DEV Community

Prateek Goyal
Prateek Goyal

Posted on

How to prevent generating new access tokens.

My problem is that when I hit the Login API it generates the access token and refresh token. But even when the tokens are valid, when I hit the API again the tokens are generated. I want to prevent that how can I do that? Please help.
Note: I am not sending the token in the Login API request.

class LoginView(MethodView):

    def post(self):
        body = request.form
        try:
            name = body.get('name')
            mobileNumber = body.get('mobileNumber')
            email = body.get('email')
            password = body.get('password')


            if not name:
                return jsonify({"error": "Name is required"}), 401

            if len(password) < 6:
                return jsonify({"error": "Password must be at least 6 characters long"}), 401

            if not email and not mobileNumber:
                return jsonify({"error": "Either email address or mobile number is required"}), 401

            if email:
                user = User.query.filter_by(email = email).first()
                if not user:
                    return jsonify({"error": "User does not exist, please register"}), 401

            if mobileNumber:
                user = User.query.filter_by(mobileNumber=mobileNumber).first()
                if not user:
                    return jsonify({"error": "User doest not exist, please register"}), 401

            if (user.name == name.capitalize()):
                if check_password_hash(user.password, password):

                    # Generate access and refresh tokens
                    access_token_expires = timedelta(minutes=30) # Shorter expiry
                    refresh_token_expires = timedelta(days=1) # Longer expiry
                    access_token = create_access_token(identity=user.public_id, expires_delta=access_token_expires)
                    refresh_token = create_refresh_token(identity=user.public_id, expires_delta=refresh_token_expires)

                    return jsonify({
                        'access_token': access_token,
                        'refresh_token': refresh_token
                    }), 201

                return jsonify({"error": "Wrong password entered"}), 401

            return jsonify({"error": "User name didn't match"}), 401

        except Exception as e:
            return jsonify({"error": str(e)}), 500
Enter fullscreen mode Exit fullscreen mode

Top comments (0)