aboutsummaryrefslogtreecommitdiff
path: root/api/auth/login.py
diff options
context:
space:
mode:
Diffstat (limited to 'api/auth/login.py')
-rw-r--r--api/auth/login.py74
1 files changed, 43 insertions, 31 deletions
diff --git a/api/auth/login.py b/api/auth/login.py
index 78a9add..4ae1650 100644
--- a/api/auth/login.py
+++ b/api/auth/login.py
@@ -5,38 +5,50 @@ import passwords
login = Blueprint('login', __name__)
-@login.route('/login', methods = ['POST'])
-def index():
- data = request.get_json()
-
- # get form data
- email = data.get("email") or ""
- password = data.get("password") or ""
-
- # return malformed request if email or password is missing
- if not email or \
- not password:
- return "", 400
-
- # resolve user_id from username or email
- user_id = None
- user_id = user_id or cursor.execute("select user_id from users where email = ?", [email]).fetchone()
- user_id = user_id or cursor.execute("select user_id from users where lower(username) = lower(?)", [email]).fetchone()
- if user_id == None: return "", 401
- # check the password
- passwd = cursor.execute("select password_hash from users where user_id = ?", [user_id[0]]).fetchone()
- check = passwords.check_password(password, passwd[0])
- if not check: return "", 401
-
- # generate a new authentication token and add it to the users valid token list
- new_token = token.generate_token()
- token.add_token(user_id[0], token.hash_token(new_token))
-
- # make response with the set_cookie header
- res = make_response("", 200)
- res.set_cookie("token", new_token["token"], expires = int(new_token["expirationDate"] / 1000))
+@login.route('/login', methods=['POST'])
+def index():
+ data = request.get_json()
+
+ # get form data
+ email = data.get("email") or ""
+ password = data.get("password") or ""
+
+ # return malformed request if email or password is missing
+ if not email or \
+ not password:
+ return "", 400
+
+ # resolve user_id from username or email
+ user_id = None
+ user_id = user_id or cursor.execute(
+ "select user_id from users where email = ?", [email]
+ ).fetchone()
+ user_id = user_id or cursor.execute(
+ "select user_id from users where lower(username) = lower(?)", [email]
+ ).fetchone()
+ if user_id == None: return "", 401
+
+ # check the password
+ passwd = cursor.execute(
+ "select password_hash from users where user_id = ?", [user_id[0]]
+ ).fetchone()
+ check = passwords.check_password(password, passwd[0])
+ if not check: return "", 401
+
+ # generate a new authentication token and add it to the users valid token list
+ new_token = token.generate_token()
+ token.add_token(user_id[0], token.hash_token(new_token))
+
+ # make response with the set_cookie header
+ res = make_response("", 200)
+ res.set_cookie(
+ "token",
+ new_token["token"],
+ expires=int(new_token["expirationDate"] / 1000)
+ )
+
+ return res
- return res
dynamic_route = ["/auth", login]