Remove extraneous if/else for captcha verification

This commit is contained in:
James Wang 2015-12-26 20:24:57 -05:00
parent e13a789f15
commit d8e9aa0c46

View file

@ -13,69 +13,67 @@ blueprint = Blueprint("user", __name__)
@blueprint.route("/register", methods=["POST"]) @blueprint.route("/register", methods=["POST"])
@api_wrapper @api_wrapper
def user_register(): def user_register():
if not validate_captcha(request.form): if not validate_captcha(request.form):
return { "success": 0, "message": "Please do the captcha." } return { "success": 0, "message": "Please do the captcha." }
name = request.form["name"] name = request.form["name"]
username = request.form["username"] username = request.form["username"]
password = request.form["password"] password = request.form["password"]
password_confirm = request.form["password_confirm"] password_confirm = request.form["password_confirm"]
email = request.form["email"] email = request.form["email"]
username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first() username_exists = Users.query.add_columns("name", "uid").filter_by(username_lower=username.lower()).first()
email_exists = Users.query.add_columns("name", "uid").filter_by(email=email.lower()).first() email_exists = Users.query.add_columns("name", "uid").filter_by(email=email.lower()).first()
if password != password_confirm: if password != password_confirm:
return { "success": 0, "message": "Passwords do not match." } return { "success": 0, "message": "Passwords do not match." }
if len(password) > 128: if len(password) > 128:
return { "success": 0, "message": "Password is too long." } return { "success": 0, "message": "Password is too long." }
if len(password) == 0: if len(password) == 0:
return { "success": 0, "message": "Password is too short." } return { "success": 0, "message": "Password is too short." }
if len(username) > 64: if len(username) > 64:
return { "success": 0, "message": "Username is too long." } return { "success": 0, "message": "Username is too long." }
if username_exists: if username_exists:
return { "success": 0, "message": "Username is already taken." } return { "success": 0, "message": "Username is already taken." }
if email_exists: if email_exists:
return { "success": 0, "message": "Email has already been used." } return { "success": 0, "message": "Email has already been used." }
add_user(name, username, email, password) add_user(name, username, email, password)
logger.log("registrations", logger.INFO, "%s registered with %s" % (name.encode("utf-8"), email.encode("utf-8"))) logger.log("registrations", logger.INFO, "%s registered with %s" % (name.encode("utf-8"), email.encode("utf-8")))
return { "success": 1, "message": "Success!" } return { "success": 1, "message": "Success!" }
@blueprint.route("/logout", methods=["POST"]) @blueprint.route("/logout", methods=["POST"])
@api_wrapper @api_wrapper
def user_logout(): def user_logout():
session.clear() session.clear()
@blueprint.route("/login", methods=["POST"]) @blueprint.route("/login", methods=["POST"])
@api_wrapper @api_wrapper
def user_login(): def user_login():
email = request.form["email"] email = request.form["email"]
password = request.form["password"] password = request.form["password"]
user = Users.query.filter_by(email=email).first() user = Users.query.filter_by(email=email).first()
if user is None: if user is None:
return { "success": 0, "message": "Invalid credentials." } return { "success": 0, "message": "Invalid credentials." }
if utils.check_password(user.password, password): if utils.check_password(user.password, password):
session["username"] = user.username session["username"] = user.username
session["admin"] = user.admin session["admin"] = user.admin
session["logged_in"] = True session["logged_in"] = True
return { "success": 1, "message": "Success!" } return { "success": 1, "message": "Success!" }
else: else:
return { "success": 0, "message": "Invalid credentials." } return { "success": 0, "message": "Invalid credentials." }
def add_user(name, username, email, password): def add_user(name, username, email, password):
user = Users(name, username, email, password) user = Users(name, username, email, password)
db.session.add(user) db.session.add(user)
db.session.commit() db.session.commit()
def validate_captcha(form): def validate_captcha(form):
if "captcha_response" not in form: if "captcha_response" not in form:
return False return False
captcha_response = form["captcha_response"] captcha_response = form["captcha_response"]
data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response} data = {"secret": "6Lc4xhMTAAAAACFaG2NyuKoMdZQtSa_1LI76BCEu", "response": captcha_response}
response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data) response = requests.post("https://www.google.com/recaptcha/api/siteverify", data=data)
if response.json()["success"]: return response.json()["success"]
return True
return False