From df78035ac223d3a9ba67866bfd6f5cbf1792ec6c Mon Sep 17 00:00:00 2001
From: Arvind Khadri <arvindkhadri@gmail.com>
Date: Mon, 24 Jun 2013 19:38:27 +0530
Subject: [PATCH] Adding features   - SweeT store can authenticate users now

---
 swtr.py             |   31 ++++++++++++++++++++++++++-----
 templates/user.html |    5 ++---
 2 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/swtr.py b/swtr.py
index db94f4f..3d68567 100644
--- a/swtr.py
+++ b/swtr.py
@@ -25,7 +25,7 @@ USERNAME = 'admin'
 PASSWORD = 'default'
 DB_PORT = 27017
 DB_HOST = 'localhost'
-URL = "http://localhost:5000"
+URL = "http://localhost:5001"
 # create our little application :)
 app = Flask(__name__)
 app.config.from_object(__name__)
@@ -39,7 +39,6 @@ def init_db():
     g.collection = db[app.config["COLLECTION_NAME"]]
 
 
-
 @app.teardown_request
 def close_db(exception):
     g.connection.disconnect()
@@ -138,9 +137,12 @@ def logout():
 
 @app.route('/serveUser')
 def serveUser():
-    session['key'] = conf.SECRET_KEY
-    return render_template('user.html')
-
+    if "logged_in" in session:
+        print session["logged_in"]
+        session['key'] = conf.SECRET_KEY
+        return render_template('user.html')
+    else:
+        return render_template('login.html', error=None)
 
 @app.route('/user', methods=['POST', "GET"])
 def user():
@@ -159,6 +161,25 @@ def user():
         return render_template("users.html", users=users)
 
 
+@app.route('/authenticate', methods=['POST','GET'])
+def authenticate():
+    if request.method == "POST":
+        response = make_response()
+        db = g.connection[app.config['DATABASE']]
+        collection = db['sweet_users']
+        for i in collection.find():
+            if i['user'] == request.form['user'] and i['key'] == request.form['hash']:
+                response.status_code = 200
+                response.headers['Access-Control-Allow-Origin'] = '*'
+                return response
+            else:
+                response.status_code = 403
+                response.headers['Access-Control-Allow-Origin'] = '*'
+                return response
+    elif request.method == "GET":
+        return app.send_static_file("sweet-authenticate.js")
+
+
 def make_list(res):
     entries = []
     for row in res:
diff --git a/templates/user.html b/templates/user.html
index 6811d9d..f1a5d9f 100644
--- a/templates/user.html
+++ b/templates/user.html
@@ -1,6 +1,6 @@
 <!doctype html>
 <head>
-<script src="{{ url_for('static', filename='sjcl.js') }}" type="text/javascript"></script>
+<!-- <script src="{{ url_for('static', filename='sjcl.js') }}" type="text/javascript"></script> -->
 <script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
 <link rel=stylesheet type=text/css href="{{ url_for('static', filename='bootstrap.min.css') }}">
 <style type="text/css">
@@ -51,8 +51,7 @@ function encryptAndSend()
 {
 key = {{ session.key| tojson| safe }}
 data = $('#password').val();
-var hash = sjcl.encrypt(key,data);
-$.post({{ url_for('user')| tojson| safe }}, {'user':$("#user").val(), "key":hash}, function(data){
+$.post({{ url_for('user')| tojson| safe }}, {'user':$("#user").val(), "key":data}, function(data){
 /*TODO: In the UI flash a "check mark", to indicate success.*/
 console.log("Success");
 });
-- 
1.7.10.4