diff options
| author | Frederick Muriuki Muriithi | 2022-12-19 16:02:19 +0300 |
|---|---|---|
| committer | Frederick Muriuki Muriithi | 2022-12-22 09:05:53 +0300 |
| commit | b0641272491eb51d321b1b8a7d062e395e70800f (patch) | |
| tree | c9b2065ea60399579c4c4d84c648b61ed67402ba /gn3/auth/authentication/routes.py | |
| parent | e9031e28594fcd21371adb2b9b26e17a1df95599 (diff) | |
| download | genenetwork3-b0641272491eb51d321b1b8a7d062e395e70800f.tar.gz | |
auth: implement OAuth2 flow.oauth2_auth_flow
Add code to implement the OAuth2 flow.
* Add test fixtures for setting up users and OAuth2 clients
* Add tests for token generation with the "Password Grant" flow
* Fix some issues with test due to changes in the database connection's
row_factory
Diffstat (limited to 'gn3/auth/authentication/routes.py')
| -rw-r--r-- | gn3/auth/authentication/routes.py | 57 |
1 files changed, 0 insertions, 57 deletions
diff --git a/gn3/auth/authentication/routes.py b/gn3/auth/authentication/routes.py deleted file mode 100644 index 3b288d7..0000000 --- a/gn3/auth/authentication/routes.py +++ /dev/null @@ -1,57 +0,0 @@ -import requests - -import bcrypt -from flask import flash, jsonify, request, session, Blueprint - -from gn3.auth import db -from gn3.settings import AUTH_DB - -from .users import User, user_by_email - -auth_routes = Blueprint("auth", __name__) - -def valid_login(conn: db.DbConnection, user: User, password: str) -> bool: - """Check the validity of the provided credentials for login.""" - with db.cursor(conn) as cursor: - cursor.execute( - ("SELECT * FROM users LEFT JOIN user_credentials " - "ON users.user_id=user_credentials.user_id " - "WHERE users.user_id=?"), - (str(user.user_id),)) - row = cursor.fetchone() - - if row == None: - return False - - return bcrypt.checkpw(password.encode("utf-8"), row["password"]) - -@auth_routes.route("/login", methods=["POST"]) -def login(): - """Log in the user.""" - print(request.cookies) - if session.get("user"): - flash("Already logged in!", "alert-warning") - print(f"ALREADY LOGGED IN: {session['user']}") - return redirect("/", code=302) - - form = request.form - email = form.get("email").strip() - password = form.get("password").strip() - if email == "" or password == "": - flash("You must provide the email and password!", "alert-error") - return redirect("/", code=302) - - with db.connection(AUTH_DB) as conn: - user = user_by_email(conn, email).maybe(False, lambda usr: usr) - if user and valid_login(conn, user, password): - session["user"] = user - return jsonify({ - "user_id": user.user_id, - "email": user.email, - "name": user.name - }), 200 - - return jsonify({ - "message": "Could not login. Invalid 'email' or 'password'.", - "type": "authentication-error" - }), 401 |