def set_password(request):
secret_key = request.POST['k']
user_id = request.POST['id']
password = request.POST['p']
is_for_profile = request.POST.get('n', False);
if not is_for_profile:
signup = session.query(Signup).filter(Signup.id==user_id)[0]
profile = session.query(Profile).filter(Profile.email==signup.email)[0]
if signup.secret_key == secret_key:
profile.password = encode_password(password)
else:
profile = session.query(Profile).filter(Profile.id==user_id)[0]
if profile.password_reset_key == secret_key:
profile.password = encode_password(password)
def sign_in(request):
identification = request.POST['identification']
password = request.POST['password']
try:
profile = session.query(Profile).filter(Profile.email==identification)[0]
except IndexError:
request.response.status = '401 Unauthorized'
request.response.content_type = 'application/vnd.api+json'
return {'message':'Account does not exist.', 'code':True}
algorithm, iterations, salt, hash = profile.password.split('$', 3)
if profile.password == encode_password(password, salt):
# authentication success
authtkt_ticket = remember(request, identification)
return {'token':authtkt_ticket,'email':identification}
else:
request.response.status = '401 Unauthorized'
request.response.content_type = 'application/vnd.api+json'
return {'message':'Password incorrect.', 'code':False}
