return score >= 50
+ def auth(self, username, password):
+ # Find account
+ account = self.backend.accounts.find_account(username)
+
+ # Check credentials
+ if account and account.check_password(password):
+ return account
+
# Registration
def register(self, uid, email, first_name, last_name):
class AuthenticationMixin(CacheMixin):
- def authenticate(self, username, password):
- # Find account
- account = self.backend.accounts.find_account(username)
- if not account:
- raise tornado.web.HTTPError(401, "Unknown user: %s" % username)
-
- # Check credentials
- if not account.check_password(password):
- raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
-
- return self.login(account)
-
def login(self, account):
# User has logged in, create a session
session_id, session_expires = self.backend.accounts.create_session(
username = self.get_argument("username")
password = self.get_argument("password")
+ # Find user
+ account = self.backend.accounts.auth(username, password)
+ if not account:
+ raise tornado.web.HTTPError(401, "Unknown user or invalid password: %s" % username)
+
+ # Create session
with self.db.transaction():
- self.authenticate(username, password)
+ self.login(account)
# Determine the page we should redirect to
next = self.get_argument("next", None)
params = self._get_discourse_params()
# Redirect back if user is already logged in
- if self.current_user:
- return self._redirect_user_to_discourse(self.current_user, **params)
+ #if self.current_user:
+ # return self._redirect_user_to_discourse(self.current_user, **params)
# Otherwise the user needs to authenticate
- # XXX
- raise tornado.web.HTTPError(401)
+ self.render("auth/login.html", next=None)
+
+ @base.ratelimit(minutes=24*60, requests=100)
+ def post(self):
+ params = self._get_discourse_params()
+
+ # Get credentials
+ username = self.get_argument("username")
+ password = self.get_argument("password")
+
+ # Check credentials
+ account = self.accounts.auth(username, password)
+ if not account:
+ raise tornado.web.HTTPError(401, "Unknown user or invalid password: %s" % username)
+
+ # If the user has been authenticated, we will redirect to Discourse
+ self._redirect_user_to_discourse(account, **params)
class NewAccountsModule(ui_modules.UIModule):
projects / ipfire.org.git / commitdiff
