Generating a JWT Token in Emmett

[KellerKev]

I have some code I would like to port to Emmett.

In generates and validates a JWT token.
The token is generated by simply checking the username and password against the user table.

I would also add some claims (userinfo) to the token.

The code for creating the token is as follows:

@action("authenticate", method=['POST'])
def authenticate():
username, password = request.json.get("email"), request.json.get("password")
print(username)
print (password)

try:
# authenticate against auth_user table
    query = db.auth_user.email == username
    user = db(query).select().first()
    CRYPT()(password)[0] == user.password

except:
    abort(403, 'Authentication failed for %s: ' % (username))

data = {}
data['username'] = username
data['email'] = user.email
data['first_name'] = user.first_name
data['last_name'] = user.last_name
data['exp'] = datetime.utcnow() + timedelta(seconds=1200)
token = jwt.encode(data, 'secret', algorithm='HS256')

print (token)
return token   

Would you mind letting me know how I can check a password against the user password hash in emmett in the standard user / auth table please?

Does it also use CRYPT?

I have another function that validates the token but maybe I leave this for another discussion.

I hope this is not bothering too much, but this is one of the last pieces I need to port an app and get started with Emmett.

Thank you!

[gi0baro]

@Kkeller83 yes, the code is quite similar, I would write something like this:

from emmett import abort, request
from emmett.tools import service

@app.route(methods=["post"])
async def authenticate():
    params = await request.params
    user = User.get(email=params.email)
    if not user or User.password.validate(params.password)[0] != user.password:
        abort(403, "error")
    return jwt.encode(
        {
            "username": params.email,
            ...
        },
        'secret',
        algorithm='HS256'
    )

[KellerKev]

Thanks!!