def join(args):
result = {"error": None, "data": {}}
if UserService.get_by_username(args["username"]):
return abort("account", "username-exist")
if UserService.get_by_email(args["email"]):
return abort("account", "email-exist")
account = UserService.create(
args["username"],
auth.hashpwd(args["password"]),
args["email"]
)
email = mail.Email()
activation_token = Token.create("activation", account.username)
email.account_confirmation(account, activation_token)
result["data"] = {
"login": int(datetime.timestamp(account.login)),
"username": account.username
}
# Display activation code only in debug mode
if config.debug:
result["data"]["code"] = activation_token
# ToDo: Add permissions here
return result
def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("password", type=str, required=True)
parser.add_argument("email", type=str, required=True)
args = parser.parse_args()
account = UserService.get_by_email(args["email"])
if account is None:
return abort("account", "not-found")
login = UserService.login(args["password"], account.password)
if not login:
return abort("account", "login-failed")
UserService.update(account, login=datetime.now)
token = Token.create("login", account.username)
data = Token.validate(token)
result["data"] = {
"token": token,
"expire": data["payload"]["expire"],
"username": data["payload"]["meta"]
}
return result
def post(self):
result = {"error": None, "data": {}}
parser = reqparse.RequestParser()
parser.add_argument("username", type=str, required=True)
parser.add_argument("password", type=str, required=True)
parser.add_argument("email", type=str, required=True)
args = parser.parse_args()
account = UserService.get_by_username(args["username"])
if account is not None:
return abort("account", "username-exist")
account_check = UserService.get_by_email(args["email"])
if account_check is not None:
return abort("account", "email-exist")
admin = len(UserService.list()) == 0
account = UserService.signup(args["username"], args["email"],
args["password"])
# Make first registered user admin
if admin:
PermissionService.add(account, "global", "activated")
PermissionService.add(account, "global", "admin")
result["data"] = {"username": account.username}
activation_token = Token.create("activation", account.username)
# Display activation code only in debug mode
if config.debug:
result["data"]["code"] = activation_token
mail = Email()
mail.account_confirmation(account.email, activation_token)
return result
@use_args(login_args, location="json")
@orm.db_session
def login(args):
result = {"error": None, "data": {}}
if not (account := UserService.get_by_email(args["email"])):
return abort("account", "not-found")
if not auth.checkpwd(args["password"], account.password):
return abort("account", "login-failed")
if not account.activated:
return abort("account", "not-activated")
account.login = datetime.utcnow()
login_token = Token.create("login", account.username)
data = Token.payload(login_token)
result["data"] = {
"token": login_token,
"expire": data["expire"],
"username": data["meta"]
}
return result
@blueprint.route("/activate", methods=["POST"])
@use_args(activate_args, location="json")
@orm.db_session
def activate(args):
result = {"error": None, "data": {}}