Exemple #1
0
def register():
    user_data = request.get_json()

    # user exists
    if UserModel.count(user_data["email"]):
        return jsonify("Email already registered"), 400

    # incomplete user data
    if not all([
        user_data.get("first_name"), 
        user_data.get("last_name"), 
        user_data.get("password")
        ]):
        return jsonify("You must provide an email, first_name, last_name, and password"), 400
    
    # good to go, let's get them registered
    user_instance = UserModel(
        user_data["email"], 
        created_at=datetime.datetime.utcnow(),
        first_name=user_data["first_name"], 
        last_name=user_data["last_name"],
    )

    # hash the password
    user_instance.setPasswordHash(user_data["password"])

    # compose and send activation email
    email_template = """
        <h1>Rentalated</h1>
        <a href="{url}/test/activate/{encoded_id}">
            <p>Click this link to activate your account!</p>
        </a>
    """.format(url=config.WEBSITE_URL, encoded_id=encode_activation_token(user_data["email"]))

    send_email(
        user_data["email"], 
        "The time has come for you to activate your Rentalated account.",
        email_template
    )

    # save the user with .activated=False
    user_instance.save()

    return jsonify({
        "msg": "user saved && activation email sent",
        "saved_user": user_instance.serialize()
    })
def login():
    user_data = request.get_json()

     # CURTIS: does the below work in terms of timing attacks?
    validLogin = False
    # switch this to true iff they exist, their password checks out, 
        # and their account is active.  
    if UserModel.count(user_data["email"]):
        user_instance = UserModel.get(user_data["email"])
        if user_instance.checkPassword(user_data['password']):
            if user_instance.active: 
                validLogin = True
    
    if validLogin: 
        user_instance = UserModel.get(user_data["email"])
        return user_instance.encodeAuthToken()

    else: 
        return "Error logging in", 400