def user_login(request): if request.form["username"] == "admin" and request.form["password"] == ADMIN_PASSWORD: request.client_session["user_id"] = -1 return user_profile(request, -1) user = ( session.query(User) .filter(User.username == request.form["username"]) .filter(User.password == hash_password(request.form["password"])) .one() ) request.client_session["user_id"] = user.id return render_json(user.to_api_dict())
def create_user(request): try: u = session.query(User).filter(User.username == request.form["username"]).one() logging.debug("Not creating user %s, username already in use." % request.form["username"]) return DuplicateError except NoResultFound: pass u = User( request.form["username"], request.form["fullname"], hash_password(request.form["password"]), request.form["editor"] == "true", request.form["superuser"] == "true", ) # handle query errors and return a valid response session.add(u) session.commit() u = session.query(User).filter(User.username == request.form["username"]).one() return render_json(u.to_api_dict())