1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
import requests
import bcrypt
from flask import flash, jsonify, request, session, Blueprint
from gn3.auth import db
from gn3.settings import AUTH_DB
from .users import User, user_by_email
auth_routes = Blueprint("auth", __name__)
def valid_login(conn: db.DbConnection, user: User, password: str) -> bool:
"""Check the validity of the provided credentials for login."""
with db.cursor(conn) as cursor:
cursor.execute(
("SELECT * FROM users LEFT JOIN user_credentials "
"ON users.user_id=user_credentials.user_id "
"WHERE users.user_id=?"),
(str(user.user_id),))
row = cursor.fetchone()
if row == None:
return False
return bcrypt.checkpw(password.encode("utf-8"), row["password"])
@auth_routes.route("/login", methods=["POST"])
def login():
"""Log in the user."""
print(request.cookies)
if session.get("user"):
flash("Already logged in!", "alert-warning")
print(f"ALREADY LOGGED IN: {session['user']}")
return redirect("/", code=302)
form = request.form
email = form.get("email").strip()
password = form.get("password").strip()
if email == "" or password == "":
flash("You must provide the email and password!", "alert-error")
return redirect("/", code=302)
with db.connection(AUTH_DB) as conn:
user = user_by_email(conn, email).maybe(False, lambda usr: usr)
if user and valid_login(conn, user, password):
session["user"] = user
return jsonify({
"user_id": user.user_id,
"email": user.email,
"name": user.name
}), 200
return jsonify({
"message": "Could not login. Invalid 'email' or 'password'.",
"type": "authentication-error"
}), 401
|
