示例#1
0
def login(email, password, **kwargs):
    '''
    Authenticate user credentials
    ---
    tags:
      - user
    responses:
        200:
            description: OK
            content:
                application/json:
                    schema:
                        type: object
                        properties:
                            success:
                                type: boolean
                            message:
                                type: string
                            session:
                                type: object
                                properties:
                                    token:
                                        type: string
                                    expires:
                                        type: string
    '''

    try:
        email_results = validate_email(email)
        email = '{0}@{1}'.format(email_results.local_part.lower(),
                                 email_results.domain)
    except EmailNotValidError as ex:
        # Treat verification failure as normal login failure
        return jsonify({'success': False, 'message': 'Invalid login details'})

    user = db.session.query(User).filter(User.email == email).limit(1).first()
    if (user == None or not user.verify_password(password)):
        return jsonify({'success': False, 'message': 'Invalid login details'})

    session = Session(user_id=user.user_id,
                      expires=datetime.now() + timedelta(days=1))
    db.session.add(session)
    db.session.commit()

    session_data = session.dump()

    return jsonify({'success': True, 'message': '', 'session': session_data})
示例#2
0
def signup(name, email, password, **kwargs):
    '''
    Creates a new user
    ---
    tags:
      - user
    responses:
        200:
            description: OK
            content:
                application/json:
                    schema:
                        type: object
                        properties:
                            success:
                                type: boolean
                            message:
                                type: string
                            session:
                                type: object
                                properties:
                                    token:
                                        type: string
                                    expires:
                                        type: string
    '''

    # Validate name
    min_length = 2
    max_length = User.__table__.c['name'].type.length
    if (len(name) < min_length):
        return jsonify({
            'success':
            False,
            'message':
            'Name should be at least {0} characters long'.format(min_length)
        })
    if (len(name) > max_length):
        return jsonify({
            'success':
            False,
            'message':
            'Name should be at most {0} characters long'.format(max_length)
        })

    # Validate email
    try:
        email_results = validate_email(email)

        #email = email_results.email
        email = '{0}@{1}'.format(email_results.local_part.lower(),
                                 email_results.domain)

        if email_results.domain != 'cpp.edu':
            return jsonify({
                'success':
                False,
                'message':
                'A \'@cpp.edu\' email address is required'
            })
    except EmailNotValidError as ex:
        return jsonify({'success': False, 'message': str(ex)})

    # Ensure strong password
    password_results = zxcvbn(password, user_inputs=[name, email])
    if (password_results['score'] < 2):
        suggestions = password_results['feedback']['suggestions']
        response = {'success': False, 'message': 'Your password is too weak'}
        if (len(suggestions) > 0):
            response['message'] += ' - {0}'.format(suggestions[0])
        return jsonify(response)

    # Finally create user and session
    try:
        user = User(email=email, name=name, password=password)
        db.session.add(user)
        db.session.commit()
    except IntegrityError as ex:
        return jsonify({
            'success': False,
            'message': 'Email already registered'
        })

    session = Session(user_id=user.user_id,
                      expires=datetime.now() + timedelta(days=1))
    db.session.add(session)
    db.session.commit()

    session_data = session.dump()

    return jsonify({'success': True, 'message': '', 'session': session_data})