def login(self):
title = "Login"
login_url = self.request.route_url('login')
referrer = self.request.url
if referrer == login_url:
referrer = '/myaccount' # never use the login form itself as came_from
came_from = self.request.params.get('came_from', referrer)
message = ''
error_cls = ''
form = Form(self.request, schema=LoginForm)
if 'form_submitted' in self.request.POST and form.validate():
'''
try:
resp = self.request.POST['g-recaptcha-response']
except:
message="Slow network, please solve the challenge"
return dict(title=title,
message = message,
form =FormRenderer(form),
error_cls = error_cls,
url = self.request.application_url + '/login',
came_from = came_from)
recaptcha_r = requests.post(recaptcha_endpoint, dict(secret=buddy_settings('recaptcha_secret'),
response=resp))
rdata = recaptcha_r.json()
if rdata:
if not rdata['success']:
message="Failed recaptcha, please solve the challenge"
error_cls = 'has-error'
return dict(title=title,
message = message,
form =FormRenderer(form),
error_cls = error_cls,
url = self.request.application_url + '/login',
came_from = came_from)
'''
email = form.data['email']
password = form.data['password']
user = Users.get_by_email(email)
if Users.check_password(email, password):
headers = buddy_remember(self.request, user)
return HTTPFound(location=came_from, headers=headers)
message = 'Failed login, incorrect email or password, Please try again'
error_cls = 'has-error'
return dict(title=title,
message=message,
form=FormRenderer(form),
error_cls=error_cls,
url=self.request.application_url + '/login',
came_from=came_from)
def passforgot(request):
form = Form(request, schema=ForgotPasswordForm)
if 'form_submitted' in request.POST and form.validate():
user = Users.get_by_email(form.data['email'])
if user:
timestamp = time.time() + 3600
hmac_key = hmac.new(
'%s:%s:%d' % (str(user.id), 'r5$55g35%4#$:l3#24&', timestamp),
user.email).hexdigest()[0:10]
time_key = base64.urlsafe_b64encode('%d' % timestamp)
email_hash = '%s%s' % (hmac_key, time_key)
email_forgot(request, user.id, user.email, email_hash)
request.session.flash('success; Password reset email sent')
return HTTPFound(location=request.route_url('login'))
request.session.flash('danger; No user with the given email address')
return HTTPFound(location=request.route_url('login'))
request.session.flash('danger; No such user')
return HTTPFound(location=request.route_url('login'))
def _to_python(self, value, user):
'Check whether the value is unique'
if Users.get_by_email(value) is None:
raise Invalid('Sorry that email doesn\'t exist.', value, user)
# Return
return value
def check_email(request):
email = request.params.get('email')
if Users.get_by_email(email):
return "The email you entered is already in use"
return "true"