Update: Remove 1 error message

backend/application/api_functions.py

@@ -14,31 +14,24 @@ def db_login(ip, email, password):
     user = Users.query.filter(
         Users.email == email
     ).first()
-    if not user:
-        message = f'Email or password invalid'
+
+    # Check User and Hash Pass
+    if user and user.hash_pass == hash_password(user.salt, password):
+        message = 'User authenticated.'
         log = Logs(
             date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=None,
+            id_user=user.id,
             ip=ip,
             table='users',
             action='login',
             message=message,
-            has_succeeded=False,
-            status_code=1
+            has_succeeded=True,
+            status_code=0
         )
         db.session.add(log)
         db.session.commit()
-        return {'status': 1, 'message': message}  # User does not exist
-
-    # Check Hash Pass
-    salt = user.get_salt()
-    hash_pass = hash_password(salt, password)
-
-    user = Users.query\
-        .filter(Users.email == email, Users.hash_pass == hash_pass)\
-        .first()
-
-    if not user:
+        return {'status': 0, 'message': message, 'data': user.json()}
+    else:
         message = f'Email or password invalid'
         log = Logs(
             date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
@@ -52,22 +45,7 @@ def db_login(ip, email, password):
         )
         db.session.add(log)
         db.session.commit()
-        return {'status': 2, 'message': message}  # Email or password invalid
-    else:
-        message = 'User authenticated.'
-        log = Logs(
-            date=datetime.now().strftime('%Y-%m-%dT%H:%M:%S'),
-            id_user=user.get_id(),
-            ip=ip,
-            table='users',
-            action='login',
-            message=message,
-            has_succeeded=True,
-            status_code=0
-        )
-        db.session.add(log)
-        db.session.commit()
-        return {'status': 0, 'message': message, 'data': user.json()}
+        return {'status': 1, 'message': message}  # Email or password invalid
 
 
 def db_register(ip, email, password, is_admin):
@@ -92,7 +70,6 @@ def db_register(ip, email, password, is_admin):
 
     # Salt Hash Pass with SHA256
     salt = os.urandom(32)
-    print('salt:         ', salt)
     hash_pass = hash_password(salt, password)
 
     user = Users(

backend/application/routes.py

@@ -17,8 +17,6 @@ def login():
         if res['status'] == 0:
             return send_message(res['message'], res['data'])
         elif res['status'] == 1:
-            return send_error(500, res['message'])
-        elif res['status'] == 2:
             return send_error(404, res['message'])
     else:
         return send_error(400, 'POST Request Error : Need email, password fields.')

backend/application/users_model.py

@@ -36,12 +36,6 @@ class Users(db.Model):
             'is_admin': self.is_admin
         }
 
-    def get_id(self):
-        return self.id
-
-    def get_salt(self):
-        return self.salt
-
     def auth_token(self):
         try:
             time = datetime.now().strftime('%Y-%m-%dT%H:%M:%S')

backend/config.py

@@ -8,7 +8,7 @@ class Config(object):
     TESTING = False
     CSRF_ENABLED = True
 
-    SECRET_KEY = os.environ.get('SECRET_KEY', None)
+    SECRET_KEY = os.environ.get('SECRET_KEY', 'default_secret_key')
     FLASK_APP = os.environ.get('FLASK_APP', None)
     FLASK_ENV = os.environ.get('FLASK_ENV', None)