Fixes in login for the token
This commit is contained in:
Antonio de la Rosa
parent
8793f67b29
commit
02d6666ee6
7 changed files with 67 additions and 17 deletions
|
|
@ -144,7 +144,7 @@ class UserModel(WebModel):
|
|||
self.conditions=original_conditions
|
||||
|
||||
if error>0:
|
||||
self.sql_error+='Error:if is not expected, please, check that you disabled the special checkings of this model'
|
||||
self.query_error+='Error:if is not expected, please, check that you disabled the special checkings of this model'
|
||||
return False
|
||||
|
||||
return fields, values, update_values
|
||||
|
|
|
|||
|
|
@ -221,7 +221,11 @@ def login():
|
|||
|
||||
if arr_user==False:
|
||||
|
||||
return {'error': 1}
|
||||
s=get_session()
|
||||
|
||||
s['csrf_token']=create_key_encrypt()
|
||||
|
||||
return {'error': 1, 'csrf_token': s['csrf_token']}
|
||||
else:
|
||||
|
||||
num_tries=int(arr_user['num_tries'])
|
||||
|
|
@ -280,9 +284,17 @@ def login():
|
|||
|
||||
user_admin.update({'num_tries': arr_user['num_tries']+1})
|
||||
|
||||
return {'error': 1}
|
||||
s=get_session()
|
||||
|
||||
s['csrf_token']=create_key_encrypt()
|
||||
|
||||
return {'error': 1, 'csrf_token': s['csrf_token']}
|
||||
else:
|
||||
return {'error': 1}
|
||||
s=get_session()
|
||||
|
||||
s['csrf_token']=create_key_encrypt()
|
||||
|
||||
return {'error': 1, 'csrf_token': s['csrf_token']}
|
||||
|
||||
|
||||
@post('/'+config.admin_folder+'/register')
|
||||
|
|
@ -320,11 +332,17 @@ def register():
|
|||
|
||||
pass_values_to_form(getpostfiles.post, user_admin.forms, yes_error=True)
|
||||
|
||||
error={'error': 1}
|
||||
s=get_session()
|
||||
|
||||
for field in user_admin.fields.values():
|
||||
s['csrf_token']=create_key_encrypt()
|
||||
|
||||
error[field.name]=field.txt_error
|
||||
error={'error': 1, 'csrf_token': s['csrf_token']}
|
||||
|
||||
for field in user_admin.valid_fields:
|
||||
|
||||
error[field]=user_admin.forms[field].txt_error
|
||||
|
||||
error['repeat_password']=user_admin.forms['repeat_password'].txt_error
|
||||
|
||||
#error['password_repeat']=I18n.lang('common', 'password_no_match', 'Passwords doesn\'t match')
|
||||
|
||||
|
|
@ -395,7 +413,11 @@ def send_password():
|
|||
|
||||
if user_admin.fields['email'].error:
|
||||
|
||||
return {'email': user_admin.fields['email'].txt_error, 'error': 1}
|
||||
s=get_session()
|
||||
|
||||
s['csrf_token']=create_key_encrypt()
|
||||
|
||||
return {'email': user_admin.fields['email'].txt_error, 'error': 1, 'csrf_token': s['csrf_token']}
|
||||
|
||||
else:
|
||||
|
||||
|
|
@ -480,4 +502,8 @@ def check_code_token():
|
|||
|
||||
return {'token': 'Error: cannot send the maild with the new password', 'error': 0}
|
||||
|
||||
return {'token': 'Error: token is not valid', 'error': 1}
|
||||
s=get_session()
|
||||
|
||||
s['csrf_token']=create_key_encrypt()
|
||||
|
||||
return {'token': 'Error: token is not valid', 'error': 1, 'csrf_token': s['csrf_token']}
|
||||
|
|
|
|||
|
|
@ -36,6 +36,8 @@
|
|||
{
|
||||
//alert(JSON.stringify(data));
|
||||
//$('#result_register').html('Error');
|
||||
$('#csrf_token').attr('value', data.csrf_token);
|
||||
|
||||
$('#token_error').html(data.token);
|
||||
