def register():
validator = Registration()
data = validate(request.json, validator)
user = User.create(data['email'], data['password'])
db_session.commit()
response = json_response(user.json_data, 201)
response.headers['Location'] = url_for("api.profile", user_id=user.id)
return response
def login():
data = request.json
user = User.get_by_email(data['email'])
if (user is None):
abort(400)
if (not check_password_hash(user.password, data['password'])):
abort(400)
session = Session(user=user)
db_session.commit()
response = json_response(session.json_data, 201)
response.headers['Location'] = url_for("api.profile", user_id=user.id)
return response
def authenticate_request():
if request.path in [url_for(r) for r in ["api.login", "api.register"]]:
return
auth_token = request.headers.get('X-Auth-Token', None)
if (auth_token is None):
raise Unauthorized()
session = Session.query.get(auth_token)
if (session is None):
raise Unauthorized()
session.updated_at = datetime.now()
session.save()
db_session.commit()
g.user = session.user