def on_post(self, req, resp):
user = req.context['doc']
USER_SCHEMA.validate(user)
username = user.pop("username")
self.logger.info("Attemted signup with username %s" % username)
if self.username_exists(username):
self.logger.info("Attemted signup with duplicate username %s" % username)
raise falcon.HTTPInvalidParam("username already in use", "username")
salt = str(uuid.uuid4())
user.update({
"_id": username,
make_private("password_salt"): salt,
make_private("encrypted_password"): auth.hash(user.pop("password"), salt)
})
resp.body = self.db.save_doc(DB_USER, user)
def is_valid_login(self, username, password):
user = self.database.get_doc(DB_USER, username, default=None)
if user is None:
return False
hashed_password = hash(password, user[make_private("password_salt")])
return user[make_private("encrypted_password")] == hashed_password
