def check_login_form(request):
username = request.params['username']
password = request.params['password']
dbsession = request.db
try:
user = dbsession.query(User).filter_by(username=username).one()
except NoResultFound:
return False
try:
dbpass = dbsession.query(Password).filter_by(user_id=user.id).one()
except NoResultFound:
return False
authenticated = check_password(dbpass.password, password)
if authenticated:
# when we attach the user object to the session
# we can't use the actual db object without rebinding
# to the db later, creating excessive traffic. To
# mitigate this, an attribute container in the form
# of the db object is used instead.
uc = UserContainer()
uc.username = user.username
uc.id = user.id
uc.groups = user.get_groups()
request.session['user'] = uc
return authenticated
def check_old_password(request, password):
dbpass = get_password(request)
return check_password(dbpass.password, password)
def check_old_password(request, password):
dbpass = get_password(request)
return check_password(dbpass.password, password)
