def post(self):
self.check_xsrf_cookie()
try:
username = self.get_argument('username', None)
if not username:
raise ValueError('missing username')
password = self.get_argument('password', None)
if not password:
raise ValueError('missing password')
user = self.get_user(username)
if user is None:
raise ValueError('invalid username or password')
if user['password'] != utils.hashed_password(password):
raise ValueError('invalid username or password')
except ValueError, msg:
self.see_other('home', error="Login failure: {}".format(msg))
def create_user(db):
"Get user information from command line."
print('Provide information for the new user...')
username = raw_input('username > ')
if not username:
raise ValueError('username is required')
if not constants.NAME_RX.match(username):
raise ValueError('invalid username')
view = db.view('user/username')
if len(view[username]) > 0:
raise ValueError('username already in use')
email = raw_input('email > ')
if not email:
raise ValueError('email is required')
if not constants.EMAIL_RX.match(email):
raise ValueError('invalid email')
role = raw_input('role [admin] > ')
if not role:
role = 'admin'
role = utils.normalize(role)
if role not in constants.ROLES:
raise ValueError('invalid role')
password = getpass.getpass('password > ')
if not password:
raise ValueError('password is required')
if len(password) < constants.MIN_PASSWORD_LENGTH:
raise ValueError("too short password; must be at least {} characters".
format(constants.MIN_PASSWORD_LENGTH))
doc = {'_id': utils.get_iuid(),
constants.DOCTYPE: constants.USER,
'username': username,
'email': email,
'role': role,
'password': utils.hashed_password(password),
'owner': username,
'created': utils.timestamp(),
'modified': utils.timestamp()}
db.save(doc)
