Beispiel #1
0
def check_login_form(request):
    username = request.params['username']
    password = request.params['password']
    dbsession = request.db
    try:
        user = dbsession.query(User).filter_by(username=username).one()
    except NoResultFound:
        return False
    try:
        dbpass = dbsession.query(Password).filter_by(user_id=user.id).one()
    except NoResultFound:
        return False
    authenticated = check_password(dbpass.password, password)
    if authenticated:
        # when we attach the user object to the session
        # we can't use the actual db object without rebinding
        # to the db later, creating excessive traffic.  To
        # mitigate this, an attribute container in the form
        # of the db object is used instead.
        uc = UserContainer()
        uc.username = user.username
        uc.id = user.id
        uc.groups = user.get_groups()
        request.session['user'] = uc
    return authenticated
Beispiel #2
0
def check_old_password(request, password):
    dbpass = get_password(request)
    return check_password(dbpass.password, password)
Beispiel #3
0
def check_old_password(request, password):
    dbpass = get_password(request)
    return check_password(dbpass.password, password)