Ejemplo n.º 1
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        """
        The login form for not registered users
        """
        from cherrypy import request, response

        if not identity.current.anonymous and identity.was_login_attempted() and not identity.get_identity_errors():
            raise redirect(forward_url)

        forward_url = None
        previous_url = request.path

        if identity.was_login_attempted():
            msg = _("The credentials you supplied were not correct or " "did not grant access to this resource.")
        elif identity.get_identity_errors():
            msg = _("You must provide your credentials before accessing " "this resource.")
        else:
            msg = _("Please log in.")
            forward_url = request.headers.get("Referer", ".")

        response.status = 403

        return dict(
            message=msg,
            previous_url=previous_url,
            logging_in=True,
            original_parameters=request.params,
            forward_url=forward_url,
        )
Ejemplo n.º 2
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        if not identity.current.anonymous and identity.was_login_attempted() and not identity.get_identity_errors():
            raise redirect(forward_url)

            # forward url will only be set if not passed from
            # a previous login attempt.
            # Case 1: user went to page that serves login page for credential reqs
            # Case 2: public page offered login, so forward_url returns to the referrer
            # note: case 2 was not in original TG code
        forward_url = None
        previous_url = request.path

        if identity.was_login_attempted():
            msg = _("The credentials you supplied were not correct or " "did not grant access to this resource.")
        elif identity.get_identity_errors():
            response.status = 401
            msg = _("You must provide your credentials before accessing this resource.")
            forward_url = previous_url
        else:
            msg = _("Please log in.")
            forward_url = request.headers.get("Referer", "/")

        return dict(
            message=msg,
            previous_url=previous_url,
            logging_in=True,
            original_parameters=request.params,
            forward_url=forward_url,
        )
Ejemplo n.º 3
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):

        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():
            raise redirect(forward_url)

        forward_url = None
        previous_url = cherrypy.request.path

        if identity.was_login_attempted():
            msg = _("The credentials you supplied were not correct or "
                    "did not grant access to this resource.")
        elif identity.get_identity_errors():
            msg = _("You must provide your credentials before accessing "
                    "this resource.")
        else:
            msg = _("Please log in.")
            forward_url = cherrypy.request.headers.get("Referer", "/")
        cherrypy.response.status = 403
        return dict(message=msg,
                    previous_url=previous_url,
                    logging_in=True,
                    original_parameters=cherrypy.request.params,
                    forward_url=forward_url)
Ejemplo n.º 4
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):

        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():
            if identity.in_group("issuer"):
                forward_url= url("issuer")
            elif identity.in_group("bidder"):
                forward_url= url("bidder")
            elif identity.in_group("admin"):
                forward_url = url("admin")           
            raise redirect(forward_url)

        forward_url=None
        previous_url= request.path

        if identity.was_login_attempted():
            msg=_("The credentials you supplied were not correct or "
                   "did not grant access to this resource.")
        elif identity.get_identity_errors():
            msg=_("You must provide your credentials before accessing "
                   "this resource.")
        else:
            msg=_("Please log in.")
            forward_url= request.headers.get("Referer", "/")
            
        response.status=403
        return dict(message=msg, previous_url=previous_url, logging_in=True,
                    original_parameters=request.params,
                    forward_url=forward_url)
Ejemplo n.º 5
0
def login(forward_url=None, *args, **kwargs):
    '''Page to become authenticated to the Account System.

    This shows a small login box to type in your username and password
    from the Fedora Account System.

    To use this, replace your current login controller method with::

        from fedora.controllers import login as fc_login

        @expose(template='yourapp.yourlogintemplate', allow_json=True)
        def login(self, forward_url=None, *args, **kwargs):
            login_dict = fc_login(forward_url, args, kwargs)
            # Add anything to the return dict that you need for your app
            return login_dict

