Ejemplo n.º 1
0
    def POST(self):
        """Overrides `account_login` and infogami.login to prevent users from
        logging in with Open Library username and password if the
        payload is json. Instead, if login attempted w/ json
        credentials, requires Archive.org s3 keys.
        """
        from openlibrary.plugins.openlibrary.code import BadRequest
        d = simplejson.loads(web.data())
        access = d.get('access', None)
        secret = d.get('secret', None)
        test = d.get('test', False)

        # Try S3 authentication first, fallback to infogami user, pass
        if access and secret:
            audit = audit_accounts(None,
                                   None,
                                   require_link=True,
                                   s3_access_key=access,
                                   s3_secret_key=secret,
                                   test=test)
            error = audit.get('error')
            if error:
                raise olib.code.BadRequest(error)
            web.setcookie(config.login_cookie_name,
                          web.ctx.conn.get_auth_token())
        # Fallback to infogami user/pass
        else:
            from infogami.plugins.api.code import login as infogami_login
            infogami_login().POST()
Ejemplo n.º 2
0
    def POST(self):
        i = web.input(username="",
                      connect=None,
                      password="",
                      remember=False,
                      redirect='/',
                      test=False,
                      access=None,
                      secret=None)
        email = i.username  # XXX username is now email
        audit = audit_accounts(email,
                               i.password,
                               require_link=True,
                               s3_access_key=i.access,
                               s3_secret_key=i.secret,
                               test=i.test)
        error = audit.get('error')
        if error:
            return self.render_error(error, i)

        expires = (i.remember and 3600 * 24 * 7) or ""
        web.setcookie(config.login_cookie_name,
                      web.ctx.conn.get_auth_token(),
                      expires=expires)
        blacklist = [
            "/account/login", "/account/password", "/account/email",
            "/account/create"
        ]
        if i.redirect == "" or any([path in i.redirect for path in blacklist]):
            i.redirect = "/"
        raise web.seeother(i.redirect)
Ejemplo n.º 3
0
    def POST(self):
        """Overrides `account_login` and infogami.login to prevent users from
        logging in with Open Library username and password if the
        payload is json. Instead, if login attempted w/ json
        credentials, requires Archive.org s3 keys.
        """
        from openlibrary.plugins.openlibrary.code import BadRequest
        d = simplejson.loads(web.data())
        access = d.get('access', None)
        secret = d.get('secret', None)
        test = d.get('test', False)

        # Try S3 authentication first, fallback to infogami user, pass
        if access and secret:
            audit = audit_accounts(None, None, require_link=True,
                                   s3_access_key=access,
                                   s3_secret_key=secret, test=test)
            error = audit.get('error')
            if error:
                raise olib.code.BadRequest(error)
            web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token())
        # Fallback to infogami user/pass
        else:
            from infogami.plugins.api.code import login as infogami_login
            infogami_login().POST()
Ejemplo n.º 4
0
    def POST(self):
        """When the user attempts a login, an audit is performed to determine
        whether their account is already linked (in which case we can
        proceed to log the user in), whether there is an error
        authenticating their account, or whether a /account/connect
        must first performed.

        Note: Emails are case sensitive behind the scenes and
        functions which require them as lower will make them so
        """
        i = web.input(email='', password='')
        test = i.get('test', '').lower() == 'true'
        email = i.get('email')
        password = i.get('password')
        result = audit_accounts(email, password, test=test)
        return delegate.RawText(json.dumps(result), content_type="application/json")
Ejemplo n.º 5
0
    def POST(self):
        """When the user attempts a login, an audit is performed to determine
        whether their account is already linked (in which case we can
        proceed to log the user in), whether there is an error
        authenticating their account, or whether a /account/connect
        must first performed.

        Note: Emails are case sensitive behind the scenes and
        functions which require them as lower will make them so
        """
        i = web.input(email='', password='')
        test = i.get('test', '').lower() == 'true'
        email = i.get('email')
        password = i.get('password')
        result = audit_accounts(email, password, test=test)
        return delegate.RawText(simplejson.dumps(result),
                                content_type="application/json")
Ejemplo n.º 6
0
    def POST_login(self, i):
        i = web.input(username="", password="", remember=False, redirect='')

        audit = audit_accounts(i.username, i.password)
        errors = self.error_check(audit, i)
        if errors:
            return errors

        blacklist = ["/account/login", "/account/password", "/account/email",
                     "/account/create"]
        if i.redirect == "" or any([path in i.redirect for path in blacklist]):
            i.redirect = "/"
        expires = (i.remember and 3600 * 24 * 7) or ""

        web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token(),
                      expires=expires)
        raise web.seeother(i.redirect)
Ejemplo n.º 7
0
    def POST(self):
        i = web.input(username="", connect=None, password="", remember=False,
                      redirect='/', test=False, access=None, secret=None)
        email = i.username  # XXX username is now email
        audit = audit_accounts(email, i.password, require_link=True,
                               s3_access_key=i.access,
                               s3_secret_key=i.secret, test=i.test)
        error = audit.get('error')
        if error:
            return self.render_error(error, i)

        expires = (i.remember and 3600 * 24 * 7) or ""
        web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token(),
                      expires=expires)
        blacklist = ["/account/login", "/account/password", "/account/email",
                     "/account/create"]
        if i.redirect == "" or any([path in i.redirect for path in blacklist]):
            i.redirect = "/"
        raise web.seeother(i.redirect)
Ejemplo n.º 8
0
 def POST(self):
     """Overrides `account_login` and infogami.login to prevent users from
     logging in with Open Library username and password if the
     payload is json. Instead, if login attempted w/ json
     credentials, requires Archive.org s3 keys.
     """
     d = simplejson.loads(web.data())
     access = d.get('access', None)
     secret = d.get('secret', None)
     test = d.get('test', False)
     audit = audit_accounts(None,
                            None,
                            require_link=True,
                            s3_access_key=access,
                            s3_secret_key=secret,
                            test=test)
     error = audit.get('error')
     if error:
         raise BadRequest(error)
     web.setcookie(config.login_cookie_name, web.ctx.conn.get_auth_token())
Ejemplo n.º 9
0
    def POST(self):
        i = web.input(
            username="",
            connect=None,
            password="",
            remember=False,
            redirect='/',
            test=False,
            access=None,
            secret=None,
        )
        email = i.username  # XXX username is now email
        audit = audit_accounts(
            email,
            i.password,
            require_link=True,
            s3_access_key=i.access or web.ctx.env.get('HTTP_X_S3_ACCESS'),
            s3_secret_key=i.secret or web.ctx.env.get('HTTP_X_S3_SECRET'),
            test=i.test,
        )
        error = audit.get('error')
        if error:
            return self.render_error(error, i)

        expires = 3600 * 24 * 365 if i.remember else ""
        web.setcookie('pd',
                      int(audit.get('special_access')) or '',
                      expires=expires)
        web.setcookie(config.login_cookie_name,
                      web.ctx.conn.get_auth_token(),
                      expires=expires)
        blacklist = [
            "/account/login",
            "/account/create",
        ]
        if i.redirect == "" or any([path in i.redirect for path in blacklist]):
            i.redirect = "/account/loans"
        raise web.seeother(i.redirect)