this is what i added in tools.py inside auth class, this is just
modification of login() function and difference from main login_bare is
this one also check, creates and logs in users which authenticated with
other authentication methods.
def ajax_login_bare(self, username, password):
"""
check user login and
return tuple of (boolean,msg) which first field is successfull
login or not
and second is failure massage
"""
request = current.request
session = current.session
table_user = self.settings.table_user
if self.settings.login_userfield:
userfield = self.settings.login_userfield
elif 'username' in table_user.fields:
userfield = 'username'
else:
userfield = 'email'
passfield = self.settings.password_field
key =
{userfield:request.vars[userfield],passfield:request.vars[passfield]}
user = self.db(table_user[userfield] ==
request.vars[userfield]).select().first()
if user:
# user in db, check if registration pending or disabled
temp_user = user
if temp_user.registration_key == 'pending':
return (False,self.messages.registration_pending)
elif temp_user.registration_key in ('disabled', 'blocked'):
return (False,self.messages.login_disabled)
elif not temp_user.registration_key is None and
temp_user.registration_key.strip():
return (False,self.messages.registration_verifying)
# try alternate logins 1st as these have the
# current version of the password
user = None
for login_method in self.settings.login_methods:
if login_method != self and
login_method(request.vars[userfield],request.vars[passfield]):
if not self in self.settings.login_methods:
# do not store password in db
request.vars[passfield] = None
user = self.get_or_create_user(key)
break
if not user:
# alternates have failed, maybe because service inaccessible
if self.settings.login_methods[0] == self:
# try logging in locally using cached credentials
if request.vars.get(passfield, '') ==
temp_user[passfield]:
# success
user = temp_user
else:
# user not in db
if not self.settings.alternate_requires_registration:
# we're allowed to auto-register users from external systems
for login_method in self.settings.login_methods:
if login_method != self and
login_method(request.vars[userfield],request.vars[passfield]):
if not self in self.settings.login_methods:
# do not store password in db
key[passfield] = None
user = self.get_or_create_user(key)
break
if not user:
self.log_event(self.messages.login_failed_log,request.post_vars)
return (False,self.messages.invalid_login)
else:
user = Row(table_user._filter_fields(user, id=True))
# process authenticated users
# user wants to be logged in for longer
self.login_user(user)
session.auth.expiration = \
request.vars.get('remember', False) and \
self.settings.long_expiration or \
self.settings.expiration
session.auth.remember = 'remember' in request.vars
self.log_event(self.messages.login_log, user)
return (True,self.messages.logged_in)
--
---
You received this message because you are subscribed to the Google Groups
"web2py-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to web2py+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
