def verify_password(email_or_token, password):
user_id = User.verify_auth_token(email_or_token)
if user_id:
user = session.query(User).filter_by(id=user_id).first()
else:
user = session.query(User).filter_by(email=email_or_token).first()
if not user or not user.check_pw(password):
return False
g.user = user
return True
def verify_password(username_or_token, password):
# Try to see if it's a token first
user_id = User.verify_auth_token(username_or_token)
if user_id:
user = session.query(User).filter_by(id=user_id).one()
else:
user = session.query(User).filter_by(email=username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
def verify_password(email_or_token, password):
user_id = User.verify_auth_token(email_or_token)
if user_id:
user = session.query(User).filter_by(id=user_id).one()
else:
user = session.query(User).filter_by(email=email_or_token).first()
if not user or not user.verify_password(password):
return False
login_session['email'] = user.email
login_session['id'] = user.id
login_session['name'] = user.name
return True
def verify_password(email_or_token, password):
session = databaseConnection()
# Try to see if it's a token first
user_id = User.verify_auth_token(email_or_token)
if user_id:
user = session.query(User).filter_by(id=user_id).one()
else:
user = session.query(User).filter_by(email=email_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
def verify_password(username_or_token, password):
DBSession = sessionmaker(bind=engine)
session = DBSession()
#Try to see if it's a token first
user_id = User.verify_auth_token(username_or_token)
if user_id:
user = session.query(User).filter_by(id = user_id).one()
else:
user = session.query(User).filter_by(username = username_or_token).first()
if not user or not user.verify_password(password):
return False
g.user = user
return True
def landingPage():
"""landing page displays items recently added to the db"""
user = None
# if a user is logged in, then 'token' will be in login session
if 'token' in login_session:
# verify the user
user = User.verify_auth_token(login_session['token'])
recentItems = session.query(Item).order_by(Item.id.desc())[0:8]
# get categories for sidebar
categories = session.query(Category).all()
# pass the user parameter to determine if 'add new item' and 'signout'
# button is shown
return render_template('landing.html', recentItems=recentItems, user=user,
categories=categories, CLIENT_ID=CLIENT_ID)
def showCategory(category):
"""displays the items listed under a specific category"""
# if a user is logged in, then 'token' will be in login session
user = None
if 'token' in login_session:
# verify the user
user = User.verify_auth_token(login_session['token'])
cat_id = session.query(Category).filter_by(name=category).first().id
items = session.query(Item).filter_by(cat_id=cat_id).all()
# get categories for sidebar
categories = session.query(Category).all()
# pass the user parameter to determine if 'signout' button is shown
return render_template("category.html", items=items, category=category,
categories=categories, user=user,
CLIENT_ID=CLIENT_ID)
def verify_password(username_or_token, password):
if request.method == "GET":
return True
session = DBSession()
user_id = User.verify_auth_token(username_or_token)
if user_id:
user = session.query(User).filter_by(id=user_id).first()
else:
user = session.query(User).filter_by(name=username_or_token).first()
if not user or not user.verify_password(password):
return False
login_session["userId"] = user.id
login_session["admin"] = user.admin
session.close()
return True
def exchageToken():
client_id = request.args.getlist('client_id')
client_secret = request.args.getlist('client_secret')
code = request.args.getlist('code')
grant_type = request.args.getlist('grant_type')
if grant_type == authorization_code:
user_id = User.verify_auth_token(code)
if user_id:
user = session.query(User).filter_by(id=user_id).one()
token = user.generate_access_token()
#update the db with this token
# Return Below JSON Objcet
# {
# token_type: "bearer",
# access_token: "ACCESS_TOKEN",
# refresh_token: "REFRESH_TOKEN"
# }
else:
return False
return True
def verify_password(email, password):
"""
Verify password or login token for JSON requests
Args:
email (string)
password (string)
Returns:
True if verification ok, else false
"""
user_id = User.verify_auth_token(email)
if user_id:
user = session.query(User).filter_by(id=user_id).one_or_none()
else:
user = session.query(User).filter_by(email=email).first()
if not user or not user.verify_password(password):
return False
if user:
g.user = user
return True
else:
return False
def showItem(category, itemTitle):
"""shows the profile of a specific item"""
user = None
# if a user is logged in, then 'token' will be in login session
if 'token' in login_session:
user = User.verify_auth_token(login_session['token'])
cat_id = session.query(Category).filter_by(name=category).first().id
item = session.query(Item).filter_by(
cat_id=cat_id, title=itemTitle).first()
# if there is a user, check if they're the item's creator (Authorization)
if user:
# if item's credentials do not match up with user's, prevent editing
if item.creator_id != login_session['userid']:
user = None
flash("Not authorized to edit or delete this item.")
# pass the user parameter to determine if 'edit', 'delete', and 'signout'
# button is shown
return render_template("item.html", item=item, user=user,
CLIENT_ID=CLIENT_ID)
