def post(self):
b = request.get_json()
email = b['email'].lower()
password = b['password']
user = g.db.execute_one_dict('''
SELECT id, password FROM "user"
WHERE email = %s
''', [email])
if user and user['id'] == '00000000-0000-0000-0000-000000000000':
# Admin login
if not bcrypt.checkpw(password.encode('utf8'), user['password'].encode('utf8')):
abort(400, 'Invalid email/password combination')
else:
ldap_user = authenticate(email, password)
if not user:
user = g.db.execute_one_dict('''
INSERT INTO "user" (email, username, name)
VALUES (%s, %s, %s) RETURNING id
''', [email, ldap_user['cn'], ldap_user['displayName']])
token = encode_user_token(user['id'])
g.db.commit()
res = OK('Logged in')
res.set_cookie('token', token)
return res
def post(self):
b = request.get_json()
email = b['email']
password = b['password']
user = g.db.execute_one_dict(
'''
SELECT id, password
FROM "user"
WHERE email = %s
''', [email])
if not user:
abort(400, 'Invalid email/password combination')
if not bcrypt.checkpw(password.encode('utf8'),
user['password'].encode('utf8')):
abort(400, 'Invalid email/password combination')
token = encode_user_token(user['id'])
res = OK('Logged in')
res.set_cookie('token', token)
return res
def post(self):
b = request.get_json()
email = b['email']
password = b['password']
ldap_user = authenticate(email, password)
user = g.db.execute_one_dict(
'''
SELECT id FROM "user"
WHERE email = %s
''', [email])
if not user:
user = g.db.execute_one_dict(
'''
INSERT INTO "user" (email, username, name)
VALUES (%s, %s, %s) RETURNING id
''', [email, ldap_user['cn'], ldap_user['displayName']])
token = encode_user_token(user['id'])
g.db.commit()
res = OK('Logged in')
res.set_cookie('token', token)
return res
def post(self):
if os.environ['INFRABOX_ACCOUNT_SIGNUP_ENABLED'] != 'true':
abort(404)
b = request.get_json()
email = b['email']
password1 = b['password1']
password2 = b['password2']
username = b['username']
if password1 != password2:
abort(400, 'Passwords don\'t match')
e = parseaddr(email)
if not e:
abort(400, 'Invalid email')
if not e[1]:
abort(400, 'Invalid email')
if not username.isalnum():
abort(400, 'Username is not alphanumeric')
user = g.db.execute_one_dict(
'''
SELECT id, password
FROM "user"
WHERE email = %s
''', [email])
if user:
abort(400, 'An account with this email already exists')
user = g.db.execute_one_dict(
'''
SELECT id, password
FROM "user"
WHERE username = %s
''', [username])
if user:
abort(400, 'An account with this username already exists')
hashed_password = bcrypt.hashpw(password1.encode('utf8'),
bcrypt.gensalt())
user = g.db.execute_one_dict(
'''
INSERT into "user" (username, email, password)
VALUES (%s, %s, %s) RETURNING ID
''', [username, email, hashed_password])
token = encode_user_token(user['id'])
g.db.commit()
res = OK('Logged in')
res.set_cookie('token', token)
return res
