Exemplo n.º 1
0
def Create(request):
    """
    @params: logintoken, name, username, password
    """
    requestJSON = request.get_json(silent=True)
    try:
        assertJSON(requestJSON, ['logintoken', 'name', 'username', 'password'])
        User.InputRuleSet.validateFromPropertyNames(
            ['name', 'username', 'password'], requestJSON)

        with SessionHandler.app_and_db_session_scope(
                requestJSON['logintoken'],
                SessionHandler.PermissionLevel.ADMIN) as session:
            # check if same username already exists
            if User.loadFromDbByUsername(
                    session.db_session,
                    username=requestJSON['username']) is not None:
                raise HttpException(
                    HttpErrorType.GenericError, 'User create',
                    'User with that username already exists in the database.')
            addedUser = User.addNew(session=session.db_session,
                                    name=requestJSON['name'],
                                    username=requestJSON['username'],
                                    password=encryptPassword(
                                        requestJSON['password']))
            return SessionHandler.OK(addedUser.toJSONObject())
    except HttpException as exc:
        return exc.GetResponse()
Exemplo n.º 2
0
def Login(request, logger):
    """
    @params: username, password, [userAgent]
    """
    requestJSON = request.get_json(silent=True)
    try:
        assertJSON(requestJSON, ['username', 'password'])
        with SessionHandler.app_and_db_session_scope(
                '', SessionHandler.PermissionLevel.NONE) as session:
            # here verify password and login are valid, create a session and return a token
            loadedUser = User.loadFromDbByUsername(
                session.db_session, username=requestJSON['username'])
            if not loadedUser:
                encryptPassword(requestJSON['password'])
            else:
                if (verifyPassword(requestJSON['password'],
                                   loadedUser.password)):
                    newSession = AppSession.addNewOrReturnLastIfValid(
                        session.db_session, loadedUser.id, 1,
                        requestJSON['userAgent']
                        if 'userAgent' in requestJSON else '')
                    return SessionHandler.OK({'logintoken': newSession.token})
            logger.error(
                'Failed logon attempt for username: {}, from remote address: {}'
                .format(requestJSON['username'], str(request.remote_addr)))
            raise HttpException(HttpErrorType.GenericError, 'login',
                                'Invalid username or password.')
    except HttpException as exc:
        return exc.GetResponse()