def post(self): self.check_xsrf_cookie() try: username = self.get_argument('username', None) if not username: raise ValueError('missing username') password = self.get_argument('password', None) if not password: raise ValueError('missing password') user = self.get_user(username) if user is None: raise ValueError('invalid username or password') if user['password'] != utils.hashed_password(password): raise ValueError('invalid username or password') except ValueError, msg: self.see_other('home', error="Login failure: {}".format(msg))
def create_user(db): "Get user information from command line." print('Provide information for the new user...') username = raw_input('username > ') if not username: raise ValueError('username is required') if not constants.NAME_RX.match(username): raise ValueError('invalid username') view = db.view('user/username') if len(view[username]) > 0: raise ValueError('username already in use') email = raw_input('email > ') if not email: raise ValueError('email is required') if not constants.EMAIL_RX.match(email): raise ValueError('invalid email') role = raw_input('role [admin] > ') if not role: role = 'admin' role = utils.normalize(role) if role not in constants.ROLES: raise ValueError('invalid role') password = getpass.getpass('password > ') if not password: raise ValueError('password is required') if len(password) < constants.MIN_PASSWORD_LENGTH: raise ValueError("too short password; must be at least {} characters". format(constants.MIN_PASSWORD_LENGTH)) doc = {'_id': utils.get_iuid(), constants.DOCTYPE: constants.USER, 'username': username, 'email': email, 'role': role, 'password': utils.hashed_password(password), 'owner': username, 'created': utils.timestamp(), 'modified': utils.timestamp()} db.save(doc)