def handle_login( controller, form, responder, user, rem=None, signature=None, **kwargs ): # check captcha before login (if any) since its answer might # change once c.user is set. captcha_shown = not signature and need_provider_captcha("login") def _event(error, captcha_shown=captcha_shown): g.events.login_event( 'login_attempt', error_msg=error, user_name=request.urlvars.get('url_user'), remember_me=rem, signature=signature, captcha_shown=captcha_shown, request=request, context=c) if signature and not signature.is_valid(): _event(error="SIGNATURE") abort(403) hook_error = hooks.get_hook("account.login").call_until_return( responder=responder, request=request, context=c, ) # if any of the hooks returned an error, abort the login. The # set_error in this case also needs to exist in the hook. if hook_error: _event(error=hook_error) return exempt_ua = (request.user_agent and any(ua in request.user_agent for ua in g.config.get('exempt_login_user_agents', ()))) if (errors.LOGGED_IN, None) in c.errors: if user == c.user or exempt_ua: # Allow funky clients to re-login as the current user. c.errors.remove((errors.LOGGED_IN, None)) else: _event(error='LOGGED_IN') abort(reddit_http_error(409, errors.LOGGED_IN)) if responder.has_errors("ratelimit", errors.RATELIMIT): _event(error='RATELIMIT') elif responder.has_errors("passwd", errors.WRONG_PASSWORD): _event(error='WRONG_PASSWORD') # last but not least, we have to check the captcha elif (not signature and not g.disable_captcha and not valid_provider_captcha(responder, "login")): _event(error='BAD_CAPTCHA') else: controller._login(responder, user, rem) _event(error=None)
def handle_register( controller, form, responder, name, email, password, rem=None, newsletter_subscribe=False, sponsor=False, signature=None, **kwargs ): # check captcha before register (if any) since its answer might # change once c.user is set. captcha_shown = not signature and need_provider_captcha("register") def _event(error, captcha_shown=captcha_shown): g.events.login_event( 'register_attempt', error_msg=error, user_name=request.urlvars.get('url_user'), email=request.POST.get('email'), remember_me=rem, newsletter=newsletter_subscribe, captcha_shown=captcha_shown, signature=signature, request=request, context=c) if signature and not signature.is_valid(): _event(error="SIGNATURE") abort(403) if responder.has_errors('user', errors.USERNAME_TOO_SHORT): _event(error='USERNAME_TOO_SHORT') elif responder.has_errors('user', errors.USERNAME_INVALID_CHARACTERS): _event(error='USERNAME_INVALID_CHARACTERS') elif responder.has_errors('user', errors.USERNAME_TAKEN_DEL): _event(error='USERNAME_TAKEN_DEL') elif responder.has_errors('user', errors.USERNAME_TAKEN): _event(error='USERNAME_TAKEN') elif responder.has_errors('email', errors.BAD_EMAIL): _event(error='BAD_EMAIL') elif responder.has_errors('passwd', errors.SHORT_PASSWORD): _event(error='SHORT_PASSWORD') elif responder.has_errors('passwd', errors.BAD_PASSWORD): # BAD_PASSWORD is set when SHORT_PASSWORD is set _event(error='BAD_PASSWORD') elif responder.has_errors('passwd2', errors.BAD_PASSWORD_MATCH): _event(error='BAD_PASSWORD_MATCH') elif responder.has_errors('ratelimit', errors.RATELIMIT): _event(error='RATELIMIT') elif newsletter_subscribe and not email: c.errors.add(errors.NEWSLETTER_NO_EMAIL, field="email") form.has_errors("email", errors.NEWSLETTER_NO_EMAIL) _event(error='NEWSLETTER_NO_EMAIL') elif sponsor and not email: c.errors.add(errors.SPONSOR_NO_EMAIL, field="email") form.has_errors("email", errors.SPONSOR_NO_EMAIL) _event(error='SPONSOR_NO_EMAIL') # last but not least, we have to check the captcha elif (not signature and not g.disable_captcha and not valid_provider_captcha(responder, "register")): _event(error='BAD_CAPTCHA') else: try: user = register(name, password, request.ip) except AccountExists: c.errors.add(errors.USERNAME_TAKEN, field="user") form.has_errors("user", errors.USERNAME_TAKEN) _event(error='USERNAME_TAKEN') return VRatelimit.ratelimit(rate_ip=True, prefix="rate_register_") # anything else we know (email, languages)? if email: user.set_email(email) emailer.verify_email(user) user.pref_lang = c.lang if (is_api("html") and feature.is_enabled("new_user_onboarding", user=user)): user.has_been_onboarded = False user._commit() amqp.add_item('new_account', user._fullname) hooks.get_hook("account.registered").call(user=user) reject = hooks.get_hook("account.spotcheck").call(account=user) if any(reject): _event(error='ACCOUNT_SPOTCHECK') return if newsletter_subscribe and email: try: newsletter.add_subscriber(email, source="register") except newsletter.NewsletterError as e: g.log.warning("Failed to subscribe: %r" % e) controller._login(responder, user, rem) _event(error=None)