def do_logout(self, request, location):
""" do the logout """
# convenient method to set Cache-Control and Expires headers
request.response.cache_expires = 0
headers = forget(request)
response = HTTPFound(location=location, headers=headers)
response.delete_cookie('cis_account', path="/")
response.cache_control = 'no-cache'
request.session.pop_flash('token')
return response
def __call__(self):
""" login view callable """
# convenient method to set Cache-Control and Expires headers
self.request.response.cache_expires = 0
dbsession = DBSession()
params = self.request.params
login_url = route_url('login', self.request)
message = ''
# playerid, password from cookie
playerid = ''
password = ''
passwordFromCookie = False
lc = self.request.cookies.get('cis_login_credentials', '')
if lc:
lc = lc.split('|')
if len(lc) == 3:
passwordFromCookie = True
playerid = lc[0]
password = lc[1]
activeUser = User()
activeUser.playerid = playerid
activeUser.password = password
user = None
errors = {}
passwordOk = False
referrer = self.request.url
if referrer == login_url:
referrer = '/'
came_from = self.request.params.get('came_from', referrer)
url = came_from
logged_in = authenticated_userid(self.request)
headers = ''
initial_login = not logged_in
storeplayeridPwd = params.get('remember', '')
# if already logged in and requesting this page, redirect to forbidden
if logged_in:
message = 'You do not have the required permissions to see this page.'
return dict(
message=message,
url=url,
came_from=came_from,
password=password,
user=activeUser,
headers=headers,
errors=errors,
logged_in=logged_in,
remember=storeplayeridPwd
)
# check whether we are asked to do an autologin (from pwdreset.py)
autologin = 0 #self.request.session.pop_flash(queue='autologin')
# 'SECURITY RISK'
forcelogin = lc and self.request.params.get('forcelogin', '')
if forcelogin or autologin or 'form.submitted' in params:
if autologin:
autologin = autologin[0].split('|')
playerid = autologin[0]
password = autologin[1] #encrypted
elif forcelogin:
pass
else:
playerid = params['playerid']
# when we get a password from a cookie, we already receive it encrypted. If not, encrypt it here
password = (passwordFromCookie and password) or params['password']
if not password:
errors['password'] = "******"
else:
# if autologin, we already receive it encrypted. If not, encrypt it here
password = ((forcelogin or autologin) and password) or hashlib.md5(params['password']).hexdigest()
if not playerid:
errors['playerid'] = "Enter your player id"
if playerid and password:
user = dbsession.query(User).filter_by(playerid=playerid).first()
if user:
passwordOk = (user.password == password)
if not user:
message = 'You do not have a CIS account'
elif user.banned:
message = 'Your account has been banned.'
elif not user.activated:
message = 'Your account has not yet been activated'
elif not passwordOk:
message = 'Your account/password do not match'
else:
# READY TO LOGIN, SOME FINAL CHECKS
now = datetime.now()
headers = remember(self.request, user.playerid)
last_login = now.strftime('%Y-%m-%d %H:%M:%S')
user.last_web = last_login
response = HTTPFound()
user.last_login = last_login
response.headers = headers
response.content_type = 'text/html'
response.charset = 'UTF-8'
if storeplayeridPwd:
cookie_val = '%s|%s' % (playerid, password)
response.set_cookie('cis_login_credentials', cookie_val, max_age=timedelta(days=365), path='/')
response.location = came_from
if (not forcelogin) and (not storeplayeridPwd):
response.delete_cookie('cis_login_credentials')
response.cache_control = 'no-cache'
return response
activeUser.playerid = playerid
storeplayeridPwd = self.request.cookies.get('cis_login_credentials') and '1' or ''
return dict(
message=message,
url=url,
came_from=came_from,
password=password,
user=activeUser,
headers=headers,
errors=errors,
logged_in=logged_in,
remember=storeplayeridPwd
)
