def login(request): log.info("Inside Login Function") login = request.json_body['login'] passwd = request.json_body['password'] #role = request.json_body['role'] role = 0 ret = None # TODO: Board role # Admin and VO role login if role == 0 or role == 2: user = UserLoginMaster.by_login(request.dbsession, login) if user and user.check_password(passwd): headers = remember(request, login) request.response.headerlist.extend(headers) # set the new csrf token in response new_csrf_token(request) request.session["login"] = user.slum_login request.session["name"] = user.slum_name request.session["id"] = user.id request.session["role"] = user.slum_role request.session["title"] = user.slum_title request.session["token"] = new_csrf_token(request) ret = compute_whoami(request, login) else: headers = forget(request) request.response.headerlist.extend(headers) ret = compute_whoami(request, None) return ret
def logout(request): next_url = request.route_url('view_wiki') if request.method == 'POST': new_csrf_token(request) headers = forget(request) return HTTPSeeOther(location=next_url, headers=headers) return HTTPSeeOther(location=next_url)
def login_handler(request): valid = True error = {} form_username = request.POST.get('username').lower() form_password = request.POST.get('password') db_user = request.dbsession.query(User).filter_by( username=form_username).first() if db_user and check_password(form_password, db_user.password): id_ = db_user.user_id headers = remember(request, id_) new_csrf_token(request) return HTTPFound(location=request.route_url('home'), headers=headers) error['incorrect'] = 'Check username or password' return { 'error': error, 'page_title': 'Login', 'project': 'To-Do', }
def login(request): next_url = request.params.get('next', request.referrer) if not next_url: next_url = request.route_url('view_wiki') message = '' login = '' if request.method == 'POST': login = request.params['login'] password = request.params['password'] user = (request.dbsession.query( models.User).filter_by(name=login).first()) if user is not None and user.check_password(password): new_csrf_token(request) headers = remember(request, user.id) return HTTPSeeOther(location=next_url, headers=headers) message = 'Failed login' request.response.status = 400 return dict( message=message, url=request.route_url('login'), next_url=next_url, login=login, )
def login(request): login = request.json_body['login'] passwd = request.json_body['password'] role = request.json_body['role'] ret = None # TODO: Board role # Admin and VO role login if role == 0 or role == 3: user = UserMaster.by_login(request.dbsession, login) if user and user.check_password(passwd) and user.status == 1: headers = remember(request, login) request.response.headerlist.extend(headers) # set the new csrf token in response new_csrf_token(request) request.session["login"] = login request.session["name"] = user.name request.session["id"] = user.id request.session["role"] = user.role request.session["title"] = user.title request.session["token"] = new_csrf_token(request) ret = compute_whoami(request, login) else: headers = forget(request) request.response.headerlist.extend(headers) ret = compute_whoami(request, None) elif role == 4: user = BoardMaster.by_login(request.dbsession, login) if user and user.check_password(passwd) and user.status == 1: headers = remember(request, login) request.response.headerlist.extend(headers) # set the new csrf token in response new_csrf_token(request) request.session["login"] = login request.session["board_name"] = user.board_name request.session["id"] = user.id request.session["no_of_members"] = user.no_of_members request.session["role"] = 4 request.session["token"] = new_csrf_token(request) ret = compute_whoami(request, login) else: headers = forget(request) request.response.headerlist.extend(headers) ret = compute_whoami(request, None) return ret
def _callFUT(self, *args, **kwargs): from pyramid.csrf import new_csrf_token return new_csrf_token(*args, **kwargs)
def create_acc(request): form_data = {} error = {} forbidden = ["{", "}", "|", "\'", "^", "~", "[", "]", "`"] valid = True try: form_username = request.POST.get('username') if form_username: db_username = request.dbsession.query(User).filter( User.username == form_username).first() if db_username is None: form_data['username'] = form_username else: valid = False error['username_taken'] = 'That username has been taken' else: valid = False error['username_invalid'] = 'Please enter a valid username' form_password = request.POST.get('password') confirm_password = request.POST.get('confirm_password') if form_password: if form_password == confirm_password: chars = True for char in forbidden: if char in form_password: error['password'] = \ 'Please avoid the following: { , } , | , \' , ^ , ~ , [ , ] , ` ' chars = False valid = False if chars: form_data['password'] = form_password elif form_password != confirm_password: error['nomatch'] = 'Password did not match' valid = False elif confirm_password: error['nopassword'] = '******' valid = False else: error['password'] = '******' valid = False except (ValueError, TypeError, KeyError) as e: valid = False if valid: new_user = User() new_user.username = form_data['username'].lower() password_hashed = hash_password(form_data['password']) new_user.password = password_hashed new_user.permissions = 'admin' # new_user.picture = 'avatar.png' request.dbsession.add(new_user) request.dbsession.flush() headers = remember(request, new_user.user_id) new_csrf_token(request) return HTTPFound(location=request.route_url('home'), headers=headers) else: return { 'project': 'To-Do', 'page_title': 'Create', 'error': error, }