diff options
| author | Alexis Metaireau <alexis@notmyidea.org> | 2011-07-30 01:32:55 +0200 |
|---|---|---|
| committer | Alexis Metaireau <alexis@notmyidea.org> | 2011-07-30 01:32:55 +0200 |
| commit | ab305ccbc6abf3aa990832da4f5161c813860e5c (patch) | |
| tree | fc841394e5c11470de7ca4027f402e40cf8b00a2 /budget | |
| parent | 0fc95cefb4ebf39f93a71932862d72aad16c73f6 (diff) | |
| download | ihatemoney-mirror-ab305ccbc6abf3aa990832da4f5161c813860e5c.zip ihatemoney-mirror-ab305ccbc6abf3aa990832da4f5161c813860e5c.tar.gz ihatemoney-mirror-ab305ccbc6abf3aa990832da4f5161c813860e5c.tar.bz2 | |
Put back the old version of authenticate.
(Fred, is there a reason why you're using form.id.validate()? Doesn't seem to be defined in here.
Also properly deletes the session using session.clear rather than session = None.
As session is an observable object, if it is updated to None, the session will *not* be invalided at the end of the request. Instead, you have to call clear() which will clear its members so the cookie will be updated accordingly at the end of the request.
Diffstat (limited to 'budget')
| -rw-r--r-- | budget/web.py | 46 |
1 files changed, 22 insertions, 24 deletions
diff --git a/budget/web.py b/budget/web.py index f8ede3c..0f5a28b 100644 --- a/budget/web.py +++ b/budget/web.py @@ -18,28 +18,26 @@ def home(): def authenticate(redirect_url=None): form = AuthenticationForm() - if form.id.validate(): - - project_id = form.id.data - - redirect_url = redirect_url or url_for("list_bills", project_id=project_id) - project = Project.query.get(project_id) - if not project: - return redirect(url_for("create_project", project_id=project_id)) - - # if credentials are already in session, redirect - if project_id in session and project.password == session[project_id]: - return redirect(redirect_url) - - # else process the form - if request.method == "POST": - if form.validate(): - if not form.password.data == project.password: - form.errors['password'] = ["The password is not the right one"] - else: - session[project_id] = form.password.data - session.update() - return redirect(redirect_url) + project_id = form.id.data + + redirect_url = redirect_url or url_for("list_bills", project_id=project_id) + project = Project.query.get(project_id) + if not project: + return redirect(url_for("create_project", project_id=project_id)) + + # if credentials are already in session, redirect + if project_id in session and project.password == session[project_id]: + return redirect(redirect_url) + + # else process the form + if request.method == "POST": + if form.validate(): + if not form.password.data == project.password: + form.errors['password'] = ["The password is not the right one"] + else: + session[project_id] = form.password.data + session.update() + return redirect(redirect_url) return render_template("authenticate.html", form=form) @@ -68,8 +66,8 @@ def create_project(): @app.route("/quit") def quit(): # delete the session - session = None - return redirect( url_for("home") ) + session.clear() + return redirect(url_for("home")) @app.route("/<string:project_id>/invite") @requires_auth |