def on_post(self, req, resp): user = req.context['doc'] USER_SCHEMA.validate(user) username = user.pop("username") self.logger.info("Attemted signup with username %s" % username) if self.username_exists(username): self.logger.info("Attemted signup with duplicate username %s" % username) raise falcon.HTTPInvalidParam("username already in use", "username") salt = str(uuid.uuid4()) user.update({ "_id": username, make_private("password_salt"): salt, make_private("encrypted_password"): auth.hash(user.pop("password"), salt) }) resp.body = self.db.save_doc(DB_USER, user)
def is_valid_login(self, username, password): user = self.database.get_doc(DB_USER, username, default=None) if user is None: return False hashed_password = hash(password, user[make_private("password_salt")]) return user[make_private("encrypted_password")] == hashed_password