def auth_login():
error_message = []
user_name = request.forms.get('user_name')
input_password = request.forms.get('password')
u = User.get_by_name(user_name)
print(u)
# O utilizador nao existe?
# if u is None or auth.password_matches(input_password, u['password']):
if u is None:
error_message.append('Credenciais incorrectas')
if user_name == '':
error_message.append('O nome de utilizador esta vazio')
if input_password == '':
error_message.append('O campo password esta vazio')
if len(error_message) > 0:
return jresp.reply(
payload=None,
success=False,
error_message=error_message
)
else:
db_password = u['password']
# Validar palavra-passe
if not auth.password_matches(input_password, db_password):
error_message.append('Credenciais incorrectas')
return jresp.reply(
payload=None,
success=False,
error_message=error_message
)
# User existe e password esta correcta:
# criar e gravar token de sessao
# enviar mensagem com o token de sessao
new_session_token = auth.generate_session_token()
new_session = UserSession(
user_id=u['id'],
token=new_session_token
)
new_session.save()
# Tudo correu bem:
payload = {
'token': new_session_token
}
return jresp.reply(
payload=payload,
error_message=None,
success=True
)