def authorize():
client_id = int(request.form.get('client_id'))
login = request.form.get('login')
password = request.form.get('password')
state = request.form.get('state', None)
if not db_load_or_install.user(login=login):
return redirect(db_load_or_install.client[client_id]['redirect_uri'] + '?error=access_denied' + ('' if state is None else '&state=' + state), code=302)
if db_load_or_install.user(login=login)[0]['password_hash'] != sha256(password.encode('UTF-8')).digest():
return redirect(db_load_or_install.client[client_id]['redirect_uri'] + '?error=access_denied' + ('' if state is None else '&state=' + state), code=302)
code = sha256(str(uuid4()).encode('UTF-8')).hexdigest()
db_load_or_install.authorization_code.insert(user_id=db_load_or_install.user(login=login)[0]['__id__'],
code=code,
expire_time=datetime.now() + timedelta(minutes=10))
db_load_or_install.authorization_code.commit()
return redirect(db_load_or_install.client[client_id]['redirect_uri'] + '?code=' + code + ('' if state is None else '&state=' + state), code=302)
def register():
login = request.form['login']
if not login:
return render_template('register_fail.html', reason='Empty login not allowed.')
password = request.form['password']
if len(password) < 6:
return render_template('register_fail.html', reason='Password is too short')
name = request.form['name'] or None
email = request.form['email'] or None
phone = request.form['phone'] or None
if db_load_or_install.user(login=login):
return render_template('register_fail.html', reason='User already exists.'.format(login))
db_load_or_install.user.insert(login=login,
password_hash=sha256(password.encode('UTF-8')).digest(),
name=name,
email=email,
phone=phone)
db_load_or_install.user.commit()
return render_template('register_ok.html', login=request.form['login'])
