Update: Login, Register and Logout

backend/application/api_functions.py

@@ -48,7 +48,7 @@ def db_login(ip, email, password):
         return {'status': 1, 'message': message}  # Email or password invalid
 
 
-def db_register(ip, email, password, is_admin):
+def db_register(ip, email, nickname, password, is_admin):
     user = Users.query.filter(
         Users.email == email
     ).first()
@@ -75,6 +75,7 @@ def db_register(ip, email, password, is_admin):
     user = Users(
         email=email,
         hash_pass=hash_pass,
+        nickname=nickname,
         salt=salt,
         is_admin=is_admin
     )

backend/application/responses.py

@@ -18,7 +18,7 @@ def send_error(status_code, message, token=None):
     return res
 
 
-def send_message(message, data, token=None):
+def send_message(message, data, token=None, token_delete=False):
     data_json = {
         'status': 'success',
         'message': message,
@@ -32,4 +32,6 @@ def send_message(message, data, token=None):
     res.headers['Access-Control-Allow-Origin'] = app.config.get('ALLOW_ORIGIN')
     if token is not None:
         res.set_cookie('SESSIONID', token)
+    if token_delete:
+        res.delete_cookie('SESSIONID')
     return res

backend/application/routes.py

@@ -2,7 +2,7 @@ from flask import current_app as app
 from flask import request
 from .responses import send_message, send_error
 from .api_functions import db_login, db_register
-from .sessionJWT import create_auth_token, decode_auth_token, check_auth_token
+from .sessionJWT import create_auth_token, check_auth_token
 
 
 # Login
@@ -31,19 +31,21 @@ def login():
 @app.route('/api/register', methods=['POST'])
 def register():
     post_json = request.json
+    try:
         post_email = str(post_json['email'])
+        post_nickname = str(post_json['nickname'])
         post_password = str(post_json['password'])
         post_is_admin = bool(post_json['is_admin'])
 
-    if post_email and post_password and post_is_admin:
+        if post_email and post_nickname and post_password and post_is_admin:
             ip = request.remote_addr
-        res = db_register(ip, post_email, post_password, post_is_admin)
+            res = db_register(ip, post_email, post_nickname, post_password, post_is_admin)
             if res['status'] == 1:
                 return send_error(500, res['message'])
             elif res['status'] == 0:
                 return send_message(res['message'], res['data'])
-    else:
-        return send_error(400, 'POST Request Error : Need email, password and is_admin fields.')
+    except KeyError as e:
+        return send_error(400, 'POST Request Error : Need '+str(e)+' field.')
 
 
 # Logout
@@ -51,7 +53,7 @@ def register():
 def logout():
     token = check_auth_token(request)
     if token['success']:
-        return send_message('User disconnected.', None)
+        return send_message('User disconnected.', None, token_delete=True)
     else:
         return send_error(500, token['message'])
 
@@ -59,6 +61,7 @@ def logout():
 # Update User
 @app.route('/api/user/update', methods=['PUT'])
 def user_update():
+    token = check_auth_token(request)
     return send_message('User.update not implemented', None)
 
 

backend/application/sessionJWT.py

@@ -24,13 +24,14 @@ def decode_auth_token(auth_token):
     try:
         payload = jwt.decode(
             auth_token,
-            app.config.get('SECRET_KEY')
+            app.config.get('SECRET_KEY'),
+            algorithms='HS256'
         )
         return {'success': True, 'payload': payload['user']}
     except jwt.ExpiredSignatureError:
         return {'success': False, 'message': 'Signature expired . Please log in again.'}
-    except jwt.InvalidTokenError:
-        return {'success': False, 'message': 'Invalid token. Please log in again.'}
+    except jwt.InvalidTokenError as e:
+        return {'success': False, 'message': 'User not authenticated.'}
 
 
 def check_auth_token(request):