TG-124 : Correction du sytème de login + register

2017-03-28 16:02:28 +02:00 · 2017-03-28 16:02:28 +02:00 · 711d0886d3
commit 711d0886d3
parent f4d9ebaca0
3 changed files with 18 additions and 13 deletions
--- a/backend/app/api/LoginAPI.py
+++ b/backend/app/api/LoginAPI.py
@ -1,11 +1,11 @@
 from hashlib import sha256

-from flask import session
+from flask import session, request
 from flask_restful import Resource
-from flask_restful.reqparse import RequestParser

 from app.core import app
-from app.model import USER
+from app.model import USER, getUser
+from app.utils import checkParams


 class LoginAPI(Resource):
@ -14,10 +14,9 @@ class LoginAPI(Resource):
    """

    def post(self):
-        parser = RequestParser()
-        parser.add_argument('email', required=True, help="Email cannot be blank!")
-        parser.add_argument('password', required=True, help="Password cannot be blank!")
-        args = parser.parse_args()
+        args = request.get_json(cache=False, force=True)
+        if not checkParams(['email', 'password'], args):
+            return {"ERROR": "One or more parameters are missing !"}, 400
        email = args['email']
        psw = args['password']
        password = sha256(psw.encode('utf-8')).hexdigest()
@ -27,17 +26,19 @@ class LoginAPI(Resource):

        query = USER.select(USER.c.email == email)
        rows = query.execute()
-        user = rows.first()
+        res = rows.first()

        if app.config['TESTING']:
-            if user is not None and psw == email:
+            if res is not None and psw == email:
+                user = getUser(uid=res.id)
                session['user'] = user
                return {'AUTH_RESULT': 'OK'}, 200
            else:
                session['user'] = None
                return {'AUTH_RESULT': 'AUTHENTICATION_FAILED'}, 401
        else:
-            if user is not None and password == user.psw:
+            if res is not None and password != "" and password == res.psw:
+                user = getUser(uid=res.id)
                session['user'] = user
                return {'AUTH_RESULT': 'OK'}, 200
            else:
--- a/backend/app/api/UserAPI.py
+++ b/backend/app/api/UserAPI.py
@ -34,15 +34,19 @@ class UserAPI(Resource):

    def put(self, uid):
        args = request.get_json(cache=False, force=True)
-        if not checkParams(['role', 'email', 'phone', 'name', 'password'], args):
+        if not checkParams(['role', 'email', 'phone', 'name', 'password', 'firstname'], args):
            return {"ERROR": "One or more parameters are missing !"}, 400

        role = args['role']
        email = args['email']
        phone = args['phone']
+        firstname = args['firstname']
        name = args['name']
        psw = args['password']

+        name = firstname.title() + " " + name.upper()
+        # TODO : Lors de l'ajout des fiches d'absence ca sera ça le critère de recherche + le groupe
+
        if psw is None or len(psw) < 8:
            return {"ERROR": "Password can't be empty or less than 8 characters !"}, 400

@ -64,5 +68,5 @@ class UserAPI(Resource):
            return {'USER': getUser(uid=uid)}, 200
        elif email != "":
            return {'USER': getUser(email=email)}, 200
-        elif hash != "":
+        elif hashcode != "":
            return {'USER': getUser(hashcode=hashcode)}, 200
--- a/backend/app/model.py
+++ b/backend/app/model.py
@ -27,7 +27,7 @@ def getParam(key):
 def getUser(uid=0, email="", hashcode=""):
    res = None

-    if uid == 0 and email == "":
+    if uid == 0 and email == "" and hashcode == "":
        raise Exception("getUser must be called with one argument !")
    else:
        if uid != 0: