, or wrong password') if not verify_password(data.password, user.password): abort(403, 'No such user, or wrong password') access_token = create_access_token(identity=user.email) refresh_token = create_refresh_token(identity=user.email) access_expire = current_app.config['JWT_ACCESS_TOKEN_EXPIRES'] refresh_expire = current_app.config['JWT_REFRESH_TOKEN_EXPIRES'] resp = jsonify( { 'access': access_token, 'refresh': refresh_token, 'accessExpire': int(access_expire.total_seconds()), 'refreshExpire': int(refresh_expire.total_seconds()), } ) set_access_cookies(resp, access_token) set_refresh_cookies(resp, refresh_token) refresh_path = current_app.config['JWT_REFRESH_COOKIE_PATH'] refresh_secure = current_app.config['JWT_COOKIE_SECURE'] refresh_expire_date = datetime.now() + refresh_expire resp.set_cookie( 'refresh_expire', value=str(refresh_expire_date), expires=refresh_expire_date, path=refresh_path, httponly=True, secure=refresh_secure, ) return resp