def login(cached_email=None):
"""Render login page and handle login form data.
Requests:
GET /auth/login
POST /auth/login
"""
if request.method == 'GET':
csrf_token = generate_csrf_token()
response = make_response(
render_template('login.html',
cached_email=cached_email,
client_id=CLIENT_ID,
csrf_token=csrf_token))
# Store the csrf_token in the browser cookie.
response.set_cookie('csrf_token', value=csrf_token)
return response
# Form fields:
# email: user email, required
# password: user password, required
if request.method == 'POST':
# Check csrf token
cookie_csrf_token = request.cookies.get('csrf_token')
form_csrf_token = request.form.get('_csrf_token')
# CSRF attack detected!
if cookie_csrf_token != form_csrf_token:
flash("Please use proper login.")
return render_template('login.html',
cached_email=cached_email,
client_id=CLIENT_ID,
csrf_token="")
# Get user data from login form.
email = request.form.get('email')
password = request.form.get('password')
# User must fill the email and password field.
if not (email and password):
flash("Please fill the form. ")
return render_template('login.html', cached_email=email)
# Find user in the database by email.
user = User.get_by_email(session, email.strip())
# User does not exists.
if not user:
flash("Invalid email address or password. ")
return render_template('login.html', cached_email=email)
# User exist, but Password does not.
# The user have logged in with OAuth
if not user.password:
flash("You've signed up with social service. ")
return render_template('login.html', cached_email=email)
# Password incorrect.
if not check_password(password, user.password, user.salt):
flash("Invalid email address or password. ")
return render_template('login.html', cached_email=email)
# Generate JSON web token for user.
# As long as client has non-expired and valid token,
# they do not need to login again.
expire_time, token = generate_token(user)
response = make_response(redirect(url_for('basic.showMain')))
# Store the token in the browser cookie.
response.set_cookie('token', value=token)
response.set_cookie('expire_time', value=str(expire_time))
return response
def login(cached_email=None):
"""Render login page and handle login form data.
Requests:
GET /auth/login
POST /auth/login
"""
if request.method == 'GET':
csrf_token = generate_csrf_token()
response = make_response(
render_template('login.html', cached_email=cached_email,
client_id=CLIENT_ID, csrf_token=csrf_token)
)
# Store the csrf_token in the browser cookie.
response.set_cookie('csrf_token', value=csrf_token)
return response
# Form fields:
# email: user email, required
# password: user password, required
if request.method == 'POST':
# Check csrf token
cookie_csrf_token = request.cookies.get('csrf_token')
form_csrf_token = request.form.get('_csrf_token')
# CSRF attack detected!
if cookie_csrf_token != form_csrf_token:
flash("Please use proper login.")
return render_template('login.html', cached_email=cached_email,
client_id=CLIENT_ID, csrf_token="")
# Get user data from login form.
email = request.form.get('email')
password = request.form.get('password')
# User must fill the email and password field.
if not (email and password):
flash("Please fill the form. ")
return render_template('login.html', cached_email=email)
# Find user in the database by email.
user = User.get_by_email(session, email.strip())
# User does not exists.
if not user:
flash("Invalid email address or password. ")
return render_template('login.html', cached_email=email)
# User exist, but Password does not.
# The user have logged in with OAuth
if not user.password:
flash("You've signed up with social service. ")
return render_template('login.html', cached_email=email)
# Password incorrect.
if not check_password(password, user.password, user.salt):
flash("Invalid email address or password. ")
return render_template('login.html', cached_email=email)
# Generate JSON web token for user.
# As long as client has non-expired and valid token,
# they do not need to login again.
expire_time, token = generate_token(user)
response = make_response(redirect(url_for('basic.showMain')))
# Store the token in the browser cookie.
response.set_cookie('token', value=token)
response.set_cookie('expire_time', value=str(expire_time))
return response
def signup():
"""Render login page and handle login form data.
