def load_user(id):
u = pg.select1r(g.db.cursor(), 'usager', where={'usager_id': id})
if u:
# VERY IMPORTANT: here we set the PG role corresponding to the usager, to enforce
# that its associated privileges will be taken into account
g.db.cursor().execute('set role %s', [u['usager_nom']])
return User(u)
return None
def login():
un = request.form["username"]
pw = request.form["password"]
u = pg.select1r(g.db.cursor(), 'usager', where={'usager_nom': un})
if u:
u = pg.select1r(g.db.cursor(), 'usager',
what=["mdp_hash = (select crypt('%s', mdp_hash)) is_pw_ok" % pw,
'usager.*'], where={'usager_nom': un})
if u['is_pw_ok']:
login_user(User(u), remember=('remember' in request.form))
u = dict(u)
del u['mdp_hash']
u['success'] = True
return u
else:
return {'success': False, 'error': 'password'}
# in principle it's not a good practice to reveal the login error (pw/user),
# but.. as it's definitely more user-friendly, let's do it anyway!
return {'success': False, 'error': 'username'}
