def get_account(self, username=None, email=None, password=None): """Get the account given the username or email. If password is given, check it. Return None if no such account, or wrong password.""" c = self.cnx.cursor() if username: sql = "SELECT username, email, role, state, password, modified" \ " FROM accounts WHERE username=?" c.execute(sql, (username, )) elif email: sql = "SELECT username, email, role, state, password, modified" \ " FROM accounts WHERE email=?" c.execute(sql, (email, )) else: return None row = c.fetchone() if not row: return None if password and utils.hashed_password(password) != row[4]: return None account = entity.Account(username=row[0], email=row[1], role=row[2], state=row[3], modified=row[5]) i = self._get_account_i(account.username) sql = "SELECT token, expiry FROM tokens WHERE account=?" c.execute(sql, (i, )) account.tokens = [dict(token=r[0], expiry=r[1]) for r in c] return account
def create_account(self, account, params, specs_access=constants.PRIVATE): "Create the account entry and the top specs directory for it." c = self.cnx.cursor() sql = "SELECT COUNT(*) FROM accounts WHERE username=?" c.execute(sql, (account.username, )) if c.fetchone()[0]: raise ValueError('username already defined') sql = "SELECT COUNT(*) FROM accounts WHERE email=?" c.execute(sql, (account.email, )) if c.fetchone()[0]: raise ValueError('email already defined') if account.role not in constants.ACCOUNT_ROLES: raise ValueError("invalid role: {}".format(account.role)) if account.get('state') not in constants.ACCOUNT_STATES: account.state = constants.PENDING # Input password is clear-text; store its hash in the db. if account.password: account.password = utils.hashed_password(account.password) # Blank password is not hashed; cannot be used to log in. with self.get_transaction() as c: sql = "INSERT INTO accounts(username, email, role, state," \ " password, modified)" \ " VALUES(?,?,?,?,?,{})".format(NOW) c.execute(sql, (account.username, account.email, account.role, account.state, account.password)) i = self._get_account_i(account.username) sql = "INSERT INTO accounts_log(account, params, changed,modified)"\ " VALUES(?,?,?,{})".format(NOW) changed = dict(email=account.email, role=account.role, state=account.state) c.execute(sql, (i, json.dumps(params), json.dumps(changed))) sql = "INSERT INTO dirs(path, access, owner, modified)" \ " VALUES(?,?,?,{})".format(NOW) c.execute(sql, (account.username, specs_access, i))