diff options
| author | lonkaars <l.leblansch@gmail.com> | 2021-03-28 12:19:28 +0200 |
|---|---|---|
| committer | lonkaars <l.leblansch@gmail.com> | 2021-03-28 12:19:28 +0200 |
| commit | 2f4536d6b08b69168ebf3e718cbd8e3002b9af5a (patch) | |
| tree | 5307692fb341d7f924ee9b73f3751e7e56cfb192 /api/auth | |
| parent | 1f897d3f5ad11178cf4776ae4070c9d3e832f5f3 (diff) | |
added comments
Diffstat (limited to 'api/auth')
| -rw-r--r-- | api/auth/login.py | 6 | ||||
| -rw-r--r-- | api/auth/login_token.py | 2 | ||||
| -rw-r--r-- | api/auth/token.py | 2 |
3 files changed, 10 insertions, 0 deletions
diff --git a/api/auth/login.py b/api/auth/login.py index 045120a..78a9add 100644 --- a/api/auth/login.py +++ b/api/auth/login.py @@ -9,25 +9,31 @@ login = Blueprint('login', __name__) def index(): data = request.get_json() + # get form data email = data.get("email") or "" password = data.get("password") or "" + # return malformed request if email or password is missing if not email or \ not password: return "", 400 + # resolve user_id from username or email user_id = None user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone() user_id = user_id or cursor.execute("select user_id from users where lower(username) = lower(?)", [email]).fetchone() if user_id == None: return "", 401 + # check the password passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone() check = passwords.check_password(password, passwd[0]) if not check: return "", 401 + # generate a new authentication token and add it to the users valid token list new_token = token.generate_token() token.add_token(user_id[0], token.hash_token(new_token)) + # make response with the set_cookie header res = make_response("", 200) res.set_cookie("token", new_token["token"], expires = int(new_token["expirationDate"] / 1000)) diff --git a/api/auth/login_token.py b/api/auth/login_token.py index d5b0e52..d920eea 100644 --- a/api/auth/login_token.py +++ b/api/auth/login_token.py @@ -2,6 +2,7 @@ from flask import Blueprint, request from db import cursor from auth.token import validate_token, hash_token +# get user_id from authentication token def token_login(token): hashed = hash_token({ "token": token, "expirationDate": 0 }) user_id = cursor.execute("select user_id from users where valid_tokens like ?", [f"%{hashed['token']}%"]).fetchone() @@ -9,6 +10,7 @@ def token_login(token): token = Blueprint('token', __name__) +# this endpoint is currently unused, but verifies that a token is valid @token.route('/token', methods = ['POST']) def index(): data = request.get_json() diff --git a/api/auth/token.py b/api/auth/token.py index d2eea52..113c2c7 100644 --- a/api/auth/token.py +++ b/api/auth/token.py @@ -4,8 +4,10 @@ import secrets import json import time +# get valid token hashes for a given user_id def valid_tokens(user_id): tokens = json.loads(cursor.execute("select valid_tokens from users where user_id = ?", [user_id]).fetchone()[0]) + # return only tokens that aren't expired return [token for token in tokens if token["expirationDate"] > int( time.time() * 1000 )] def validate_token(user_id, token): |