def login():
if flask.request.method == "GET":
account_cookie = flask.request.cookies.get('account')
if util.valid_cookie_val(account_cookie):
return flask.redirect("/report")
else:
return flask.render_template("login.html")
elif flask.request.method == "POST":
email = flask.request.form.get('email')
password = flask.request.form.get('password')
# I think, based on some experiment, checked checkbox will return a
# unicode empty string, else it's None
rmbme = flask.request.form.get('rmbme')
params = dict(email=email, password=password)
if not util.valid_email(email):
params['error_email'] = "That's not a valid email."
return flask.render_template("login.html", **params)
else:
emails = fetch_registered_emails()
if email not in emails:
params[
'error_email'] = "This email hasn't been registered yet."
return flask.render_template("login.html", **params)
else:
account = db.session.query(Account).filter(
Account.email == email).all()
account = account[0]
if not util.correct_password(email, password,
account.password):
params['error_password'] = "******"
return flask.render_template("login.html", **params)
else:
# Note: account.password is the hashed value
if rmbme is None:
#### it works here, but too messy about cookie setting
#### by different urls
cookie_val = util.make_secure_cookie_val(
str(account.id))
response = flask.make_response(
flask.redirect("/report"))
response.headers[
'Set-Cookie'] = 'account={0};Path=/;'.format(
cookie_val)
return response
else:
response = set_account_cookie_and_redirect(
account.id, "/report")
return response
def login():
if flask.request.method == "GET":
account_cookie = flask.request.cookies.get('account')
if util.valid_cookie_val(account_cookie):
return flask.redirect("/report")
else:
return flask.render_template("login.html")
elif flask.request.method == "POST":
email = flask.request.form.get('email')
password = flask.request.form.get('password')
# I think, based on some experiment, checked checkbox will return a
# unicode empty string, else it's None
rmbme = flask.request.form.get('rmbme')
params = dict(email = email, password=password)
if not util.valid_email(email):
params['error_email'] = "That's not a valid email."
return flask.render_template("login.html", **params)
else:
emails = fetch_registered_emails()
if email not in emails:
params['error_email'] = "This email hasn't been registered yet."
return flask.render_template("login.html", **params)
else:
account = db.session.query(Account).filter(Account.email==email).all()
account = account[0]
if not util.correct_password(email, password, account.password):
params['error_password'] = "******"
return flask.render_template("login.html", **params)
else:
# Note: account.password is the hashed value
if rmbme is None:
#### it works here, but too messy about cookie setting
#### by different urls
cookie_val = util.make_secure_cookie_val(str(account.id))
response = flask.make_response(flask.redirect("/report"))
response.headers['Set-Cookie'] = 'account={0};Path=/;'.format(cookie_val)
return response
else:
response = set_account_cookie_and_redirect(
account.id, "/report")
return response
def decorated(*args, **kwargs):
auth = util.valid_cookie_val(flask.request.cookies.get('account'))
if not auth:
return flask.redirect(flask.url_for("login"))
return f(*args, **kwargs)
def decorated(*args, **kwargs):
auth = util.valid_cookie_val(flask.request.cookies.get('account'))
if not auth:
return flask.redirect(flask.url_for("login"))
return f(*args, **kwargs)