$('#loading').hide();
|
||||
$('#result_register').html('');
|
||||
|
|
@ -64,6 +66,7 @@
|
|||
<div class="form">
|
||||
<label>Put your email code</label>
|
||||
<input type="text" name="token" value="" id="token_form"/>
|
||||
${csrf_token()|n}
|
||||
<span class="error" id="token_error"></span>
|
||||
</div>
|
||||
<div id="result_register" class="form"></div>
|
||||
|
|
|
|||
|
|
@ -17,11 +17,13 @@
|
|||
|
||||
$('#loading').show();
|
||||
|
||||
data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $('#csrf_token').val()};
|
||||
//alert($("input[id=csrf_token]").val());
|
||||
|
||||
data_form={'username': $('#username_form').val(), 'password': $('#password_form').val(), 'csrf_token': $("input[id=csrf_token]").val()};
|
||||
|
||||
if($('#remember_login:checked').val())
|
||||
{
|
||||
alert('pepe');
|
||||
|
||||
data_form.remember_login=$('#remember_login').val();
|
||||
}
|
||||
|
||||
|
|
@ -41,6 +43,12 @@
|
|||
else
|
||||
{
|
||||
|
||||
//$('#csrf_token').val(data.csrf_token);
|
||||
|
||||
// Firefox have a horrible and stupid bug and you need attr for set de new csrf_token
|
||||
|
||||
$('#csrf_token').attr('value', data.csrf_token);
|
||||
|
||||
$('#loading').hide('slow');
|
||||
|
||||
$('#username_error').html("${lang('common', 'error_login', 'Error, wrong username or password')}");
|
||||
|
|
|
|||
|
|
@ -36,8 +36,11 @@
|
|||
{
|
||||
//alert(JSON.stringify(data));
|
||||
//$('#result_register').html('Error');
|
||||
$('#csrf_token').attr('value', data.csrf_token);
|
||||
$('#email_error').html(data.email);
|
||||
|
||||
$('#loading').hide();
|
||||
|
||||
}
|
||||
|
||||
});
|
||||
|
|
|
|||
|
|
@ -5,6 +5,8 @@
|
|||
|
||||
$("#register_submit").click( function () {
|
||||
|
||||
$('#loading').show();
|
||||
|
||||
$.ajax({
|
||||
url: "${make_url('admin/register')}",
|
||||
method: "POST",
|
||||
|
|
@ -18,8 +20,7 @@
|
|||
{
|
||||
|
||||
//$('#result_register').html('Done!. Redirecting...');
|
||||
$('#loading').show();
|
||||
|
||||
$('#loading').hide();
|
||||
window.location.href="${make_url('admin/login')}";
|
||||
|
||||
}
|
||||
|
|
@ -27,6 +28,11 @@
|
|||
{
|
||||
//alert(JSON.stringify(data));
|
||||
//$('#result_register').html('Error');
|
||||
|
||||
$('#loading').hide();
|
||||
|
||||
$('#csrf_token').attr('value', data.csrf_token);
|
||||
|
||||
$('#username_error').html(data.username);
|
||||
$('#email_error').html(data.email);
|
||||
$('#password_error').html(data.password);
|
||||
|
|
|
|||
|
|
@ -54,6 +54,7 @@ cookie_name = 'paramecio.session'
|
|||
|
||||
key_encrypt="im smoking fool"
|
||||
|
||||
"""
|
||||
session_opts = {
|
||||
#'session.domain': 'domain.com',
|
||||
'session.cookie_expires': True,
|
||||
|
|
@ -63,15 +64,18 @@ session_opts = {
|
|||
'session.key': cookie_name,
|
||||
'session.validate_key': key_encrypt
|
||||
}
|
||||
|
||||
"""
|
||||
|
||||
session_opts = {
|
||||
|
||||
'session.key': cookie_name,
|
||||
'session.type': 'file',
|
||||
'session.data_dir': './sessions',
|
||||
'session.auto': true
|
||||
'session.auto': True,
|
||||
'session.secret': key_encrypt,
|
||||
|
||||
}
|
||||
"""
|
||||
|
||||
|
||||
cache_session_opts = {
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue