def login():
'''login page'''
# pylint: disable=too-many-return-statements
if USER:
if is_json_request():
return status_json_ok()
return redirect('/')
# regenerate CSRF token
if request.method == 'GET':
# pylint: disable=global-statement
global SESSION
SESSION = session.regenerate_csrf(SESSIONMANAGER)
def gather_errors():
'''validate login'''
username = request.forms.get('username')
password = request.forms.get('password')
if not USERMANAGER.test_password(username, password):
return [_('Invalid username or password')]
return []
if request.method == 'POST':
errors = gather_errors()
if not errors:
SESSION['valid'] = True
SESSION['name'] = request.forms.get('username')
SESSIONMANAGER.regenerate_session(SESSION)
if is_json_request():
return status_json_ok()
return redirect('/')
else:
if is_json_request():
return dump_json({'status': 'fail', 'errors': errors})
return template('login', errors=errors)
if is_json_request():
return abort(400, _('username and password fields missing as POST request'))
return template('login', errors=[])
def register():
'''register page'''
# pylint: disable=too-many-branches, too-many-return-statements
if USER:
if is_json_request():
abort(400, _('already registered'))
return redirect('/')
# regenerate CSRF token
if request.method == 'GET':
# pylint: disable=global-statement
global SESSION
SESSION = session.regenerate_csrf(SESSIONMANAGER)
def gather_errors():
'''validate registeration'''
username = request.forms.get('username')
email = request.forms.get('email')
password1 = request.forms.get('password')
password2 = request.forms.get('confirm_password')
errors = []
jsstr = js_translations('register')
if len(username) < 3:
errors.append(jsstr['username_length'].format(3))
if len(password1) < 8:
errors.append(jsstr['password_length'].format(8))
if password1 != password2:
errors.append(jsstr['password_confirm'])
if not email or not re.match(r'[^@]+@[^@]+\.[^@]+', email):
errors.append(jsstr['email'])
# create user
if not errors:
user = USERMANAGER.get_user(username)
if user:
errors.append(_('Username already in use'))
else:
user = USERMANAGER.get_user(username, SESSION['sessionid'], (password1, SESSION['CSRF']), email)
if not user:
errors.append(_('Database error: Failed to create user into database'))
return errors
if request.method == 'POST':
errors = gather_errors()
if not errors:
if is_json_request():
return status_json_ok()
# content = '<p>{}<br/>{}</p>'.format(_('Thank you for registering!'),
# _('We have sent verification mail to your e-mail.'))
content = '<p>{}<br/>{}</p>'.format(_('Thank you for registering!'),
_('You can now proceed to the login page.'))
return template('register', content=content, errors=[])
else:
if is_json_request():
return dump_json({'status': 'fail', 'errors': errors})
return template('register', content=None, errors=errors)
if is_json_request():
return abort(400, _('username and password fields missing as POST request'))
return template('register', content=None, errors=[])