-
Notifications
You must be signed in to change notification settings - Fork 0
/
session.py
82 lines (63 loc) · 3.01 KB
/
session.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
# -*- coding: utf-8 -*-
from __future__ import absolute_import, print_function, unicode_literals
from flask import jsonify, request
from .db import db
from .models.session_model import WBSessionModel
from .models.user_model import WBUserModel
def authenticate():
"""View function to authenticate user.
If authentication is successful, a new session is created and
returned as a response.
"""
try:
name = request.form['username'].strip()
password = request.form['password']
except KeyError:
return jsonify(err=2, message="Missing parameter.")
user = WBUserModel.query.filter_by(username=name).first()
hashed_password = WBUserModel.hash_password(password)
if user and user.hashed_password == hashed_password:
session = WBSessionModel(user_id=user.id)
db.session.add(session)
db.session.commit()
return jsonify(username=name, err=0,
session_id=session.session_id,
session_secret=session.secret)
else:
return jsonify(err=1, message="Invalid credentials.")
def validate_session():
"""View function to check if session id refers to a valid session."""
session_id = request.form['session_id']
session = WBSessionModel.query.filter_by(session_id=session_id).first()
if session and session.touch():
return jsonify(err=0,
session_id=session.session_id,
session_secret=session.secret)
return jsonify(err=3, message="Invalid session.")
def invalidate_session():
"""View function to delete the session referenced in the request."""
session_id = request.form['session_id']
session = WBSessionModel.query.filter_by(session_id=session_id).first()
if session:
count = db.session.delete(session)
db.session.commit()
if count == 0:
return jsonify(err=4, message="Session could not be deleted.")
return jsonify(err=0)
def add_session_management_urls(app, authenticate_url='/authenticate',
validate_url='/validate-session',
invalidate_url='/invalidate-session'):
"""Helper function to register URL routes for session management.
Register POST URL routes for the three session management
functions :func:`authenticate`, :func:`validate_session` and
:func:`invalidate_session`.
Arguments:
app -- a Flask app
Keyword arguments:
authenticate_url -- URL for the :func:`authenticate` function, default to ``/authenticate``
validate_url -- URL for the :func:`validate_session` function, default to ``/validate-session``
invalidate_url -- URL for the :func:`invalidate_session` function, default to ``/invalidate-session``
"""
app.add_url_rule(authenticate_url, 'authenticate', authenticate, methods=['POST'])
app.add_url_rule(validate_url, 'validate_session', validate_session, methods=['POST'])
app.add_url_rule(invalidate_url, 'invalidate_session', invalidate_session, methods=['POST'])