Merge pull request #24 from robscllc/master

verify both username and password in examples

Author: vimalloc

examples/additional_data_in_access_token.py

@@ -23,7 +23,7 @@ def add_claims_to_access_token(identity):
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     ret = {'access_token': create_access_token(username)}

examples/blacklist.py

@@ -35,7 +35,7 @@
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     ret = {

examples/csrf_protection_with_cookies.py

@@ -43,7 +43,7 @@
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({'login': False}), 401
 
     # Create the tokens we will be sending back to the user

examples/jwt_in_cookie.py

@@ -36,7 +36,7 @@
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({'login': False}), 401
 
     # Create the tokens we will be sending back to the user

examples/loaders.py

@@ -23,7 +23,7 @@ def my_expired_token_callback():
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     ret = {'access_token': create_access_token(username)}

examples/refresh_tokens.py

@@ -12,7 +12,7 @@
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     # Use create_access_token() and create_refresh_token() to create our

examples/simple.py

@@ -15,7 +15,7 @@
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     # Identity can be any data that is json serializable

examples/token_freshness.py

@@ -14,7 +14,7 @@
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     # create_access_token supports an optional 'fresh' argument,
@@ -37,7 +37,7 @@ def login():
 def fresh_login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     new_token = create_access_token(identity=username, fresh=True)

examples/tokens_from_complex_objects.py

@@ -37,7 +37,7 @@ def user_identity_lookup(user):
 def login():
     username = request.json.get('username', None)
     password = request.json.get('password', None)
-    if username != 'test' and password != 'test':
+    if username != 'test' or password != 'test':
         return jsonify({"msg": "Bad username or password"}), 401
 
     # Create an example UserObject