def post(self):
"""Refresh token"""
post_data = request.get_json()
refresh_token = post_data.get("refresh_token")
res = {"status": False, "message": "Invalid payload."}
if refresh_token is None:
return res, 400
try:
resp = User.decode_token(refresh_token)
user = get_user_by_id(resp)
if not user:
res["message"] = "Invalid token."
return res, 400
access_token = user.encode_token(user.id, "access")
refresh_token = user.encode_token(user.id, "refresh")
res = {
"access_token": access_token.decode(),
"refresh_token": refresh_token.decode(),
}
return res, 200
except jwt.ExpiredSignatureError:
res["message"] = "Signature expired. Please login again."
return res, 401
except jwt.InvalidTokenError:
res["message"] = "Invalid token. Please login again."
return res, 401
def get(self):
"""Get user status"""
auth_header = request.headers.get("Authorization")
res = {"status": False, "message": "Invalid payload."}
if auth_header:
try:
access_token = auth_header.split(" ")
if len(access_token) > 1:
access_token = auth_header.split(" ")[1]
resp = User.decode_token(access_token)
user = get_user_by_id(resp)
else:
res["message"] = "Invalid header."
return res, 401
if not user:
res["message"] = "Invalid token. Please login."
return res, 401
return user.to_json(), 200
except jwt.ExpiredSignatureError:
res["message"] = "Signature expired. Please login again."
return res, 401
except jwt.InvalidTokenError:
res["message"] = "Invalid token. Please login again."
return res, 401
else:
res["message"] = "Access token required."
return res, 403
def test_decode_token(test_app, test_db, add_user):
user = add_user("*****@*****.**", "password")
token = user.encode_token(user.id, "access")
assert isinstance(token, bytes)
assert User.decode_token(token) == user.id