def post(self):
"""
Receipt login handler used by whistleblowers
"""
request = self.validate_message(self.request.content.read(),
requests.ReceiptAuthDesc)
receipt = request['receipt']
delay = random_login_delay()
if delay:
yield deferred_sleep(delay)
user_id = yield login_whistleblower(receipt,
self.request.client_using_tor)
GLSessions.revoke_all_sessions(user_id)
session = GLSession(user_id, 'whistleblower', 'Enabled')
returnValue({
'session_id': session.id,
'role': session.user_role,
'user_id': session.user_id,
'session_expiration': int(session.getTime())
})
def post(self):
"""
Login
"""
request = self.validate_message(self.request.content.read(),
requests.AuthDesc)
username = request['username']
password = request['password']
user_id, status, role, pcn = yield login(username, password,
self.request.client_using_tor)
# Revoke all other sessions for the newly authenticated user
GLSessions.revoke_all_sessions(user_id)
session = GLSession(user_id, role, status)
returnValue({
'session_id': session.id,
'role': session.user_role,
'user_id': session.user_id,
'session_expiration': int(session.getTime()),
'status': session.user_status,
'password_change_needed': pcn
})
