def on_post(self, req, resp):
form_body = uri.parse_query_string(req.context['body'])
try:
username = form_body['username']
password = form_body['password']
except KeyError:
raise HTTPFound('/login')
if not auth.valid_username(username):
logger.warn('Tried to login with invalid username %s', username)
if self.debug:
flash_message(req, 'Invalid username', 'danger')
else:
flash_message(req, 'Invalid credentials', 'danger')
raise HTTPFound('/login')
if self.auth_manager.authenticate(username, password):
logger.info('Successful login for %s', username)
auth.login_user(req, username)
else:
logger.warn('Failed login for %s', username)
flash_message(req, 'Invalid credentials', 'danger')
raise HTTPFound('/login')
# Remove newlines to prevent HTTP request splitting
url = req.get_param('next', default='').replace('\n', '')
if not url or url.startswith('/'):
raise HTTPFound(url or default_route)
else:
raise HTTPBadRequest('Invalid next parameter', '')
def on_post(self, req, resp):
form_body = uri.parse_query_string(req.context['body'])
try:
username = form_body['username']
password = form_body['password']
except KeyError:
raise HTTPFound('/login')
if self.auth_manager.authenticate(username, password):
logger.info('Successful login for %s', username)
auth.login_user(req, username)
else:
logger.warn('Failed login for %s', username)
raise HTTPFound('/login')
url = req.get_param('next')
if not url or url.startswith('/'):
raise HTTPFound(url or default_route)
else:
raise HTTPBadRequest('Invalid next parameter', '')