sio-2425/delivery1/server/routes/user.py

from flask import Blueprint, request, jsonify
from services import UserService, SessionService, OrganizationService

user_bp = Blueprint("user", __name__)

@user_bp.route("/login", methods=["POST"])
def user_login():
    data = request.json
    user = UserService.get_user_by_username(data["username"])
    if not user:
        return jsonify({"error": "User not found"}), 404

    org = OrganizationService.get_organization_by_name(data["org"])
    if not org:
        return jsonify({"error": "Organization not found"}), 404

    id_str = str(org.id)
    if id_str not in user.public_keys:
        return jsonify({"error": "User not associated with organization"}), 403

    if user.public_keys[id_str] != data["public_key"]:
        return jsonify({"error": "Invalid public key"}), 403

    session = SessionService.create_session(user, org)
    return jsonify(session.to_dict()), 201
Restructure for flask_sqlalchemy Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-11-13 02:49:43 +00:00			`from flask import Blueprint, request, jsonify`
Implement sessions - Missing security :skull: Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-11-15 01:18:23 +00:00			`from services import UserService, SessionService, OrganizationService`
Restructure for flask_sqlalchemy Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-11-13 02:49:43 +00:00
			`user_bp = Blueprint("user", __name__)`
Implement sessions - Missing security :skull: Signed-off-by: Tiago Garcia <tiago.rgarcia@ua.pt> 2024-11-15 01:18:23 +00:00
			`@user_bp.route("/login", methods=["POST"])`
			`def user_login():`
			`data = request.json`
			`user = UserService.get_user_by_username(data["username"])`
			`if not user:`
			`return jsonify({"error": "User not found"}), 404`

			`org = OrganizationService.get_organization_by_name(data["org"])`
			`if not org:`
			`return jsonify({"error": "Organization not found"}), 404`

			`id_str = str(org.id)`
			`if id_str not in user.public_keys:`
			`return jsonify({"error": "User not associated with organization"}), 403`

			`if user.public_keys[id_str] != data["public_key"]:`
			`return jsonify({"error": "Invalid public key"}), 403`

			`session = SessionService.create_session(user, org)`
			`return jsonify(session.to_dict()), 201`