Code update. Some problems with CSRF token on Chromium...

1 files changed, 13 insertions, 44 deletions

diff --git a/src/web/views/session_mgmt.py b/src/web/views/session_mgmt.py
index f1b16927..65be856c 100644
--- a/src/web/views/session_mgmt.py
+++ b/src/web/views/session_mgmt.py
@@ -1,10 +1,7 @@
-#! /usr/bin/env python
-# -*- coding: utf-8 -*-
-
 import json
-import datetime
 import logging
 
+from werkzeug.exceptions import NotFound
 from flask import (render_template, flash, session, request,
                    url_for, redirect, current_app)
 from flask.ext.babel import gettext
@@ -13,8 +10,6 @@ from flask.ext.login import LoginManager, logout_user, \
 from flask.ext.principal import (Principal, AnonymousIdentity, UserNeed,
                                  identity_changed, identity_loaded,
                                  session_identity_loader)
-from werkzeug import generate_password_hash
-from sqlalchemy.exc import IntegrityError
 
 import conf
 from web.views.common import admin_role, api_role, login_user_bundle
@@ -41,20 +36,15 @@ def on_identity_loaded(sender, identity):
         identity.provides.add(UserNeed(current_user.id))
         if current_user.is_admin:
             identity.provides.add(admin_role)
-        #if current_user.is_api:
-            #identity.provides.add(api_role)
+        if current_user.is_api:
+            identity.provides.add(api_role)
+
 
 @login_manager.user_loader
-def load_user(id):
-    # Return an instance of the User model
-    return UserController().get(id=id)
+def load_user(user_id):
+    return UserController(user_id, ignore_context=True).get(
+            id=user_id, is_active=True)
 
-"""@current_app.before_request
-def before_request():
-    if current_user.is_authenticated:
-        current_user.last_seen = datetime.datetime.utcnow()
-        db.session.add(current_user)
-        db.session.commit()"""
 
 @current_app.route('/login', methods=['GET', 'POST'])
 def login():
@@ -66,6 +56,7 @@ def login():
         return form.redirect('home')
     return render_template('login.html', form=form)
 
+
 @current_app.route('/logout')
 @login_required
 def logout():
@@ -82,42 +73,20 @@ def logout():
 
     return redirect(url_for('login'))
 
+
 @current_app.route('/signup', methods=['GET', 'POST'])
 def signup():
-    """
-    Signup page.
-    """
     if not conf.SELF_REGISTRATION:
         flash(gettext("Self-registration is disabled."), 'warning')
         return redirect(url_for('home'))
-    if current_user is not None and current_user.is_authenticated:
+    if current_user.is_authenticated:
         return redirect(url_for('home'))
 
     form = SignupForm()
-
     if form.validate_on_submit():
-        role_user = Role.query.filter(Role.name == "user").first()
-        user = User(nickname=form.nickname.data,
-                    email=form.email.data,
-                    pwdhash=generate_password_hash(form.password.data))
-        user.roles = [role_user]
-        db.session.add(user)
-        try:
-            db.session.commit()
-        except IntegrityError:
-            flash(gettext('Email already used.'), 'warning')
-            return render_template('signup.html', form=form)
-
-        # Send the confirmation email
-        try:
-            notifications.new_account_notification(user)
-        except Exception as error:
-            flash(gettext('Problem while sending activation email: %(error)s',
-                          error=error), 'danger')
-            return redirect(url_for('home'))
-
-        flash(gettext('Your account has been created. '
-                      'Check your mail to confirm it.'), 'success')
+        user = UserController().create(login=form.login.data,
+                email=form.email.data, password=form.password.data)
+        login_user_bundle(user)
         return redirect(url_for('home'))
 
     return render_template('signup.html', form=form)