def profile(email=None):
if email:
# TODO: RBAC here
if email != AccessToken().email_from_token(from_params_or_json(request, 'access_token')):
return error(response, 'access_denied', 'You cannot access another user\'s profile')
else:
email = AccessToken().email_from_token(from_params_or_json(request, 'access_token'))
try:
return {'user': User.objects(email=email).first().email}
except (ValidationError, NotUniqueError) as e:
return error(response, 'server_error', e.message)
except OAuth2Error as e:
message = dict(e.message)
response.status = message.pop('status_code')
return message
def login(email=None, password=None, grant_type=None):
email = from_params_or_json(request, 'email') or email
email = email if is_email(email) else ''
password = from_params_or_json(request, 'password') or password
grant_type = from_params_or_json(request, 'grant_type') or grant_type
try:
if email and password and grant_type == 'password':
login_resp = User(email=email, password=password).login()
if login_resp and 'access_token' in login_resp:
return login_resp
return error(response, 'server_error', "Login failed")
else:
return error(response, 'invalid_request', "`email`, `password` and `grant_type='password'` required")
except OAuth2Error as e:
message = dict(e.message)
response.status = message.pop('status_code')
return message
def register(email=None, password=None):
email = from_params_or_json(request, 'email') or email
email = email if is_email(email) else ''
password = from_params_or_json(request, 'password') or password
if not email or not password:
return error(response, 'invalid_request', "`email` and `password` required")
try:
registered = User(email=email, password=password).register()
if registered:
tok = AccessToken(user=registered).generate()
return {'access_token': tok.token,
'expires_in': randint(0, 200)}
except NotUniqueError:
return error(response, 'access_denied', "Email already registered")
except ValidationError as e:
return error(response, 'invalid_request', e.message)
except OAuth2Error as e:
message = dict(e.message)
response.status = message.pop('status_code')
return message
return error(response, 'server_error', "Registration failed")
def register_or_login():
""" Registers or logs in the user, always returning access_token on success """
email = from_params_or_json(request, 'email')
email = email if is_email(email) else ''
password = from_params_or_json(request, 'password')
grant_type = from_params_or_json(request, 'grant_type') or 'password'
# meta = from_params_or_json(request, 'meta')
register_resp = register(email, password)
if register_resp.get('error_description') == "Email already registered": # the lookup first approach fails
response.status = 200
return login(email, password, grant_type)
elif 'access_token' in register_resp:
return register_resp
return error(response, 'server_error', "Registration failed")
