def login(phone=None, token=None):
user = User.by_phone(phone)
if not user:
raise NotFound('User not found')
if token != user.token().value:
raise Unauthorized()
init_session(user)
return user.guid
def create_user(phone=None, name=None, start_session=True):
result = User.by_phone(phone)
if result:
raise BadRequest("Phone in use")
user = User()
user.value = name
user.save()
user.phone(phone)
token = gen_token(phone)
user.token(token)
if start_session:
init_session(user)
return [user.guid, token, phone]
