import logging
import tornado.web
-from . import handlers_base as base
+from . import base
-class AuthenticationMixin(object):
- def login(self, username, password):
+class CacheMixin(object):
+ def prepare(self):
+ # Mark this as private when someone is logged in
+ if self.current_user:
+ self.add_header("Cache-Control", "private")
+
+ self.add_header("Vary", "Cookie")
+
+
+class AuthenticationMixin(CacheMixin):
+ def authenticate(self, username, password):
# Find account
account = self.backend.accounts.find_account(username)
if not account:
if not account.check_password(password):
raise tornado.web.HTTPError(401, "Invalid password for %s" % account)
+ return self.login(account)
+
+ def login(self, account):
# User has logged in, create a session
session_id, session_expires = self.backend.accounts.create_session(
account, self.request.host)
self.clear_cookie("session_id")
-
class LoginHandler(AuthenticationMixin, base.BaseHandler):
+ @base.blacklisted
def get(self):
next = self.get_argument("next", None)
self.render("auth/login.html", next=next)
+ @base.blacklisted
def post(self):
username = self.get_argument("username")
password = self.get_argument("password")
with self.db.transaction():
- self.login(username, password)
+ self.authenticate(username, password)
# Determine the page we should redirect to
next = self.get_argument("next", None)
# Get back to the start page
self.redirect("/")
+
+
+class RegisterHandler(base.BaseHandler):
+ @base.blacklisted
+ def get(self):
+ # Redirect logged in users away
+ if self.current_user:
+ self.redirect("/")
+
+ self.render("auth/register.html")
+
+ @base.blacklisted
+ def post(self):
+ uid = self.get_argument("uid")
+ email = self.get_argument("email")
+
+ first_name = self.get_argument("first_name")
+ last_name = self.get_argument("last_name")
+
+ # Register account
+ try:
+ with self.db.transaction():
+ self.backend.accounts.register(uid, email,
+ first_name=first_name, last_name=last_name)
+ except ValueError as e:
+ raise tornado.web.HTTPError(400) from e
+
+ self.render("auth/register-success.html")
+
+
+class ActivateHandler(AuthenticationMixin, base.BaseHandler):
+ def get(self, uid, activation_code):
+ self.render("auth/activate.html")
+
+ def post(self, uid, activation_code):
+ password1 = self.get_argument("password1")
+ password2 = self.get_argument("password2")
+
+ if not password1 == password2:
+ raise tornado.web.HTTPError(400, "Passwords do not match")
+
+ with self.db.transaction():
+ account = self.backend.accounts.activate(uid, activation_code)
+ if not account:
+ raise tornado.web.HTTPError(400, "Account not found: %s" % uid)
+
+ # Set the new password
+ account.passwd(password1)
+
+ # Create session
+ self.login(account)
+
+ # Redirect to success page
+ self.render("auth/activated.html", account=account)