| commit | author | age | ||
| b1b922 | 1 | from pyramid.httpexceptions import HTTPFound |
| 0dcd56 | 2 | from pyramid.security import ( |
| CM | 3 | remember, |
| 4 | forget, | |
| 5 | ) | |
| 6 | ||
| b1b922 | 7 | from pyramid.view import ( |
| PE | 8 | view_config, |
| 9 | view_defaults, | |
| 10 | forbidden_view_config | |
| 11 | ) | |
| 12 | ||
| 29d12c | 13 | from .security import ( |
| KY | 14 | USERS, |
| 15 | check_password | |
| 16 | ) | |
| b1b922 | 17 | |
| PE | 18 | |
| 19 | @view_defaults(renderer='home.pt') | |
| 20 | class TutorialViews: | |
| 21 | def __init__(self, request): | |
| 22 | self.request = request | |
| 675e0d | 23 | self.logged_in = request.authenticated_userid |
| b1b922 | 24 | |
| PE | 25 | @view_config(route_name='home') |
| 26 | def home(self): | |
| 27 | return {'name': 'Home View'} | |
| 28 | ||
| 29 | @view_config(route_name='hello', permission='edit') | |
| 30 | def hello(self): | |
| 31 | return {'name': 'Hello View'} | |
| 32 | ||
| 33 | @view_config(route_name='login', renderer='login.pt') | |
| 34 | @forbidden_view_config(renderer='login.pt') | |
| 35 | def login(self): | |
| 36 | request = self.request | |
| 37 | login_url = request.route_url('login') | |
| 38 | referrer = request.url | |
| 39 | if referrer == login_url: | |
| 40 | referrer = '/' # never use login form itself as came_from | |
| 41 | came_from = request.params.get('came_from', referrer) | |
| 42 | message = '' | |
| 43 | login = '' | |
| 44 | password = '' | |
| 45 | if 'form.submitted' in request.params: | |
| 46 | login = request.params['login'] | |
| 47 | password = request.params['password'] | |
| 73d5e6 | 48 | hashed_pw = USERS.get(login) |
| S | 49 | if hashed_pw and check_password(password, hashed_pw): |
| 0dcd56 | 50 | headers = remember(request, login) |
| CM | 51 | return HTTPFound(location=came_from, |
| 52 | headers=headers) | |
| b1b922 | 53 | message = 'Failed login' |
| PE | 54 | |
| 55 | return dict( | |
| 56 | name='Login', | |
| 57 | message=message, | |
| 58 | url=request.application_url + '/login', | |
| 59 | came_from=came_from, | |
| 60 | login=login, | |
| 61 | password=password, | |
| 62 | ) | |
| 63 | ||
| 64 | @view_config(route_name='logout') | |
| 65 | def logout(self): | |
| 66 | request = self.request | |
| 0dcd56 | 67 | headers = forget(request) |
| b1b922 | 68 | url = request.route_url('home') |
| 0dcd56 | 69 | return HTTPFound(location=url, |
| CM | 70 | headers=headers) |
