def register(): login = request.form['login'] if not login: return render_template('register_fail.html', reason='Нельзя без логина.') password = request.form['password'] if len(password) < 6: return render_template('register_fail.html', reason='Пароль должен быть длиннее 6 символов') name = request.form['name'] or None email = request.form['email'] or None phone = request.form['phone'] or None if db.user(login=login): return render_template('register_fail.html', reason='Пользователь с таким логином уже существует.'.format(login)) db.user.insert(login=login, password_hash=sha256(password.encode('UTF-8')).digest(), name=name, email=email, phone=phone) db.user.commit() return render_template('register_ok.html', login=request.form['login'])
def authorize(): client_id = int(request.form.get('client_id')) login = request.form.get('login') password = request.form.get('password') state = request.form.get('state', None) uri = db.client[client_id]['redirect_uri'] if not db.user(login=login): return redirect(uri + '?error=access_denied' + ( '' if state is None else '&state=' + state), code=302) if db.user(login=login)[0]['password_hash'] != sha256(password.encode('UTF-8')).digest(): return redirect(uri + '?error=access_denied' + ( '' if state is None else '&state=' + state), code=302) code = sha256(str(uuid4()).encode('UTF-8')).hexdigest() db.authorization_code.insert(user_id=db.user(login=login)[0]['__id__'], code=code, expire_time=datetime.now() + timedelta(minutes=10)) db.authorization_code.commit() return redirect( uri + '?code=' + code + ('' if state is None else '&state=' + state), code=302)