almet/ihatemoney
1
0
Fork 0
mirror of https://github.com/spiral-project/ihatemoney.git synced 2025-04-29 01:42:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Put back the old version of authenticate.

Browse source 
(Fred, is there a reason why you're using form.id.validate()? Doesn't seem to be defined in here.

Also properly deletes the session using session.clear rather than session = None.
As session is an observable object, if it is updated to None, the session will *not* be invalided at the end of the request. Instead, you have to call clear() which will clear its members so the cookie will be updated accordingly at the end of the request.
This commit is contained in:
Alexis Metaireau 2011-07-30 01:32:55 +02:00
parent 0fc95cefb4
commit ab305ccbc6
1 changed files with 20 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
budget/web.py
View file

@ -18,28 +18,26 @@ def home():
def authenticate(redirect_url=None): def authenticate(redirect_url=None):
form = AuthenticationForm() form = AuthenticationForm()
if form.id.validate(): project_id = form.id.data
project_id = form.id.data
redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
project = Project.query.get(project_id)
if not project:
return redirect(url_for("create_project", project_id=project_id))
# if credentials are already in session, redirect redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
if project_id in session and project.password == session[project_id]: project = Project.query.get(project_id)
return redirect(redirect_url) if not project:
return redirect(url_for("create_project", project_id=project_id))
# else process the form # if credentials are already in session, redirect
if request.method == "POST": if project_id in session and project.password == session[project_id]:
if form.validate(): return redirect(redirect_url)
if not form.password.data == project.password:
form.errors['password'] = ["The password is not the right one"] # else process the form
else: if request.method == "POST":
session[project_id] = form.password.data if form.validate():
session.update() if not form.password.data == project.password:
return redirect(redirect_url) form.errors['password'] = ["The password is not the right one"]
else:
session[project_id] = form.password.data
session.update()
return redirect(redirect_url)
return render_template("authenticate.html", form=form) return render_template("authenticate.html", form=form)
@ -68,8 +66,8 @@ def create_project():
@app.route("/quit") @app.route("/quit")
def quit(): def quit():
# delete the session # delete the session
session = None session.clear()
return redirect( url_for("home") ) return redirect(url_for("home"))
@app.route("/<string:project_id>/invite") @app.route("/<string:project_id>/invite")
@requires_auth @requires_auth