def signup(): """View handler to create an account for new user (username & password). Verification of user is responsibility of Auth Service """ if request.method == 'GET': # return LOGIN page return render_template('auth/signup.html') provider = request.args.get('provider', constants.AUTH_BASIC) payload = {key: request.form.get(key) for key in SIGNUP_FORM_KEYS} payload['display_name'] = "{first_name} {last_name}".format(**payload) FORBIDDEN_KEYS = ['hash', 'verification_code'] for key in FORBIDDEN_KEYS: if key in payload: payload.pop(key) # remove unwanted attributes in payload auth_service = AuthService() token, user_id = auth_service.signup(payload, provider=provider) if token and user_id: session['token'] = token session['user_id'] = user_id return redirect(url_for('menus.index')) raise HTTPInternalServerError("error trying to signup")
def login(): """View handler to login a user account, saving the SSO token in the request session""" if request.method == 'GET': # return LOGIN page return render_template('auth/login.html') # try to login user based on payload provider = request.args.get('provider', constants.AUTH_BASIC) redirect_url = request.args.get('redirect') # get email & password from request.form # NOTE: hashing done over on AuthService end, thus need to ensure SSL is used auth_service = AuthService() payload = {key: request.form.get(key) for key in LOGIN_FORM_KEYS[provider]} token, user_id = auth_service.login(payload, provider=provider) if token and user_id: session['token'] = token session['user_id'] = user_id if redirect_url: return redirect(redirect_url) return redirect(url_for('accounts.index')) # defaults to accounts page raise HTTPInternalServerError("error logging in")
def create_app(): app = Flask(__name__) app.config.from_object("config") # for gzip Compress().init_app(app) # import blueprints from dashboard.views import main, auth, accounts, menus, restaurants, dashboard # setup env, secret keys, etc. app.secret_key = os.getenv("BENRI_SECRET") # recommended for setting up Flask session env = os.getenv("BENRI_ENV") or "dev" AuthService.set_env(env) APIService.set_env(env) # main views app.register_blueprint(main.blueprint, url_prefix="/") app.register_blueprint(auth.blueprint, url_prefix="/auth") app.register_blueprint(dashboard.blueprint, url_prefix="/dashboard") # user-specific views app.register_blueprint(accounts.blueprint, url_prefix="/accounts") app.register_blueprint(menus.blueprint, url_prefix="/menus") app.register_blueprint(restaurants.blueprint, url_prefix="/restaurants") @app.before_request def _before_request(): pass @app.errorhandler(exceptions.HTTPBadRequest) def handle_http_bad_request(error): response = jsonify(error.to_dict()) response.status_code = error.status_code return response @app.errorhandler(exceptions.HTTPUnauthorized) def handle_http_unauthorized(error): response = jsonify(error.to_dict()) response.status_code = error.status_code return response @app.errorhandler(exceptions.HTTPInvalidMethod) def handle_http_invalid_method(error): response = jsonify(error.to_dict()) response.status_code = error.status_code return response return app