def test_session_key(self): """Generate a bunch of session keys to make sure we don't generate duplicates.""" from nuvavaalit.crypto import session_key keys = set() for i in xrange(1000): key = session_key() self.assertFalse(key in keys, 'session_key() generated a duplicate value') keys.add(key) self.assertEquals(1000, len(keys))
def login(request): """Renders a login form and logs in a user if given the correct credentials. :param request: The currently active request. :type request: :py:class:`pyramid.request.Request` """ session = DBSession() log = logging.getLogger('nuvavaalit') request.add_response_callback(disable_caching) error = None if 'form.submitted' in request.POST: username = request.POST['username'] if request.session.get_csrf_token() != request.POST.get('csrf_token'): log.warn('CSRF attempt at {}.'.format(request.url)) raise HTTPForbidden(u'CSRF attempt detected.') else: user = session.query(Voter).filter_by(username=username).first() password = request.POST['password'] if user is not None and user.check_password(password): if user.has_voted(): log.warn('User {} attempted to log in after already voting.'.format(user.username)) if request.statsd: statsd.increment('login.voted') return exit_voting(request) else: headers = remember(request, user.username) # Generate an encryption key for the duration of the session. request.session['encryption_key'] = session_key() log.info('Successful login for "{}".'.format(user.username)) if request.statsd: statsd.increment('login.success') return HTTPFound(location=route_url('select', request), headers=headers) error = u'Tunnistautuminen epäonnistui. Kokeile tunnistautua uudelleen!' if request.statsd: statsd.increment('login.failure') log.warn('Failed login attempt for {}'.format(request.POST.get('username').encode('utf-8'))) return { 'action_url': route_url('login', request), 'csrf_token': request.session.get_csrf_token(), 'error': error, }