heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Use WTForms data field in auth/views.py

Browse Source
This commit is contained in:
Hans Lo 2013-03-28 04:13:23 -04:00
parent dfa6994d4d
commit 9d140cb842
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
mediagoblin/auth/views.py
View File

@ -78,7 +78,7 @@ def register(request):
user.username = register_form.data['username'] user.username = register_form.data['username']
user.email = register_form.data['email'] user.email = register_form.data['email']
user.pw_hash = auth_lib.bcrypt_gen_password_hash( user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.form['password']) register_form.password.data)
user.verification_key = unicode(uuid.uuid4()) user.verification_key = unicode(uuid.uuid4())
user.save() user.save()
@ -116,7 +116,7 @@ def login(request):
if login_form.validate(): if login_form.validate():
user = User.query.filter_by(username=login_form.data['username']).first() user = User.query.filter_by(username=login_form.data['username']).first()
if user and user.check_login(request.form['password']): if user and user.check_login(login_form.password.data):
# set up login in session # set up login in session
request.session['user_id'] = unicode(user.id) request.session['user_id'] = unicode(user.id)
request.session.save() request.session.save()
@ -241,11 +241,11 @@ def forgot_password(request):
# has been sanitized. Store if a user was found by email. We should # has been sanitized. Store if a user was found by email. We should
# not reveal if the operation was successful then as we don't want to # not reveal if the operation was successful then as we don't want to
# leak if an email address exists in the system. # leak if an email address exists in the system.
found_by_email = '@' in request.form['username'] found_by_email = '@' in fp_form.username.data
if found_by_email: if found_by_email:
user = User.query.filter_by( user = User.query.filter_by(
email = request.form['username']).first() email = fp_form.username.data).first()
# Don't reveal success in case the lookup happened by email address. # Don't reveal success in case the lookup happened by email address.
success_message=_("If that email address (case sensitive!) is " success_message=_("If that email address (case sensitive!) is "
"registered an email has been sent with instructions " "registered an email has been sent with instructions "
@ -253,7 +253,7 @@ def forgot_password(request):
else: # found by username else: # found by username
user = User.query.filter_by( user = User.query.filter_by(
username = request.form['username']).first() username = fp_form.username.data).first()
if user is None: if user is None:
messages.add_message(request, messages.add_message(request,
@ -317,7 +317,7 @@ def verify_forgot_password(request):
if request.method == 'POST' and cp_form.validate(): if request.method == 'POST' and cp_form.validate():
user.pw_hash = auth_lib.bcrypt_gen_password_hash( user.pw_hash = auth_lib.bcrypt_gen_password_hash(
request.form['password']) cp_form.password.data)
user.fp_verification_key = None user.fp_verification_key = None
user.fp_token_expire = None user.fp_token_expire = None
user.save() user.save()