def logout(request): response = Response(code=303, location='/') response.set_secure_cookie(request, 'user_id', None, secure=True, max_age=datetime.timedelta()) return response
def test_secure_cookie(self): app = PigWig([], cookie_secret=b"a|b") req = Request(app, None, None, None, None, None, None) r = Response() r.set_secure_cookie(req, "c|d", "e|f") set_cookie = r.headers[-1] self.assertEqual(set_cookie[0], "Set-Cookie") cookies = http.cookies.SimpleCookie(set_cookie[1]) req.cookies = cookies self.assertEqual(req.get_secure_cookie("c|d", None), "e|f")
def test_secure_cookie(self): app = PigWig([], cookie_secret=b'a|b') req = Request(app, None, None, None, None, None, None, None) r = Response() r.set_secure_cookie(req, 'c|d', 'e|f') set_cookie = r.headers[-1] self.assertEqual(set_cookie[0], 'Set-Cookie') cookies = http.cookies.SimpleCookie(set_cookie[1]) req.cookies = cookies self.assertEqual(req.get_secure_cookie('c|d', None), 'e|f')
def login(request): try: username = request.body['username'] password = request.body['password'] except KeyError: raise HTTPException(400, 'username or password missing') cur = db.execute('SELECT id, password, salt FROM users WHERE username = ?', (username,)) user = next(cur) hashed = _hash(password, user['salt']) if hmac.compare_digest(user['password'], hashed): response = Response(code=303, location='/admin') response.set_secure_cookie(request, 'user_id', str(user['id']), max_age=LOGIN_TIME) return response else: raise HTTPException(401, 'incorrect username or password')
def login(request): email = request.body['email'] password = request.body['password'] if 'register' in request.body: user = db.User.register(email, password) db.session.commit() location = '/accounts' else: user = db.User.login(email, password) if user is None: return Response('bad email/password', 403) location = '/outcomes' response = Response(code=303, location=location) response.set_secure_cookie(request, 'user_id', user.user_id, secure=True, max_age=datetime.timedelta(days=30)) return response