-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathsession_auth.py
46 lines (42 loc) · 1.44 KB
/
session_auth.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/usr/bin/env python3
""" Module of Users views
"""
import os
from flask import jsonify, request
from api.v1.views import app_views
from models.user import User
@app_views.route('/auth_session/login', methods=['POST'], strict_slashes=False)
def auth_session():
"""
Handle user login
Return:
dictionary representation of user if found else error message
"""
email = request.form.get('email')
password = request.form.get('password')
if email is None or email == '':
return jsonify({"error": "email missing"}), 400
if password is None or password == '':
return jsonify({"error": "password missing"}), 400
users = User.search({"email": email})
if not users or users == []:
return jsonify({"error": "no user found for this email"}), 404
for user in users:
if user.is_valid_password(password):
from api.v1.app import auth
session_id = auth.create_session(user.id)
resp = jsonify(user.to_json())
session_name = os.getenv('SESSION_NAME')
resp.set_cookie(session_name, session_id)
return resp
return jsonify({"error": "wrong password"}), 401
@app_views.route('/auth_session/logout', methods=['DELETE'],
strict_slashes=False)
def handle_logout():
"""
Handle user logout
"""
from api.v1.app import auth
if auth.destroy_session(request):
return jsonify({}), 200
abort(404)