def post(self): """Handle a POST from the login form. This happens when the user attempts to login with an identifier (email or username) and password. """ cont = self.request_continue_url() # Authenticate via username or email + password identifier = self.request_string('identifier') password = self.request_string('password') if not identifier or not password: errors = {} if not identifier: errors['noemail'] = True if not password: errors['nopassword'] = True self.render_json({'errors': errors}) return user_data = UserData.get_from_username_or_email(identifier.strip()) if not user_data or not user_data.validate_password(password): errors = {} errors['badlogin'] = True # TODO(benkomalo): IP-based throttling of failed logins? self.render_json({'errors': errors}) return # Successful login Login.return_login_json(self, user_data, cont)
def post(self): """POST submissions are for username/password based logins to acquire an OAuth access token. """ identifier = self.request_string('identifier') password = self.request_string('password') if not identifier or not password: self.render_login_page("Please enter your username and password.") return user_data = UserData.get_from_username_or_email(identifier.strip()) if not user_data or not user_data.validate_password(password): # TODO(benkomalo): IP-based throttling of failed logins? self.render_login_page("Your login or password is incorrect.") return # Successful login - convert to an OAuth access_token oauth_map_id = self.request_string("oauth_map_id", default="") oauth_map = OAuthMap.get_by_id_safe(oauth_map_id) if not oauth_map: self.render_login_page("Unable to find OAuthMap by id.") return # Mint the token and persist to the oauth_map oauth_map.khan_auth_token = AuthToken.for_user(user_data).value oauth_map.put() # Flush the "apply phase" of the above put() to ensure that subsequent # retrievals of this OAuthmap returns fresh data. GAE's HRD can # otherwise take a second or two to propagate the data, and the # following authorize endpoint redirect below could happen quicker # than that in some cases. oauth_map = OAuthMap.get(oauth_map.key()) # Need to redirect back to the http authorize endpoint return auth_util.authorize_token_redirect(oauth_map, force_http=True)