def login():
''' login -> POST /login
POST: username=[string]&password=[string]
Attempts to authenticate with the provided credentials against any existing
User entry on the system, if the credentials don't match any entry, a
BAD_REQUEST is returned, else an ACCEPTED is returned along with the User
information. The session for the requester is then authenticated and
acting as the user.
'''
username = request.form['username']
password = request.form['password']
id, user = User.login(username, password_hash(password))
if id:
session['id'] = id
session['rights'] = user['rights']
return user, httplib.ACCEPTED
return "Invalid credentials", httplib.BAD_REQUEST
def register():
''' register -> POST /user
POST: username=[string]&password=[string]
Attempts to create/'register' a new user with the provided information,
will return a CONFLICT error if the username already is registered. If
successful, the user id is stored in the session, logging in the user
'''
username = request.form['username']
password = request.form['password']
try:
id, user = User.create({
'username': username,
'password': password_hash(password)
})
except errors.ExistingUsernameError:
return httplib.CONFLICT
session['id'] = str(id)
session['rights'] = user['rights']
return user, httplib.CREATED
