def auth_login(request): try: doc = request.json_body except: raise APIError(400, "invalid_json", "no valid json body") user = request.user email = doc.get("email") password = doc.get("password") if user: #already logged in token = user.get_or_create_token().token else: if not email or not password: raise APIError(400, "login.email_and_password_required", "You need to send your email and password.") user = DBSession.query(AuthUser).filter_by(email=email).first() if not user or not user.verify_password(password): raise APIError( 401, "login.email_or_password_invalid", "Either the email address or the password is wrong.") if not user.active: raise APIError(400, "user_is_not_activated", "Your user is not activated.") token = AuthToken.generate_token() tokenObj = AuthToken(user_id=user.id, token=token) DBSession.add(tokenObj) return { "token": token, "user": User.full_output(user.user_id), }
def add_or_update_user(request): """add a user and set its metadata""" user_id = int(request.matchdict["user_id"]) if asbool(get_settings().get("enable_user_authentication", False)): #ensure that the user exists and we have the permission to update it may_update = request.has_perm( perm_global_update_user_infos) or request.has_perm( perm_own_update_user_infos) and request.user.id == user_id if not may_update: raise APIError(403, "forbidden", "You may not edit this user.") #if not exists_by_expr(t_users,t_users.c.id==user_id): # raise APIError(403, "forbidden", "The user does not exist. As the user authentication is enabled, you need to create the AuthUser first.") lat = None if len(request.POST.get("lat", "")) > 0: lat = float(request.POST["lat"]) lon = None if len(request.POST.get("lon", "")) > 0: lon = float(request.POST["lon"]) friends = [] if len(request.POST.get("friends", "")) > 0: friends = [int(x) for x in request.POST["friends"].split(",")] groups = [] if len(request.POST.get("groups", "")) > 0: groups = [int(x) for x in request.POST["groups"].split(",")] timezone = "UTC" if len(request.POST.get("timezone", "")) > 0: timezone = request.POST["timezone"] if not valid_timezone(timezone): timezone = 'UTC' country = None if len(request.POST.get("country", "")) > 0: country = request.POST["country"] region = None if len(request.POST.get("region", "")) > 0: region = request.POST["region"] city = None if len(request.POST.get("city", "")) > 0: city = request.POST["city"] language = None if len(request.POST.get("language", "")) > 0: language = request.POST["language"] additional_public_data = {} if len(request.POST.get("additional_public_data", "")) > 0: try: additional_public_data = json.loads( request.POST["additional_public_data"]) except: additional_public_data = {} User.set_infos(user_id=user_id, lat=lat, lng=lon, timezone=timezone, country=country, region=region, city=city, language=language, friends=friends, groups=groups, additional_public_data=additional_public_data) return {"status": "OK", "user": User.full_output(user_id)}