def register():
login = request.form['login']
if not login:
return render_template('register_fail.html', reason='Нельзя без логина.')
password = request.form['password']
if len(password) < 6:
return render_template('register_fail.html', reason='Пароль должен быть длиннее 6 символов')
name = request.form['name'] or None
email = request.form['email'] or None
phone = request.form['phone'] or None
if db.user(login=login):
return render_template('register_fail.html',
reason='Пользователь с таким логином уже существует.'.format(login))
db.user.insert(login=login,
password_hash=sha256(password.encode('UTF-8')).digest(),
name=name,
email=email,
phone=phone)
db.user.commit()
return render_template('register_ok.html', login=request.form['login'])
def authorize():
client_id = int(request.form.get('client_id'))
login = request.form.get('login')
password = request.form.get('password')
state = request.form.get('state', None)
uri = db.client[client_id]['redirect_uri']
if not db.user(login=login):
return redirect(uri + '?error=access_denied' + (
'' if state is None else '&state=' + state), code=302)
if db.user(login=login)[0]['password_hash'] != sha256(password.encode('UTF-8')).digest():
return redirect(uri + '?error=access_denied' + (
'' if state is None else '&state=' + state), code=302)
code = sha256(str(uuid4()).encode('UTF-8')).hexdigest()
db.authorization_code.insert(user_id=db.user(login=login)[0]['__id__'],
code=code,
expire_time=datetime.now() + timedelta(minutes=10))
db.authorization_code.commit()
return redirect(
uri + '?code=' + code + ('' if state is None else '&state=' + state), code=302)
