def login_api():
"""This view processes user's login.
It processes '/api/login' route and accepts POST requests.
If user with given email exists and password has been verified correctly,
then random temporary email will be generated key and the link with this
key will be send to user's email. Otherwise client will be redirected to
'/login' page.
:Returns:
template which tells about success or redirection to login page.
"""
usr = user.get_user_by_email(request.form.get('email', ''))
if usr and usr.verify_password(request.form.get('password')):
rand_password = binascii.b2a_hex(os.urandom(15))
db.set_temp_pass(rand_password, usr.uid)
link = 'https://passkeeper.com/api/session_auth?email=%s&password=%s'\
% (usr.email, rand_password)
email_template = get_template('email_template')
send_email(usr.email, email_template.render(reciever=usr.email,
link=link))
return get_template('link_to_profile.html').render()
return redirect('/login')
def login():
"""This view processes user's login.
If user with given email exists and password has been verified correctly,
then user will be logged in and user's data will be returned. Otherwise
'failure' message will be returned.
:Route:
'/api/login'.
:Methods:
POST.
:Returns:
user's data if login has ended successfully, otherwise failure message.
"""
data = request.get_json()
usr = user.get_user_by_email(data.get('email', ''))
result = ['failure']
status_code = 400
if usr and usr.verify_password(data.get('password')):
if flask_login.login_user(usr, remember=True):
result = {'uid': usr.uid, 'first_name': usr.first_name,
'last_name': usr.last_name, 'email': usr.email,
'age': usr.age, 'state': usr.state,
'native_lang': usr.native_lang,
'token': usr.get_auth_token()}
status_code = 200
return Response(json.dumps(result), mimetype='application/json',
status=status_code)
def session_auth():
"""This view processes session authetication.
It processes '/api/session_auth' route and accepts GET reequests.
Usually client is accessed to this route with link, which client recieves
in email box, after first login. If the url has valid email and temporary
password, then client will be redirected to '/profile' view, otherwise
message about bad url will be shown.
:Returns:
redirect to '/profile' view or template about error.
"""
usr = user.get_user_by_email(request.args.get('email'))
if usr:
temp_pass = db.get_temp_pass(usr.uid)[0]
if temp_pass == request.args.get('password'):
if flask_login.login_user(usr, remember=True):
return redirect('/profile')
return get_template('bad_url.html').render()
