async def register(request):
"""
Validate form, register and authenticate user with JWT token
"""
query = users.select().order_by(users.c.id.desc())
results = await database.fetch_all(query=query)
data = await request.form()
form = RegistrationForm(data)
username = form.username.data
email = form.email.data
password = form.password.data
if request.method == "POST" and form.validate():
for result in results:
if email == result["email"] or username == result["username"]:
user_error = "User with that email or username already exists."
return templates.TemplateResponse(
"accounts/register.html",
{
"request": request,
"form": form,
"user_error": user_error
},
)
query = users.insert().values(
username=username,
email=email,
joined=datetime.datetime.now(),
last_login=datetime.datetime.now(),
login_count=1,
password=hash_password(password),
)
await database.execute(query)
user_query = users.select().where(users.c.username == username)
user_results = await database.fetch_one(user_query)
hashed_password = user_results["password"]
valid_password = check_password(password, hashed_password)
request.session["user"] = user_results["username"].capitalize()
response = RedirectResponse(url="/", status_code=302)
if valid_password:
response.set_cookie("jwt",
generate_jwt(user_results["username"]),
httponly=True)
response.set_cookie("admin", ADMIN, httponly=True)
return response
return templates.TemplateResponse("accounts/register.html", {
"request": request,
"form": form
})
async def retrieve_user(request, payload, *args, **kwargs):
if payload:
user_id = payload.get('user_id', None)
if user_id is not None:
query = users.select().where(users.c.id == user_id)
user = await request.app.db.fetch_one(query)
return user
return None
async def profile(request):
if request.user.is_authenticated:
auth_user = request.user.display_name
query = users.select().where(users.c.username == auth_user)
results = await database.fetch_one(query)
return templates.TemplateResponse(
"accounts/profile.html",
{
"request": request,
"results": results,
"auth_user": auth_user
},
)
async def dashboard(request):
if request.user.is_authenticated:
auth_user = request.user.display_name
query = users.select().order_by(users.c.id.desc())
results = await database.fetch_all(query=query)
return templates.TemplateResponse(
"accounts/dashboard.html",
{
"request": request,
"results": results,
"auth_user": auth_user
},
)
async def login(request):
"""
Validate form, login and authenticate user with JWT token
"""
data = await request.form()
form = LoginForm(data)
username = form.username.data
password = form.password.data
if request.method == "POST" and form.validate():
try:
query = users.select().where(users.c.username == username)
results = await database.fetch_one(query)
hashed_password = results["password"]
valid_password = check_password(password, hashed_password)
if not valid_password:
user_error = "Invalid username or password"
return templates.TemplateResponse(
"accounts/login.html",
{
"request": request,
"form": form,
"user_error": user_error
},
)
request.session["user"] = results["username"].capitalize()
# update login counter and login time
update_query = users.update(users.c.username == username).values(
login_count=users.c.login_count + 1,
last_login=datetime.datetime.now())
await database.execute(update_query)
response = RedirectResponse(url="/", status_code=302)
response.set_cookie("jwt",
generate_jwt(results["username"]),
httponly=True)
response.set_cookie("admin", ADMIN, httponly=True)
return response
except TypeError:
user_error = "Please register you don't have account"
return templates.TemplateResponse(
"accounts/login.html",
{
"request": request,
"form": form,
"user_error": user_error
},
)
return templates.TemplateResponse("accounts/login.html", {
"request": request,
"form": form
})
async def authenticate(request: Request, *args, **kwargs):
login = request.json.get('login', None)
password = request.json.get('password', None)
if not login or not password:
raise exceptions.AuthenticationFailed("missing login or password")
query = users.select().where(users.c.login == login)
row = await request.app.db.fetch_one(query)
if row is None:
raise exceptions.AuthenticationFailed(f"user with login {login} not found")
user = row2dict(row, users.columns)
if hash_password(password) != user['password']:
logger.info('authentication attempt with invalid password for login %s', login)
raise exceptions.AuthenticationFailed("user password is incorrect.")
logger.info('successful authentication for login %s', login)
return user