def login():
'''This routine verifies that the user is an administrator and, if so,
puts them in admin mode and redirects them to the admin resource they
originally requested. It sends them back to the main page if their
requested URL is unsafe. The username and password are stored in
the database.
'''
if is_logged_in():
return redirect(url_for('web.display_admin'))
target_url = request.values.get('next') or url_for('web.display_admin')
if not is_safe_url(target_url):
return redirect(url_for('web.display_index'))
form = Users()
if form.is_submitted():
# Check if the cancel button has been pressed; the form value will be
# 'Cancel' but this doesn't need to be checked.
if request.form.get('cancel'):
return redirect(url_for('web.display_index'))
if form.validate():
user = Users.read_unit(form.nameField.data)
if (user is not None) and \
(custom_app_context.verify(form.passwordField.data,
user['password'])):
session['logged_in'] = True
return redirect(target_url)
flash('invalid login...', 'error')
return display_content(
form=form,
next=target_url,
title='Login',
breadcrumbs=get_breadcrumbs('login')
)
def decorated_function(*args, **kwargs):
if not is_logged_in():
return redirect(url_for('web.login', next=request.url))
return f(*args, **kwargs)