diff options
Diffstat (limited to 'api/auth/login.py')
| -rw-r--r-- | api/auth/login.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/api/auth/login.py b/api/auth/login.py index 045120a..78a9add 100644 --- a/api/auth/login.py +++ b/api/auth/login.py @@ -9,25 +9,31 @@ login = Blueprint('login', __name__) def index(): data = request.get_json() + # get form data email = data.get("email") or "" password = data.get("password") or "" + # return malformed request if email or password is missing if not email or \ not password: return "", 400 + # resolve user_id from username or email user_id = None user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone() user_id = user_id or cursor.execute("select user_id from users where lower(username) = lower(?)", [email]).fetchone() if user_id == None: return "", 401 + # check the password passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone() check = passwords.check_password(password, passwd[0]) if not check: return "", 401 + # generate a new authentication token and add it to the users valid token list new_token = token.generate_token() token.add_token(user_id[0], token.hash_token(new_token)) + # make response with the set_cookie header res = make_response("", 200) res.set_cookie("token", new_token["token"], expires = int(new_token["expirationDate"] / 1000)) |