From 25b5059016f49ec378d7d3e823ed2b105b20c7bc Mon Sep 17 00:00:00 2001
From: Ant Zucaro <azucaro@gmail.com>
Date: Fri, 13 Jun 2014 14:01:01 -0400
Subject: [PATCH] Verify logins with pyramid_persona.

---
 xonstat/__init__.py       |  3 +++
 xonstat/views/__init__.py |  2 +-
 xonstat/views/admin.py    | 26 +++++++++++++++++++++++++-
 3 files changed, 29 insertions(+), 2 deletions(-)

diff --git a/xonstat/__init__.py b/xonstat/__init__.py
index ff783f9..3ce684c 100644
--- a/xonstat/__init__.py
+++ b/xonstat/__init__.py
@@ -171,6 +171,9 @@ def main(global_config, **settings):
     # ADMIN ROUTES
     config.add_forbidden_view(forbidden, renderer="forbidden.mako")
 
+    config.add_route("login", "/login")
+    config.add_view(login, route_name="login", check_csrf=True, renderer="json")
+
     config.add_route("merge",      "/merge")
     config.add_view(route_name="merge", renderer="merge.mako", permission="admin")
 
diff --git a/xonstat/views/__init__.py b/xonstat/views/__init__.py
index a084bcc..bdc53ba 100644
--- a/xonstat/views/__init__.py
+++ b/xonstat/views/__init__.py
@@ -29,4 +29,4 @@ from xonstat.views.exceptions   import notfound
 from xonstat.views.main   import main_index, top_players_by_time, top_servers_by_players
 from xonstat.views.main   import top_servers_by_players, top_maps_by_times_played
 
-from xonstat.views.admin   import forbidden
+from xonstat.views.admin   import forbidden, login
diff --git a/xonstat/views/admin.py b/xonstat/views/admin.py
index f46aca2..b8f6486 100644
--- a/xonstat/views/admin.py
+++ b/xonstat/views/admin.py
@@ -1,8 +1,32 @@
 from pyramid.response import Response
-from pyramid.httpexceptions import HTTPForbidden
+from pyramid.httpexceptions import HTTPForbidden, HTTPFound
+from pyramid.security import remember, forget
+from pyramid_persona.views import verify_login
+from xonstat.models import *
 
 def forbidden(request):
     '''A simple forbidden view. Does nothing more than set the status and then
     gets the heck out of dodge. The forbidden.mako template does the work.'''
     request.response.status = 403
     return {}
+
+def login(request):
+    # Verify the assertion and get the email of the user
+    persona_email = verify_login(request)
+
+    # Check that the email exists in the players table
+    player_email = DBSession.query(Player).\
+            filter(Player.email_addr == persona_email).one()
+
+    #log.debug("Verified email address: %s" % persona_email)
+    #log.debug("Corresponding player is %s" % player_email)
+
+    if player_email is not None:
+        # Add the headers required to remember the user to the response
+        request.response.headers.extend(remember(request, persona_email))
+    else:
+        url = request.route_url("forbidden")
+        return HTTPFound(location=url)
+
+    # Return a json message containing the address or path to redirect to.
+    return {'redirect': request.POST['came_from'], 'success': True}
-- 
2.39.2