def on_post(self, req, resp): form_body = uri.parse_query_string(req.context['body']) try: username = form_body['username'] password = form_body['password'] except KeyError: raise HTTPFound('/login') if not auth.valid_username(username): logger.warn('Tried to login with invalid username %s', username) if self.debug: flash_message(req, 'Invalid username', 'danger') else: flash_message(req, 'Invalid credentials', 'danger') raise HTTPFound('/login') if self.auth_manager.authenticate(username, password): logger.info('Successful login for %s', username) auth.login_user(req, username) else: logger.warn('Failed login for %s', username) flash_message(req, 'Invalid credentials', 'danger') raise HTTPFound('/login') # Remove newlines to prevent HTTP request splitting url = req.get_param('next', default='').replace('\n', '') if not url or url.startswith('/'): raise HTTPFound(url or default_route) else: raise HTTPBadRequest('Invalid next parameter', '')
def on_post(self, req, resp): form_body = uri.parse_query_string(req.context['body']) try: username = form_body['username'] password = form_body['password'] except KeyError: raise HTTPFound('/login') if self.auth_manager.authenticate(username, password): logger.info('Successful login for %s', username) auth.login_user(req, username) else: logger.warn('Failed login for %s', username) raise HTTPFound('/login') url = req.get_param('next') if not url or url.startswith('/'): raise HTTPFound(url or default_route) else: raise HTTPBadRequest('Invalid next parameter', '')