def post(self): global FAIL_PASSHASH username = self.get_argument("username", default=None, strip=False) password = self.get_argument("password", default=None, strip=False) cursor = db.conn.execute(""" SELECT id, hash_scheme, passhash FROM Users WHERE username=? """, (username,)) r = cursor.fetchone() if not r: # To simplify code path user_id, hash_scheme, passhash = (0, "sha256_crypt", FAIL_PASSHASH) else: user_id, hash_scheme, passhash = r if verify_hash(password, passhash, hash_scheme): token = create_token(user_id) self.write(token) else: self.set_status(401)
def post(self): token = self.get_argument("token", default=None, strip=False) cursor = db.conn.execute(""" INSERT INTO Users (username, email, hash_scheme, passhash) VALUES (?, ?, ?, ?) """, (username, email, "sha256_crypt", passlib.hash.sha256_crypt.encrypt(password)) ) db.conn.commit() # TODO potential race condition if tornado is multithreaded token = create_token(cursor.lastrowid) self.write(token)