def login(): ''' login -> POST /login POST: username=[string]&password=[string] Attempts to authenticate with the provided credentials against any existing User entry on the system, if the credentials don't match any entry, a BAD_REQUEST is returned, else an ACCEPTED is returned along with the User information. The session for the requester is then authenticated and acting as the user. ''' username = request.form['username'] password = request.form['password'] id, user = User.login(username, password_hash(password)) if id: session['id'] = id session['rights'] = user['rights'] return user, httplib.ACCEPTED return "Invalid credentials", httplib.BAD_REQUEST
def register(): ''' register -> POST /user POST: username=[string]&password=[string] Attempts to create/'register' a new user with the provided information, will return a CONFLICT error if the username already is registered. If successful, the user id is stored in the session, logging in the user ''' username = request.form['username'] password = request.form['password'] try: id, user = User.create({ 'username': username, 'password': password_hash(password) }) except errors.ExistingUsernameError: return httplib.CONFLICT session['id'] = str(id) session['rights'] = user['rights'] return user, httplib.CREATED