    :kwarg: forward_url: The url to send to once authentication succeeds
    '''
    if forward_url:
        if isinstance(forward_url, list):
            forward_url = forward_url.pop(0)
        else:
            del request.params['forward_url']

    if not identity.current.anonymous and identity.was_login_attempted() \
            and not identity.get_identity_errors():
        # User is logged in
        flash(f_('Welcome, %s') % identity.current.user_name)
        if request_format() == 'json':
            # When called as a json method, doesn't make any sense to redirect
            # to a page.  Returning the logged in identity is better.
            return dict(user=identity.current.user,
                        _csrf_token=identity.current.csrf_token)
        redirect(forward_url or '/')

    if identity.was_login_attempted():
        msg = f_('The credentials you supplied were not correct or '
                 'did not grant access to this resource.')
    elif identity.get_identity_errors():
        msg = f_('You must provide your credentials before accessing '
                 'this resource.')
    else:
        msg = f_('Please log in.')
        if not forward_url:
            forward_url = request.headers.get('Referer', '/')

    response.status = 403
    return dict(
        logging_in=True, message=msg,
        forward_url=forward_url, previous_url=request.path_info,
        original_parameters=request.params
    )
Ejemplo n.º 6
0
def login(forward_url=None, *args, **kwargs):
    '''Page to become authenticated to the Account System.

    This shows a small login box to type in your username and password
    from the Fedora Account System.

    To use this, replace your current login controller method with::

        from fedora.controllers import login as fc_login

        @expose(template='yourapp.yourlogintemplate', allow_json=True)
        def login(self, forward_url=None, *args, **kwargs):
            login_dict = fc_login(forward_url, args, kwargs)
            # Add anything to the return dict that you need for your app
            return login_dict

    :kwarg: forward_url: The url to send to once authentication succeeds
    '''
    if forward_url:
        if isinstance(forward_url, list):
            forward_url = forward_url.pop(0)
        else:
            del request.params['forward_url']

    if not identity.current.anonymous and identity.was_login_attempted() \
            and not identity.get_identity_errors():
        # User is logged in
        flash(_('Welcome, %s') % identity.current.user_name)
        if request_format() == 'json':
            # When called as a json method, doesn't make any sense to redirect
            # to a page.  Returning the logged in identity is better.
            return dict(user=identity.current.user,
                        _csrf_token=identity.current.csrf_token)
        redirect(forward_url or '/')

    if identity.was_login_attempted():
        msg = _('The credentials you supplied were not correct or '
                'did not grant access to this resource.')
    elif identity.get_identity_errors():
        msg = _('You must provide your credentials before accessing '
                'this resource.')
    else:
        msg = _('Please log in.')
        if not forward_url:
            forward_url = request.headers.get('Referer', '/')

    response.status = 403
    return dict(logging_in=True,
                message=msg,
                forward_url=forward_url,
                previous_url=request.path_info,
                original_parameters=request.params)
Ejemplo n.º 7
0
    def login(self, forward_url=None, *args, **kwargs):
        '''Page to become authenticated to the Account System.

        This shows a small login box to type in your username and password
        from the Fedora Account System.

        :kwarg forward_url: The url to send to once authentication succeeds
        '''
        login_dict = f_ctrlers.login(forward_url=forward_url, *args, **kwargs)

        if not identity.current.anonymous and identity.was_login_attempted() \
                and not identity.get_identity_errors():
            # Success that needs to be passed back via json
            return login_dict

        if identity.was_login_attempted() and request.fas_provided_username:
            if request.fas_identity_failure_reason == 'status_inactive':
                turbogears.flash(_('Your old password has expired.  Please'
                    ' reset your password below.'))
                if request_format() != 'json':
                    redirect('/user/resetpass')
            if request.fas_identity_failure_reason == 'status_account_disabled':
                turbogears.flash(_('Your account is currently disabled.  For'
                        ' more information, please contact %(admin_email)s' %
                        {'admin_email': config.get('accounts_email')}))
                if request_format() != 'json':
                    redirect('/login')

        return login_dict
Ejemplo n.º 8
0
def login_args(previous_url=None, *args, **kwargs):
    forward_url=None
    if 'forward_url' in kwargs:
        forward_url = kwargs['forward_url']
    if identity.was_login_attempted():
        cherrypy.response.status=403
        msg=_("Your username or password were incorrect. "
              "Please try again.")
    elif identity.get_identity_errors():
        msg=_("Please log in.")
    else:
        msg=_("Please log in.")
        forward_url=cherrypy.request.headers.get("Referer", "/")
    try:    
        location = get_location_from_base_url()
        updates = get_updates_data(location)
    except:
        location = None
        updates = None
    if (not identity.current.anonymous and identity.current.user.active) and not (is_host(identity.current.user, location) and not identity.was_login_attempted()):
        redirect(cherrypy.request.base)
    login_dict = dict(login_message=msg, previous_url=previous_url, logging_in=True,
                      original_parameters=cherrypy.request.params,
                      forward_url=forward_url, updates=updates, location=location)
    return login_dict
Ejemplo n.º 9
0
    def login(self, forward_url=None, *args, **kwargs):
        '''Page to become authenticated to the Account System.

