1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
from flask import Blueprint, request, make_response
from db import cursor
import auth.token as token
import passwords
login = Blueprint('login', __name__)
@login.route('/login', methods=['POST'])
def index():
data = request.get_json()
# get form data
email = data.get("email") or ""
password = data.get("password") or ""
# return malformed request if email or password is missing
if not email or \
not password:
return "", 400
# resolve user_id from username or email
user_id = None
user_id = user_id or cursor.execute(
"select user_id from users where email = ?", [email]
).fetchone()
user_id = user_id or cursor.execute(
"select user_id from users where lower(username) = lower(?)", [email]
).fetchone()
if user_id == None: return "", 401
# check the password
passwd = cursor.execute(
"select password_hash from users where user_id = ?", [user_id[0]]
).fetchone()
check = passwords.check_password(password, passwd[0])
if not check: return "", 401
# generate a new authentication token and add it to the users valid token list
new_token = token.generate_token()
token.add_token(user_id[0], token.hash_token(new_token))
# make response with the set_cookie header
res = make_response("", 200)
res.set_cookie(
"token",
new_token["token"],
expires=int(new_token["expirationDate"] / 1000)
)
return res
dynamic_route = ["/auth", login]
|