def test_validate_username_invalid(): form = LoginForm( MultiDict({ "username": "******", "password": "******" }), authenticator=lambda username, password: False, ) assert not form.validate()
def login(app, request): form = LoginForm( request.form, authenticator=app.db.accounts.user_authenticate, translations=app.translations, ) if request.method == "POST" and form.validate(): # Get the user's ID, this is what we will use as the identifier anytime # we need to securely reference the user within the database. user_id = app.db.accounts.get_user_id(form.username.data) if request.session.get("user.id") != user_id: # To avoid reusing another user's session data, clear the session # data if the existing session corresponds to a different # authenticated user. request.session.clear() # Cycle the session key to prevent session fixation attacks from # crossing an authentication boundary request.session.cycle() # Cycle the CSRF token to prevent a CSRF via session fixation attack # from crossing an authentication boundary csrf_cycle(request.session) # Log the user in by storing their user id in their session request.session["user.id"] = user_id # We'll want to redirect the user with a 303 once we've completed the # log in process. resp = redirect_next( request, default=url_for(request, "warehouse.views.index"), ) # Store the user's name in a cookie so that the client side can use # it for display purposes. This value **MUST** not be used for any # sort of access control. resp.set_cookie("username", form.username.data) # Return our prepared response to the user return resp # Either this is a GET request or it is a POST request with a failing form # validation. Either way we want to simply render our template with the # form available. return render_response( app, request, "accounts/login.html", form=form, next=request.values.get("next"), )
def test_validate_username_invalid(): form = LoginForm( MultiDict({"username": "******", "password": "******"}), authenticator=lambda username, password: False, ) assert not form.validate()