diff options
Diffstat (limited to 'src/mailman/rest/users.py')
| -rw-r--r-- | src/mailman/rest/users.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/mailman/rest/users.py b/src/mailman/rest/users.py index a7847f438..b67233f28 100644 --- a/src/mailman/rest/users.py +++ b/src/mailman/rest/users.py @@ -228,3 +228,25 @@ class AUser(_UserBase): except ValueError as error: return http.bad_request([], str(error)) return no_content() + + @resource.child('login') + def login(self, request, segments): + """Log the user in, sort of, by verifying a given password.""" + #import pdb; pdb.set_trace() + if self._user is None: + return http.not_found() + # We do not want to encrypt the plaintext password given in the POST + # data. That would hash the password, but we need to have the + # plaintext in order to pass into passlib. + validator = Validator(cleartext_password=GetterSetter(unicode)) + try: + values = validator(request) + except ValueError as error: + return http.bad_request([], str(error)) + is_valid, new_hash = config.password_context.verify( + values['cleartext_password'], self._user.password) + if is_valid: + if new_hash is not None: + self._user.password = new_hash + return no_content() + return http.forbidden() |