def set_password(uid, priv):
F = request.json
ori_password = F.get("ori_password")
new_password = F.get("new_password")
try:
result, _ = Users.compare_password(None, ori_password, uid=uid)
if result == True:
Users.set_password(new_password, uid=uid)
return rtn.success(True)
else:
return rtn.error(503)
except:
logger.error(traceback.format_exc())
return rtn.error(500)
def login():
def make_token(digits):
return ''.join(
random.choice(string.ascii_lowercase + string.digits)
for _ in range(digits))
try:
F = request.json
username = F.get("username")
password = F.get("password")
remember_me = F.get("remember_me")
if db.session.query(Users).filter(
Users.username == username).first() == None:
return rtn.error(502) # username not found
result, _user = Users.compare_password(username, password)
if result:
_token_str = make_token(32)
tk = UserToken(token=_token_str)
tk.insert(username)
# redirect different page as account types differ
if _user.privilege == PRIVILEGES.ROOT_USER:
# make response with cookie
#resp = make_response(redirect("/super_admin/"))
resp = make_response(rtn.success(200))
elif _user.privilege == PRIVILEGES.INST_OWNER:
resp = make_response(rtn.error(503)) # not super admin
else:
resp = make_response(rtn.error(500)) # fatal error (unknown)
# `remember me` checkbox ticked
if remember_me:
resp.set_cookie('session_token',
_token_str,
max_age=24 * 10 * 3600)
else:
# session
resp.set_cookie("session_token", _token_str, expires=None)
return resp
else:
return rtn.error(504) # password error
except:
traceback.print_exc()
return rtn.error(500)