1 from pyramid.response import Response
2 from pyramid.httpexceptions import HTTPForbidden, HTTPFound
3 from pyramid.security import remember, forget
4 from pyramid.session import check_csrf_token
5 from pyramid_persona.views import verify_login
6 from xonstat.models import *
8 def forbidden(request):
9 '''A simple forbidden view. Does nothing more than set the status and then
10 gets the heck out of dodge. The forbidden.mako template does the work.'''
11 request.response.status = 403
15 # Verify the assertion and get the email of the user
16 persona_email = verify_login(request)
18 # Check that the email exists in the players table
19 player_email = DBSession.query(Player).\
20 filter(Player.email_addr == persona_email).one()
22 log.debug("Verified email address: %s" % persona_email)
23 log.debug("Corresponding player is %s" % player_email)
25 if player_email is not None:
26 # Add the headers required to remember the user to the response
27 request.response.headers.extend(remember(request, persona_email))
29 url = request.route_url("forbidden")
30 return HTTPFound(location=url)
32 # Return a json message containing the address or path to redirect to.
33 return {'redirect': request.POST['came_from'], 'success': True}
37 '''A simple merge view. The merge.mako template does the work.'''
40 # only do a merge if we have all of the required data
41 if request.params.has_key("csrf_token"):
42 # check the token to prevent request forgery
43 st = request.session.get_csrf_token()
44 log.debug("Session token is %s" % st)
45 log.debug("Request token is %s" % request.params.get('csrf_token'))
46 check_csrf_token(request)
48 if request.params.has_key("w_pid") and request.params.has_key("l_pid"):
49 w_pid = request.params.get("w_pid")
50 l_pid = request.params.get("l_pid")
52 # do the merge, hope for the best!
54 s.execute("select merge_players(:w_pid, :l_pid)",
55 {"w_pid": w_pid, "l_pid": l_pid})
projects / xonotic / xonstat.git / blob