def changePassword(self, userId: str): oldPassword = flask.request.json.get('old') newPassword = flask.request.json.get('new') if self.userId != userId: raise ApiExceptions.ForbiddenException() PasswordChangeApi.PasswordChangeApi.changePasswordForUser(userId, oldPassword, newPassword) return '', 204
def loginUser(cls, username: str, password: str) -> (str, Models.User): userLookup = cls.getByUsername(username) if userLookup is not None: expectedPassword = userLookup.password expectedSalt = userLookup.salt expectedNonce = userLookup.nonce if Encryption.comparePasswords(expectedPassword, expectedNonce, expectedSalt, password): # generate a session for the user session = Models.Session( owner=userLookup.id, created=int(time.time()), sessionType='login', ) session.save() return SessionApi.SessionApi.serializeSession( session), userLookup else: raise ApiExceptions.ForbiddenException() else: raise ApiExceptions.NotFoundException()