added basic user login / logout

ordr2/resources/__init__.py

@@ -10,9 +10,9 @@ class Root(BaseResource):
     __name__ = None
     __parent__ = None
 
-    _nodes = [
+    _nodes = {
         'account': Account
-        ]
+        }
 
     def __init__(self, request):
         self._request = request

ordr2/scripts/initializedb.py

@@ -49,3 +49,4 @@ def main(argv=sys.argv):
             role=Role.ADMIN
             )
         model.set_password('holgi')
+        dbsession.add(model)

ordr2/static/css/style.css

@@ -566,7 +566,7 @@ hgroup .info {
 	line-height: 24px;
 }
 
-.account.login_failed h1 {
+.account.login h1 {
 	border-bottom: 1px solid #EEEEEE;
 	font-family: 'Anton',sans-serif;
 	font-size: 50px;

ordr2/templates/account/login.jinja2

@@ -0,0 +1,36 @@
+{% extends "ordr2:templates/layout.jinja2" %}
+
+{% block subtitle %} Login {% endblock subtitle %}
+
+{% block content %}
+<div class="container">
+	<div class="row">
+		<div class="span6 offset3">
+			<h1>Log in</h1>
+			<?php echo $this->session->flashdata('message'); ?>
+		</div>
+	</div>
+	<div class="row">
+		<div class="span6 offset3">
+		    <form action="{{request.resource_url(request.root, 'account', 'login')}}" method="post" class="form-horizontal">
+                <fieldset class="control-group">
+                      <label for="input01" class="control-label">Username</label>
+                      <div class="controls">
+                        <input type="text" name="username" class="span3" size="30">
+                      </div>
+                </fieldset>
+                <fieldset class="control-group">
+                      <label for="password" class="control-label">Password</label>
+                      <div class="controls">
+                        <input type="password" name="password" class="span3" size="30">
+                      </div>
+                </fieldset>
+                <fieldset class="form-actions">
+                  <input type="hidden" name="csrf_token" value="{{get_csrf_token()}}">
+                  <button class="btn primary large" type="submit">Log in</button>
+                </fieldset>
+            </form>
+		</div>
+	</div>
+</div>
+{% endblock content %}

ordr2/templates/layout.jinja2

@@ -34,13 +34,13 @@
                 </ul>
                 <ul class="nav pull-right">
                     <li class="dropdown" id="user-options">
-                        <a data-toggle="dropdown" class="dropdown-toggle" href="#">Logged in as <span class="user-name">{{request.user.username}}</span></a>
+                        <a data-toggle="dropdown" class="dropdown-toggle" href="#">Logged in as <span class="user-name">{{request.user.user_name}}</span></a>
                         <ul class="dropdown-menu">
                           <li><a href="{{request.resource_url(request.root, 'account', 'settings')}}">Settings</a></li>
                           <li><a href="#">Help</a></li>
                           <li><a href="https://git.cpi.imtek.uni-freiburg.de/holgi/ordr2/issues">Submit an Issue</a></li>
                           <li class="divider"></li>
-                          <li><a href="{{request.resource_url(request.root, 'account', 'logout')}}">Settings</a></li>
+                          <li><a href="{{request.resource_url(request.root, 'account', 'logout')}}">Logout</a></li>
                         </ul>
                     </li>
                 </ul>
@@ -51,7 +51,6 @@
                 </ul>
                 <form action="{{request.resource_url(request.root, 'account', 'login')}}" method="post" class="navbar-form pull-right">
                   <input type="hidden" name="csrf_token" value="{{get_csrf_token()}}">
-                  <input type="hidden" name="redirect" value="{{request.url}}" />
                   <input name="username" type="text" placeholder="Username" class="input-small">
                   <input name="password" type="password" placeholder="Password" class="input-small">
                   <button type="submit" class="btn">Log in</button>

ordr2/views/account.py

@@ -0,0 +1,60 @@
+from pyramid.httpexceptions import HTTPFound
+from pyramid.renderers import render
+from pyramid.security import remember, forget
+from pyramid.view import view_config
+
+from ordr2.models import User
+
+# user log in and log out
+
+@view_config(
+    context='ordr2:resources.Account',
+    name='login',
+    permission='login',
+    request_method='GET',
+    renderer='ordr2:templates/account/login.jinja2')
+def login_form(context, request):
+    ''' display a login form '''
+    return {}
+
+
+@view_config(
+    context='ordr2:resources.Account',
+    name='login',
+    permission='login',
+    request_method='POST')
+def login(context, request):
+    ''' loging in a user '''
+    username = request.POST.get('username')
+    password = request.POST.get('password')
+
+    # Form validation is not done for login forms,
+    # either the data represents a user or not.
+    user = request.dbsession.query(User).filter_by(user_name=username).first()
+    if user is not None:
+        if user.is_active and user.check_password(password):
+            headers = remember(request, user.id)
+            return HTTPFound(
+                request.resource_path(request.root, 'orders'),
+                headers=headers
+                )
+
+    #request.session.flash(MSG_LOGIN_ERROR.format(url), 'error')
+    return HTTPFound(request.resource_path(context, 'login'))
+
+
+@view_config(
+    context='ordr2:resources.Account',
+    name='logout',
+    permission='logout'
+    )
+def logout(context, request):
+    ''' logout of a user '''
+    if request.user:
+        pass
+        # request.session.flash(MSG_LOGOUT, 'success')
+    headers = forget(request)
+    return HTTPFound(
+        request.resource_path(request.root, 'about'),
+        headers=headers
+        )