Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- def post():
- # get arguments from request body
- email = request.get('email')
- password = request.get('password')
- # query the user from database
- user = database.User.query.filter(email=email)
- # check the user exists, otherwise abort
- if not user:
- return abort(422, details)
- # check the password (bcrypt?), otherwise abort
- if not check_pwd(user.password, password):
- return abort(422, details)
- # create a refresh token
- refresh_token = randomhash()
- # persist refresh token as a hash
- database.add(database.RefreshToken(
- token=hash(refresh_token)
- ))
- # create a JWT access token using a secret
- payload = {'uid': user.id}
- secret = app.config.get('secret')
- expiry = datetime.utcnow() + timedelta(hours=2)
- access_token = jwt(payload, secret, expiry=expiry)
- # response to be enveloped
- return {
- 'accessToken': access_token,
- 'refreshToken': refresh_token
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement