def create(**kwargs):
"""Create a new user."""
# get the new users parameters
username = kwargs.get('username')
password = kwargs.get('password')
first_name = kwargs.get('first_name')
last_name = kwargs.get('last_name')
email = kwargs.get('email')
institution = kwargs.get('institution')
# generate a new salt
salt = Crypt.generate_salt()
# hash the provided password with a salt
password = Crypt.hash_password(password, salt)
# create the new user``
user = User(
username=username,
password=password,
first_name=first_name,
last_name=last_name,
email=email,
institution=institution,
salt=salt,
)
# save them to the database
user.save()
def authenticate(username, password):
"""Authenticate a user given a username and plaintext password.
:param username: The username to be authenticated.
:type username: str
:param password: The password supplied.
:type password: str
:returns: bool -- If the users credentials are authentic.
"""
# get the user from the database based on their username
try:
user = User.objects.get(username=username)
# if it can't find it, it's not authentic
except User.DoesNotExist:
return False
# hash the password with the salt from the user
hashed_pw = Crypt.hash_password(password, user.salt)
# return if the passwords match
return hashed_pw == user.password
