48
48
# We are already logged in. Don't bother logging in again.
49
# Note that req.user is None even if we are 'logged in', if the user is
49
51
if req.user is not None:
50
52
req.throw_redirect(nexturl)
52
54
ctx['path'] = ivle.util.make_path('+login') + \
53
55
'?' + urllib.urlencode([('url', nexturl)])
57
# If this succeeds, the user is invalid.
58
user = get_user_details(req)
60
if user.state == "no_agreement":
61
# Authenticated, but need to accept the ToS. Send them there.
62
# IMPORTANT NOTE FOR HACKERS: You can't simply disable this
63
# if you are not planning to display a ToS page - the ToS
64
# acceptance process actually calls usrmgt to create the user
65
# jails and related stuff.
66
req.throw_redirect(ivle.util.make_path('+tos') + \
67
'?' + urllib.urlencode([('url', nexturl)]))
68
elif user.state == "pending":
69
# FIXME: this isn't quite the right answer, but it
70
# should be more robust in the short term.
71
session = req.get_session()
74
user.state = u'no_agreement'
76
req.throw_redirect(nexturl)
55
78
if req.method == "POST":
56
79
# While req.user is normally set to get_user_details, it won't set
57
80
# it if the account isn't valid. So we get it ourselves.
added
removed
ivle/webapp/security/views.py
