def authenticate(username, password, redirect_after=True, from_http_auth=False):
q = Session.query(users.User)
q = q.filter(sa.or_(users.User.username==username, users.User.email==username))
u = q.first()
if u and u.is_active and u.does_password_match(password):
return login(u, redirect_after=redirect_after, from_http_auth=from_http_auth)
else:
raise exceptions.ClientException('Email and password do not match.', code=exceptions.MISMATCH, field='password')
return None
def get_user(key='user'):
"""
Gets the user model object if user has logged on. Will be the pretend
user if an admin is pretending to be someone.
Returns/sets a cached copy (from the context c var)
"""
if getattr(c, key):
return getattr(c, key)
user_id = session.get(key)
if user_id:
setattr(c, key, Session.query(users.User).outerjoin(users.UserPreference).filter(users.User.id == user_id).first())
if session['user'] == session['real_user']:
c.user = c.real_user = getattr(c, key)
else:
setattr(c, key, None)
return getattr(c, key)
