Add token authentication, fix wrong name in model

131d457f · Willard · 2f13df5a · 131d457f · 131d457f
Commit 131d457f authored Oct 25, 2016 by Willard
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 10 deletions

api.py canteeneo/api.py +16 -7

models.py canteeneo/models.py +20 -3

No files found.
--- a/canteeneo/api.py
+++ b/canteeneo/api.py
 from canteeneo import app, db, auth
-from flask import jsonify, request
+from flask import jsonify, request, g
 from models import Dish, Stall, Location, User
 from datetime import datetime

@@ -44,18 +44,18 @@ def search():

 @app.route('/api/users/new', methods=["POST"])
 def new_user():
-    name = request.form['name']
+    username = request.form['username']
    email = request.form['email']
    password = request.form['password']

-    user = User.query.filter_by(name=name).first()
+    user = User.query.filter_by(username=username).first()
    if user is not None:
        return 'Username is alreadye taken!'
    user = User.query.filter_by(email=email).first()
    if user is not None:
        return 'Email address is already taken!'
    
-    user = User(name, email, password)
+    user = User(username, email, password)
    db.session.add(user)
    db.session.commit()
    
@@ -63,10 +63,19 @@ def new_user():

 @auth.verify_password
 def verify_password(username, password):
-    user = User.query.filter_by()
-    pass
+    user = User.verify_token(username)
+    print(user)
+    if user is None:
+        user = User.query.filter_by(username=username).first()
+        print(user)
+        if user is None or not user.check_password(password):
+            return False
+    print(user)
+    g.user = user
+    return True

 @app.route('/api/token')
 @auth.login_required
 def get_auth_token():
-    pass
+    token = g.user.generate_token()
+    return jsonify({'token': token.decode('ascii'), 'duration': 600})
--- a/canteeneo/models.py
+++ b/canteeneo/models.py
-from canteeneo import db
+from canteeneo import app, db
 from werkzeug.security import generate_password_hash, check_password_hash
+from itsdangerous import TimedJSONWebSignatureSerializer as Serializer, BadSignature, SignatureExpired

 dish_favorites = db.Table('dish_favorites',
    db.Column('dish_id', db.Integer, db.ForeignKey('dish.id')),
@@ -94,8 +95,8 @@ class User(db.Model):
    dish_reviews = db.relationship('DishReview', backref='user', lazy='dynamic')
    stall_reviews = db.relationship('StallReview', backref='user', lazy='dynamic')

-    def __init__(self, name, email, password):
-        self.name = name
+    def __init__(self, username, email, password):
+        self.username = username
        self.email = email
        self.set_password(password)
    
@@ -105,6 +106,22 @@ class User(db.Model):
    def check_password(self, password):
        return check_password_hash(self.password, password)

+    def generate_token(self):
+        s = Serializer(app.config['SECRET_KEY'], expires_in=600)
+        return s.dumps({'id': self.id})
+
+    @staticmethod
+    def verify_token(token):
+        s = Serializer(app.config['SECRET_KEY'])
+        try:
+            data = s.loads(token)
+        except SignatureExpired:
+            return None
+        except BadSignature:
+            return None
+        user = User.query.get(data['id'])
+        return user
+
 class DishReview(db.Model):
    id = db.Column(db.Integer, primary_key=True)
    title = db.Column(db.String(80))