def check_login_form(request): username = request.params['username'] password = request.params['password'] dbsession = request.db try: user = dbsession.query(User).filter_by(username=username).one() except NoResultFound: return False try: dbpass = dbsession.query(Password).filter_by(user_id=user.id).one() except NoResultFound: return False authenticated = check_password(dbpass.password, password) if authenticated: # when we attach the user object to the session # we can't use the actual db object without rebinding # to the db later, creating excessive traffic. To # mitigate this, an attribute container in the form # of the db object is used instead. uc = UserContainer() uc.username = user.username uc.id = user.id uc.groups = user.get_groups() request.session['user'] = uc return authenticated
def check_old_password(request, password): dbpass = get_password(request) return check_password(dbpass.password, password)