def _remember_identity(self, result, provider_name):
alsoProvides(self.request, IDisableCSRFProtection)
self.authopas.remember(result)
api.portal.show_message(
_('logged_in_with',
'Logged in with ${provider}',
mapping={'provider': provider_name}), self.request)
def _remember_identity(self, result, provider_name):
alsoProvides(self.request, IDisableCSRFProtection)
aclu = api.portal.get_tool('acl_users')
aclu.authomatic.remember(result)
api.portal.show_message(
_('logged_in_with',
'Logged in with ${provider}',
mapping={'provider': provider_name}), self.request)
def _add_identity(self, result, provider_name):
# delegate to PAS plugin to add the identity
alsoProvides(self.request, IDisableCSRFProtection)
aclu = api.portal.get_tool('acl_users')
aclu.authomatic.remember_identity(result)
api.portal.show_message(
_('added_identity',
default='Added identity provided by ${provider}',
mapping={'provider': provider_name}), self.request)
def _remember_identity(self, result, provider_name):
alsoProvides(self.request, IDisableCSRFProtection)
aclu = api.portal.get_tool('acl_users')
aclu.authomatic.remember(result)
api.portal.show_message(
_(
'logged_in_with',
'Logged in with ${provider}',
mapping={'provider': provider_name}
),
self.request
)
class AuthomaticSettingsEditForm(controlpanel.RegistryEditForm):
schema = IPasPluginsAuthomaticSettings
label = _(u"PAS Authomatic Plugin Settings")
description = u""
def updateFields(self):
super(AuthomaticSettingsEditForm, self).updateFields()
# self.fields['json_config'].widgetFactory = TextLinesFieldWidget
def updateWidgets(self):
super(AuthomaticSettingsEditForm, self).updateWidgets()
def _remember_identity(self, result, provider_name):
alsoProvides(self.request, IDisableCSRFProtection)
aclu = api.portal.get_tool("acl_users")
aclu.authomatic.remember(result)
api.portal.show_message(
_(
"logged_in_with",
"Logged in with ${provider}",
mapping={"provider": provider_name},
),
self.request,
)
def _add_identity(self, result, provider_name):
# delegate to PAS plugin to add the identity
alsoProvides(self.request, IDisableCSRFProtection)
aclu = api.portal.get_tool('acl_users')
aclu.authomatic.remember_identity(result)
api.portal.show_message(
_(
'added_identity',
default='Added identity provided by ${provider}',
mapping={'provider': provider_name}
),
self.request
)
def _add_identity(self, result, provider_name):
# delegate to PAS plugin to add the identity
alsoProvides(self.request, IDisableCSRFProtection)
success = True
try:
self.authopas.remember_identity(result, userid=self.user.id)
except Exception as e:
success = False
error = unicode(e)
if success:
api.portal.show_message(
_('added_identity',
default='Added identity provided by ${provider}',
mapping={'provider': provider_name}), self.request)
else:
api.portal.show_message(
_('added_identity_error',
default=
'Unable to add identity provided by ${provider}: ${error}',
mapping={
'provider': provider_name,
'error': error
}), self.request)
class EmailFactory(BaseUserIDFactory):
title = _(u'Provider Email Address')
def __call__(self, plugin, result):
return self.normalize(plugin, result, result.user.email)
class ProviderIDUserNameFactory(BaseUserIDFactory):
title = _(u'Provider User Name')
def __call__(self, plugin, result):
return self.normalize(plugin, result, result.user.username)
class UUID4UserIDFactory(BaseUserIDFactory):
title = _(u'UUID as User ID')
def __call__(self, plugin, result):
return self.normalize(plugin, result, str(uuid.uuid4()))
class ProviderIDUserIDFactory(BaseUserIDFactory):
title = _("Provider User ID")
def __call__(self, plugin, result):
return self.normalize(plugin, result, result.user.id)
def __call__(self):
# callback url is expected on site root
if not ISiteRoot.providedBy(self.context):
root = api.portal.get()
self.request.response.redirect("{0}/authomatic-handler/{1}".format(
root.absolute_url(), getattr(self, 'provider', '')))
return "redirecting"
self.authopas = authomatic_plugin()
self.cfgs = authomatic_cfg()
if self.cfgs is None:
return "Authomatic is not configured"
self.is_anon = api.user.is_anonymous()
if not self.is_anon:
self.user = api.user.get_current()
self.user_providers = self.authopas._useridentities_by_userid.get(
self.user.id).providers()
# Validate provider
if not hasattr(self, 'provider'):
return self.template()
if self.provider not in self.cfgs:
return "Provider not supported"
if not self.is_anon and self.provider in self.user_providers:
action = self.request.form.get('action', None)
if action == 'unlink':
alsoProvides(self.request, IDisableCSRFProtection)
self.authopas.remove_identity(self.user.id, self.provider)
api.portal.show_message(
_('Unlink account with {provider} provider',
mapping={'provider': self.provider}), self.request)
return self.template()
#Any other action ?
else:
api.portal.show_message(
_('Provider {provider} is already connected to current user',
mapping={'provider': self.provider}), self.request)
return self.template()
# TODO: some sort of CSRF check might be needed, so that
# not an account got connected by CSRF. Research needed.
#Authomatic login
auth = Authomatic(self.cfgs,
secret=authomatic_settings().secret.encode('utf8'))
result = auth.login(ZopeRequestAdapter(self), self.provider)
if not result:
logger.info('return from view')
# let authomatic do its work
return
if result.error:
return result.error.message
# fetch provider specific user-data
result.user.update()
display = self.cfgs[self.provider].get('display', {})
provider_name = display.get('title', self.provider)
if not self.is_anon:
# now we delegate to PAS plugin to add the identity
self._add_identity(result, provider_name)
self.request.response.redirect("{0}".format(
self.context.absolute_url()))
else:
# now we delegate to PAS plugin in order to login
self._remember_identity(result, provider_name)
redirect = self.cfgs[self.provider].get(
'redirect_url', "${portal_url}/login_success")
redirect = redirect.replace("${portal_url}",
api.portal.get().absolute_url())
self.request.response.redirect(redirect)
return "redirecting"
