def post(self): """ Attempts to log in to the OECI web site using the provided username and password if successful, encrypt those credentials and return them in a cookie. If the credentials """ data = request.get_json() if data is None: error(400, "No json data in request body") check_data_fields(data, ["oeci_username", "oeci_password"]) credentials = {"oeci_username": data["oeci_username"], "oeci_password": data["oeci_password"]} crawler_session = requests.Session() try: Crawler.attempt_login(crawler_session, credentials["oeci_username"], credentials["oeci_password"]) except InvalidOECIUsernamePassword as e: error(401, str(e)) except OECIUnavailable as e: error(404, str(e)) finally: crawler_session.close() cipher = DataCipher(key=current_app.config.get("SECRET_KEY")) encrypted_credentials = cipher.encrypt(credentials) response = make_response() # TODO: We will need an OECILogout endpoint to remove httponly=true cookies from frontend response.set_cookie( "oeci_token", secure=os.getenv("TIER") == "production", httponly=False, samesite="strict", expires=time.time() + 2 * 60 * 60, # type: ignore # 2 hour lifetime value=encrypted_credentials, ) return response, 201
def build_search_results( username: str, password: str, aliases: Tuple[Alias, ...], search_cache: LRUCache) -> Tuple[List[OeciCase], List[str]]: errors = [] search_results: List[OeciCase] = [] alias_match = search_cache[aliases] if alias_match: return alias_match else: for alias in aliases: session = requests.Session() try: login_response = Crawler.attempt_login( session, username, password) alias_search_result = Crawler.search( session, login_response, alias.first_name, alias.last_name, alias.middle_name, alias.birth_date, ) search_results += alias_search_result except InvalidOECIUsernamePassword as e: error(401, str(e)) except OECIUnavailable as e: error(404, str(e)) except Exception as e: errors.append(str(e)) finally: session.close() if not errors: search_cache[aliases] = search_results, errors return search_results, errors