        This shows a small login box to type in your username and password
        from the Fedora Account System.

        :kwarg forward_url: The url to send to once authentication succeeds
        '''
        login_dict = f_ctrlers.login(forward_url=forward_url, *args, **kwargs)

        if not identity.current.anonymous and identity.was_login_attempted() \
                and not identity.get_identity_errors():
            # Success that needs to be passed back via json
            return login_dict

        if identity.was_login_attempted() and request.fas_provided_username:
            if request.fas_identity_failure_reason == 'status_inactive':
                turbogears.flash(
                    _('Your old password has expired.  Please'
                      ' reset your password below.'))
                if request_format() != 'json':
                    redirect('/user/resetpass')
            if request.fas_identity_failure_reason == 'status_account_disabled':
                turbogears.flash(
                    _('Your account is currently disabled.  For'
                      ' more information, please contact %(admin_email)s' %
                      {'admin_email': config.get('accounts_email')}))
                if request_format() != 'json':
                    redirect('/login')

        return login_dict
Ejemplo n.º 10
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):

        if not identity.current.anonymous and identity.was_login_attempted() \
                and not identity.get_identity_errors():
            raise redirect(tg.url(forward_url or previous_url or '/', kw))

        forward_url = None
        previous_url = request.path
        msg = "You can use guest/guest if you don't yet have a login."
        if identity.was_login_attempted():
            msg = "The credentials you supplied were not correct or did not grant access to this resource."
        elif identity.get_identity_errors():
            msg = "You must provide your credentials before accessing this resource."
        else:
            msg = "Please log in."
            forward_url = request.headers.get("Referer", "/")
        forward_url="/buildLP"
        response.status = 403
        return dict(message=msg, previous_url=previous_url, logging_in=True,
            original_parameters=request.params, forward_url=forward_url)
    def login(self, forward_url='/', previous_url=None, message="", *args, **kw):

        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():
            
            # Create a visitor log entry for them
            masterdb.VisitLog(user = identity.current.user,
                                login_time = datetime.now(),
                                logout_time = None,
                                visit_key = identity.current.visit_key,
                                ip_address = cherrypy.request.headers.get("X-Forwarded-For"))
            
            # Reset their superuser customer
            identity.current.user.superuser_customer = None

            if forward_url.find("/ResetPassword") != -1:
                forward_url = "/"
            if forward_url == "http://www.panopta.com/":
                forward_url = "/"

            raise redirect(forward_url)

        forward_url=None
        previous_url= request.path

        if identity.was_login_attempted():
            msg=_("The username and/or password you supplied were not correct.  Please try again, or contact support for assistance.")
        elif identity.get_identity_errors():
            msg=_("You must login before accessing this resource.")
        else:
            msg=_("%(message)s Please enter your username and password to login.") % {'message': message}
            forward_url= request.headers.get("Referer", "/")
            
        response.status=403
        print "EXITING FROM LOGIN"
#        return self.index(message=msg)

        return dict(message=msg, previous_url=previous_url, logging_in=True,
                    original_parameters=request.params,
                    forward_url=forward_url)
Ejemplo n.º 12
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        log.debug("In Login action")
        log.debug("Forward URL: " + str(forward_url))
        
        if forward_url:
            forward_url = config.get("url.root") + forward_url
        
        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():
            raise redirect(forward_url)

        forward_url = None
        previous_url = config.get("url.root") + request.path
        log.debug("Previous URL: " + str(previous_url))

        log.debug("Login Errors" + str(identity.get_identity_errors()))

        if identity.was_login_attempted():
            msg=_("The credentials you supplied were not correct or "
                   "did not grant access to this resource.")
        elif identity.get_identity_errors():
            msg=_("You must provide your credentials before accessing "
                   "this resource.")
        else:
            msg=_("Please log in.")
            forward_url= request.headers.get("Referer", "/")
             
        if forward_url:
            forward_url = config.get("url.root") + forward_url

        log.debug("Forward URL (2): " + str(forward_url))
            
        response.status=403
        out = dict(message=msg, previous_url=previous_url, logging_in=True,
                    original_parameters=request.params,
                    forward_url=forward_url)

        log.debug("Login output: " + str(out))
        
        return out
Ejemplo n.º 13
0
    def login(self, forward_url=None, *args, **kw):
        """Show the login form or forward user to previously requested page."""

