def login(): if flask.request.method == "GET": account_cookie = flask.request.cookies.get('account') if util.valid_cookie_val(account_cookie): return flask.redirect("/report") else: return flask.render_template("login.html") elif flask.request.method == "POST": email = flask.request.form.get('email') password = flask.request.form.get('password') # I think, based on some experiment, checked checkbox will return a # unicode empty string, else it's None rmbme = flask.request.form.get('rmbme') params = dict(email=email, password=password) if not util.valid_email(email): params['error_email'] = "That's not a valid email." return flask.render_template("login.html", **params) else: emails = fetch_registered_emails() if email not in emails: params[ 'error_email'] = "This email hasn't been registered yet." return flask.render_template("login.html", **params) else: account = db.session.query(Account).filter( Account.email == email).all() account = account[0] if not util.correct_password(email, password, account.password): params['error_password'] = "******" return flask.render_template("login.html", **params) else: # Note: account.password is the hashed value if rmbme is None: #### it works here, but too messy about cookie setting #### by different urls cookie_val = util.make_secure_cookie_val( str(account.id)) response = flask.make_response( flask.redirect("/report")) response.headers[ 'Set-Cookie'] = 'account={0};Path=/;'.format( cookie_val) return response else: response = set_account_cookie_and_redirect( account.id, "/report") return response
def login(): if flask.request.method == "GET": account_cookie = flask.request.cookies.get('account') if util.valid_cookie_val(account_cookie): return flask.redirect("/report") else: return flask.render_template("login.html") elif flask.request.method == "POST": email = flask.request.form.get('email') password = flask.request.form.get('password') # I think, based on some experiment, checked checkbox will return a # unicode empty string, else it's None rmbme = flask.request.form.get('rmbme') params = dict(email = email, password=password) if not util.valid_email(email): params['error_email'] = "That's not a valid email." return flask.render_template("login.html", **params) else: emails = fetch_registered_emails() if email not in emails: params['error_email'] = "This email hasn't been registered yet." return flask.render_template("login.html", **params) else: account = db.session.query(Account).filter(Account.email==email).all() account = account[0] if not util.correct_password(email, password, account.password): params['error_password'] = "******" return flask.render_template("login.html", **params) else: # Note: account.password is the hashed value if rmbme is None: #### it works here, but too messy about cookie setting #### by different urls cookie_val = util.make_secure_cookie_val(str(account.id)) response = flask.make_response(flask.redirect("/report")) response.headers['Set-Cookie'] = 'account={0};Path=/;'.format(cookie_val) return response else: response = set_account_cookie_and_redirect( account.id, "/report") return response
def decorated(*args, **kwargs): auth = util.valid_cookie_val(flask.request.cookies.get('account')) if not auth: return flask.redirect(flask.url_for("login")) return f(*args, **kwargs)