def create(request):
""" Respond to the "/identity/create" API request.
"""
start_time = time.time()
success,response = apiHelper.process_params(request,
required_params=["username",
"password"],
optional_params=["photo",
"name",
"email",
"website",
"location",
"bio"])
if not success: return response
params = response
# Check that the user doesn't already exist.
try:
existing_user = User.objects.get(username__iexact=params['username'])
except User.DoesNotExist:
existing_user = None
if existing_user != None:
return HttpResponseForbidden("duplicate username")
# Create the new user.
user = User()
user.username = params['username']
user.password_salt = uuid.uuid4().hex
user.password_hash = hashlib.md5(params['password'] +
user.password_salt).hexdigest()
user.save()
# Create the user's profile.
profile = UserProfile()
profile.user = user
if "photo" in params:
profile.save() # Have to save before we can upload a photo.
profile.photo_orig.save(params['photo'].name, params['photo'])
if "name" in params: profile.name = params['name']
if "email" in params: profile.email = params['email']
if "website" in params: profile.website = params['website']
if "location" in params: profile.location = params['location']
if "bio" in params: profile.bio = params['bio']
profile.save()
# Send information about the new user signup to the 3taps Stats API.
end_time = time.time()
time_taken = int(1000 * (end_time - start_time))
statsRecorder.record("IDCR", 1, time_taken)
# Finally, return the newly-created user back to the caller.
return HttpResponse(json.dumps(user.to_dict()), status=201,
mimetype="application/json")
def authenticate(request):
""" Respond to the "/identity/authenticate" API request.
"""
start_time = time.time()
if request.method != "POST":
return HttpResponseNotAllowed(["POST"])
if "session_token" not in request.POST:
return HttpResponseBadRequest("missing required 'session_token' " +
"parameter")
if "session_length" not in request.POST:
return HttpResponseBadRequest("missing required 'session_length' " +
"parameter")
if "client_salt" not in request.POST:
return HttpResponseBadRequest("missing required 'client_salt' " +
"parameter")
if "hash" not in request.POST:
return HttpResponseBadRequest("missing required 'hash' parameter")
session_token = request.POST['session_token']
session_length = request.POST['session_length']
client_salt = request.POST['client_salt']
hash = request.POST['hash']
# Get the Session object this authentication request is for.
try:
session = Session.objects.get(token=session_token)
except Session.DoesNotExist:
session = None
if session == None:
return HttpResponseForbidden("invalid session_token")
if session.authenticated:
return HttpResponseForbidden("already authenticated")
# Check that the supplied hash value is correct -- that is, that the client
# has the correct password.
hash1 = session.user.password_hash
hash2 = hashlib.md5(hash1 + client_salt).hexdigest()
if hash != hash2:
return HttpResponseForbidden("incorrect password hash")
# The caller provided the correct hash value -> authenticate this session.
session.authenticated = True
session.session_length = session_length
session.save()
# Send information about the user authentication to the 3taps Stats API.
end_time = time.time()
time_taken = int(1000 * (end_time - start_time))
statsRecorder.record("IDAU", 1, time_taken)
# Finally, return the user associated with this session back to the caller.
response = json.dumps(session.user.to_dict())
return HttpResponse(response, status=200, mimetype="application/json")
