def post(self): b = request.get_json() email = b['email'].lower() password = b['password'] user = g.db.execute_one_dict(''' SELECT id, password FROM "user" WHERE email = %s ''', [email]) if user and user['id'] == '00000000-0000-0000-0000-000000000000': # Admin login if not bcrypt.checkpw(password.encode('utf8'), user['password'].encode('utf8')): abort(400, 'Invalid email/password combination') else: ldap_user = authenticate(email, password) if not user: user = g.db.execute_one_dict(''' INSERT INTO "user" (email, username, name) VALUES (%s, %s, %s) RETURNING id ''', [email, ldap_user['cn'], ldap_user['displayName']]) token = encode_user_token(user['id']) g.db.commit() res = OK('Logged in') res.set_cookie('token', token) return res
def post(self): b = request.get_json() email = b['email'] password = b['password'] user = g.db.execute_one_dict( ''' SELECT id, password FROM "user" WHERE email = %s ''', [email]) if not user: abort(400, 'Invalid email/password combination') if not bcrypt.checkpw(password.encode('utf8'), user['password'].encode('utf8')): abort(400, 'Invalid email/password combination') token = encode_user_token(user['id']) res = OK('Logged in') res.set_cookie('token', token) return res
def post(self): b = request.get_json() email = b['email'] password = b['password'] ldap_user = authenticate(email, password) user = g.db.execute_one_dict( ''' SELECT id FROM "user" WHERE email = %s ''', [email]) if not user: user = g.db.execute_one_dict( ''' INSERT INTO "user" (email, username, name) VALUES (%s, %s, %s) RETURNING id ''', [email, ldap_user['cn'], ldap_user['displayName']]) token = encode_user_token(user['id']) g.db.commit() res = OK('Logged in') res.set_cookie('token', token) return res
def post(self): if os.environ['INFRABOX_ACCOUNT_SIGNUP_ENABLED'] != 'true': abort(404) b = request.get_json() email = b['email'] password1 = b['password1'] password2 = b['password2'] username = b['username'] if password1 != password2: abort(400, 'Passwords don\'t match') e = parseaddr(email) if not e: abort(400, 'Invalid email') if not e[1]: abort(400, 'Invalid email') if not username.isalnum(): abort(400, 'Username is not alphanumeric') user = g.db.execute_one_dict( ''' SELECT id, password FROM "user" WHERE email = %s ''', [email]) if user: abort(400, 'An account with this email already exists') user = g.db.execute_one_dict( ''' SELECT id, password FROM "user" WHERE username = %s ''', [username]) if user: abort(400, 'An account with this username already exists') hashed_password = bcrypt.hashpw(password1.encode('utf8'), bcrypt.gensalt()) user = g.db.execute_one_dict( ''' INSERT into "user" (username, email, password) VALUES (%s, %s, %s) RETURNING ID ''', [username, email, hashed_password]) token = encode_user_token(user['id']) g.db.commit() res = OK('Logged in') res.set_cookie('token', token) return res