def login(username, password):
select = sql.select([users.c.password_hash, users.c.password_salt],
users.c.username == username)
hashed, salt = engine.execute(select).first()
if not compare_digest(hashed, scrypt.hash(password, salt)):
raise ValueError("invalid password")
return make_token(KEY, username)
def form_register():
email = request.forms["email"]
password = request.forms["password"]
username = request.forms["username"]
register(username, password, email)
response.set_cookie("token", make_token(KEY, username), httponly=True)
redirect("/")
def html_edit(title):
username = validate_login_cookie()
form_token = make_token(KEY, username + "-edit")
try:
blob = get_page_revision(title, repo.head.oid)
except KeyError: # title.rst not in tree
blob = ""
return dict(content=blob, name=title, token=form_token)
def json_register():
try:
username = request.json["username"]
password = request.json["password"]
email = request.json["email"]
except KeyError as e:
return {"error": "missing {} key".format(e.args[0])}
try:
register(username, password, email)
except sql.exc.IntegrityError:
return {"error": "username already registered"}
return {"token": make_token(KEY, username)}
def html_revert(revision):
username = validate_login_cookie()
form_token = make_token(KEY, username + "-revert")
return dict(token=form_token)
def html_move(title):
username = validate_login_cookie()
form_token = make_token(KEY, username + "-move")
return dict(title=title, token=form_token)