def auth_login(auth, registration_form=None, forgot_password_form=None, **kwargs):
"""If GET request, show login page. If POST, attempt to log user in if
login form passsed; else send forgot password email.
"""
if auth.logged_in:
if not request.args.get('logout'):
return redirect('/dashboard/')
logout()
direct_call = registration_form or forgot_password_form
if request.method == 'POST' and not direct_call:
form = SignInForm(request.form)
if form.validate():
twofactor_code = None
if 'twofactor' in website.settings.ADDONS_REQUESTED:
twofactor_code = form.two_factor.data
try:
response = login(
form.username.data,
form.password.data,
twofactor_code
)
return response
except exceptions.LoginDisabledError:
status.push_status_message(language.DISABLED, 'error')
except exceptions.LoginNotAllowedError:
status.push_status_message(language.UNCONFIRMED, 'warning')
# Don't go anywhere
return {'next_url': ''}
except exceptions.PasswordIncorrectError:
status.push_status_message(language.LOGIN_FAILED)
except exceptions.TwoFactorValidationError:
status.push_status_message(language.TWO_FACTOR_FAILED)
forms.push_errors_to_status(form.errors)
if kwargs.get('first', False):
status.push_status_message('You may now log in')
# Get next URL from GET / POST data
next_url = request.args.get(
'next',
request.form.get(
'next_url',
''
)
)
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.')
code = http.OK
if next_url:
status.push_status_message(language.MUST_LOGIN)
# Don't raise error if user is being logged out
if not request.args.get('logout'):
code = http.UNAUTHORIZED
return {'next_url': next_url}, code
def auth_login(auth,
registration_form=None,
forgot_password_form=None,
**kwargs):
"""If GET request, show login page. If POST, attempt to log user in if
login form passsed; else send forgot password email.
"""
if auth.logged_in:
if not request.args.get('logout'):
return redirect('/dashboard/')
logout()
direct_call = registration_form or forgot_password_form
if request.method == 'POST' and not direct_call:
form = SignInForm(request.form)
if form.validate():
twofactor_code = None
if 'twofactor' in website.settings.ADDONS_REQUESTED:
twofactor_code = form.two_factor.data
try:
response = login(form.username.data, form.password.data,
twofactor_code)
return response
except exceptions.LoginDisabledError:
status.push_status_message(language.DISABLED, 'error')
except exceptions.LoginNotAllowedError:
status.push_status_message(language.UNCONFIRMED, 'warning')
# Don't go anywhere
return {'next_url': ''}
except exceptions.PasswordIncorrectError:
status.push_status_message(language.LOGIN_FAILED)
except exceptions.TwoFactorValidationError:
status.push_status_message(language.TWO_FACTOR_FAILED)
forms.push_errors_to_status(form.errors)
if kwargs.get('first', False):
status.push_status_message('You may now log in')
# Get next URL from GET / POST data
next_url = request.args.get('next', request.form.get('next_url', ''))
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.')
code = http.OK
if next_url:
status.push_status_message(language.MUST_LOGIN)
# Don't raise error if user is being logged out
if not request.args.get('logout'):
code = http.UNAUTHORIZED
return {'next_url': next_url}, code
def signin_form():
return form_utils.jsonify(SignInForm())
