def user_login(request):
if request.form["username"] == "admin" and request.form["password"] == ADMIN_PASSWORD:
request.client_session["user_id"] = -1
return user_profile(request, -1)
user = (
session.query(User)
.filter(User.username == request.form["username"])
.filter(User.password == hash_password(request.form["password"]))
.one()
)
request.client_session["user_id"] = user.id
return render_json(user.to_api_dict())
def create_user(request):
try:
u = session.query(User).filter(User.username == request.form["username"]).one()
logging.debug("Not creating user %s, username already in use." % request.form["username"])
return DuplicateError
except NoResultFound:
pass
u = User(
request.form["username"],
request.form["fullname"],
hash_password(request.form["password"]),
request.form["editor"] == "true",
request.form["superuser"] == "true",
)
# handle query errors and return a valid response
session.add(u)
session.commit()
u = session.query(User).filter(User.username == request.form["username"]).one()
return render_json(u.to_api_dict())
