Get form-based sessions working

This removes some of the logic associated with using JSON based
authentication in favor of the simpler and more built-in form based
authentication that I had originally gotten working. This requires no
JavaScript from the browser, which is its own reward

vanth/platform/user.py

@@ -1,3 +1,4 @@
+import logging
 import uuid
 
 import chryso.connection
@@ -7,13 +8,49 @@ import sepiida.routing
 
 import vanth.tables
 
+LOGGER = logging.getLogger(__name__)
+
+class User():
+    def __init__(self, _uuid, name, username):
+        self.uuid     = _uuid
+        self.name     = name
+        self.username = username
+
+    @staticmethod
+    def is_authenticated():
+        return True
+
+    @staticmethod
+    def is_active():
+        return True
+
+    @staticmethod
+    def is_anonymous():
+        return False
+
+    def get_id(self):
+        return str(self.uuid)
+
+def load(user_id):
+    engine = chryso.connection.get()
+
+    query = vanth.tables.User.select().where(vanth.tables.User.c.uuid == str(user_id))
+    results = engine.execute(query).fetchall()
+    assert len(results) <= 1
+    if not results:
+        return None
+    user = results[0]
+    return User(
+        _uuid    = user[vanth.tables.User.c.uuid],
+        name     = user[vanth.tables.User.c.name],
+        username = user[vanth.tables.User.c.username],
+    )
 
 def _to_dict(result):
     return {
-       'password'   : result[vanth.tables.User.c.password],
        'name'       : result[vanth.tables.User.c.name],
-       'uri'        : sepiida.routing.uri('user', result[vanth.tables.User.c.uuid]),
        'username'   : result[vanth.tables.User.c.username],
+       'uuid'       : result[vanth.tables.User.c.uuid],
    }
 
 def by_filter(filters):
@@ -33,7 +70,11 @@ def by_credentials(username, password):
     if not (result and passlib.apps.custom_app_context.verify(password, result[vanth.tables.User.c.password])):
         return None
 
-    return _to_dict(result)
+    return User(
+        _uuid    = result['uuid'],
+        name     = result['name'],
+        username = result['username'],
+    )
 
 def create(name, username, password):
     engine = chryso.connection.get()

vanth/server.py

@@ -1,5 +1,4 @@
 import logging
-import uuid
 
 import flask
 import flask_login
@@ -12,7 +11,7 @@ import vanth.api.ofxsource
 import vanth.api.session
 import vanth.api.user
 import vanth.auth
-import vanth.user
+import vanth.platform.user
 
 LOGGER = logging.getLogger(__name__)
 
@@ -25,13 +24,18 @@ def index():
 
 def load_user(user_id):
     LOGGER.debug("Loading user %s", user_id)
-    return vanth.user.load(user_id)
+    return vanth.platform.user.load(user_id)
 
 def login():
     if flask.request.method == 'GET':
         return flask.render_template('login.html')
     elif flask.request.method == 'POST':
-        user = vanth.user.load(uuid.uuid4())
+        username = flask.request.form.get('username')
+        password = flask.request.form.get('password')
+        LOGGER.debug("Checking credentials for %s %s", username, password)
+        user = vanth.platform.user.by_credentials(username, password)
+        if not user:
+            return flask.make_response('error', 403)
         flask_login.login_user(user)
     elif flask.request.method == 'DELETE':
         flask_login.logout_user()

vanth/user.py

@@ -1,24 +1,3 @@
 import logging
 
 LOGGER = logging.getLogger(__name__)
-
-class User():
-    def __init__(self, user_id):
-        self.user_id = user_id
-        self.name = 'a person'
-
-    def is_authenticated(self):
-        return True
-
-    def is_active(self):
-        return True
-
-    def is_anonymous(self):
-        return False
-
-    def get_id(self):
-        LOGGER.debug("Getting user id")
-        return str(self.user_id)
-
-def load(user_id):
-    return User(user_id)