Beispiel #1
0
 def changePassword(self, userId: str):
     oldPassword = flask.request.json.get('old')
     newPassword = flask.request.json.get('new')
     if self.userId != userId:
         raise ApiExceptions.ForbiddenException()
     PasswordChangeApi.PasswordChangeApi.changePasswordForUser(userId, oldPassword, newPassword)
     return '', 204
Beispiel #2
0
 def loginUser(cls, username: str, password: str) -> (str, Models.User):
     userLookup = cls.getByUsername(username)
     if userLookup is not None:
         expectedPassword = userLookup.password
         expectedSalt = userLookup.salt
         expectedNonce = userLookup.nonce
         if Encryption.comparePasswords(expectedPassword, expectedNonce,
                                        expectedSalt, password):
             # generate a session for the user
             session = Models.Session(
                 owner=userLookup.id,
                 created=int(time.time()),
                 sessionType='login',
             )
             session.save()
             return SessionApi.SessionApi.serializeSession(
                 session), userLookup
         else:
             raise ApiExceptions.ForbiddenException()
     else:
         raise ApiExceptions.NotFoundException()