Put back the old version of authenticate.

(Fred, is there a reason why you're using form.id.validate()? Doesn't seem to be defined in here. Also properly deletes the session using session.clear rather than session = None. As session is an observable object, if it is updated to None, the session will *not* be invalided at the end of the request. Instead, you have to call clear() which will clear its members so the cookie will be updated accordingly at the end of the request.
2024-09-03 19:26:15 +02:00 · 2011-07-30 01:32:55 +02:00 · 2011-07-30 01:32:55 +02:00 · ab305ccbc6
commit ab305ccbc6
parent 0fc95cefb4
1 changed files with 20 additions and 22 deletions
--- a/budget/web.py
+++ b/budget/web.py
@ -18,28 +18,26 @@ def home():
 def authenticate(redirect_url=None):
    form = AuthenticationForm()
    
-    if form.id.validate():
-    
-        project_id = form.id.data
-    
-        redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
-        project = Project.query.get(project_id)
-        if not project:
-            return redirect(url_for("create_project", project_id=project_id))
+    project_id = form.id.data

-        # if credentials are already in session, redirect
-        if project_id in session and project.password == session[project_id]:
-            return redirect(redirect_url)
+    redirect_url = redirect_url or url_for("list_bills", project_id=project_id)
+    project = Project.query.get(project_id)
+    if not project:
+        return redirect(url_for("create_project", project_id=project_id))

-        # else process the form
-        if request.method == "POST":
-            if form.validate():
-                if not form.password.data == project.password:
-                    form.errors['password'] = ["The password is not the right one"]
-                else:
-                    session[project_id] = form.password.data
-                    session.update()
-                    return redirect(redirect_url)
+    # if credentials are already in session, redirect
+    if project_id in session and project.password == session[project_id]:
+        return redirect(redirect_url)
+
+    # else process the form
+    if request.method == "POST":
+        if form.validate():
+            if not form.password.data == project.password:
+                form.errors['password'] = ["The password is not the right one"]
+            else:
+                session[project_id] = form.password.data
+                session.update()
+                return redirect(redirect_url)

    return render_template("authenticate.html", form=form)

@ -68,8 +66,8 @@ def create_project():
@app.route("/quit")
 def quit():
    # delete the session
-    session = None
-    return redirect( url_for("home") )
+    session.clear()
+    return redirect(url_for("home"))

@app.route("/<string:project_id>/invite")
@requires_auth