def create(request): """ Respond to the "/identity/create" API request. """ start_time = time.time() success,response = apiHelper.process_params(request, required_params=["username", "password"], optional_params=["photo", "name", "email", "website", "location", "bio"]) if not success: return response params = response # Check that the user doesn't already exist. try: existing_user = User.objects.get(username__iexact=params['username']) except User.DoesNotExist: existing_user = None if existing_user != None: return HttpResponseForbidden("duplicate username") # Create the new user. user = User() user.username = params['username'] user.password_salt = uuid.uuid4().hex user.password_hash = hashlib.md5(params['password'] + user.password_salt).hexdigest() user.save() # Create the user's profile. profile = UserProfile() profile.user = user if "photo" in params: profile.save() # Have to save before we can upload a photo. profile.photo_orig.save(params['photo'].name, params['photo']) if "name" in params: profile.name = params['name'] if "email" in params: profile.email = params['email'] if "website" in params: profile.website = params['website'] if "location" in params: profile.location = params['location'] if "bio" in params: profile.bio = params['bio'] profile.save() # Send information about the new user signup to the 3taps Stats API. end_time = time.time() time_taken = int(1000 * (end_time - start_time)) statsRecorder.record("IDCR", 1, time_taken) # Finally, return the newly-created user back to the caller. return HttpResponse(json.dumps(user.to_dict()), status=201, mimetype="application/json")
def authenticate(request): """ Respond to the "/identity/authenticate" API request. """ start_time = time.time() if request.method != "POST": return HttpResponseNotAllowed(["POST"]) if "session_token" not in request.POST: return HttpResponseBadRequest("missing required 'session_token' " + "parameter") if "session_length" not in request.POST: return HttpResponseBadRequest("missing required 'session_length' " + "parameter") if "client_salt" not in request.POST: return HttpResponseBadRequest("missing required 'client_salt' " + "parameter") if "hash" not in request.POST: return HttpResponseBadRequest("missing required 'hash' parameter") session_token = request.POST['session_token'] session_length = request.POST['session_length'] client_salt = request.POST['client_salt'] hash = request.POST['hash'] # Get the Session object this authentication request is for. try: session = Session.objects.get(token=session_token) except Session.DoesNotExist: session = None if session == None: return HttpResponseForbidden("invalid session_token") if session.authenticated: return HttpResponseForbidden("already authenticated") # Check that the supplied hash value is correct -- that is, that the client # has the correct password. hash1 = session.user.password_hash hash2 = hashlib.md5(hash1 + client_salt).hexdigest() if hash != hash2: return HttpResponseForbidden("incorrect password hash") # The caller provided the correct hash value -> authenticate this session. session.authenticated = True session.session_length = session_length session.save() # Send information about the user authentication to the 3taps Stats API. end_time = time.time() time_taken = int(1000 * (end_time - start_time)) statsRecorder.record("IDAU", 1, time_taken) # Finally, return the user associated with this session back to the caller. response = json.dumps(session.user.to_dict()) return HttpResponse(response, status=200, mimetype="application/json")