added forbidden_view_config on login.jinja2

2022-12-09 10:53:57 +01:00
parent 85c60cc561
commit fe69670f19
8 changed files with 105 additions and 13 deletions
--- a/cao_blogr/alembic/env.py
+++ b/cao_blogr/alembic/env.py
@@ -3,7 +3,7 @@ from alembic import context
 from pyramid.paster import get_appsettings, setup_logging
 from sqlalchemy import engine_from_config

-from pyramid_blogr.models.meta import Base
+from cao_blogr.models.meta import Base

 config = context.config

--- a/cao_blogr/alembic/versions/20221208_7cfe6f79c819.py
+++ b/cao_blogr/alembic/versions/20221208_7cfe6f79c819.py
@@ -0,0 +1,28 @@
+"""init
+
+Revision ID: 7cfe6f79c819
+Revises: b6095fa68edc
+Create Date: 2022-12-08 16:30:41.529957
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '7cfe6f79c819'
+down_revision = 'b6095fa68edc'
+branch_labels = None
+depends_on = None
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('users', sa.Column('groups', sa.Unicode(), nullable=True))
+    op.drop_column('users', 'group')
+    # ### end Alembic commands ###
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('users', sa.Column('group', sa.VARCHAR(), nullable=True))
+    op.drop_column('users', 'groups')
+    # ### end Alembic commands ###
--- a/cao_blogr/alembic/versions/20221208_86d2844ace15.py
+++ b/cao_blogr/alembic/versions/20221208_86d2844ace15.py
@@ -0,0 +1,26 @@
+"""init
+
+Revision ID: 86d2844ace15
+Revises: bbacde35234d
+Create Date: 2022-12-08 15:53:57.291157
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '86d2844ace15'
+down_revision = 'bbacde35234d'
+branch_labels = None
+depends_on = None
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('users', sa.Column('group', sa.Unicode(), nullable=True))
+    # ### end Alembic commands ###
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('users', 'group')
+    # ### end Alembic commands ###
--- a/cao_blogr/alembic/versions/20221208_b6095fa68edc.py
+++ b/cao_blogr/alembic/versions/20221208_b6095fa68edc.py
@@ -0,0 +1,26 @@
+"""init
+
+Revision ID: b6095fa68edc
+Revises: 86d2844ace15
+Create Date: 2022-12-08 16:22:49.206993
+
+"""
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'b6095fa68edc'
+down_revision = '86d2844ace15'
+branch_labels = None
+depends_on = None
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    pass
+    # ### end Alembic commands ###
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    pass
+    # ### end Alembic commands ###
--- a/cao_blogr/templates/login.jinja2
+++ b/cao_blogr/templates/login.jinja2
@@ -5,7 +5,7 @@
 <div class="row">
 	<div class="col-md-offset-4 col-md-5 well">

-    <form action="{{request.route_url('login')}}" method="post">
+    <form action="{{ login_url }}" method="post">
        <h2>Se connecter</h2>
        <div class="form-group">
            <input type="text" name="username" class="form-control" placeholder="Identifiant">
--- a/cao_blogr/views/default.py
+++ b/cao_blogr/views/default.py
@@ -1,4 +1,7 @@
-from pyramid.view import view_config
+from pyramid.view import (
+    view_config,
+    forbidden_view_config,
+)
 from pyramid.httpexceptions import HTTPFound
 from pyramid.security import remember, forget
 from ..services.user import UserService
@@ -27,23 +30,33 @@ def apropos(request):
        }


-@view_config(route_name='login',
-             renderer='cao_blogr:templates/login.jinja2')
+@view_config(route_name='login', renderer='cao_blogr:templates/login.jinja2')
+@forbidden_view_config(renderer='cao_blogr:templates/login.jinja2')
 def login(request):
-    username = request.POST.get('username')
+    username = ''
+    login_url = request.route_url('login')
+
+    referrer = request.url
+    if referrer == login_url:
+        referrer = '/' # never use the login form itself as came_from
    
+    came_from = request.params.get('came_from', referrer)
+    username = request.POST.get('username')
+    userpwd = request.POST.get('password')
    if username:
        user = UserService.by_name(request, username)
-        if user and user.verify_password(request.POST.get('password')):
-            headers = remember(request, user.name)
+        if user and user.verify_password(userpwd):
+            headers = remember(request, username)
            request.session.flash("Bienvenue %s !" % username, 'success')
-            return HTTPFound(location=request.route_url('home'), headers=headers)
+            return HTTPFound(location=came_from, headers=headers)
        else:
            headers = forget(request)
            request.session.flash("Login et mot de passe invalides. La connexion a échoué.", "danger")

    return {
        'page_title': "",
+        'came_from': came_from,
+        'login_url': login_url,
        }


@@ -54,8 +67,7 @@ def logout(request):
    return HTTPFound(location=request.route_url('home'), headers=headers)


-@view_config(route_name='users',
-             renderer='cao_blogr:templates/users.jinja2', permission='manage')
+@view_config(route_name='users', renderer='cao_blogr:templates/users.jinja2', permission='manage')
 def users(request):
    # get all users
    users = UserService.all(request)