TG-124 : Correction du sytème de login + register
This commit is contained in:
Clément ARNAUDEAU
parent
f4d9ebaca0
commit
711d0886d3
|
|
@ -1,11 +1,11 @@
|
|||
from hashlib import sha256
|
||||
|
||||
from flask import session
|
||||
from flask import session, request
|
||||
from flask_restful import Resource
|
||||
from flask_restful.reqparse import RequestParser
|
||||
|
||||
from app.core import app
|
||||
from app.model import USER
|
||||
from app.model import USER, getUser
|
||||
from app.utils import checkParams
|
||||
|
||||
|
||||
class LoginAPI(Resource):
|
||||
|
|
@ -14,10 +14,9 @@ class LoginAPI(Resource):
|
|||
"""
|
||||
|
||||
def post(self):
|
||||
parser = RequestParser()
|
||||
parser.add_argument('email', required=True, help="Email cannot be blank!")
|
||||
parser.add_argument('password', required=True, help="Password cannot be blank!")
|
||||
args = parser.parse_args()
|
||||
args = request.get_json(cache=False, force=True)
|
||||
if not checkParams(['email', 'password'], args):
|
||||
return {"ERROR": "One or more parameters are missing !"}, 400
|
||||
email = args['email']
|
||||
psw = args['password']
|
||||
password = sha256(psw.encode('utf-8')).hexdigest()
|
||||
|
|
@ -27,17 +26,19 @@ class LoginAPI(Resource):
|
|||
|
||||
query = USER.select(USER.c.email == email)
|
||||
rows = query.execute()
|
||||
user = rows.first()
|
||||
res = rows.first()
|
||||
|
||||
if app.config['TESTING']:
|
||||
if user is not None and psw == email:
|
||||
if res is not None and psw == email:
|
||||
user = getUser(uid=res.id)
|
||||
session['user'] = user
|
||||
return {'AUTH_RESULT': 'OK'}, 200
|
||||
else:
|
||||
session['user'] = None
|
||||
return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401
|
||||
else:
|
||||
if user is not None and password == user.psw:
|
||||
if res is not None and password != "" and password == res.psw:
|
||||
user = getUser(uid=res.id)
|
||||
session['user'] = user
|
||||
return {'AUTH_RESULT': 'OK'}, 200
|
||||
else:
|
||||
|
|
|
|||
|
|
@ -34,15 +34,19 @@ class UserAPI(Resource):
|
|||
|
||||
def put(self, uid):
|
||||
args = request.get_json(cache=False, force=True)
|
||||
if not checkParams(['role', 'email', 'phone', 'name', 'password'], args):
|
||||
if not checkParams(['role', 'email', 'phone', 'name', 'password', 'firstname'], args):
|
||||
return {"ERROR": "One or more parameters are missing !"}, 400
|
||||
|
||||
role = args['role']
|
||||
email = args['email']
|
||||
phone = args['phone']
|
||||
firstname = args['firstname']
|
||||
name = args['name']
|
||||
psw = args['password']
|
||||
|
||||
name = firstname.title() + " " + name.upper()
|
||||
# TODO : Lors de l'ajout des fiches d'absence ca sera ça le critère de recherche + le groupe
|
||||
|
||||
if psw is None or len(psw) < 8:
|
||||
return {"ERROR": "Password can't be empty or less than 8 characters !"}, 400
|
||||
|
||||
|
|
@ -64,5 +68,5 @@ class UserAPI(Resource):
|
|||
return {'USER': getUser(uid=uid)}, 200
|
||||
elif email != "":
|
||||
return {'USER': getUser(email=email)}, 200
|
||||
elif hash != "":
|
||||
elif hashcode != "":
|
||||
return {'USER': getUser(hashcode=hashcode)}, 200
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ def getParam(key):
|
|||
def getUser(uid=0, email="", hashcode=""):
|
||||
res = None
|
||||
|
||||
if uid == 0 and email == "":
|
||||
if uid == 0 and email == "" and hashcode == "":
|
||||
raise Exception("getUser must be called with one argument !")
|
||||
else:
|
||||
if uid != 0:
|
||||
|
|
|
|||
Reference in New Issue