def __fetch(self, path, **kw):
# setting body or query string
data = kw.get('data', '')
if data:
kw.pop('data')
data = form_encode(data)
method = kw['method']
if method == 'GET':
path = '%s?%s'%(path, data)
elif method == 'POST':
kw['body'] = data
# getting auth cookie and setting it for the request
auth = kw.get('auth')
if auth:
kw.pop('auth')
try:
# posting to /login in order to get the auth cookie. if login fails, treats as unauthed
self.post('/login', data={'next': '', 'user_name': auth[0], 'password': auth[1]}, follow_redirects=False)(self.stop)
auth_cookie = '%s;'%self.wait()[0].headers['Set-Cookie'].split(';')[0]
headers = kw.get('headers', {})
headers['Cookie'] = auth_cookie + headers.get('Cookie', '')
kw['headers'] = headers
except:
pass
return lambda callback: self.http_client.fetch(HTTPRequest(self.get_url(path), **kw), lambda response: self.__parse(response, callback))
def _post_login(self, **kw):
# checks if the user is already logged
user = self.current_user
# if not, tries to fetch the user
# from the database and validate the password.
if not user:
user = User.by_user_name(kw['user_name'])
if user and user.validate_password(kw['password']):
# sets the auth cookie.
# don't worry, not the real 'password'.
# just a piece of the junky salt generated by the User model
self.set_secure_cookie('auth', dumps({
'id': user.id,
'password': user.password[0:8]
}))
else:
user = None
# if user logged in successfuly
# redirects to kw['next'] or '/'
if user:
self.redirect(kw['next'] or '/')
# else, redirects to the /login page
else:
kw.pop('password')
self.redirect('/login?%s'%form_encode(kw))
