def login(request):
logged_in = authenticated_userid(request)
if logged_in:
return HTTPFound(location=route_url("home", request))
session = DBSession()
schema = schemas.Login()
result = {"_csrf_": request.session.get_csrf_token()}
errors = []
if request.POST:
if not validate_csrf(request):
return HTTPUnauthorized("Not authorized")
try:
form_result = schema.to_python(request.params)
user = (
session.query(User)
.filter(and_(User.email == form_result["email"], User.password == func.sha1(form_result["password"])))
.first()
)
if user:
headers = remember_me_header(request, user.email)
return HTTPFound(location=route_url("home", request), headers=headers)
else:
errors.append("form")
except validators.Invalid, e:
errors = e.error_dict
def create_profile(request):
logged_in = authenticated_userid(request)
if not logged_in:
return HTTPFound(location=route_url("login", request))
session = DBSession()
form = Form(request, schema=schemas.CreateProfile, obj=User())
if request.POST and form.validate():
user = session.query(User).filter(User.email == logged_in).first()
user = form.bind(user)
session.merge(user)
session.commit()
return HTTPFound(location=route_url("home", request))
print form.errors
return dict(user_email=logged_in, form=FormRenderer(form))
