async def validate_update_user_form(conn, form):
username = form.get('username')
first_name = form.get('first_name')
last_name = form.get('last_name')
old_password = form.get('old_password')
new_password = form.get('new_password')
permission = form.get('permission')
city = form.get('city')
user_id = form.get('user_id')
if not username:
return 'username is required'
if not permission:
return 'permission is required'
if not city or city == 'None':
city = ''
user = await models.get_user_by_id(conn, user_id)
if old_password and new_password:
if check_password_hash(old_password, user['password']):
password = generate_password_hash(new_password)
else:
return 'invalid password'
else:
password = None
await models.update_user(conn, user_id, username, first_name, last_name, permission, city, password)
def validate_user_login(session, login, password):
user = Users.get_user_by_login_sync(session, login)
if not user:
return 'Invalid username'
if not check_password_hash(password, user.password):
return 'Invalid password'
else:
return None
async def post(self):
# Создание сессии
data = await self.post()
session = await get_session(self)
location = self.app.router['login'].url_for()
email = data['email']
password = data['password']
user = await User.get_user_by_email(self.app['db'], email)
if user and check_password_hash(password, user['password']):
session['user'] = dict(user)
location = self.app.router['index'].url_for()
return web.HTTPFound(location=location)
async def auth_middleware(request, handler):
if '/api/' not in request.rel_url.path:
return await handler(request)
auth_init = request.headers.get('Authorization', '').replace('Basic ', '')
if not auth_init:
raise web.HTTPUnauthorized
user, password = base64.b64decode(auth_init).decode().split(':')
async with request.app['db'].acquire() as conn:
current_user = await get_user_by_name(conn, user)
if not current_user or not check_password_hash(password, current_user[3]):
raise web.HTTPUnauthorized
return await handler(request)
async def validate_login_form(conn, form):
username = form.get('username')
password = form.get('password')
if not username or not password:
return 'username or password is required'
user = await models.get_user_by_name(conn, username)
if not user:
return 'invalid username or password'
if not check_password_hash(password, user['password']):
return 'invalid username or password'
else:
return None
return 'error'
async def validate_login_form(conn, form, csrf_token):
username = form['username']
password = form['password']
if form['csrfmiddlewaretoken'] != csrf_token:
return 'Invalid csrf_token'
user = await db.get_user_by_name(conn, username)
if not user:
return 'Invalid username'
if not check_password_hash(password, user['password_hash']):
return 'Invalid password'
else:
return None
return 'error'
async def validate_login_form(app, form):
username = form['username']
password = form['password']
if not username:
return 'username is required'
if not password:
return 'password is required'
user = await get_users_by_name(app, username)
if not user:
return 'Invalid username'
user = user[0]
if not check_password_hash(password, user['password_hash']):
return 'Invalid password'
else:
return None
async def validate_login_form(conn, form):
username = form['username']
password = form['password']
if not username:
return 'username is required'
if not password:
return 'password is required'
user = await db.get_user_by_name(conn, username)
if not user:
return 'Invalid username'
if not check_password_hash(password, user['password_hash']):
return 'Invalid password'
else:
return None
return 'error'
async def post(self):
data = await self.json()
required = ['key', 'login', 'password']
if not all(key in data for key in required):
return web.json_response({
"status": "error",
"error": "Missing values"
})
session = await get_session(self)
user = await User.get_user_by_key(self.app['db'], data['key'])
if user and user['login'] == data['login'] and check_password_hash(
data['password'], user['password']):
session['user'] = dict(user)
response = {"status": "ok", "login": data['login']}
# await remember(self, response, user['key'])
else:
response = {
"status": "error",
"error": "Incorrect login or password"
}
return web.json_response(response)