Exemple #1
0
    def POST(self, USERNAME, PASSWORD, LOGIN_BUTTON="", url=""):

        if LOGIN_BUTTON:
            if user_exists(USERNAME):

                if potential_attack(USERNAME):
                    deactivate_user(USERNAME)
                    logger.security("user account deactivated")

                elif user.login(USERNAME, PASSWORD):
                    username = user.username
                    user_id = user.id
                    msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals()
                    logger.info("user %s successfully logged in" % USERNAME)
                    logger.activity("session", msg)
                    return redirect_to("/")
            else:
                logger.security("unknown username (%s)" % USERNAME)

            logger.security("failed login attempt", USERNAME)
            error("invalid username or password")

        else:
            # API call
            if user.login(USERNAME, PASSWORD):
                return "OK"
            else:
                return "FAIL"
Exemple #2
0
    def login_button(self):

        if login_form.validate(data):

            values = login_form.evaluate()

            username = values['USERNAME']
            password = values['PASSWORD']
            remember_me = values['REMEMBER_ME']

            as_api = os.environ.get('HTTP_ACCEPT','') == 'application/json'

            if user_exists(username):
                if potential_attack(username):
                    deactivate_user(username)
                    logger.security('user account (%s) deactivated' % username)
                elif user.login(username, password, remember_me):
                    if as_api:
                        logger.info('user %s successfully logged in via api' % username)
                        return '{}'
                    else:
                        username = user.username
                        user_id = user.id
                        msg = '<a href="/users/%(user_id)s">%(username)s</a> logged in' % locals()
                        logger.activity('session', msg)
                        logger.info('user %s successfully logged in' % username)

                        referrer = data.get('referrer')
                        if referrer:
                            return redirect_to(referrer)
                        return redirect_to('/'+user.default_app)
            else:
                logger.security('unknown username (%s)' % username)
            logger.security('failed login attempt', username)

            if as_api:
                return '{"message": "invalid username or password"}'
            else:
                error('invalid username or password')