Exemple #1
0
def admin():
    """Admin authentication.

    When ADMIN_PASSWORD is empty, admin authentication is deactivated.
    """
    form = AdminAuthenticationForm()
    goto = request.args.get('goto', url_for('.home'))
    is_admin_auth_enabled = bool(current_app.config['ADMIN_PASSWORD'])
    if request.method == "POST":
        client_ip = request.remote_addr
        if not login_throttler.is_login_allowed(client_ip):
            msg = _("Too many failed login attempts, please retry later.")
            form.errors['admin_password'] = [msg]
            return render_template("admin.html", form=form, admin_auth=True,
                                   is_admin_auth_enabled=is_admin_auth_enabled)
        if form.validate():
            # Valid password
            if (check_password_hash(current_app.config['ADMIN_PASSWORD'],
                                    form.admin_password.data)):
                session['is_admin'] = True
                session.update()
                login_throttler.reset(client_ip)
                return redirect(goto)
            # Invalid password
            login_throttler.increment_attempts_counter(client_ip)
            msg = _("This admin password is not the right one. Only %(num)d attempts left.",
                    num=login_throttler.get_remaining_attempts(client_ip))
            form.errors['admin_password'] = [msg]
    return render_template("admin.html", form=form, admin_auth=True,
                           is_admin_auth_enabled=is_admin_auth_enabled)
Exemple #2
0
def admin():
    """Admin authentication.

    When ADMIN_PASSWORD is empty, admin authentication is deactivated.
    """
    form = AdminAuthenticationForm()
    goto = request.args.get('goto', url_for('.home'))
    is_admin_auth_enabled = bool(current_app.config['ADMIN_PASSWORD'])
    if request.method == "POST":
        client_ip = request.remote_addr
        if not login_throttler.is_login_allowed(client_ip):
            msg = _("Too many failed login attempts, please retry later.")
            form.errors['admin_password'] = [msg]
            return render_template("admin.html", form=form, admin_auth=True,
                                   is_admin_auth_enabled=is_admin_auth_enabled)
        if form.validate():
            # Valid password
            if (check_password_hash(current_app.config['ADMIN_PASSWORD'],
                                    form.admin_password.data)):
                session['is_admin'] = True
                session.update()
                login_throttler.reset(client_ip)
                return redirect(goto)
            # Invalid password
            login_throttler.increment_attempts_counter(client_ip)
            msg = _("This admin password is not the right one. Only %(num)d attempts left.",
                    num=login_throttler.get_remaining_attempts(client_ip))
            form.errors['admin_password'] = [msg]
    return render_template("admin.html", form=form, admin_auth=True,
                           is_admin_auth_enabled=is_admin_auth_enabled)