        if forward_url:
            if isinstance(forward_url, list):
                forward_url = forward_url.pop(0)
            else:
                del request.params['forward_url']

        new_visit = visit.current()
        if new_visit:
            new_visit = new_visit.is_new

        if (not new_visit and not identity.current.anonymous
                and identity.was_login_attempted()
                and not identity.get_identity_errors()):
            redirect(forward_url or '/', kw)

        if identity.was_login_attempted():
            if new_visit:
                msg = _(u"Cannot log in because your browser "
                        "does not support session cookies.")
            else:
                msg = _(u"The credentials you supplied were not correct or "
                        "did not grant access to this resource.")
        elif identity.get_identity_errors():
            msg = _(u"You must provide your credentials before accessing "
                    "this resource.")
        else:
            msg = _(u"Please log in.")
            if not forward_url:
                forward_url = request.headers.get("Referer", "/")

        # we do not set the response status here anymore since it
        # is now handled in the identity exception.
        return dict(logging_in=True,
                    message=msg,
                    forward_url=forward_url,
                    previous_url=request.path_info,
                    original_parameters=request.params)
Ejemplo n.º 14
0
    def login(self, redirect_to=None, tg_errors=None, *args,
            **kw):
        if not redirect_to:
            if request.path_info != '/login':
                redirect_to = request.path_info
            else:
                redirect_to = '/dashboard'

        if tg_errors:
            flash(_(u'Hubo un error en el formulario!'))

        if not identity.current.anonymous \
                and identity.was_login_attempted() \
                and not identity.get_identity_errors():
            raise redirect(redirect_to)

        if identity.was_login_attempted():
            msg = _(u'Las credenciales proporcionadas no son correctas o no '
                    'le dan acceso al recurso solicitado.')
        elif identity.get_identity_errors():
            msg = _(u'Debe proveer sus credenciales antes de acceder a este '
                    'recurso.')
        else:
            msg = _(u'Por favor ingrese sus credenciales.')

        fields = list(LoginForm.fields)
        fields.append(W.HiddenField(name='redirect_to'))
        fields.extend([W.HiddenField(name=name) for name in request.params
                if name not in ('login_user', 'login_password', 'login_submit',
                                'redirect_to')])
        login_form = LoginForm(fields=fields, action='/login')

     
        values = dict(request.params)
        values['redirect_to'] = redirect_to

        response.status=403
        return dict(login_form=login_form, form_data=values, message=msg,
                logging_in=True)
Ejemplo n.º 15
0
    def login(self, forward_url=None, *args, **kw):
        """Show the login form or forward user to previously requested page."""

        if forward_url:
            if isinstance(forward_url, list):
                forward_url = forward_url.pop(0)
            else:
                del request.params['forward_url']

        new_visit = visit.current()
        if new_visit:
            new_visit = new_visit.is_new

        if (not new_visit and not identity.current.anonymous
                and identity.was_login_attempted()
                and not identity.get_identity_errors()):
            redirect(forward_url or '/', kw)

        if identity.was_login_attempted():
            if new_visit:
                msg = _(u"Cannot log in because your browser "
                         "does not support session cookies.")
            else:
                msg = _(u"The credentials you supplied were not correct or "
                         "did not grant access to this resource.")
        elif identity.get_identity_errors():
            msg = _(u"You must provide your credentials before accessing "
                     "this resource.")
        else:
            msg = _(u"Please log in.")
            if not forward_url:
                forward_url = request.headers.get("Referer", "/")

