def login(request): """Login the user to the system If not POSTed then show the form If error, display the form with the error message If successful, forward the user to their /recent Note: the came_from stuff we're not using atm. We'll clean out if we keep things this way """ # in case they're already logged-in just send them to their profile page for now if request.user: headers = remember(request, request.user.id, max_age=max_cookie_age) return HTTPFound(location=request.route_url('user_account', username=request.user.username),headers=headers) login_url = route_url('login', request) referrer = request.url if referrer == login_url: referrer = '/' # never use the login form itself as came_from came_from = request.params.get('came_from', referrer) message = '' email = '' password = '' headers = None # import pdb; pdb.set_trace() if 'form.submitted' in request.params: email = request.params['email'] password = request.params['password'] LOG.debug(email) auth = UserMgr.get(email=email) LOG.debug(auth) LOG.debug(UserMgr.get_list()) if auth and auth.validate_password(password) and auth.activated: # We use the Primary Key as our identifier once someone has # authenticated rather than the username. You can change what is # returned as the userid by altering what is passed to remember. headers = remember(request, auth.id, max_age=max_cookie_age) auth.last_login = datetime.utcnow() # log the successful login AuthLog.login(auth.username, True) # we're always going to return a user to their own /recent after a # login # return HTTPFound( # location=request.route_url( # 'user_bmark_recent', # username=auth.username), # headers=headers) return HTTPFound( location=request.route_url( 'user_account', username=auth.username), headers=headers) # log the right level of problem if auth and not auth.validate_password(password): message = "Your login attempt has failed." AuthLog.login(email, False, password=password) elif auth and not auth.activated: message = "User account deactivated. Please check your email." AuthLog.login(email, False, password=password) AuthLog.disabled(email) elif auth is None: message = "Failed login" AuthLog.login(email, False, password=password) # in case they're already logged-in just send them to their profile page for now if request.user: headers = remember(request, request.user.id, max_age=max_cookie_age) return HTTPFound( location=request.route_url( 'user_account', username=request.user.username), headers=headers) return { 'message': message, 'came_from': came_from, 'email': email, 'password': password, }
else: AuthLog.reactivate(username, success=False, code=activation) error = 'There was an issue attempting to activate this account.' if error: return { 'message': error, 'user': user } else: # Log the user in and move along. headers = remember(request, user.id, max_age=60 * 60 * 24 * 30) user.last_login = datetime.utcnow() # log the successful login AuthLog.login(user.username, True) # we're always going to return a user to their own /recent after a # login return HTTPFound( location=request.route_url( 'user_account', username=user.username), headers=headers) else: LOG.error("CHECKING") LOG.error(username) if user is None: # just 404 if we don't have an activation code for this user