def auth_login(auth, registration_form=None, forgot_password_form=None, **kwargs): """If GET request, show login page. If POST, attempt to log user in if login form passsed; else send forgot password email. """ if auth.logged_in: if not request.args.get('logout'): return redirect('/dashboard/') logout() direct_call = registration_form or forgot_password_form if request.method == 'POST' and not direct_call: form = SignInForm(request.form) if form.validate(): twofactor_code = None if 'twofactor' in website.settings.ADDONS_REQUESTED: twofactor_code = form.two_factor.data try: response = login( form.username.data, form.password.data, twofactor_code ) return response except exceptions.LoginDisabledError: status.push_status_message(language.DISABLED, 'error') except exceptions.LoginNotAllowedError: status.push_status_message(language.UNCONFIRMED, 'warning') # Don't go anywhere return {'next_url': ''} except exceptions.PasswordIncorrectError: status.push_status_message(language.LOGIN_FAILED) except exceptions.TwoFactorValidationError: status.push_status_message(language.TWO_FACTOR_FAILED) forms.push_errors_to_status(form.errors) if kwargs.get('first', False): status.push_status_message('You may now log in') # Get next URL from GET / POST data next_url = request.args.get( 'next', request.form.get( 'next_url', '' ) ) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.') code = http.OK if next_url: status.push_status_message(language.MUST_LOGIN) # Don't raise error if user is being logged out if not request.args.get('logout'): code = http.UNAUTHORIZED return {'next_url': next_url}, code
def auth_login(auth, registration_form=None, forgot_password_form=None, **kwargs): """If GET request, show login page. If POST, attempt to log user in if login form passsed; else send forgot password email. """ if auth.logged_in: if not request.args.get('logout'): return redirect('/dashboard/') logout() direct_call = registration_form or forgot_password_form if request.method == 'POST' and not direct_call: form = SignInForm(request.form) if form.validate(): twofactor_code = None if 'twofactor' in website.settings.ADDONS_REQUESTED: twofactor_code = form.two_factor.data try: response = login(form.username.data, form.password.data, twofactor_code) return response except exceptions.LoginDisabledError: status.push_status_message(language.DISABLED, 'error') except exceptions.LoginNotAllowedError: status.push_status_message(language.UNCONFIRMED, 'warning') # Don't go anywhere return {'next_url': ''} except exceptions.PasswordIncorrectError: status.push_status_message(language.LOGIN_FAILED) except exceptions.TwoFactorValidationError: status.push_status_message(language.TWO_FACTOR_FAILED) forms.push_errors_to_status(form.errors) if kwargs.get('first', False): status.push_status_message('You may now log in') # Get next URL from GET / POST data next_url = request.args.get('next', request.form.get('next_url', '')) status_message = request.args.get('status', '') if status_message == 'expired': status.push_status_message('The private link you used is expired.') code = http.OK if next_url: status.push_status_message(language.MUST_LOGIN) # Don't raise error if user is being logged out if not request.args.get('logout'): code = http.UNAUTHORIZED return {'next_url': next_url}, code
def signin_form(): return form_utils.jsonify(SignInForm())