def login():
body = should_look_like({
'username': str,
'password': str,
})
user = RegisteredUser.find_by_username(body['username'])
if user and pbkdf2_sha256.verify(body['password'], user.pw_hash):
user_profile = UserProfile.query.get(user.id)
id_token = make_token(user.id, user_profile, expires_hours=1)
res = ApiResponse()
res.set_cookie('id_token', id_token, httponly=True, secure=True)
res.status = 201
return res
abort(403)
def register():
res = ApiResponse()
body = should_look_like({
'username': str,
'password': str,
})
if not RegisteredUser.find_by_username(body['username']):
pw_hash = pbkdf2_sha256.hash(body['password'])
new_user = RegisteredUser(username=body['username'], pw_hash=pw_hash)
new_user.save_to_db()
user_profile = UserProfile(user_id=new_user.id,
username=new_user.username,
role_id=1)
user_profile.save_to_db()
id_token = make_token(new_user.id, user_profile, expires_hours=1)
res.set_cookie('id_token', id_token, httponly=True, secure=True)
res.status = 201
return res
res.message = 'Username: "******" has already been taken'.format(
body['username'])
res.status = 400
return res