From 711d0886d3d0c98fd157f77382ebc0d4e72a0f8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20ARNAUDEAU?= Date: Tue, 28 Mar 2017 16:02:28 +0200 Subject: [PATCH] =?UTF-8?q?TG-124=20:=20Correction=20du=20syt=C3=A8me=20de?= =?UTF-8?q?=20login=20+=20register?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- backend/app/api/LoginAPI.py | 21 +++++++++++---------- backend/app/api/UserAPI.py | 8 ++++++-- backend/app/model.py | 2 +- 3 files changed, 18 insertions(+), 13 deletions(-) diff --git a/backend/app/api/LoginAPI.py b/backend/app/api/LoginAPI.py index 4990769..c426fb3 100644 --- a/backend/app/api/LoginAPI.py +++ b/backend/app/api/LoginAPI.py @@ -1,11 +1,11 @@ from hashlib import sha256 -from flask import session +from flask import session, request from flask_restful import Resource -from flask_restful.reqparse import RequestParser from app.core import app -from app.model import USER +from app.model import USER, getUser +from app.utils import checkParams class LoginAPI(Resource): @@ -14,10 +14,9 @@ class LoginAPI(Resource): """ def post(self): - parser = RequestParser() - parser.add_argument('email', required=True, help="Email cannot be blank!") - parser.add_argument('password', required=True, help="Password cannot be blank!") - args = parser.parse_args() + args = request.get_json(cache=False, force=True) + if not checkParams(['email', 'password'], args): + return {"ERROR": "One or more parameters are missing !"}, 400 email = args['email'] psw = args['password'] password = sha256(psw.encode('utf-8')).hexdigest() @@ -27,17 +26,19 @@ class LoginAPI(Resource): query = USER.select(USER.c.email == email) rows = query.execute() - user = rows.first() + res = rows.first() if app.config['TESTING']: - if user is not None and psw == email: + if res is not None and psw == email: + user = getUser(uid=res.id) session['user'] = user return {'AUTH_RESULT': 'OK'}, 200 else: session['user'] = None return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401 else: - if user is not None and password == user.psw: + if res is not None and password != "" and password == res.psw: + user = getUser(uid=res.id) session['user'] = user return {'AUTH_RESULT': 'OK'}, 200 else: diff --git a/backend/app/api/UserAPI.py b/backend/app/api/UserAPI.py index fd4b9be..f9bfbcb 100644 --- a/backend/app/api/UserAPI.py +++ b/backend/app/api/UserAPI.py @@ -34,15 +34,19 @@ class UserAPI(Resource): def put(self, uid): args = request.get_json(cache=False, force=True) - if not checkParams(['role', 'email', 'phone', 'name', 'password'], args): + if not checkParams(['role', 'email', 'phone', 'name', 'password', 'firstname'], args): return {"ERROR": "One or more parameters are missing !"}, 400 role = args['role'] email = args['email'] phone = args['phone'] + firstname = args['firstname'] name = args['name'] psw = args['password'] + name = firstname.title() + " " + name.upper() + # TODO : Lors de l'ajout des fiches d'absence ca sera ça le critère de recherche + le groupe + if psw is None or len(psw) < 8: return {"ERROR": "Password can't be empty or less than 8 characters !"}, 400 @@ -64,5 +68,5 @@ class UserAPI(Resource): return {'USER': getUser(uid=uid)}, 200 elif email != "": return {'USER': getUser(email=email)}, 200 - elif hash != "": + elif hashcode != "": return {'USER': getUser(hashcode=hashcode)}, 200 diff --git a/backend/app/model.py b/backend/app/model.py index 0c87f5f..70cc838 100644 --- a/backend/app/model.py +++ b/backend/app/model.py @@ -27,7 +27,7 @@ def getParam(key): def getUser(uid=0, email="", hashcode=""): res = None - if uid == 0 and email == "": + if uid == 0 and email == "" and hashcode == "": raise Exception("getUser must be called with one argument !") else: if uid != 0: