def login(request):
log.info("Inside Login Function")
login = request.json_body['login']
passwd = request.json_body['password']
#role = request.json_body['role']
role = 0
ret = None
# TODO: Board role
# Admin and VO role login
if role == 0 or role == 2:
user = UserLoginMaster.by_login(request.dbsession, login)
if user and user.check_password(passwd):
headers = remember(request, login)
request.response.headerlist.extend(headers)
# set the new csrf token in response
new_csrf_token(request)
request.session["login"] = user.slum_login
request.session["name"] = user.slum_name
request.session["id"] = user.id
request.session["role"] = user.slum_role
request.session["title"] = user.slum_title
request.session["token"] = new_csrf_token(request)
ret = compute_whoami(request, login)
else:
headers = forget(request)
request.response.headerlist.extend(headers)
ret = compute_whoami(request, None)
return ret
def logout(request):
next_url = request.route_url('view_wiki')
if request.method == 'POST':
new_csrf_token(request)
headers = forget(request)
return HTTPSeeOther(location=next_url, headers=headers)
return HTTPSeeOther(location=next_url)
def login_handler(request):
valid = True
error = {}
form_username = request.POST.get('username').lower()
form_password = request.POST.get('password')
db_user = request.dbsession.query(User).filter_by(
username=form_username).first()
if db_user and check_password(form_password, db_user.password):
id_ = db_user.user_id
headers = remember(request, id_)
new_csrf_token(request)
return HTTPFound(location=request.route_url('home'), headers=headers)
error['incorrect'] = 'Check username or password'
return {
'error': error,
'page_title': 'Login',
'project': 'To-Do',
}
def login(request):
next_url = request.params.get('next', request.referrer)
if not next_url:
next_url = request.route_url('view_wiki')
message = ''
login = ''
if request.method == 'POST':
login = request.params['login']
password = request.params['password']
user = (request.dbsession.query(
models.User).filter_by(name=login).first())
if user is not None and user.check_password(password):
new_csrf_token(request)
headers = remember(request, user.id)
return HTTPSeeOther(location=next_url, headers=headers)
message = 'Failed login'
request.response.status = 400
return dict(
message=message,
url=request.route_url('login'),
next_url=next_url,
login=login,
)
def login(request):
login = request.json_body['login']
passwd = request.json_body['password']
role = request.json_body['role']
ret = None
# TODO: Board role
# Admin and VO role login
if role == 0 or role == 3:
user = UserMaster.by_login(request.dbsession, login)
if user and user.check_password(passwd) and user.status == 1:
headers = remember(request, login)
request.response.headerlist.extend(headers)
# set the new csrf token in response
new_csrf_token(request)
request.session["login"] = login
request.session["name"] = user.name
request.session["id"] = user.id
request.session["role"] = user.role
request.session["title"] = user.title
request.session["token"] = new_csrf_token(request)
ret = compute_whoami(request, login)
else:
headers = forget(request)
request.response.headerlist.extend(headers)
ret = compute_whoami(request, None)
elif role == 4:
user = BoardMaster.by_login(request.dbsession, login)
if user and user.check_password(passwd) and user.status == 1:
headers = remember(request, login)
request.response.headerlist.extend(headers)
# set the new csrf token in response
new_csrf_token(request)
request.session["login"] = login
request.session["board_name"] = user.board_name
request.session["id"] = user.id
request.session["no_of_members"] = user.no_of_members
request.session["role"] = 4
request.session["token"] = new_csrf_token(request)
ret = compute_whoami(request, login)
else:
headers = forget(request)
request.response.headerlist.extend(headers)
ret = compute_whoami(request, None)
return ret
def _callFUT(self, *args, **kwargs):
from pyramid.csrf import new_csrf_token
return new_csrf_token(*args, **kwargs)
def _callFUT(self, *args, **kwargs):
from pyramid.csrf import new_csrf_token
return new_csrf_token(*args, **kwargs)
def create_acc(request):
form_data = {}
error = {}
forbidden = ["{", "}", "|", "\'", "^", "~", "[", "]", "`"]
valid = True
try:
form_username = request.POST.get('username')
if form_username:
db_username = request.dbsession.query(User).filter(
User.username == form_username).first()
if db_username is None:
form_data['username'] = form_username
else:
valid = False
error['username_taken'] = 'That username has been taken'
else:
valid = False
error['username_invalid'] = 'Please enter a valid username'
form_password = request.POST.get('password')
confirm_password = request.POST.get('confirm_password')
if form_password:
if form_password == confirm_password:
chars = True
for char in forbidden:
if char in form_password:
error['password'] = \
'Please avoid the following: { , } , | , \' , ^ , ~ , [ , ] , ` '
chars = False
valid = False
if chars:
form_data['password'] = form_password
elif form_password != confirm_password:
error['nomatch'] = 'Password did not match'
valid = False
elif confirm_password:
error['nopassword'] = '******'
valid = False
else:
error['password'] = '******'
valid = False
except (ValueError, TypeError, KeyError) as e:
valid = False
if valid:
new_user = User()
new_user.username = form_data['username'].lower()
password_hashed = hash_password(form_data['password'])
new_user.password = password_hashed
new_user.permissions = 'admin'
# new_user.picture = 'avatar.png'
request.dbsession.add(new_user)
request.dbsession.flush()
headers = remember(request, new_user.user_id)
new_csrf_token(request)
return HTTPFound(location=request.route_url('home'), headers=headers)
else:
return {
'project': 'To-Do',
'page_title': 'Create',
'error': error,
}
