def do_POST(self):
self._set_headers(201)
content_len = int(self.headers.get('content-length', 0))
post_body = self.rfile.read(content_len)
post_body = json.loads(post_body)
(resource, id) = self.parse_url(self.path)
new_item = None
if resource == "login":
new_item = check_user(post_body)
elif resource == "register":
new_item = create_user(post_body)
elif resource == "posts":
new_item = create_post(post_body)
elif resource == "comments":
new_item = create_comment(post_body)
elif resource == "tags":
new_item = create_tag(post_body)
# elif resource == "reactions":
# new_item = create_reaction(post_body)
elif resource == "subscriptions":
new_item = create_subscription(post_body)
elif resource == "categories":
new_item = create_category(post_body)
self.wfile.write(f"{new_item}".encode())
def check_user(userName, passwd):
if userName is None or passwd is None:
return False, None
else:
oneUser = users.check_user(userName, passwd)
if oneUser is None:
return False, None
else:
return True, oneUser
def check_user(userName, passwd):
if userName is None or passwd is None:
return False, None
else:
oneUser = users.check_user(userName, passwd)
if oneUser is None:
return False, None
else:
return True, oneUser
def password_reset(db):
name = request.forms.get("name")
flag = users.check_user(db, name)
if flag:
username = name
password = database.return_passwordHashV2(db, name)
key = itsdangerous.URLSafeSerializer(config.cred['secretKeys'])
token = key.dumps([username, password])
send_email(token, database.return_email(db, name))
return {'result': 'true'}
# return a redirect to a page where it says please check your email
else:
return {'result': 'false'}
def login():
if flask.request.method == 'POST':
username = flask.request.form['username']
password = flask.request.form['password']
if users.check_user(username, password):
user = User()
user.id = username
flask_login.login_user(user)
auth = (username, password)
flask.session['my_api_args'] = [rootconfig.server.api, auth]
return flask.redirect(flask.url_for('index'))
flask.flash('Username or password not valid.')
return flask.render_template('login.html')
def post(self):
"""
Perform a login to access restricted API endpoints.
:raises BadCredentials: In case of invalid credentials.
"""
email = api.payload["email"]
password = api.payload["password"]
if not check_user(email, password):
raise BadCredentials()
user = get_user(email, everyone)
return generate_login_response(user)
def delete():
if not session.get('logged-in'):
return redirect(url_for('login'))
if request.method == 'GET':
return render_template('confirm-delete.html')
else:
username = session['username']
password = request.form['password']
if check_user(username, password):
delete_user(username)
session['logged-in'] = False
session['username'] = None
return redirect(url_for('home'))
else:
return render_template('confirm-delete.html',
error="Incorrect password")
def login():
if session.get('logged-in'):
return redirect(url_for('dashboard'))
if request.method == 'GET':
# The user is requesting for the site, so we render login.html
return render_template('login.html')
else:
# The request method must be POST, so the user is submitting form data
username = request.form['username']
password = request.form['password']
result = check_user(username, password)
if result:
session['logged-in'] = True
session['username'] = username
return redirect(url_for('dashboard'))
else:
return render_template('login.html', message=result.message)
def check_auth(self, username, password, allowed_roles, resource, method):
return users.check_user(username, password)