def login():
"""This function logs a user into the system.
Upon a GET request a LoginForm will be shown to the user.
Upon a POST request the form will be validated and if valid the users
specified password will be hashed and compared to the stored
password.
Should they be equal the user will be logged in (as such
his User object will be stored in the session) and redirected to
the default page of the authentication-module.
Is this not the case or if the form was invalid in the first
place, he will be shown the form again.
"""
form = LoginForm(request.form)
if request.method == 'POST' and form.validate():
user = User.objects(username = form.username.data).first()
if user is not None:
if user.password == generateHash(form.password.data):
session['user'] = user
session['currency'] = u"\u20AC"
return redirect(session.get('next', url_for('budget.showSummary')))
logger.info('User %s has logged in.' % user.username)
flash('The specified username and/or password were incorrect.')
return render_template('auth/login.html', form = form)
def register():
"""This function allows to register a new user to the system.
Upon a GET request a RegistrationForm will be shown to the user.
Upon a POST request the form will be validated and if valid the user
will get assigned a AuthLevel and his password will be hashed.
He will then be added to the database and redirect to the default
route of the authentication-module.
Should the form be invalid, the user will be shown the form again.
"""
form = RegistrationForm(request.form)
if request.method == 'POST' and form.validate():
user = User()
form.populate_obj(user)
user.password = generateHash(user.password)
user.authLevel = AuthLevel.USER
user.save()
logger.info('A user has been added.')
flash('Your user account has been created.')
return redirect(url_for('auth.login'))
return render_template('auth/registration.html', form = form)
