def signup(token): email, key = get_email_from_signature(token, 'signup') social_service = session.get('social.service') social_uuid = session.get('social.uuid') if social_service and social_uuid: social = SocialUser.query.get((social_service, social_uuid)) if social.user_id: social = None else: social = None form = RegisterForm() form.email.data = email if form.validate_on_submit(): user = form.create_user() redis.delete(key) if social: session.pop('social.service', None) session.pop('social.uuid', None) social.user_id = user.id with db.auto_commit(): db.session.add(social) UserSession.login(user, True) return redirect('/') return render_template( 'account/signup.html', form=form, email=email, social=social, )
def social_authorize(name): social = SocialUser.handle_authorized_response(name) if social is None: return 'error' if current_user and not social.user_id: social.user_id = current_user.id with db.auto_commit(): db.session.add(social) if social.user_id: user = User.cache.get(social.user_id) UserSession.login(user, True) next_url = session.pop('next_url', '/') return redirect(next_url) session['social.service'] = social.service session['social.uuid'] = social.uuid if name == 'google' and social.info.get('verified_email'): email = social.info.get('email') if email: token = create_email_signature(email, 'signup') url = url_for('.signup', token=token) return redirect(url) return 'TODO'
def login(): form = LoginForm() if form.validate_on_submit(): UserSession.login(form.user, True) next_url = request.args.get('next_url', '/') return redirect(next_url) return render_template('account/login.html', form=form)
def login(self): user = User.query.first() with self.app.test_request_context(): UserSession.login(user) with self.client.session_transaction() as sess: sess['id'] = user.id return user
def login_session(): if request.method == 'DELETE': if UserSession.logout(): return '', 204 return jsonify(status='error'), 400 if request.mimetype == 'application/json': username, password = parse_auth_headers() else: username = request.form.username password = request.form.password if not username or not password: return jsonify( status='error', error_code='missing_required_field', error_description='Username and password are required.' ), 400 # can only try login a user 5 times prefix = 'limit:login:{0}:{1}'.format(username, request.remote_addr) ratelimit(prefix, 5, 3600) prefix = 'limit:login:{0}'.format(request.remote_addr) ratelimit(prefix, 60, 3600) if '@' in username: user = User.cache.filter_first(email=username) else: user = User.cache.filter_first(username=username) if not user or not user.check_password(password): return handle_login_failed(username, user) data = request.get_json() permanent = data.get('permanent', False) UserSession.login(user, permanent) return jsonify(user), 201
def login_session(): if request.method == 'DELETE': if UserSession.logout(): return '', 204 return jsonify(status='error'), 400 if request.mimetype == 'application/json': username, password = parse_auth_headers() else: username = request.form.username password = request.form.password if not username or not password: return jsonify( status='error', error_code='missing_required_field', error_description='Username and password are required.'), 400 # can only try login a user 5 times prefix = 'limit:login:{0}:{1}'.format(username, request.remote_addr) ratelimit(prefix, 5, 3600) prefix = 'limit:login:{0}'.format(request.remote_addr) ratelimit(prefix, 60, 3600) if '@' in username: user = User.cache.filter_first(email=username) else: user = User.cache.filter_first(username=username) if not user or not user.check_password(password): return handle_login_failed(username, user) data = request.get_json() permanent = data.get('permanent', False) UserSession.login(user, permanent) return jsonify(user), 201