Requests:
GET /auth/signup
POST /auth/signup
"""
if request.method == 'GET':
csrf_token = generate_csrf_token()
response = make_response(
render_template('signup.html', client_id=CLIENT_ID))
# Store the csrf_token in the browser cookie.
response.set_cookie('csrf_token', value=csrf_token)
return response
# Form fields:
# email: user email, required
# password: user password, required
# confirm: user confirm password, required
# User email, and hashed password and salt are stored when login succeed.
if request.method == 'POST':
# Check csrf token
cookie_csrf_token = request.cookies.get('csrf_token')
form_csrf_token = request.form.get('_csrf_token')
# CSRF attack detected!
if cookie_csrf_token != form_csrf_token:
flash("Please use proper signup.")
return render_template('signup.html',
client_id=CLIENT_ID,
csrf_token="")
# Get user data from login form.
email = request.form.get('email')
password = request.form.get('password')
confirm = request.form.get('confirm')
# User must fill the email and password field.
if not (email and password and confirm):
flash("Please fill the form. ")
return render_template('signup.html', cached_email=email)
# Password field and confirm fields must be the same.
if not (password == confirm):
flash("Confirm password has to be the same as password")
return render_template('signup.html', cached_email=email)
# Find user in the database by email.
user = User.get_by_email(session, email.strip())
# User already exist, remind user that.
if user:
if user.password:
flash("Such user already exist. Please login")
return render_template('signup.html', cached_email=email)
# Create a new user object
else:
user = User(email=email.strip())
# Store encrypted password and salt in the database
user.password, user.salt = encrypt_password(password)
session.add(user)
session.commit()
# Generate JSON web token for user.
# As long as client has non-expired and valid token,
# they do not need to login again.
expire_time, token = generate_token(user)
response = make_response(redirect(url_for('basic.showMain')))
# Store the token in the browser cookie.
response.set_cookie('token', value=token)
response.set_cookie('expire_time', value=str(expire_time))
return response
def signup():
"""Render login page and handle login form data.
Requests:
GET /auth/signup
POST /auth/signup
"""
if request.method == 'GET':
csrf_token = generate_csrf_token()
response = make_response(
render_template('signup.html', client_id=CLIENT_ID)
)
# Store the csrf_token in the browser cookie.
response.set_cookie('csrf_token', value=csrf_token)
return response
# Form fields:
# email: user email, required
# password: user password, required
# confirm: user confirm password, required
# User email, and hashed password and salt are stored when login succeed.
if request.method == 'POST':
# Check csrf token
cookie_csrf_token = request.cookies.get('csrf_token')
form_csrf_token = request.form.get('_csrf_token')
# CSRF attack detected!
if cookie_csrf_token != form_csrf_token:
flash("Please use proper signup.")
return render_template('signup.html',
client_id=CLIENT_ID, csrf_token="")
# Get user data from login form.
email = request.form.get('email')
password = request.form.get('password')
confirm = request.form.get('confirm')
# User must fill the email and password field.
if not (email and password and confirm):
flash("Please fill the form. ")
return render_template('signup.html', cached_email=email)
# Password field and confirm fields must be the same.
if not (password == confirm):
flash("Confirm password has to be the same as password")
return render_template('signup.html', cached_email=email)
# Find user in the database by email.
user = User.get_by_email(session, email.strip())
# User already exist, remind user that.
if user:
if user.password:
flash("Such user already exist. Please login")
return render_template('signup.html', cached_email=email)
# Create a new user object
else:
user = User(email=email.strip())
# Store encrypted password and salt in the database
user.password, user.salt = encrypt_password(password)
session.add(user)
session.commit()
# Generate JSON web token for user.
# As long as client has non-expired and valid token,
# they do not need to login again.
expire_time, token = generate_token(user)
response = make_response(redirect(url_for('basic.showMain')))
# Store the token in the browser cookie.
response.set_cookie('token', value=token)
response.set_cookie('expire_time', value=str(expire_time))
return response
