def login(self):
"""Log in with 'username' and 'password'
"""
body = self.request.json_body
if 'username' not in body or 'password' not in body:
raise HTTPBadRequest()
username = body['username']
password = body['password']
user_locator = self.request.registry.queryMultiAdapter(
(self.context, self.request), IUserLocator)
if user_locator is None:
user_locator = DefaultUserLocator(self.context, self.request)
user = user_locator.get_user_by_login(username)
if user is None or not user.check_password(password):
raise HTTPUnauthorized()
headers = remember(self.request, get_oid(user))
self.request.response.headerlist.extend(headers)
self.request.registry.notify(
LoggedIn(username, user, self.context, self.request))
return self.user_json(user)
def velruse_login_complete_view(self):
context = self.context
request = self.request
profile = context.profile
account = profile['accounts'][0]
domain = account['domain']
username = account['username']
userid = account['userid']
sd_userid = f'{domain}_{userid}'
root = root_factory(request)
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_login(sd_userid)
headers = []
if user is None:
photos = profile.get('photos')
if photos:
photo_url = photos[0]['value']
request.session['photo_url'] = photo_url
request.session['userid'] = sd_userid
realname = profile['displayName']
request.session['profilename'] = username
request.session['realname'] = realname
location = request.resource_url(root, 'create_profile')
else:
objectmap = find_objectmap(root)
performer = list(objectmap.sources(user, PerformerToUser))[0]
location = request.resource_url(performer)
headers = remember(request, get_oid(user))
return HTTPFound(location, headers=headers)
def velruse_login_complete_view(context, request):
provider = context.provider_name
profile = context.profile
username = profile['accounts'][0]['username']
root = root_factory(request)
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_login(username)
if user is None:
registry = request.registry
principals = find_service(root, 'principals')
user = principals.add_user(username, registry=registry)
performer = registry.content.create('Performer')
root['performers'][username] = performer
performer.title = profile['displayName']
addresses = profile.get('addresses')
if addresses:
user.email = performer.email = addresses[0]['formatted']
photos = profile.get('photos')
if photos:
performer.photo_url = photos[0]['value']
performer.age = colander.null
performer.sex = user.favorite_genre = None
performer.user = user
set_acl(performer, [(Allow, user.__oid__, ['yss.edit-profile'])])
location = request.resource_url(performer, 'edit.html')
else:
location = request.resource_url(root['performers'][username])
headers = remember(request, get_oid(user))
return HTTPFound(location, headers=headers)
def login(context, request):
login_url = request.sdiapi.mgmt_path(request.context, 'login')
referrer = request.url
if '/auditstream-sse' in referrer:
# If we're being invoked as the result of a failed request to the
# auditstream sse view, bail. Otherwise the came_from will be set to
# the auditstream URL, and the user who this happens to will eventually
# be redirected to it and they'll be left scratching their head when
# they see e.g. "id: 0-10\ndata: " when they log in successfully.
return HTTPForbidden()
if login_url in referrer:
# never use the login form itself as came_from
referrer = request.sdiapi.mgmt_path(request.virtual_root)
came_from = request.session.setdefault('sdi.came_from', referrer)
login = ''
password = ''
if 'form.submitted' in request.params:
try:
check_csrf_token(request)
except:
request.session.flash('Failed login (CSRF)', 'error')
else:
login = request.params['login']
password = request.params['password']
adapter = request.registry.queryMultiAdapter(
(context, request),
IUserLocator
)
if adapter is None:
adapter = DefaultUserLocator(context, request)
user = adapter.get_user_by_login(login)
if user is not None and user.check_password(password):
request.session.pop('sdi.came_from', None)
headers = remember(request, get_oid(user))
request.registry.notify(LoggedIn(login, user, context, request))
return HTTPFound(location = came_from, headers = headers)
request.session.flash('Failed login', 'error')
# Pass this through FBO views (e.g., forbidden) which use its macros.
template = get_renderer('substanced:sdi/views/templates/login.pt'
).implementation()
return dict(
url = request.sdiapi.mgmt_path(request.virtual_root, '@@login'),
came_from = came_from,
login = login,
password = password,
login_template = template,
)
def internal_login(context, request):
login = ''
password = ''
if 'form.submitted' in request.POST:
try:
check_csrf_token(request)
except:
request.sdiapi.flash('Failed login (CSRF)', 'danger')
else:
login = request.POST['login']
password = request.POST['password']
root = request.root
adapter = request.registry.queryMultiAdapter(
(root, request), IUserLocator)
if adapter is None:
adapter = DefaultUserLocator(root, request)
user = adapter.get_user_by_login(login)
if user is None:
request.session.flash('Bad username or password', 'danger')
else:
if user.check_password(password):
request.registry.notify(LoggedIn(
login, user, context, request))
objectmap = find_objectmap(root)
try:
performer = list(
objectmap.sources(user, PerformerToUser)
)[0]
except IndexError:
request.session.flash(
'No performer associated with account', 'danger'
)
else:
headers = remember(request, get_oid(user))
location = request.resource_url(performer)
return HTTPFound(location, headers=headers)
else:
request.session.flash('Bad username or password', 'danger')
return {
'login':login,
'password':password,
'login_url':request.resource_url(
request.virtual_root, '@@internal_login'),
}