()
| 112 | |
| 113 | @routes.route('/api/user/otp/verify', methods=['POST']) |
| 114 | def verify_otp_from_web(): |
| 115 | |
| 116 | with sessionMaker.session_scope() as session: |
| 117 | |
| 118 | data = request.get_json(force=True) |
| 119 | |
| 120 | proposed_otp_code = data.get('otp', None) |
| 121 | otp_current_session = data.get('otp_current_session', None) |
| 122 | email = data.get('email', None) |
| 123 | |
| 124 | user = User.get_by_email(session, email) |
| 125 | if user is None: |
| 126 | return jsonify(error="No user"), 200, {'ContentType':'application/json'} |
| 127 | |
| 128 | if user.otp_current_session_expiry <= time.time(): |
| 129 | User.new_login_history( session=session, |
| 130 | success=False, |
| 131 | otp_success=False, |
| 132 | remote_address=request.remote_addr, |
| 133 | user_id=user.id) |
| 134 | return jsonify(error="Please login again, session expired"), 200, {'ContentType':'application/json'} |
| 135 | |
| 136 | if user.otp_current_session != otp_current_session: |
| 137 | User.new_login_history( session=session, |
| 138 | success=False, |
| 139 | otp_success=False, |
| 140 | remote_address=request.remote_addr, |
| 141 | user_id=user.id) |
| 142 | return jsonify(error="Please login again, session invalid"), 200, {'ContentType':'application/json'} |
| 143 | |
| 144 | |
| 145 | if OneTimePass.verify_otp(user, proposed_otp_code) is True: |
| 146 | |
| 147 | User.new_login_history( session=session, |
| 148 | success=True, |
| 149 | otp_success=True, |
| 150 | remote_address=request.remote_addr, |
| 151 | user_id=user.id) |
| 152 | |
| 153 | setSecureCookie(user) |
| 154 | |
| 155 | return jsonify(user=user.serialize(), success = True), 200, {'ContentType':'application/json'} |
| 156 | |
| 157 | |
| 158 | return jsonify(error="Invalid code"), 200, {'ContentType':'application/json'} |
nothing calls this directly
no test coverage detected