-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathusers.py
executable file
·112 lines (90 loc) · 3.48 KB
/
users.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
from bottle import get, route, request, post, template, redirect, response, Bottle, delete
from bottle import HTTPResponse
from models import Users
import bottle
import hashlib
import os
import json
from json import dumps
filepath = os.getcwd()
bottle.TEMPLATE_PATH.insert(0, filepath + '/static/templates/')
secretkey = 84251450
app = Bottle()
@route('/api/users', method='POST')
def register():
# Test script from terminal:
# http post localhost:8081/api/users username='David' password='David'
try :
user = request.json['username']
password = request.json['password']
except :
response.content_type = 'application/json'
response.status = '400 missing username or password'
return
# Hash password with sha 224 prior to storing
hashedpw = hashlib.sha224(password).hexdigest()
# Check to see if username is already taken
checkUser = Users.objects(username = user)
if( checkUser.count() != 0 ):
response.content_type = 'application/json'
response.status = '400 username taken'
return
# Create a new instance of user and save it to the database
newUser = Users()
newUser.username = user
newUser.password = hashedpw
newUser.save()
# Build response
location = '/users/' + user
response.content_type = 'application/json'
response.status = 201
response.set_cookie('session', newUser.username, secret=secretkey)
response.set_cookie("username", newUser.username)
response.headers['Location'] = location
return
@route('/api/sessions/<user>', method='DELETE')
def logout(user):
# Test script from terminal:
# http post localhost:8081/api/sessions/David
response.content_type = 'application/json'
response.delete_cookie('session')
response.delete_cookie('username')
return
@route('/api/sessions', method='GET')
def get_username():
session_user = request.get_cookie('session', secret=secretkey)
if session_user:
return json.dumps({'username': session_user})
return HTTPResponse(status=404)
@route('/api/sessions', method='POST')
def login():
# Test script from terminal:
# http post localhost:8081/api/sessions username='David' password='David'
try :
username = request.json['username']
password = request.json['password']
except :
response.content_type = 'application/json'
response.status = '400 missing username or password'
return
# Hash password with sha 224 prior to storing
hashedpw = hashlib.sha224(password).hexdigest()
# Attempt to retrieve user from the database
newUser = Users.objects(username = username)
if( newUser.count() == 0 ):
response.content_type = 'application/json'
response.status = '400 invalid username or password'
return
# Check given password against what is in the database
if( newUser[0].password == hashedpw ): # Password matches
location = '/users/' + username
response.content_type = 'application/json'
response.status = 201
response.set_cookie('session', username, secret=secretkey)
response.set_cookie("username", username)
response.headers['Location'] = location
return
else: # Username or password were not valid.
response.content_type = 'application/json'
response.status = '400 invalid username or password'
return