def register_user(request): session = DBSession() matchdict = request.matchdict if (request.logged_in): request.session.flash(_("You are already logged in and therefore cannot register for a new account.")) return HTTPFound(location = route_url("home", request)) login_url = route_url('login', request) referrer = request.url if (referrer == login_url): referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) fs = None if 'submitted' in request.params: fs = RegisterUserFieldSet().bind(User, session = session, data = request.params or None) valid = fs.validate() if valid: user = User() password = bcrypt.hashpw(fs.password1.value, bcrypt.gensalt()) # TODO # Shouldn't have to do this, but doing it for simplicity now user.username = fs.username.value user.password = password user.given_name = fs.given_name.value user.surname = fs.surname.value user.homepage = fs.homepage.value #user.email = fs.email.value user.email = bcrypt.hashpw(fs.email.value, bcrypt.gensalt()) user.created_time = time.time() user.user_type = User.NORMAL session.add(user) session.flush() User.addToGroup(fs.username.value, "nexus") request.session["username"] = fs.username.value headers = remember(request, User.getID(fs.username.value)) request.session.flash(_("You have successfully created a new account!")) return HTTPFound(location = route_url("home", request), headers = headers) if (fs is None): fs = RegisterUserFieldSet().bind(User, session = session) form = fs.render() return dict(form = form, title = _("Register new user"))
def register_user_openid(request): session = DBSession() matchdict = request.matchdict if (request.logged_in): request.session.flash(_("You are already logged in and therefore cannot register for a new account.")) return HTTPFound(location = route_url("home", request)) fs = OpenIDUserFieldSet().bind(User, session = session) fs.append(Field("openid_url", value = request.params.get("openid_url", "")).hidden()) if 'submitted' in request.params: fs = OpenIDUserFieldSet().bind(User, session = session, data = request.params or None) valid = fs.validate() if valid: user = User() # TODO # Shouldn't have to do this, but doing it for simplicity now # Should validate that the username is unique user.username = fs.username.value user.given_name = fs.given_name.value user.surname = fs.surname.value user.homepage = fs.homepage.value user.user_type = User.OPENID now = time.time() user.created_time = now user.password = bcrypt.hashpw(str(int(now)), bcrypt.gensalt()) session.add(user) session.flush() User.addToGroup(fs.username.value, "nexus") request.session["username"] = fs.username.value user_id = User.getID(fs.username.value) openid = OpenID(openid_url = request.params.get("openid_url", ""), user_id = user_id) session.add(openid) headers = remember(request, user_id) request.session["username"] = fs.username.value request.session.flash(_("You have successfully registered!")) return HTTPFound(location = route_url("home", request), headers = headers) form = fs.render() return dict(form = form, title = _("Register new user"))
def login(request): login_url = route_url("login", request) logged_in = authenticated_userid(request) if logged_in: request.session.flash(_("You are already logged in and therefore cannot register for a new account.")) return HTTPFound(location=route_url("home", request)) referrer = request.url if referrer == login_url: referrer = "/" # never use the login form itself as came_from came_from = request.params.get("came_from", referrer) login = "" password = "" if "submitted" in request.params: session = DBSession() login = request.params["login"] password = request.params["password"] if User.checkPassword(login, password) and (User.checkTypeByUsername(login) != User.FORGOT_PASSWORD): request.session["username"] = login headers = remember(request, User.getID(login)) return HTTPFound(location=came_from, headers=headers) request.session.flash("Failed login") return dict( url=request.application_url + "/login", came_from=came_from, login=login, title="Fluid Nexus login", logged_in=logged_in, password=password, )