def post(self):
request_json = request.get_json(silent=True)
username: str = request_json.get("username")
password: str = request_json.get("password")
# lookup by username
if not username or not password:
err_msg = "Please check the credentials."
return {"message": err_msg}, 400
if UserRepository.get(username):
current_user = UserRepository.get(username)
else:
err_msg = f"User {username} doesn't exist"
return {"message": err_msg}, 404
if not current_user.get("active"):
err_msg = "User was deleted. Please contact the admin."
return {"message": err_msg}, 404
if UserRepository.verify_hash(password, current_user.get("password")):
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
msg = "Logged in as {}".format(current_user.get("username"))
response = {
"message": msg,
"access_token": access_token,
"refresh_token": refresh_token,
}
return response, 200
else:
return {"message": "Wrong password"}, 401
def put(self):
request_json = request.get_json(silent=True)
username = get_jwt_identity()
if not request_json:
err_msg = "Body should not be empty"
return {"message": err_msg}, 400
old_password: str = request_json.get('old_password')
new_password: str = request_json.get('new_password')
confirm_password: str = request_json.get('confirmation_password')
if not old_password or not new_password or not confirm_password:
err_msg = "Please check password fields."
return {"message": err_msg}, 400
current_user = UserRepository.get(username)
current_password = current_user.get("password")
if not current_password:
err_msg = "Can't retrieve previous password."
return {"message": err_msg}, 400
if not UserRepository.verify_hash(old_password, current_password):
err_msg = "Wrong old password value."
return {"message": err_msg}, 400
if new_password != confirm_password:
err_msg = "New password doesn't match with confirmation password."
return {"message": err_msg}, 400
if not new_password:
err_msg = "New password is empty. Update didn't pass"
return {"message": err_msg}, 400
user = UserRepository.update_password(username, new_password)
return user, 200
def post(self):
request_json = request.get_json(silent=True)
username: str = request_json["username"]
password: str = request_json.get("password")
# lookup by username
if UserRepository.get(username):
current_user = UserRepository.get(username)
else:
return {"message": "User {} doesn't exist".format(username)}, 404
if UserRepository.verify_hash(password, current_user["password"]):
access_token = create_access_token(identity=username)
refresh_token = create_refresh_token(identity=username)
return {
"message": "Logged in as {}".format(current_user["username"]),
"access_token": access_token,
"refresh_token": refresh_token,
}, 200
else:
return {"message": "Wrong password"}, 401
