def post(self):
next_url = self.request.arguments.get('next', [None])[0]
username = self.request.arguments.get('username', [None])[0]
password = self.request.arguments.get('password', [None])[0]
if self.current_user:
return self.redirect(next_url or '/')
if Settings['login_strategy'] == 'ldap':
# LDAP is our basic auth strategy.
if not username or not password:
return self.render("login.html", page_title="Login", next_url=next_url,
errors="Please enter both a username and a password.")
if not authenticate_ldap(username, password):
return self.render("login.html", page_title="Login", next_url=next_url,
errors="Invalid username or password specified.")
return login(self, username, next_url)
elif Settings['login_strategy'] == 'saml':
# They shouldn't be POSTing, but it's cool. Blatantly ignore their
# form and redirect them to the IdP to try again.
# SAML doesn't support friendly redirects to next_url for security,
# so they'll end up on the landing page after auth.
return self._saml_login()
# TODO: Turn this into an HTTP status code along 4xx
# Give them the basic auth page with an error telling them logins are currently botched.
return self.render("login.html", page_title="Login", next_url=next_url,
errors="No login strategy currently configured.")
def test_authenticate(self):
with mock.patch.object(logging, "exception"):
T.assert_equal(auth.authenticate_ldap("fake_user", "fake_password"), False)
def test_authenticate(self):
with mock.patch.object(logging, "exception"):
T.assert_equal(auth.authenticate_ldap("fake_user", "fake_password"), False)