def login(self): context = self.context request = self.request # identify login = request.POST.get('login') password = request.POST.get('password') if self.login_locked_out(login): redirect = request.resource_url( request.root, 'login.html', query={ 'reason': 'User locked out. Too many failed login attempts.'}) return HTTPFound(location=redirect) notify(events.LoginAttempt(context, request, login, password)) if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(context, users, login, password) if userid: break # if not successful, try again if not userid: notify(events.LoginFailed(context, request, login, password)) redirect = request.resource_url( request.root, 'login.html', query={'reason': reason}) return HTTPFound(location=redirect) tf = TwoFactor(context, request) if tf.enabled: code = request.POST.get('code') if not code: redirect = request.resource_url( request.root, 'login.html', query={'reason': 'No authentication code provided'}) notify(events.LoginFailed(context, request, login, password)) return HTTPFound(location=redirect) if tf.validate(userid, code): # noqa notify(events.LoginFailed(context, request, login, password)) redirect = request.resource_url( request.root, 'login.html', query={'reason': 'Invalid authorization code'}) # noqa return HTTPFound(location=redirect) # else, remember notify(events.LoginSuccess(context, request, login, password)) return remember_login(context, request, userid, max_age)
def login(self): context = self.context request = self.request # identify login = request.POST.get('login') password = request.POST.get('password') if self.login_locked_out(login): redirect = request.resource_url( request.root, 'login.html', query={ 'reason': 'User locked out. Too many failed login attempts.' }) return HTTPFound(location=redirect) notify(events.LoginAttempt(context, request, login, password)) if login is None or password is None: return HTTPFound(location='%s/login.html' % request.application_url) max_age = request.POST.get('max_age') if max_age is not None: max_age = int(max_age) # authenticate userid = None reason = 'Bad username or password' users = find_users(context) for authenticate in (password_authenticator, impersonate_authenticator): userid = authenticate(context, users, login, password) if userid: break # if not successful, try again if not userid: notify(events.LoginFailed(context, request, login, password)) redirect = request.resource_url(request.root, 'login.html', query={'reason': reason}) return HTTPFound(location=redirect) tf = TwoFactor(context, request) if tf.enabled: code = request.POST.get('code') if not code: redirect = request.resource_url( request.root, 'login.html', query={'reason': 'No authentication code provided'}) notify(events.LoginFailed(context, request, login, password)) return HTTPFound(location=redirect) if tf.validate(userid, code): # noqa notify(events.LoginFailed(context, request, login, password)) redirect = request.resource_url( request.root, 'login.html', query={'reason': 'Invalid authorization code'}) # noqa return HTTPFound(location=redirect) # else, remember notify(events.LoginSuccess(context, request, login, password)) return remember_login(context, request, userid, max_age)