Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
1from builtins import object
2import logging
3from pyramid.httpexceptions import HTTPFound
4from pyramid.response import Response
5from pyramid.view import view_config, view_defaults, forbidden_view_config
6from pyramid.security import remember, forget
7from passlib.hash import sha256_crypt
8from dryxPyramid.security import get_users_and_groups
9from dryxPyramid.templates.responses import templates_login
11# RESOURCE CONTEXT
14@forbidden_view_config()
15def forbidden(request):
16 login = login_view(request)
17 login.referrer = "/"
18 if request.method == "GET" or ("method" in request.params and request.params["method"] == "get"):
19 login.message = "You do not have the correct permissions to view this page"
20 else:
21 login.message = "You do not have the correct permissions to perform this action"
22 # href = request.route_path('login')
23 return login.login()
26@view_defaults(route_name='login', permission="view_everyone")
27class login_view(object):
29 def __init__(self, request):
30 self.request = request
31 self.log = logging.getLogger(__name__)
32 self.log.debug("instantiating a new 'login' view")
33 self.USERS, self.GROUPS = get_users_and_groups(request)
34 self.message = ""
35 self.referrer = request.url
37 @view_config(route_name='login', permission="view_everyone")
38 def login(self):
39 # Some Varibales
40 request = self.request
41 login_url = request.route_url('login')
42 referrer = self.referrer
43 message = self.message
44 login = ''
45 password = ''
47 # never use the login form itself as came_from
48 if login_url in referrer or "/" == referrer:
49 href = request.route_path('index')
50 referrer = href
51 came_from = request.params.get('came_from', referrer)
53 # test post method parameter to see if user can login
54 if 'login' in request.params and (('method' in request.params and request.params["method"] == "post") or request.method == "POST"):
55 login = request.params['login']
56 login = login.replace("@pessto.org", "")
57 password = request.params['password']
58 if login not in self.USERS:
59 message = 'incorrect username or password'
60 else:
61 if sha256_crypt.verify(password, self.USERS.get(login)):
62 headers = remember(request, login)
63 return HTTPFound(location=came_from,
64 headers=headers)
65 else:
66 message = 'incorrect username or password'
68 # If wrong details added, or GET method used, return login page
69 loginPage = templates_login(
70 log=self.log,
71 request=request,
72 mainCssFilePath=self.request.registry.settings[
73 "main css filepath"],
74 jsFilePath=self.request.registry.settings["main js filepath"],
75 pageTitle="Login",
76 iconPath=self.request.registry.settings["path to webapp icon"],
77 message=message,
78 came_from=came_from
79 )
80 responseContent = loginPage.get()
81 return Response(responseContent)