Esempio n. 1
0
def auth_login():

    error_message = []

    user_name = request.forms.get('user_name')
    input_password = request.forms.get('password')

    u = User.get_by_name(user_name)
    print(u)

    # O utilizador nao existe?
    # if u is None or auth.password_matches(input_password, u['password']):
    if u is None:
        error_message.append('Credenciais incorrectas')
    if user_name == '':
        error_message.append('O nome de utilizador esta vazio')
    if input_password == '':
        error_message.append('O campo password esta vazio')
    if len(error_message) > 0:
        return jresp.reply(
                payload=None,
                success=False,
                error_message=error_message
            )
    else:
        db_password = u['password']

        # Validar palavra-passe
        if not auth.password_matches(input_password, db_password):
            error_message.append('Credenciais incorrectas')
            return jresp.reply(
                    payload=None,
                    success=False,
                    error_message=error_message
                )
        # User existe e password esta correcta:
        # criar e gravar token de sessao
        # enviar mensagem com o token de sessao

        new_session_token = auth.generate_session_token()

        new_session = UserSession(
                user_id=u['id'],
                token=new_session_token
            )
        new_session.save()

        # Tudo correu bem:
        payload = {
                'token': new_session_token
                }
        return jresp.reply(
                payload=payload,
                error_message=None,
                success=True
            )