def signout():
auth_cookie = request.cookies.get(app.cfg['auth_cookie_name'])
if not login.check_login(auth_cookie):
return redirect("/")
#
# crumb key
#
crumb_key = "logout"
crumb_input = crumb.generate(crumb_key)
#
# sign out
#
if request.method == 'POST':
post_crumb = request.form['crumb']
if not crumb.check(post_crumb, app.cfg['crypto_crumb_secret']):
return redirect("/")
return login.do_logout()
else:
return render_template("page_signout.html", crumb_input=crumb_input)
def signin():
auth_cookie = request.cookies.get(app.cfg['auth_cookie_name'])
if (login.check_login(auth_cookie)):
return redirect("/")
#
# try and sign in
#
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
#
# required fields?
#
if ((not len(email)) or (not len(password))):
error = {"error_missing":1}
return render_template("page_signin.html", error=error)
#
# user exists
#
## get the user by email address
user = users.get_user_by_email(email)
if (not user):
error = {"error_nouser":1}
return render_template("page_signin.html", error=error)
#
# user deleted
#
if (user['deleted']):
error = {"error_deleted":1}
return render_template("page_signin.html", error=error)
#
# password matches
#
if (not passwords.validate_password_for_user(password, user)):
error = {"error_password":1}
return render_template("page_signin.html", error=error)
#
# it's all good - sign in
#
return login.do_login(user)
else:
### just show the login form
return render_template("page_signin.html")
def signup():
auth_cookie = request.cookies.get(app.cfg['auth_cookie_name'])
if (login.check_login(auth_cookie)):
return redirect("/")
if request.method == 'POST':
email = request.form['email']
password = request.form['password']
username = request.form['username']
#
# all fields are in order?
#
if ( (not len(email)) or (not len(password)) or (not len(username))):
error = {"error_missing":1}
return render_template("page_signup.html", error=error)
#
# email available
#
if users.is_email_taken(email):
error = {"error_email_taken":1}
return render_template("page_signup.html", error=error)
#
# username available
#
if users.is_username_taken(username):
error = {"error_username_taken":1}
return render_template("page_signup.html", error=error)
#
# create account
#
user = {"email":email, "password":password, "username":username}
ret = users.create_user(user)
if ret:
user = users.get_user_by_email(ret['email'])
return login.do_login(user)
else:
error = {"error_server":1}
return render_template("page_signup.html", error=error)
else:
### just show the signup form
return render_template("page_signup.html")
def init():
app.cfg['script_name'] = request.path
app.cfg['User-Agent'] = request.headers.get('User-Agent')
auth_cookie = request.cookies.get(app.cfg['auth_cookie_name'])
login.check_login(auth_cookie)
