def auth(uid, tok, perms=None):
id, _, pw = tok.partition("$")
p = sess.query(Person).get(uid)
a = Auth(p)
a.neverusethisinsecuremethod_set(id,pw)
a.perms = p.perms if perms is None else perms
sess.add(a)
return a
def POST(self):
j = self.req.json
s = self.dbs
user = j.get("user")
if not user:
self.status_code = 400
return {"e":1, "msg":"No user provided."}
if not isinstance(user, str):
self.status_code = 400
return {"e":1, "msg":"'user' must be a string."}
pw = j.get("pass")
if not pw:
self.status_code = 400
return {"e":1, "msg":"No password provided."}
if "@" in user:
person = s.query(Person).join(Email).filter_by(email=user).scalar()
else:
person = s.query(Person).get(user)
if not person or not person.password_check(j["pass"]):
self.status_code = 403
return {"e":1, "msg":"Invalid credentials."}
a = Auth(person)
s.add(a)
a.perms = person.perms
s.commit()
return {"e":0,
"token": a.token,
"perms": a.perms,
"user": a.user.id,
}
