def login():
response = {"type": None, "text": None, "data": {}}
try:
username = str(request.form["username"])
password = request.form["password"]
user_table = db["users"].find_one(username=username)
db_hash = user_table["password"]
if bcrypt.checkpw(str(password), db_hash):
log.info(":{0}:Logged in user".format(username))
#Generate user token
session["logged-in"] = True
session["username"] = username
user_token = tools.get_user_token(username)
db['users'].upsert({
"username": username,
"user_token": user_token
}, ['username'])
response["type"] = "success"
response["text"] = "Authentication successful"
response["data"].update({"user_token": user_token})
else:
response["type"] = "error"
response["text"] = "Invalid username/password"
except KeyError:
response["type"] = "error"
response[
"text"] = "Couldn't find username and password in request data"
resp = make_response(redirect("/"))
if response["type"] == "success":
log.info(":{0}:Setting cookies for username and user token".format(
username))
session["username"] = username
session["user_token"] = response["data"]["user_token"]
return resp
def main():
"""
Render the webapp index.html template
:return index template:
"""
log.info(":WEB:/")
if "username" in session.keys():
username = session["username"]
else:
username = None
if username:
log.info(":{0}:Found username cookies".format(username))
log.debug("Setting session data")
if "logged-in" not in session.keys():
session["logged-in"] = False
session["welcome-message"] = "Welcome to W.I.L.L"
if username:
user_table = db["users"].find_one(username=username)
if "user_token" in user_table.keys() and "user_token" in session.keys(
):
user_token = session["user_token"]
if user_table["user_token"] == user_token:
log.info(
":{0}:User authenticated via user_token in cookies".format(
username))
new_token = tools.get_user_token(username)
db["users"].upsert(
{
"username": username,
"user_token": new_token
}, ['username'])
session["logged-in"] = True
user_first_name = user_table["first_name"]
session["welcome-message"] = "Welcome back {0}".format(
user_first_name)
session_id = gen_session(username)
session["session_id"] = session_id
session["user_token"] = new_token
log.info(":{0}:Generated session id for user {1}".format(
session_id, username))
resp = make_response(render_template('index.html'))
return resp
else:
log.debug("User tokens don't match.\n{0}\n{1}".format(
request.cookies.get("user_token"),
db["users"].find_one(username=username)["user_token"]))
session["logged-in"] = False
else:
log.debug("Couldn't find user token in cookies")
session["logged-in"] = False
else:
log.debug("Couldn't find username in cookies")
session["logged-in"] = False
#If the cookies aren't found
return render_template('index.html')
def login():
"""
:param username:
:param password:
:return Login data:
"""
response = {"type": None, "text": None, "data": {}}
try:
username = str(request.form["username"])
password = request.form["password"]
if all(tools.check_string(x) for x in [username, password]):
user_table = db["users"].find_one(username=username)
db_hash = user_table["password"]
if bcrypt.checkpw(password.encode('utf8'), db_hash.encode('utf8')):
log.info(":{0}:Logged in user".format(username))
#Generate user token
session["logged-in"] = True
session["username"] = username
user_token = tools.get_user_token(username)
db['users'].upsert(
{
"username": username,
"user_token": user_token
}, ['username'])
response["type"] = "success"
response["text"] = "Authentication successful"
response["data"].update({"user_token": user_token})
else:
response["type"] = "error"
response["text"] = "Invalid username/password"
else:
response["type"] = "error"
response[
"text"] = "Invalid input, allowed characters are {0}".format(
tools.valid_chars)
except KeyError:
response["type"] = "error"
response[
"text"] = "Couldn't find username and password in request data"
resp = make_response(redirect("/"))
if response["type"] == "success":
log.info(":{0}:Setting cookies for username and user token".format(
username))
session["username"] = username
session["user_token"] = response["data"]["user_token"]
return resp