username-less token authentication

author: lonkaars <l.leblansch@gmail.com> 2021-01-15 11:47:35 +0100
committer: lonkaars <l.leblansch@gmail.com> 2021-01-15 11:47:35 +0100
commit: dec3b25e9cf3e2880d3553238cef39bd0c192636 (patch)
tree: 9404e4967a15b9d5ac880128492898cedd7bebe4 /api/auth
parent: 09f08480aad0ac774570336a11e63a0f2c0aa019 (diff)
1 files changed, 7 insertions, 9 deletions
diff --git a/api/auth/login_token.py b/api/auth/login_token.py
index 3085292..324e721 100644
--- a/api/auth/login_token.py
+++ b/api/auth/login_token.py
@@ -1,6 +1,6 @@
 from flask import Blueprint, request
 from main import cursor
-from auth.token import validate_token
+from auth.token import validate_token, hash_token
 
 token = Blueprint('token', __name__)
 
@@ -8,14 +8,12 @@ token = Blueprint('token', __name__)
 def index():
     data = request.get_json()
 
-    user_id = data.get("user_id") or ""
     auth_token = data.get("token") or ""
+    if not auth_token: return "", 400
 
-    if not user_id or \
-       not auth_token:
-           return "", 400
-    
-    if not cursor.execute("select user_id from users where user_id = ?", [user_id]).fetchone():
-        return "", 401
+    hashed = hash_token({ "token": auth_token, "expirationDate": 0 })
+    user_id = cursor.execute("select user_id from users where valid_tokens like ?", [f"%{hashed['token']}%"]).fetchone()
 
-    return "", 200 if validate_token(user_id, auth_token) else 401
+    if not user_id: return "", 401
+
+    return "", 200 if validate_token(user_id[0], auth_token) else 401
author	lonkaars <l.leblansch@gmail.com>	2021-01-15 11:47:35 +0100
committer	lonkaars <l.leblansch@gmail.com>	2021-01-15 11:47:35 +0100
commit	dec3b25e9cf3e2880d3553238cef39bd0c192636 (patch)
tree	9404e4967a15b9d5ac880128492898cedd7bebe4 /api/auth
parent	09f08480aad0ac774570336a11e63a0f2c0aa019 (diff)