user.username = register_form.data['username']
user.email = register_form.data['email']
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
- request.form['password'])
+ register_form.password.data)
user.verification_key = unicode(uuid.uuid4())
user.save()
if login_form.validate():
user = User.query.filter_by(username=login_form.data['username']).first()
- if user and user.check_login(request.form['password']):
+ if user and user.check_login(login_form.password.data):
# set up login in session
request.session['user_id'] = unicode(user.id)
request.session.save()
# has been sanitized. Store if a user was found by email. We should
# not reveal if the operation was successful then as we don't want to
# leak if an email address exists in the system.
- found_by_email = '@' in request.form['username']
+ found_by_email = '@' in fp_form.username.data
if found_by_email:
user = User.query.filter_by(
- email = request.form['username']).first()
+ email = fp_form.username.data).first()
# Don't reveal success in case the lookup happened by email address.
success_message=_("If that email address (case sensitive!) is "
"registered an email has been sent with instructions "
else: # found by username
user = User.query.filter_by(
- username = request.form['username']).first()
+ username = fp_form.username.data).first()
if user is None:
messages.add_message(request,
if request.method == 'POST' and cp_form.validate():
user.pw_hash = auth_lib.bcrypt_gen_password_hash(
- request.form['password'])
+ cp_form.password.data)
user.fp_verification_key = None
user.fp_token_expire = None
user.save()
projects / mediagoblin.git / commitdiff