def check_creds(request, caps=[None]): user = User.authenticated(request) digest = AccessCapability.present(request.session.get_csrf_token()) offered = set(request.POST.getall(AUTH_POST_KEY)) if caps is None: caps = [None] if user is None else AccessCapability.usable(user=user) return [c for c in caps if digest(c) in offered and (c is None or c.user == user)]
def offer_creds(request, caps=[None]): digest = AccessCapability.present(request.session.get_csrf_token()) ret = '' for cap in caps: ret += '<input type="hidden" name="%s" value="%s" />\n' % (AUTH_POST_KEY, digest(cap)) return HTML(ret)