def auth(uid, tok, perms=None): id, _, pw = tok.partition("$") p = sess.query(Person).get(uid) a = Auth(p) a.neverusethisinsecuremethod_set(id,pw) a.perms = p.perms if perms is None else perms sess.add(a) return a
def POST(self): j = self.req.json s = self.dbs user = j.get("user") if not user: self.status_code = 400 return {"e":1, "msg":"No user provided."} if not isinstance(user, str): self.status_code = 400 return {"e":1, "msg":"'user' must be a string."} pw = j.get("pass") if not pw: self.status_code = 400 return {"e":1, "msg":"No password provided."} if "@" in user: person = s.query(Person).join(Email).filter_by(email=user).scalar() else: person = s.query(Person).get(user) if not person or not person.password_check(j["pass"]): self.status_code = 403 return {"e":1, "msg":"Invalid credentials."} a = Auth(person) s.add(a) a.perms = person.perms s.commit() return {"e":0, "token": a.token, "perms": a.perms, "user": a.user.id, }