-from pyramid.response import Response
-from pyramid.httpexceptions import HTTPForbidden, HTTPFound
-from pyramid.security import remember, forget
+from pyramid.httpexceptions import HTTPFound
+from pyramid.security import remember
from pyramid.session import check_csrf_token
-from pyramid_persona.views import verify_login
-from xonstat.models import *
+from xonstat.models import DBSession, Player
+
def forbidden(request):
'''A simple forbidden view. Does nothing more than set the status and then
def login(request):
# Verify the assertion and get the email of the user
- persona_email = verify_login(request)
+ # Short-circuit this to prevent anyone from logging in right now.
+ persona_email = None
# Check that the email exists in the players table
player_email = DBSession.query(Player).\
filter(Player.email_addr == persona_email).one()
- log.debug("Verified email address: %s" % persona_email)
- log.debug("Corresponding player is %s" % player_email)
+ #log.debug("Verified email address: %s" % persona_email)
+ #log.debug("Corresponding player is %s" % player_email)
if player_email is not None:
# Add the headers required to remember the user to the response
if request.params.has_key("csrf_token"):
# check the token to prevent request forgery
st = request.session.get_csrf_token()
- log.debug("Session token is %s" % st)
- log.debug("Request token is %s" % request.params.get('csrf_token'))
check_csrf_token(request)
if request.params.has_key("w_pid") and request.params.has_key("l_pid"):
s.commit()
+ request.session.flash(
+ "Successfully merged player %s into %s!" % (l_pid, w_pid),
+ "success")
+
except:
s.rollback()
+ request.session.flash(
+ "Could not merge player %s into %s." % (l_pid, w_pid),
+ "failure")
+
return {}