def verify_password(username_or_token_or_guid, password_or_gtoken): """Used by flask_httpauth to verify password for routes with login_required decorator""" # Try to see if it's a token first user_id = verifyAuthToken(username_or_token_or_guid) if user_id: user = getUser(user_id) g.user = user return True # If not a token then assume username and password user = getUserByUsername(username_or_token_or_guid) if user and user.verify_password(password_or_gtoken): g.user = user return True # If not a user then assume it's a Google O-Auth token userinfo_url = "https://oauth2.googleapis.com/tokeninfo" params = {'id_token': password_or_gtoken} answer = requests.get(userinfo_url, params=params) data = answer.json() # Now make sure that this token belongs to an already # registered user if ('sub' in data): user = getUserByUsername('GU' + data['sub']) if (user): g.user = user return True # Finally if all fails refuse access return False
def check_username(username): """API endpoint to check if username already exists, used for duplicate check.""" user = getUserByUsername(username) if not user: return jsonify({'found': False}) else: return jsonify({'found': True})
def new_user(): """API endpoint to create new users.""" username = request.json.get('username') password = request.json.get('password') picture = request.json.get('picture') email = request.json.get('email') if username is None or password is None: print("missing arguments") abort(400) if getUserByUsername(username) is not None: print("existing user") return jsonify({'message': 'user already exists'}), 200 user = addUser(username, picture, email, password) return jsonify(user=user.serialize), 201
def register(): body = json.loads(request.data) username = body.get("username") password = body.get("password") if username is None or password is None: return failure_response("No username or password!") bio = body.get("bio", "") temp_user = dao.getUserByUsername(username=username) if temp_user is not None: #if user is not None, then username already exists so no need to check if username-of-temp_user == username if temp_user.get("bio") == bio: return failure_response("User already registered!") return failure_response("Username already taken!") user = dao.register(username=username, password=password, bio=bio) #user = User(username=username, password=password, bio=bio) if user is None: return failure_response("The server could not create the user!") return success_response(user, 200)