def authenticate(*, email, passwd):
'''
???????????cookie, ?signin?????.
'''
if not email:
raise APIValueError('email', 'Invalid email')
if not passwd:
raise APIValueError('passwd', 'Invalid passwd.')
users = await User.findAll('email=?', [email])
if len(users) == 0:
raise APIValueError('email', 'Email not exist.')
user = users[0]
# check passwd:
# sha1: create a SHA1 hash object
sha1 = hashlib.sha1()
# update: Update the hash object with the object arg,Repeated calls are equivalent to a single call with the concatenation of all the arguments
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password.')
# authenticate ok, set cookie:
r = web.Response()
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age = 86400, httponly = True)
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii = False).encode('utf-8')
return r
评论列表
文章目录
