def login():
username = request.args.get('username')
password = request.args.get('password')
if username is None:
return make_bad_request(
API_i18n.error(i18nmsgs.MISSING_PARAMETER_USERNAME))
if password is None:
return make_bad_request(
API_i18n.error(i18nmsgs.MISSING_PARAMETER_PASSWORD))
if not is_valid_user(username):
return make_bad_request(API_i18n.error(i18nmsgs.INVALID_USERNAME))
if not is_valid_user_password(password):
return make_bad_request(API_i18n.error(i18nmsgs.INVALID_PASSWORD))
try:
user = db.session.query(Users).filter_by(login=username).one()
except NoResultFound:
return make_error(
API_i18n.error(i18nmsgs.INVALID_USERNAME_OR_PASSWORD), 401)
except MultipleResultsFound:
return make_error(API_i18n.error(i18nmsgs.TOO_MANY_USERNAMES_MATCHING),
500)
except Exception, e:
return make_error(
API_i18n.error(i18nmsgs.TOO_MANY_USERNAMES_MATCHING,
{"exception": str(e)}), 500)
def login():
username = request.args.get('username')
password = request.args.get('password')
if username is None:
return make_bad_request(API_i18n.error(i18nmsgs.MISSING_PARAMETER_USERNAME))
if password is None:
return make_bad_request(API_i18n.error(i18nmsgs.MISSING_PARAMETER_PASSWORD))
if not is_valid_user(username):
return make_bad_request(API_i18n.error(i18nmsgs.INVALID_USERNAME))
if not is_valid_user_password(password):
return make_bad_request(API_i18n.error(i18nmsgs.INVALID_PASSWORD))
try:
user = db.session.query(Users).filter_by(login=username).one()
except NoResultFound:
return make_error(API_i18n.error(i18nmsgs.INVALID_USERNAME_OR_PASSWORD), 401)
except MultipleResultsFound:
return make_error(API_i18n.error(i18nmsgs.TOO_MANY_USERNAMES_MATCHING), 500)
except Exception, e:
return make_error(API_i18n.error(i18nmsgs.TOO_MANY_USERNAMES_MATCHING, {"exception": str(e)}), 500)
else:
# check if the password is already md5
password_md5_hex = password
if check_md5_regex.match(password) is None:
password_md5 = hashlib.md5()
password_md5.update(password.encode('latin-1'))
password_md5_hex = password_md5.hexdigest()
if password_md5_hex.lower() == user.av_pass.lower():
login_valid = 1
if login_valid == 1:
login_user(user)
identity_changed.send(app, identity=Identity(user.login))
return make_ok()
return make_error(API_i18n.error(i18nmsgs.INVALID_USERNAME_OR_PASSWORD), 401)
# WARNING:
# The decorator order is strictly like this.
# First, the route, then the login constraint.
@blueprint.route('/logout', methods=['GET'])
@logged_permission.require(http_exception=401)
def logout():
logout_user()
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
return make_ok()
@login_manager.user_loader
def load_user(username):
if check_md5_regex.match(password) is None:
password_md5 = hashlib.md5()
password_md5.update(password.encode('latin-1'))
password_md5_hex = password_md5.hexdigest()
if password_md5_hex.lower() == user.av_pass.lower():
login_valid = 1
if login_valid == 1:
login_user(user)
identity_changed.send(app, identity=Identity(user.login))
if not (current_user.is_admin == 1 or current_user.login == 'admin'):
success = populate_user_permissions_table(user.login)
app.logger.warning("user_perm table for the user %s has been populated successfully? %s" % (user.login, success))
return make_ok()
return make_error(API_i18n.error(i18nmsgs.INVALID_USERNAME_OR_PASSWORD), 401)
# WARNING:
# The decorator order is strictly like this.
# First, the route, then the login constraint.
@blueprint.route('/logout', methods=['GET'])
@logged_permission.require(http_exception=401)
def logout():
logout_user()
identity_changed.send(current_app._get_current_object(), identity=AnonymousIdentity())
return make_ok()
@login_manager.user_loader
def load_user(username):