def get_session(email): """ If the email and password match, a sessionId is returned as a string. This sessionId can to be passed along all the other requests that are annotated with @with_user in this file """ password = request.form.get("password", None) if password is None: return make_error(400, "Password not given") user = User.authorize(email, password) if user is None: return make_error(401, "Invalid credentials") session = Session.for_user(user) db_session.add(session) db_session.commit() return str(session.id)
def test_authorize(self): new_password = self.faker.password() self.user.update_password(new_password) result = User.authorize(self.user.email, new_password) assert result is not None and result == self.user