def api_register_user(*, email, name, password): if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not password or not _RE_SHA1.match(password): raise APIValueError('password') users = yield from User.find_all('email=?', [email]) if len(users) > 0: raise APIError('register:failed', 'email', 'Email is already in use.') uid = next_id() sha1_password = '******' % (uid, password) user = User( id=uid, name=name.strip(), email=email, password=hashlib.sha1(sha1_password.encode('utf-8')).hexdigest(), image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest() ) yield from user.save() r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.password = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
def api_get_users(*, page='1'): page_index = get_page_index(page) num = yield from User.find_number('count(id)') p = Page(num, page_index) if num == 0: return dict(page=p, users=()) users = yield from User.find_all(orderBy='created_at desc', limit=(p.offset, p.limit)) for u in users: u.password = '******' return dict(page=p, users=users)
def authenticate(*, email, password): if not email: raise APIValueError('email', 'Invalid email.') if not password: raise APIValueError('password', 'Invalid password.') users = yield from User.find_all('email=?', [email]) if len(users) == 0: raise APIValueError('email', 'Email not exist.') user = users[0] sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(password.encode('utf-8')) if user.password != sha1.hexdigest(): raise APIValueError('password', 'Invalid password.') r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True) user.password = '******' r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r