def login_post(self): came_from = get_came_from(self.request) session = self.request.session login_form = LoginForm()() try: session.invalidate() form_result = login_form.to_python(self.request.params) # form checks for username/password, now we're authenticated headers = _store_user_in_session( self.session, username=form_result['username'], remember=form_result['remember']) log.debug('Redirecting to "%s" after login.', came_from) raise HTTPFound(came_from, headers=headers) except formencode.Invalid as errors: defaults = errors.value # remove password from filling in form again del defaults['password'] render_ctx = self._get_template_context() render_ctx.update({ 'errors': errors.error_dict, 'defaults': defaults, }) return render_ctx except UserCreationError as e: # headers auth or other auth functions that create users on # the fly can throw this exception signaling that there's issue # with user creation, explanation should be provided in # Exception itself session.flash(e, queue='error') return self._get_template_context()
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from', None) if self.rhodecode_user.is_authenticated \ and self.rhodecode_user.username != 'default': return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs # If they want to be remembered, update the cookie if c.form_result['remember'] is not False: session.cookie_expires = False session._set_cookie_values() session._update_cookie_out() session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) user.update_lastlogin() Session.commit() if c.came_from: return redirect(c.came_from) else: return redirect(url('home')) except formencode.Invalid, errors: return htmlfill.render( render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from', None) if self.rhodecode_user.is_authenticated \ and self.rhodecode_user.username != 'default': return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs # If they want to be remembered, update the cookie if c.form_result['remember'] is not False: session.cookie_expires = False session._set_cookie_values() session._update_cookie_out() session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) user.update_lastlogin() Session.commit() if c.came_from: return redirect(c.came_from) else: return redirect(url('home')) except formencode.Invalid, errors: return htmlfill.render(render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def index(self): # redirect if already logged in c.came_from = request.GET.get("came_from", None) if self.rhodecode_user.is_authenticated and self.rhodecode_user.username != "default": return redirect(url("home")) if request.POST: # import Login Form validator class login_form = LoginForm() try: c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result["username"] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() session["rhodecode_user"] = auth_user session.save() log.info("user %s is now authenticated and stored in session", username) user.update_lastlogin() if c.came_from: return redirect(c.came_from) else: return redirect(url("home")) except formencode.Invalid, errors: return htmlfill.render( render("/login.html"), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8", )
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from') not_default = self.rhodecode_user.username != 'default' ip_allowed = self.rhodecode_user.ip_allowed if self.rhodecode_user.is_authenticated and not_default and ip_allowed: return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: session.invalidate() c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs user.update_lastlogin() Session().commit() # If they want to be remembered, update the cookie if c.form_result['remember']: _year = (datetime.datetime.now() + datetime.timedelta(seconds=60 * 60 * 24 * 365)) session._set_cookie_expires(_year) session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) # dumps session attrs back to cookie session._update_cookie_out() # we set new cookie headers = None if session.request['set_cookie']: # send set-cookie headers back to response to update cookie headers = [('Set-Cookie', session.request['cookie_out'])] allowed_schemes = ['http', 'https'] if c.came_from: parsed = urlparse.urlparse(c.came_from) server_parsed = urlparse.urlparse(url.current()) if parsed.scheme and parsed.scheme not in allowed_schemes: log.error( 'Suspicious URL scheme detected %s for url %s' % (parsed.scheme, parsed)) c.came_from = url('home') elif server_parsed.netloc != parsed.netloc: log.error('Suspicious NETLOC detected %s for url %s' 'server url is: %s' % (parsed.netloc, parsed, server_parsed)) c.came_from = url('home') raise HTTPFound(location=c.came_from, headers=headers) else: raise HTTPFound(location=url('home'), headers=headers) except formencode.Invalid, errors: return htmlfill.render( render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8")
def index(self): # redirect if already logged in c.came_from = request.GET.get('came_from') not_default = self.rhodecode_user.username != 'default' ip_allowed = self.rhodecode_user.ip_allowed if self.rhodecode_user.is_authenticated and not_default and ip_allowed: return redirect(url('home')) if request.POST: # import Login Form validator class login_form = LoginForm() try: session.invalidate() c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated username = c.form_result['username'] user = User.get_by_username(username, case_insensitive=True) auth_user = AuthUser(user.user_id) auth_user.set_authenticated() cs = auth_user.get_cookie_store() session['rhodecode_user'] = cs user.update_lastlogin() Session().commit() # If they want to be remembered, update the cookie if c.form_result['remember']: _year = (datetime.datetime.now() + datetime.timedelta(seconds=60 * 60 * 24 * 365)) session._set_cookie_expires(_year) session.save() log.info('user %s is now authenticated and stored in ' 'session, session attrs %s' % (username, cs)) # dumps session attrs back to cookie session._update_cookie_out() # we set new cookie headers = None if session.request['set_cookie']: # send set-cookie headers back to response to update cookie headers = [('Set-Cookie', session.request['cookie_out'])] allowed_schemes = ['http', 'https'] if c.came_from: parsed = urlparse.urlparse(c.came_from) server_parsed = urlparse.urlparse(url.current()) if parsed.scheme and parsed.scheme not in allowed_schemes: log.error( 'Suspicious URL scheme detected %s for url %s' % (parsed.scheme, parsed)) c.came_from = url('home') elif server_parsed.netloc != parsed.netloc: log.error('Suspicious NETLOC detected %s for url %s' 'server url is: %s' % (parsed.netloc, parsed, server_parsed)) c.came_from = url('home') raise HTTPFound(location=c.came_from, headers=headers) else: raise HTTPFound(location=url('home'), headers=headers) except formencode.Invalid, errors: return htmlfill.render( render('/login.html'), defaults=errors.value, errors=errors.error_dict or {}, prefix_error=False, encoding="UTF-8") except UserCreationError, e: # container auth or other auth functions that create users on # the fly can throw this exception signaling that there's issue # with user creation, explanation should be provided in # Exception itself h.flash(e, 'error')