def login():
try:
email = request.json['email']
password = request.json['password']
except KeyError as e:
return jsonify({'error': 'Missing field(s).', 'details': str(e)}), 401
try:
if email != 'admin':
user = User.find_one(email=email)
if not user or not user.check_password(password):
raise ValueError()
role = user.role
else:
role = 'admin'
if password != config.ADMIN_PASSWORD:
raise ValueError()
s = Session(email=email, role=role)
s.save()
session['token'] = s.token
session['email'] = email
return Response(status=200)
except ValueError:
return Response(status=401)
def client_login(params):
code = params.get("code")
if not code or len(code) != 36:
return {"error_code":1, "msg":"params invalid"}
key = "jump-%s" % code
obj = misc.misc_get(key)
if not obj:
return {"error_code":1, "msg":"code not exists"}
dic = utils.loads(obj.value)
obj.delete_instance()
if dic['expire_at'] < utils.stamp():
return {"error_code":1, "msg":"code expire"}
user = User.select().where(User.id==dic['user_id']).first()
res = {"error_code":0, "msg":"ok"}
res['session_token'] = generate_token()
sess = Session()
sess.user = user
sess.session_key = res['session_token']
sess.expire_at = utils.timedelta(utils.now(), days=1)
res['expire_at'] = 0
sess.save()
res['identify'] = user.identify
return res
def client_login(params):
code = params.get("code")
if not code or len(code) != 36:
return {"error_code": 1, "msg": "params invalid"}
key = "jump-%s" % code
obj = misc.misc_get(key)
if not obj:
return {"error_code": 1, "msg": "code not exists"}
dic = utils.loads(obj.value)
obj.delete_instance()
if dic['expire_at'] < utils.stamp():
return {"error_code": 1, "msg": "code expire"}
user = User.select().where(User.id == dic['user_id']).first()
res = {"error_code": 0, "msg": "ok"}
res['session_token'] = generate_token()
sess = Session()
sess.user = user
sess.session_key = res['session_token']
sess.expire_at = utils.timedelta(utils.now(), days=1)
res['expire_at'] = 0
sess.save()
res['identify'] = user.identify
return res
def login(uname, password):
if not uname or not password:
return {"error_code":20001, "msg":"parameters required"}
user = User.select().where(User.username == uname or User.email == uname or User.phone == uname).first()
if not user:
return {"error_code":20002, "msg":"user not exists"}
if not check_password(password, user.password, user.salt):
return {"error_code":20003, "msg":"username or password invalid"}
res = {"error_code":0, "msg":"ok"}
res['session_token'] = generate_token()
sess = Session()
sess.user = user
sess.session_key = res['session_token']
sess.expire_at = utils.timedelta(utils.now(), days=1)
res['expire_at'] = 0
sess.save()
return res
def login(uname, password):
if not uname or not password:
return {"error_code":20001, "msg":"parameters required"}
user = SystemUser.select().where(SystemUser.username == uname).first()
if not user:
return {"error_code":20002, "msg":"user not exists"}
if not check_password(password, user.password, user.salt):
return {"error_code":20003, "msg":"username or password invalid"}
res = {"error_code":0, "msg":"ok"}
res['session_token'] = generate_token()
sess = Session()
sess.user = user
sess.session_key = res['session_token']
sess.expire_at = utils.timedelta(utils.now(), days=1)
res['expire_at'] = 0
sess.save()
return res
def register(request) -> bytes:
if request.method == 'POST':
form = request.form()
user, result = User.register(form)
if user.is_guest():
return redirect('/todo/register?result={}'.format(result))
else:
session_id = Session.save(user.id)
header = {
'Set-Cookie': 'session_id={}; HttpOnly; path=/'.format(session_id)
}
return redirect('/', header)
else:
return redirect('/todo/register')
def create():
auth_header = request.headers.get('Authorization')
if auth_header:
auth_token = auth_header.split(" ")[1]
else:
response = {
'status': 'failed',
'message': 'No authorization header found.'
}
return make_response(jsonify(response), 401)
user_id = User.decode_auth_token(auth_token)
user = User.get(User.id == user_id)
if user:
post_data = request.get_json()
session = Session(
title=post_data['title'],
session_type=post_data['session_type'],
description=post_data['description'],
user=user.id
)
if session.save():
response = {
'status': 'success',
'message': 'Session successfully saved.',
'session': {
'id': session.id,
'title': session.title,
'session_type': session.session_type
}
}
return make_response(jsonify(response), 201)
else:
response = {
'status': 'failed',
'message': 'Session did not save. Try again later.'
}
return make_response(jsonify(response), 400)
else:
response = {
'status': 'failed',
'message': 'Authentication failed'
}
return make_response(jsonify(response), 400)
if os.environ["REQUEST_METHOD"] == "GET":
print("Content-type: text/html")
print(login_view())
print()
elif os.environ["REQUEST_METHOD"] == "POST":
form = cgi.FieldStorage()
legajo = int(form.getvalue('legajo'))
password = str(
base64.b64encode(
hashlib.md5(form.getvalue('password').encode(
'utf8')).digest()).decode("utf8"))
alumno = Alumno.get_by_legajo(legajo)
if alumno.check_pass(password):
session = Session(alumno.legajo)
session.save()
print("Status: 200 OK")
print("Content-type: text/html")
print(session.cookie.output())
print()
print("<h3>Te has logueado exitosamente</h3>")
else:
print("Status: 400 Bab Request")
print("Content-type: text/html")
print()
print("<h3>Usuario o contraseña intorrectos</h3>")