def cookie2user(cookie_str): ''' Parse cookie and load user if cookie is valid. ''' if not cookie_str: return None try: L = cookie_str.split('-') if len(L) != 3: return None uid, expires, sha1 = L if int(expires) < time.time(): return None user = yield from User.find(uid) local_auths = yield from LocalAuth.findAll('user_id=?',[uid]) local_auth = local_auths[0] if user is None: return None s = '%s-%s-%s-%s' % (uid, local_auth.user_pwd, expires, _COOKIE_KEY) if sha1 != hashlib.sha1(s.encode('utf-8')).hexdigest(): logging.info('invalid sha1') return None return user except Exception as e: logging.exception(e) return None
def api_register_user(*, email, name, passwd): if not name or not name.strip(): raise APIValueError('name') if not email or not _RE_EMAIL.match(email): raise APIValueError('email') if not passwd or not _RE_SHA1.match(passwd): raise APIValueError('passwd') users = yield from User.findAll('email=?', [email]) if len(users) > 0: raise APIError('register:failed', 'email', 'Email is already in use.') uid = next_id() sha1_passwd = '%s:%s' % (uid, passwd) pwd = hashlib.sha1(sha1_passwd.encode('utf-8')).hexdigest() user = User(id=uid, name=name.strip(), email=email, image='http://www.gravatar.com/avatar/%s?d=mm&s=120' % hashlib.md5(email.encode('utf-8')).hexdigest()) yield from user.save() local_auth = LocalAuth(user_id=uid,user_name=name,user_pwd=pwd); yield from local_auth.save() # make session cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user,local_auth, 86400), max_age=86400, httponly=True) r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r
def authenticate(*, email, passwd): if not email: raise APIValueError('email', 'Invalid email.') if not passwd: raise APIValueError('passwd', 'Invalid password.') users = yield from User.findAll('email=?', [email]) if len(users) == 0: raise APIValueError('email', 'Email not exist.') user = users[0] # check passwd: sha1 = hashlib.sha1() sha1.update(user.id.encode('utf-8')) sha1.update(b':') sha1.update(passwd.encode('utf-8')) local_auth = yield from LocalAuth.findAll('user_id=?', [user.id]) passwd = local_auth[0].user_pwd if passwd != sha1.hexdigest(): raise APIValueError('passwd', 'Invalid password.') # authenticate ok, set cookie: r = web.Response() r.set_cookie(COOKIE_NAME, user2cookie(user, local_auth[0], 86400), max_age=86400, httponly=True) r.content_type = 'application/json' r.body = json.dumps(user, ensure_ascii=False).encode('utf-8') return r