def authenticate(*, email, password):
if not email:
raise APIValueError('email', 'Invalid Email')
if not password:
raise APIValueError('password', 'Invalid Password')
users = yield from User.find_all('email=?', [email])
if len(users) == 0:
raise APIValueError('email', 'Email not exist')
user = users[0]
#check password
sha1_password = '{}:{}'.format(user.id, password)
logging.info('login password:{}, sha1_password:{}'.format(password, sha1_password))
if user.password != hashlib.sha1(sha1_password.encode('utf-8')).hexdigest():
raise APIValueError('password', 'Invalid Password.')
# authenticate ok, set cookie
r = web.Response()
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
user.password = '*' * 8
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
评论列表
文章目录
