diff options
| author | lonkaars <l.leblansch@gmail.com> | 2021-01-14 21:31:22 +0100 |
|---|---|---|
| committer | lonkaars <l.leblansch@gmail.com> | 2021-01-14 21:31:22 +0100 |
| commit | bf986adcf3f619860d18bda9e0c96e93ab97b260 (patch) | |
| tree | d762866382928583d9b5b99f5694a82a54f3266f /api/auth | |
| parent | 999cf5cd082419bfce0e5147468e14d58465faae (diff) | |
login
Diffstat (limited to 'api/auth')
| -rw-r--r-- | api/auth/login.py | 34 | ||||
| -rw-r--r-- | api/auth/signup.py | 7 | ||||
| -rw-r--r-- | api/auth/token.py | 9 |
3 files changed, 43 insertions, 7 deletions
diff --git a/api/auth/login.py b/api/auth/login.py new file mode 100644 index 0000000..cc40ae3 --- /dev/null +++ b/api/auth/login.py @@ -0,0 +1,34 @@ +from flask import Blueprint, request +from main import cursor, connection +from randid import new_uuid +import auth.token as token +import passwords +import time +import json + +login = Blueprint('login', __name__) + +@login.route('/login', methods = ['POST']) +def index(): + data = request.get_json() + + email = data.get("email") or "" + password = data.get("password") or "" + + if not email or \ + not password: + return "", 400 + + user_id = None + user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone() + user_id = user_id or cursor.execute("select user_id from users where username = ?", [email]).fetchone() + if user_id == None: return "", 401 + + passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone() + check = passwords.check_password(password, passwd[0]) + if not check: return "", 401 + + new_token = token.generate_token() + token.add_token(user_id[0], token.hash_token(new_token)) + + return new_token, 200 diff --git a/api/auth/signup.py b/api/auth/signup.py index d82105a..fee879d 100644 --- a/api/auth/signup.py +++ b/api/auth/signup.py @@ -28,12 +28,11 @@ def index(): return {"error": "email_taken"}, 403 user_id = new_uuid() - password_salt = passwords.salt() - password_hash = passwords.password_hash(password, password_salt) + password_hash = passwords.password_hash(password) registered = int( time.time() * 1000 ) - cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ", - (user_id, username, email, password_salt, password_hash, registered)) + cursor.execute("insert into users values (?, ?, ?, NULL, ?, ?, \"[]\", FALSE, \"user\", \"{}\", NULL, \"online\") ", + (user_id, username, email, password_hash, registered)) connection.commit() new_token = token.generate_token() diff --git a/api/auth/token.py b/api/auth/token.py index 52600ca..529af32 100644 --- a/api/auth/token.py +++ b/api/auth/token.py @@ -1,4 +1,4 @@ -from main import cursor +from main import cursor, connection import hashlib import secrets import json @@ -15,6 +15,7 @@ def modify_tokens(user_id, formatted_token, remove): temp_tokens = valid_tokens(user_id) temp_tokens.remove(formatted_token) if remove else temp_tokens.append(formatted_token) cursor.execute("update users set valid_tokens = ? where user_id = ?", [json.dumps(temp_tokens), user_id]) + connection.commit() def add_token(user_id, formatted_token): modify_tokens(user_id, formatted_token, False) @@ -23,8 +24,10 @@ def revoke_token(user_id, formatted_token): modify_tokens(user_id, formatted_token, True) def hash_token(token): - token["token"] = hashlib.sha256(str(token["token"]).encode()).hexdigest() - return token + return { + "token": hashlib.sha256(str(token["token"]).encode()).hexdigest(), + "expirationDate": token["expirationDate"] + } def generate_token(): return { |