def post(self): (email, password) = self.get_arguments() try: user = auth_service.check_auth(app, email, password) access_token = create_access_token(identity=user["email"]) refresh_token = create_refresh_token(identity=user["email"]) auth_service.register_tokens(app, access_token, refresh_token) identity_changed.send(current_app._get_current_object(), identity=Identity(user["id"])) if is_from_browser(request.user_agent): response = jsonify({"user": user, "login": True}) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) else: response = { "login": True, "user": user, "access_token": access_token, "refresh_token": refresh_token } return response except PersonNotFoundException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongUserException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongPasswordException: current_app.logger.info("User gave a wrong password.") return {"login": False}, 400 except NoAuthStrategyConfigured: current_app.logger.info( "Authentication strategy is not properly configured.") return {"login": False}, 400 except TimeoutError: current_app.logger.info("Timeout occurs while logging in.") return {"login": False}, 400 except UnactiveUserException: return { "error": True, "login": False, "message": "User is unactive, he cannot log in." }, 400 except OperationalError as exception: current_app.logger.error(exception) return { "error": True, "login": False, "message": "Database doesn't seem reachable." }, 500 except Exception as exception: if hasattr(exception, "message"): message = exception.message else: message = str(exception) return {"error": True, "login": False, "message": message}, 500
def get(self): email = get_jwt_identity() access_token = create_access_token(identity=email) auth_service.register_tokens(app, access_token) if is_from_browser(request.user_agent): response = jsonify({"refresh": True}) set_access_cookies(response, access_token) else: return {"access_token": access_token}
def get(self): """ Tokens are considered as outdated every two weeks. --- description: This route allows to make their lifetime long before they get outdated. tags: - Authentification responses: 200: description: Access Token """ email = get_jwt_identity() access_token = create_access_token(identity=email) auth_service.register_tokens(app, access_token) if is_from_browser(request.user_agent): response = jsonify({"refresh": True}) set_access_cookies(response, access_token) else: return {"access_token": access_token}
def post(self): (email, password) = self.get_arguments() try: user = auth_service.check_auth(app, email, password) del user["password"] if auth_service.is_default_password(app, password): token = uuid.uuid4() auth_tokens_store.add("reset-%s" % token, email, ttl=3600 * 2) current_app.logger.info("User must change his password.") return ( { "login": False, "default_password": True, "token": str(token), }, 400, ) access_token = create_access_token(identity=user["email"]) refresh_token = create_refresh_token(identity=user["email"]) auth_service.register_tokens(app, access_token, refresh_token) identity_changed.send(current_app._get_current_object(), identity=Identity(user["id"])) ip_address = request.environ.get("HTTP_X_REAL_IP", request.remote_addr) if is_from_browser(request.user_agent): organisation = persons_service.get_organisation() response = jsonify({ "user": user, "organisation": organisation, "ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap", "login": True, }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) events_service.create_login_log(user["id"], ip_address, "web") else: events_service.create_login_log(user["id"], ip_address, "script") response = { "login": True, "user": user, "ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap", "access_token": access_token, "refresh_token": refresh_token, } return response except PersonNotFoundException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongUserException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongPasswordException: current_app.logger.info("User gave a wrong password.") return {"login": False}, 400 except NoAuthStrategyConfigured: current_app.logger.info( "Authentication strategy is not properly configured.") return {"login": False}, 400 except TimeoutError: current_app.logger.info("Timeout occurs while logging in.") return {"login": False}, 400 except UnactiveUserException: return ( { "error": True, "login": False, "message": "User is unactive, he cannot log in.", }, 400, ) except OperationalError as exception: current_app.logger.error(exception, exc_info=1) return ( { "error": True, "login": False, "message": "Database doesn't seem reachable.", }, 500, ) except Exception as exception: current_app.logger.error(exception, exc_info=1) if hasattr(exception, "message"): message = exception.message else: message = str(exception) return {"error": True, "login": False, "message": message}, 500
def post(self): """ Log in user by creating and registering auth tokens. --- description: Login is based on email and password. If no user match given email and a destkop ID, it looks in matching the desktop ID with the one stored in database. It is useful for clients that run on desktop tools and that don't know user email. tags: - Authentification parameters: - in: body name: Credentials description: The email and password of the user schema: type: object required: - email - password properties: email: type: string password: type: string responses: 200: description: Login successful 400: description: Login failed 500: description: Database not reachable """ (email, password) = self.get_arguments() try: user = auth_service.check_auth(app, email, password) if "password" in user: del user["password"] if auth_service.is_default_password(app, password): token = uuid.uuid4() auth_tokens_store.add("reset-%s" % token, email, ttl=3600 * 2) current_app.logger.info("User must change his password.") return ( { "login": False, "default_password": True, "token": str(token), }, 400, ) access_token = create_access_token(identity=user["email"]) refresh_token = create_refresh_token(identity=user["email"]) auth_service.register_tokens(app, access_token, refresh_token) identity_changed.send( current_app._get_current_object(), identity=Identity(user["id"]), ) ip_address = request.environ.get("HTTP_X_REAL_IP", request.remote_addr) if is_from_browser(request.user_agent): organisation = persons_service.get_organisation() response = jsonify({ "user": user, "organisation": organisation, "ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap", "login": True, }) set_access_cookies(response, access_token) set_refresh_cookies(response, refresh_token) events_service.create_login_log(user["id"], ip_address, "web") else: events_service.create_login_log(user["id"], ip_address, "script") response = { "login": True, "user": user, "ldap": app.config["AUTH_STRATEGY"] == "auth_remote_ldap", "access_token": access_token, "refresh_token": refresh_token, } return response except PersonNotFoundException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongUserException: current_app.logger.info("User is not registered.") return {"login": False}, 400 except WrongPasswordException: current_app.logger.info("User gave a wrong password.") return {"login": False}, 400 except NoAuthStrategyConfigured: current_app.logger.info( "Authentication strategy is not properly configured.") return {"login": False}, 400 except TimeoutError: current_app.logger.info("Timeout occurs while logging in.") return {"login": False}, 400 except UnactiveUserException: return ( { "error": True, "login": False, "message": "User is inactive, he cannot log in.", }, 400, ) except OperationalError as exception: current_app.logger.error(exception, exc_info=1) return ( { "error": True, "login": False, "message": "Database doesn't seem reachable.", }, 500, ) except Exception as exception: current_app.logger.error(exception, exc_info=1) if hasattr(exception, "message"): message = exception.message else: message = str(exception) return {"error": True, "login": False, "message": message}, 500