added forbidden_view_config on login.jinja2

cao_blogr/views/default.py

@@ -1,4 +1,7 @@
-from pyramid.view import view_config
+from pyramid.view import (
+    view_config,
+    forbidden_view_config,
+)
 from pyramid.httpexceptions import HTTPFound
 from pyramid.security import remember, forget
 from ..services.user import UserService
@@ -27,23 +30,33 @@ def apropos(request):
         }
 
 
-@view_config(route_name='login',
-             renderer='cao_blogr:templates/login.jinja2')
+@view_config(route_name='login', renderer='cao_blogr:templates/login.jinja2')
+@forbidden_view_config(renderer='cao_blogr:templates/login.jinja2')
 def login(request):
-    username = request.POST.get('username')
+    username = ''
+    login_url = request.route_url('login')
+
+    referrer = request.url
+    if referrer == login_url:
+        referrer = '/' # never use the login form itself as came_from
     
+    came_from = request.params.get('came_from', referrer)
+    username = request.POST.get('username')
+    userpwd = request.POST.get('password')
     if username:
         user = UserService.by_name(request, username)
-        if user and user.verify_password(request.POST.get('password')):
-            headers = remember(request, user.name)
+        if user and user.verify_password(userpwd):
+            headers = remember(request, username)
             request.session.flash("Bienvenue %s !" % username, 'success')
-            return HTTPFound(location=request.route_url('home'), headers=headers)
+            return HTTPFound(location=came_from, headers=headers)
         else:
             headers = forget(request)
             request.session.flash("Login et mot de passe invalides. La connexion a échoué.", "danger")
 
     return {
         'page_title': "",
+        'came_from': came_from,
+        'login_url': login_url,
         }
 
 
@@ -54,8 +67,7 @@ def logout(request):
     return HTTPFound(location=request.route_url('home'), headers=headers)
 
 
-@view_config(route_name='users',
-             renderer='cao_blogr:templates/users.jinja2', permission='manage')
+@view_config(route_name='users', renderer='cao_blogr:templates/users.jinja2', permission='manage')
 def users(request):
     # get all users
     users = UserService.all(request)