def auth_login(): error_message = [] user_name = request.forms.get('user_name') input_password = request.forms.get('password') u = User.get_by_name(user_name) # O utilizador nao existe? if u is None: error_message.append('O utilizador nao existe') return jresp.reply( payload=None, success=False, error_message=error_message ) else: db_password = u['password'] # Validar palavra-passe if not auth.password_matches(input_password, db_password): error_message.append('A password esta incorrecta') return jresp.reply( payload=None, success=False, error_message=error_message ) # User existe e password esta correcta: # criar e gravar token de sessao # enviar mensagem com o token de sessao new_session_token = auth.generate_session_token() new_session = UserSession( user_id=u['id'], token=new_session_token ) new_session.save() # Tudo correu bem: payload = { 'token': new_session_token } return jresp.reply( payload=payload, error_message=None, success=True )