def logout(request):
response = Response(code=303, location='/')
response.set_secure_cookie(request,
'user_id',
None,
secure=True,
max_age=datetime.timedelta())
return response
def test_secure_cookie(self):
app = PigWig([], cookie_secret=b"a|b")
req = Request(app, None, None, None, None, None, None)
r = Response()
r.set_secure_cookie(req, "c|d", "e|f")
set_cookie = r.headers[-1]
self.assertEqual(set_cookie[0], "Set-Cookie")
cookies = http.cookies.SimpleCookie(set_cookie[1])
req.cookies = cookies
self.assertEqual(req.get_secure_cookie("c|d", None), "e|f")
def test_secure_cookie(self):
app = PigWig([], cookie_secret=b'a|b')
req = Request(app, None, None, None, None, None, None, None)
r = Response()
r.set_secure_cookie(req, 'c|d', 'e|f')
set_cookie = r.headers[-1]
self.assertEqual(set_cookie[0], 'Set-Cookie')
cookies = http.cookies.SimpleCookie(set_cookie[1])
req.cookies = cookies
self.assertEqual(req.get_secure_cookie('c|d', None), 'e|f')
def login(request):
try:
username = request.body['username']
password = request.body['password']
except KeyError:
raise HTTPException(400, 'username or password missing')
cur = db.execute('SELECT id, password, salt FROM users WHERE username = ?', (username,))
user = next(cur)
hashed = _hash(password, user['salt'])
if hmac.compare_digest(user['password'], hashed):
response = Response(code=303, location='/admin')
response.set_secure_cookie(request, 'user_id', str(user['id']), max_age=LOGIN_TIME)
return response
else:
raise HTTPException(401, 'incorrect username or password')
def login(request):
email = request.body['email']
password = request.body['password']
if 'register' in request.body:
user = db.User.register(email, password)
db.session.commit()
location = '/accounts'
else:
user = db.User.login(email, password)
if user is None:
return Response('bad email/password', 403)
location = '/outcomes'
response = Response(code=303, location=location)
response.set_secure_cookie(request,
'user_id',
user.user_id,
secure=True,
max_age=datetime.timedelta(days=30))
return response
