def init_session():
if self.get_session(request) is not None:
response = make_response('OK')
response.headers["Content-type"] = "text/plain"
return response
user_name = request.form.get('user_name')
password = request.form.get('pass')
if user_name is None or password is None:
return 'Bad request', 400
sha256 = hashlib.sha256(bytes(password, encoding='utf-8')).hexdigest()
result = DB.check_user(request.form.get('user_name'), sha256)
if result:
if user_name in self.sessions_by_user_name:
session = self.sessions_by_user_name[user_name]
else:
session = Session(user_name, result.activated, result.uid, admin=result.admin)
self.sessions[session.get_id()] = session
self.sessions_by_user_name[user_name] = session
session['avatar'] = result.file
DB.add_session(session, result.uid)
session['ip'] = request.remote_addr
response = make_response('True')
response.headers["Content-type"] = "text/plain"
session.add_cookie_to_resp(response)
return response
else:
response = make_response('False')
response.headers["Content-type"] = "text/plain"
return response
def add_user():
sha256 = hashlib.sha256(bytes(request.form.get('pass'), encoding='utf-8')).hexdigest()
name = request.form.get('name')
email = request.form.get('email')
result = not DB.check_user(name) and not DB.check_email(email)
if not (search('^.+@.+\..+$', email) and search('^[a-zA-Z0-9_]+$', name) and result):
return make_response('Wrong data', 400)
if request.files:
file = request.files['file']
if file.mimetype in const.IMAGES:
file_ext = const.IMAGES[file.mimetype]
file.save("./server/static/avatar/{}{}".format(name, file_ext))
else:
return make_response('Wrong data', 400)
else:
file_ext = None
(activation_token, result) = DB.add_user(name, sha256, file_ext, email)
if result:
response = make_response('OK')
result2 = DB.check_user(name, sha256)
if result2:
session = Session(name, result2.activated, result2.uid)
self.sessions[session.get_id()] = session
self.sessions_by_user_name[name] = session
session['avatar'] = result2.file
DB.add_session(session, result2.uid)
session.add_cookie_to_resp(response)
email_.send_email(
"Для подтвеждения регистрации пожалуйста перейдите по ссылке "
"http://{domain}/api/activate_account?token={token}".format(
domain=(self.domain if self.domain is not None else self.ip),
token=activation_token
),
"Account activation",
email)
else:
self.logger.write_msg("Something wrong with registration ({})".format(name))
response.headers["Content-type"] = "text/plain"
return response
else:
return 'Error', 500
def activate_account():
token = request.args.get('token')
if not search('^[a-zA-Z0-9]+$', token):
return 'Bad token'
result = DB.activate_account(token)
if result is None:
return 'Bad token'
session = Session(result.name, result.activated, result.uid)
self.sessions[session.get_id()] = session
session['avatar'] = result.file
DB.add_session(session, result.uid)
response = redirect(self.app.config["APPLICATION_ROOT"] + '/')
session.add_cookie_to_resp(response)
return response