def post(self):
try:
body = request.get_json()
if not body:
return make_response(jsonify(status='Failed', token=None), 400)
user_id = body.get('username')
password = body.get('password')
email = body.get('email')
if not user_id or not password:
return make_response(jsonify(status='Failed', token=None), 400)
user_exists = bool(
db.session.query(
models.User).filter_by(user_id=user_id).first())
if user_exists:
return make_response(
jsonify(status='Failed',
token=None,
msg='User Already Exists!'), 400)
password = util.encrypt_password(password)
auth_token = util.encode_auth_token(user_id)
user = models.User(user_id=user_id, password=password, email=email)
db.session.add(user)
db.session.commit()
return util.get_response_with_cookie(
{
'status': 'Success',
'token': auth_token
}, 'auth_token', auth_token)
except Exception as e:
db.session.rollback()
return make_response(jsonify(status='Failed', token=None), 500)
def post(self):
# try:
body = request.get_json()
if not body:
return make_response(jsonify(status='Failed', token=None), 400)
user_id = body.get('username')
password = body.get('password')
email = body.get('email')
if not user_id or not password:
return make_response(jsonify(status='Failed', token=None), 400)
user_exists = bool(db.session.query(models.User).filter_by(user_id=user_id).first())
if user_exists:
return make_response(jsonify(status='Failed', token=None, msg='User Already Exists!'), 400)
password = util.encrypt_password(password)
auth_token = util.encode_auth_token(user_id)
user = models.User(user_id=user_id, password=password, email=email)
db.session.add(user)
db.session.commit()
user_key_dict = {
'user_id': user_id
}
user_value_dict = {
'user_id': user_id,
'password': password,
'email': email or '',
'images': json.dumps([])
}
# ap.users_produce_to_kafka(user_key_dict, user_value_dict)
return util.get_response_with_cookie({'status': 'Success', 'token': auth_token}, 'auth_token', auth_token)
def login(self, email, password):
res = self.get_ts_by_email(email)
if not res:
return None
ts,user_id,db_password = res['ts'],res['id'],res['password']
password = encrypt_password(password,str(ts))
if password == db_password:
return user_id
return None
def register(self, nickname, email, password):
if not self.check_email_is_not_exists(email):
#TODO return
return None
ts = int(time.time())
db_password = encrypt_password(password,str(ts))
sql = "insert into users(nickname,email,password) values (%s,%s,%s);"
try:
user_id = self.db.execute_lastrowid(sql,nickname,email,db_password)
return user_id
except Exception,e:
return None
def signup():
"""The signup action, which either shows the form (GET) or handles
the form submission (POST).
"""
form = SignupForm(request.form)
if request.method == 'POST' and form.validate():
existing = User.objects(username=form.username.data).first()
if existing == None:
user = User(username=form.username.data, \
password=encrypt_password(form.password.data))
user.save()
setup_user_in_session(user, session)
flash('Thanks for signing up!')
return redirect("/")
else:
flash('That username already exists.')
return render_template('signup.html', form=form)
def register():
error_message = "There was an error creating your account! Please try again."
data = request.get_json()
f_name = data['f_name']
l_name = data['l_name']
username = data['username']
password = data['password']
email = data['email']
encrypted_password = encrypt_password(password)
new_user = User(username = username, encrypted_password = encrypted_password, f_name = f_name, l_name = l_name, email = email, token = "")
try:
new_user.save()
except:
time.sleep(5)
return jsonify({"error": error_message})
finally:
return jsonify({"Thank You:": new_user.username})
def signup():
"""Render login page and handle login form data.
Requests:
GET /auth/signup
POST /auth/signup
"""
if request.method == 'GET':
csrf_token = generate_csrf_token()
response = make_response(
render_template('signup.html', client_id=CLIENT_ID))
# Store the csrf_token in the browser cookie.
response.set_cookie('csrf_token', value=csrf_token)
return response
# Form fields:
# email: user email, required
# password: user password, required
# confirm: user confirm password, required
# User email, and hashed password and salt are stored when login succeed.
if request.method == 'POST':
# Check csrf token
cookie_csrf_token = request.cookies.get('csrf_token')
form_csrf_token = request.form.get('_csrf_token')
# CSRF attack detected!
if cookie_csrf_token != form_csrf_token:
flash("Please use proper signup.")
return render_template('signup.html',
client_id=CLIENT_ID,
csrf_token="")
# Get user data from login form.
email = request.form.get('email')
password = request.form.get('password')
confirm = request.form.get('confirm')
# User must fill the email and password field.
if not (email and password and confirm):
flash("Please fill the form. ")
return render_template('signup.html', cached_email=email)
# Password field and confirm fields must be the same.
if not (password == confirm):
flash("Confirm password has to be the same as password")
return render_template('signup.html', cached_email=email)
# Find user in the database by email.
user = User.get_by_email(session, email.strip())
# User already exist, remind user that.
if user:
if user.password:
flash("Such user already exist. Please login")
return render_template('signup.html', cached_email=email)
# Create a new user object
else:
user = User(email=email.strip())
# Store encrypted password and salt in the database
user.password, user.salt = encrypt_password(password)
session.add(user)
session.commit()
# Generate JSON web token for user.
# As long as client has non-expired and valid token,
# they do not need to login again.
expire_time, token = generate_token(user)
response = make_response(redirect(url_for('basic.showMain')))
# Store the token in the browser cookie.
response.set_cookie('token', value=token)
response.set_cookie('expire_time', value=str(expire_time))
return response
def signup():
"""Render login page and handle login form data.
Requests:
GET /auth/signup
POST /auth/signup
"""
if request.method == 'GET':
csrf_token = generate_csrf_token()
response = make_response(
render_template('signup.html', client_id=CLIENT_ID)
)
# Store the csrf_token in the browser cookie.
response.set_cookie('csrf_token', value=csrf_token)
return response
# Form fields:
# email: user email, required
# password: user password, required
# confirm: user confirm password, required
# User email, and hashed password and salt are stored when login succeed.
if request.method == 'POST':
# Check csrf token
cookie_csrf_token = request.cookies.get('csrf_token')
form_csrf_token = request.form.get('_csrf_token')
# CSRF attack detected!
if cookie_csrf_token != form_csrf_token:
flash("Please use proper signup.")
return render_template('signup.html',
client_id=CLIENT_ID, csrf_token="")
# Get user data from login form.
email = request.form.get('email')
password = request.form.get('password')
confirm = request.form.get('confirm')
# User must fill the email and password field.
if not (email and password and confirm):
flash("Please fill the form. ")
return render_template('signup.html', cached_email=email)
# Password field and confirm fields must be the same.
if not (password == confirm):
flash("Confirm password has to be the same as password")
return render_template('signup.html', cached_email=email)
# Find user in the database by email.
user = User.get_by_email(session, email.strip())
# User already exist, remind user that.
if user:
if user.password:
flash("Such user already exist. Please login")
return render_template('signup.html', cached_email=email)
# Create a new user object
else:
user = User(email=email.strip())
# Store encrypted password and salt in the database
user.password, user.salt = encrypt_password(password)
session.add(user)
session.commit()
# Generate JSON web token for user.
# As long as client has non-expired and valid token,
# they do not need to login again.
expire_time, token = generate_token(user)
response = make_response(redirect(url_for('basic.showMain')))
# Store the token in the browser cookie.
response.set_cookie('token', value=token)
response.set_cookie('expire_time', value=str(expire_time))
return response
