def POST(self, USERNAME, PASSWORD, LOGIN_BUTTON="", url=""): if LOGIN_BUTTON: if user_exists(USERNAME): if potential_attack(USERNAME): deactivate_user(USERNAME) logger.security("user account deactivated") elif user.login(USERNAME, PASSWORD): username = user.username user_id = user.id msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals() logger.info("user %s successfully logged in" % USERNAME) logger.activity("session", msg) return redirect_to("/") else: logger.security("unknown username (%s)" % USERNAME) logger.security("failed login attempt", USERNAME) error("invalid username or password") else: # API call if user.login(USERNAME, PASSWORD): return "OK" else: return "FAIL"
def login_button(self): if login_form.validate(data): values = login_form.evaluate() username = values['USERNAME'] password = values['PASSWORD'] remember_me = values['REMEMBER_ME'] as_api = os.environ.get('HTTP_ACCEPT','') == 'application/json' if user_exists(username): if potential_attack(username): deactivate_user(username) logger.security('user account (%s) deactivated' % username) elif user.login(username, password, remember_me): if as_api: logger.info('user %s successfully logged in via api' % username) return '{}' else: username = user.username user_id = user.id msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals() logger.activity('session', msg) logger.info('user %s successfully logged in' % username) referrer = data.get('referrer') if referrer: return redirect_to(referrer) return redirect_to('/'+user.default_app) else: logger.security('unknown username (%s)' % username) logger.security('failed login attempt', username) if as_api: return '{"message": "invalid username or password"}' else: error('invalid username or password')