Example #1
0
def load_user(id):
    u = pg.select1r(g.db.cursor(), 'usager', where={'usager_id': id})
    if u:
        # VERY IMPORTANT: here we set the PG role corresponding to the usager, to enforce
        # that its associated privileges will be taken into account
        g.db.cursor().execute('set role %s', [u['usager_nom']])
        return User(u)
    return None
Example #2
0
def login():
    un = request.form["username"]
    pw = request.form["password"]
    u = pg.select1r(g.db.cursor(), 'usager', where={'usager_nom': un})
    if u:
        u = pg.select1r(g.db.cursor(), 'usager',
                        what=["mdp_hash = (select crypt('%s', mdp_hash)) is_pw_ok" % pw,
                              'usager.*'], where={'usager_nom': un})
        if u['is_pw_ok']:
            login_user(User(u), remember=('remember' in request.form))
            u = dict(u)
            del u['mdp_hash']
            u['success'] = True
            return u
        else:
            return {'success': False, 'error': 'password'}
    # in principle it's not a good practice to reveal the login error (pw/user),
    # but.. as it's definitely more user-friendly, let's do it anyway!
    return {'success': False, 'error': 'username'}