def login_handler(self):
params = request.POST
if 'login' in params and 'password' in params:
login = params['login']
password = params['password']
# code = subprocess.check_output("python3 " +os.path.dirname(os.path.abspath(__file__)) + "/from_pw_to_token.py '" + login + "' '" + password + "'", shell=True )
# print code
found_ldap = self._ldap_authentication(login, password)
if found_ldap:
pylons.session['ckanext-ldap-user'] = str(login)
pylons.session.save()
p.toolkit.redirect_to("/user/"+str(login))
else:
try:
user_dict = p.toolkit.get_action('user_show')(data_dict={'id':login})
usr = User.by_name(user_dict['name'])
except p.toolkit.ObjectNotFound:
usr = None
p.toolkit.redirect_to(control='user', action='login')
if usr and usr.validate_password(password):
pylons.session['normal-user'] = str(login)
pylons.session.save()
p.toolkit.redirect_to('/user/' + str(login) )
else:
flash_error(error_message)
p.toolkit.redirect_to('/user/login')
def ssologin_handler(self):
if 'code' in request.GET:
print 'ESISTE IL CODE'
user_code = request.GET['code']
user_token = subprocess.check_output("python3 " + os.path.dirname(os.path.abspath(__file__)) + "/authenticate_code.py " + redirect_login + ' "' + user_code + '"' ,shell=True )
print user_token
user_info = subprocess.check_output( "python3 " + os.path.dirname(os.path.abspath(__file__)) + '/from_token_to_user.py "' + user_token + '"' ,shell=True )
print user_info
user_name = user_info.split("preferred_username':"******"'")[1]
if self._ldap_auth_from_token(user_name):
# ldap ha certificato l'utente associato al token... procediamo col login vero e proprio
pylons.session['ckanext-ldap-user'] = str(user_name)
pylons.session.save()
p.toolkit.redirect_to("https://datagate.snap4city.org/user/"+str(user_name) )
else:
try:
user_dict = p.toolkit.get_action('user_show')(data_dict={'id':user_name})
usr = User.by_name(user_dict['name'])
except p.toolkit.ObjectNotFound:
usr = None
p.toolkit.redirect_to(control='user', action='login')
if usr:
pylons.session['normal-user'] = str(user_name)
pylons.session.save()
p.toolkit.redirect_to("https://datagate.snap4city.org/user/"+str(user_name) )
else:
url = subprocess.check_output("python3 " + os.path.dirname(os.path.abspath(__file__)) + "/authenticate_url.py " + redirect_login ,shell=True )
p.toolkit.redirect_to( url)
def user_display_name():
logged_user = c.userobj
actor_id = pylons.session.get('ckanext-cas-actorid')
if actor_id:
found_user = User.by_name(actor_id)
if found_user:
return u'{0} ({1})'.format(logged_user.display_name, found_user.display_name)
return logged_user.display_name
def login_handler(self):
"""Action called when login in via the LDAP login form"""
params = request.POST
if 'login' in params and 'password' in params:
login = params['login']
password = params['password']
try:
ldap_user_dict = _find_ldap_user(login)
except MultipleMatchError as e:
# Multiple users match. Inform the user and try again.
return self._login_failed(notice=str(e))
if ldap_user_dict and _check_ldap_password(ldap_user_dict['cn'],
password):
try:
user_name = _get_or_create_ldap_user(ldap_user_dict)
except UserConflictError as e:
return self._login_failed(error=str(e))
return self._login_success(user_name)
elif ldap_user_dict:
# There is an LDAP user, but the auth is wrong. There could be a CKAN user of the
# same name if the LDAP user had been created later - in which case we have a
# conflict we can't solve.
if config['ckanext.ldap.ckan_fallback']:
exists = _ckan_user_exists(login)
if exists['exists'] and not exists['is_ldap']:
return self._login_failed(error=_(
'Username conflict. Please contact the site administrator.'
))
return self._login_failed(error=_('Bad username or password.'))
elif config['ckanext.ldap.ckan_fallback']:
# No LDAP user match, see if we have a CKAN user match
try:
user_dict = p.toolkit.get_action('user_show')(data_dict={
'id': login
})
# We need the model to validate the password
user = User.by_name(user_dict['name'])
except p.toolkit.ObjectNotFound:
user = None
if user and user.validate_password(password):
return self._login_success(user.name)
else:
return self._login_failed(
error=_('Bad username or password.'))
else:
return self._login_failed(error=_('Bad username or password.'))
return self._login_failed(
error=_('Please enter a username and password'))
def login_handler(self):
"""Action called when login in via the LDAP login form"""
came_from = request.params.get('came_from', '')
params = request.POST
if 'login' in params and 'password' in params:
login = params['login']
password = params['password']
try:
ldap_user_dict = _find_ldap_user(login)
except MultipleMatchError as e:
# Multiple users match. Inform the user and try again.
return self._login_failed(notice=str(e))
if ldap_user_dict and _check_ldap_password(ldap_user_dict['cn'], password):
try:
user_name = _get_or_create_ldap_user(ldap_user_dict)
except UserConflictError as e:
return self._login_failed(error=str(e))
return self._login_success(user_name, came_from=came_from)
elif ldap_user_dict:
# There is an LDAP user, but the auth is wrong. There could be a CKAN user of the
# same name if the LDAP user had been created later - in which case we have a
# conflict we can't solve.
if config['ckanext.ldap.ckan_fallback']:
exists = _ckan_user_exists(login)
if exists['exists'] and not exists['is_ldap']:
return self._login_failed(error=_('Username conflict. Please contact the site administrator.'))
return self._login_failed(error=_('Bad username or password.'))
elif config['ckanext.ldap.ckan_fallback']:
# No LDAP user match, see if we have a CKAN user match
try:
user_dict = _get_user_dict(login)
# We need the model to validate the password
user = User.by_name(user_dict['name'])
except p.toolkit.ObjectNotFound:
user = None
if user and user.validate_password(password):
return self._login_success(user.name, came_from=came_from)
else:
return self._login_failed(error=_('Bad username or password.'))
else:
return self._login_failed(error=_('Bad username or password.'))
return self._login_failed(error=_('Please enter a username and password'))
def _ldap_authentication(self, un, password ):
l = ldap.initialize(self.ldapServerAddress)
try:
username = '******' + un + ',' + self.baseDn
i = l.bind_s(username, password)
x = l.search_s(self.baseDn, ldap.SCOPE_SUBTREE, 'uid='+un)
l.unbind()
try:
user_dict = p.toolkit.get_action('user_show')(data_dict={'id':un})
usr = User.by_name(user_dict['name'])
if usr.state == 'deleted':
usr.activate()
ckan.model.Session.commit()
except p.toolkit.ObjectNotFound:
usr = None
if usr is None:
ldap_dataTuple = x[0] # dovrebbe esserci un solo utente con quell'id
print ldap_dataTuple
email = "*****@*****.**"
if "email" in ldap_dataTuple[1].keys():
email =ldap_dataTuple[1]["email"]
elif "mail" in ldap_dataTuple[1].keys():
email = ldap_dataTuple[1]["mail"]
user_dict_from_ldap = {'name':str(un), 'email':email, 'password':str(uuid.uuid4())}
print "USER CREATE....................................................."
try:
print str(p.toolkit.get_action('user_create')(context={'ignore_auth':True}, data_dict=user_dict_from_ldap))
except ValidationError:
print "VALIDATION ERROR"
#p.toolkit.redirect_to('/user/' +str(un))
return True
except ldap.LDAPError:
# l.unbind()
return False