File tree Expand file tree Collapse file tree 2 files changed +14
-4
lines changed Expand file tree Collapse file tree 2 files changed +14
-4
lines changed Original file line number Diff line number Diff line change @@ -408,8 +408,13 @@ def post(cls):
408408 The return value is an access token and the expiry timestamp.
409409 The token is valid for 1 week.
410410 """
411- user_id = get_jwt_identity ()
412- access_token = create_access_token (identity = user_id )
411+ req_user = get_jwt_identity ()
412+ user = DAO .get_user (req_user ["id" ])
413+
414+ if user .password_hash != req_user ["password" ]:
415+ return messages .TOKEN_IS_INVALID , HTTPStatus .UNAUTHORIZED
416+
417+ access_token = create_access_token (identity = req_user ["id" ])
413418
414419 from run import application
415420
@@ -472,7 +477,9 @@ def post(cls):
472477 )
473478
474479 access_token = create_access_token (identity = user .id )
475- refresh_token = create_refresh_token (identity = user .id )
480+ refresh_token = create_refresh_token (
481+ identity = {"id" : user .id , "password" : user .password_hash }
482+ )
476483
477484 from run import application
478485
Original file line number Diff line number Diff line change @@ -31,7 +31,10 @@ def setUp(self):
3131
3232 def test_user_refresh (self ):
3333 with self .client :
34- refresh_header = get_test_request_header (user1 ["username" ], refresh = True )
34+ refresh_header = get_test_request_header (
35+ {"id" : self .first_user .id , "password" : self .first_user .password_hash },
36+ refresh = True ,
37+ )
3538 response = self .client .post (
3639 "/refresh" ,
3740 headers = refresh_header ,
You can’t perform that action at this time.
0 commit comments