def authenticate(*, email, passwd): # ???????????
# ????????????
if not email:
raise APIValueError('email', 'Invalid email.')
if not passwd:
raise APIValueError('passwd', 'Invalid password.')
# ???????email???list?????
users = yield from User.findAll('email=?', [email])
# ??list???0??????????????????????
if len(users) == 0:
raise APIValueError('email', 'Email not exist.')
user = users[0] # ??????.???,?????????,???????list
# ????:
# ????????????????,????????
# ????????????????????,???????????????,?????????
# ???????????:sha1 = hashlib.sha1((user.id+":"+passwd).encode("utf-8"))
# ???????????????(?api_register_user),??????
sha1 = hashlib.sha1()
sha1.update(user.id.encode('utf-8'))
sha1.update(b':')
sha1.update(passwd.encode('utf-8'))
if user.passwd != sha1.hexdigest():
raise APIValueError('passwd', 'Invalid password.')
# ???????????cookie:
# ?????????????
r = web.Response()
r.set_cookie(COOKIE_NAME, user2cookie(user, 86400), max_age=86400, httponly=True)
user.passwd = '******'
r.content_type = 'application/json'
r.body = json.dumps(user, ensure_ascii=False).encode('utf-8')
return r
# ??????
评论列表
文章目录
