def create_persona_user(): """Create a new PersonaUser and User for the associated email address and passed username. Fail out if we can't do that.""" ### XXX: we should only be doing this iff: ### - the user has currently verified their email address via Persona ### - but has not logged in with a Guampa account ### - and the email address is not yet associated with any Guampa account ### - and the account name is valid ### - and the account name is not yet in use if 'email' in session and g.user is None: d = request.get_json() username = d['username'] email = session['email'] if db.lookup_user_by_email(email): print("email address already in use, this should never happen") abort(400) if (db.lookup_username(username) or not constants.USERNAMEPATTERN.match(username)): abort(400) user = db.create_user_with_email(username, email) session['user_id'] = user.id g.user = user out = {'username': user.username, 'fullname':user.fullname} return json.dumps(out) abort(403)
def json_login(): """Logs the user in.""" d = request.get_json() username = d['username'] password = d['password'] user = db.lookup_username(username) success = check_password_hash(user.pwhash, password) if user is None: error = 'Invalid username' abort(403) elif not success: error = 'Invalid password' abort(403) else: session['user_id'] = user.id g.user = user return "OK"