def set_password(request): secret_key = request.POST['k'] user_id = request.POST['id'] password = request.POST['p'] is_for_profile = request.POST.get('n', False); if not is_for_profile: signup = session.query(Signup).filter(Signup.id==user_id)[0] profile = session.query(Profile).filter(Profile.email==signup.email)[0] if signup.secret_key == secret_key: profile.password = encode_password(password) else: profile = session.query(Profile).filter(Profile.id==user_id)[0] if profile.password_reset_key == secret_key: profile.password = encode_password(password)
def sign_in(request): identification = request.POST['identification'] password = request.POST['password'] try: profile = session.query(Profile).filter(Profile.email==identification)[0] except IndexError: request.response.status = '401 Unauthorized' request.response.content_type = 'application/vnd.api+json' return {'message':'Account does not exist.', 'code':True} algorithm, iterations, salt, hash = profile.password.split('$', 3) if profile.password == encode_password(password, salt): # authentication success authtkt_ticket = remember(request, identification) return {'token':authtkt_ticket,'email':identification} else: request.response.status = '401 Unauthorized' request.response.content_type = 'application/vnd.api+json' return {'message':'Password incorrect.', 'code':False}