Move signin to use AJAX. Render all flask templates with the common header. Move the header to a partial. Add account recovery.

2013-10-14 17:50:07 -04:00 · 2013-10-14 17:50:07 -04:00 · 4c15072c5a
commit 4c15072c5a
parent e182163d34
17 changed files with 653 additions and 617 deletions
--- a/endpoints/api.py
+++ b/endpoints/api.py
@ -2,19 +2,21 @@ import logging
 import stripe

 from flask import request, make_response, jsonify, abort
-from flask.ext.login import login_required, current_user
+from flask.ext.login import login_required, current_user, logout_user
+from flask.ext.principal import identity_changed, AnonymousIdentity
 from functools import wraps
 from collections import defaultdict

 from data import model
 from app import app
-from util.email import send_confirmation_email
+from util.email import send_confirmation_email, send_recovery_email
 from util.names import parse_repository_name
 from util.gravatar import compute_hash
 from auth.permissions import (ReadRepositoryPermission,
                              ModifyRepositoryPermission,
                              AdministerRepositoryPermission)
 from endpoints import registry
+from endpoints.web import common_login
 import re

 logger = logging.getLogger(__name__)
@ -106,6 +108,53 @@ def create_user_api():
    return error_resp


+@app.route('/api/signin', methods=['POST'])
+def signin_api():
+  signin_data = request.get_json()
+
+  username = signin_data['username']
+  password = signin_data['password']
+
+  #TODO Allow email login
+  needs_email_verification = False
+  invalid_credentials = False
+
+  verified = model.verify_user(username, password)
+  if verified:
+    if common_login(verified):
+      return make_response('Success', 200)
+    else:
+      needs_email_verification = True
+
+  else:
+    invalid_credentials = True
+
+  response = jsonify({
+    'needsEmailVerification': needs_email_verification,
+    'invalidCredentials': invalid_credentials,
+  })
+  response.status_code = 403
+  return response
+
+
+@app.route("/api/signout", methods=['POST'])
+@api_login_required
+def logout():
+  logout_user()
+
+  identity_changed.send(app, identity=AnonymousIdentity())
+
+  return make_response('Success', 200)
+
+
+@app.route("/api/recovery", methods=['POST'])
+def send_recovery():
+  email = request.get_json()['email']
+  code = model.create_reset_password_email_code(email)
+  send_recovery_email(email, code.code)
+  return make_response('Created', 201)
+
+
@app.route('/api/users/<prefix>', methods=['GET'])
@api_login_required
 def get_matching_users(prefix):