def verify_password(username_or_token_or_guid, password_or_gtoken):
"""Used by flask_httpauth to verify password
for routes with login_required decorator"""
# Try to see if it's a token first
user_id = verifyAuthToken(username_or_token_or_guid)
if user_id:
user = getUser(user_id)
g.user = user
return True
# If not a token then assume username and password
user = getUserByUsername(username_or_token_or_guid)
if user and user.verify_password(password_or_gtoken):
g.user = user
return True
# If not a user then assume it's a Google O-Auth token
userinfo_url = "https://oauth2.googleapis.com/tokeninfo"
params = {'id_token': password_or_gtoken}
answer = requests.get(userinfo_url, params=params)
data = answer.json()
# Now make sure that this token belongs to an already
# registered user
if ('sub' in data):
user = getUserByUsername('GU' + data['sub'])
if (user):
g.user = user
return True
# Finally if all fails refuse access
return False
def check_username(username):
"""API endpoint to check if username already
exists, used for duplicate check."""
user = getUserByUsername(username)
if not user:
return jsonify({'found': False})
else:
return jsonify({'found': True})
def new_user():
"""API endpoint to create new users."""
username = request.json.get('username')
password = request.json.get('password')
picture = request.json.get('picture')
email = request.json.get('email')
if username is None or password is None:
print("missing arguments")
abort(400)
if getUserByUsername(username) is not None:
print("existing user")
return jsonify({'message': 'user already exists'}), 200
user = addUser(username, picture, email, password)
return jsonify(user=user.serialize), 201
def register():
body = json.loads(request.data)
username = body.get("username")
password = body.get("password")
if username is None or password is None:
return failure_response("No username or password!")
bio = body.get("bio", "")
temp_user = dao.getUserByUsername(username=username)
if temp_user is not None: #if user is not None, then username already exists so no need to check if username-of-temp_user == username
if temp_user.get("bio") == bio:
return failure_response("User already registered!")
return failure_response("Username already taken!")
user = dao.register(username=username, password=password, bio=bio)
#user = User(username=username, password=password, bio=bio)
if user is None:
return failure_response("The server could not create the user!")
return success_response(user, 200)