        # we do not set the response status here anymore since it
        # is now handled in the identity exception.
        return dict(logging_in=True, message=msg,
            forward_url=forward_url, previous_url=request.path_info,
            original_parameters=request.params)
Ejemplo n.º 16
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        if not identity.current.anonymous and \
               identity.was_login_attempted() and not \
               identity.get_identity_errors():
            raise redirect(forward_url)

        forward_url = None
        previous_url = request.path

        if identity.was_login_attempted():
            msg = 'The credentials you supplied were not correct.'
        elif identity.get_identity_errors():
            msg = 'You must provide your credentials.'
        else:
            msg = 'Please log in.'
            forward_url = request.headers.get('Referer', '/')

        response.status = 403
        return dict(message=msg,
                    previous_url=previous_url,
                    logging_in=True,
                    original_parameters=request.params,
                    forward_url=forward_url)
Ejemplo n.º 17
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        if not identity.current.anonymous and \
               identity.was_login_attempted() and not \
               identity.get_identity_errors():
            raise redirect(forward_url)

        forward_url = None
        previous_url = request.path

        if identity.was_login_attempted():
            msg = 'The credentials you supplied were not correct.'
        elif identity.get_identity_errors():
            msg = 'You must provide your credentials.'
        else:
            msg = 'Please log in.'
            forward_url = request.headers.get('Referer', '/')

        response.status = 403
        return dict(message=msg,
                    previous_url=previous_url,
                    logging_in=True,
                    original_parameters=request.params,
                    forward_url=forward_url)
Ejemplo n.º 18
0
	def login(self, forward_url=None, previous_url=None, *args, **kw):

		if not identity.current.anonymous \
			and identity.was_login_attempted() \
			and not identity.get_identity_errors():
			raise redirect(forward_url)

		forward_url=None
		previous_url= request.path

		if identity.was_login_attempted():
			msg=_("The credentials you supplied were not correct or "
				   "did not grant access to this resource.")
		elif identity.get_identity_errors():
			msg=_("For assistance, please contact your program administrator.")
		else:
			msg=_("Please log in.")
			forward_url= request.headers.get("Referer", "/")
			
		response.status=403
		return dict(message=msg, previous_url=previous_url, logging_in=True,
					original_parameters=request.params,
					forward_url=forward_url)
Ejemplo n.º 19
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        print "logging in"
        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():
            raise redirect(forward_url)

        session.begin()
        password = base64.encodestring(str(random.getrandbits(64))).strip()
        username = uuid.uuid1().hex
        user = User(user_name=username,
                    display_name='Guest User',
                    password=identity.encrypt_password(password))
        session.commit()
        session.flush()

        identity.current_provider.validate_identity(username, password,
                                                    identity.current.visit_key)
        raise redirect(request.path)
Ejemplo n.º 20
0
    def login(self, forward_url=None, previous_url=None, *args, **kw):
        print "logging in"
        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():
            raise redirect(forward_url)

        session.begin()
        password = base64.encodestring(str(random.getrandbits(64))).strip()
        username = uuid.uuid1().hex
        user = User(user_name=username, 
                    display_name='Guest User', 
                    password=identity.encrypt_password(password))
        session.commit()
        session.flush()

        identity.current_provider.validate_identity(username,
                                                    password,
                                                    identity.current.visit_key)
        raise redirect(request.path)
Ejemplo n.º 21
0
    def login(self, *args, **kw):

        if not identity.current.anonymous and identity.was_login_attempted():
            util.redirect(kw['forward_url'])

        forward_url = None
        previous_url = cherrypy.request.path

        if identity.was_login_attempted():
            msg = _("Login incorrect.")
        elif identity.get_identity_errors():
            msg = _("Login error.")
        else:
            msg = _("Please log in.")
            forward_url = cherrypy.request.headers.get("Referer", "/")
        cherrypy.response.status = 403
        form_vals = dict(forward_url=forward_url)
        return dict(message=msg, previous_url=previous_url, logging_in=True,
                    original_parameters=cherrypy.request.params,
                    forward_url=forward_url,
                    newuser_form=newuser_form, form_vals=form_vals)
Ejemplo n.º 22
0
    def login(self, forward_url=None, previous_url=None, message="", top_message="", *args, **kw):
        template = 'genshi:ControlPanel.templates.login'

        if not identity.current.anonymous \
            and identity.was_login_attempted() \
            and not identity.get_identity_errors():

            masterdb.Visit.setOriginalUser(identity.current.user)

            # Request the sitetemplate to make KissMetrics tracking call
            cherrypy.session['track_login'] = True

            # Create a visitor log entry for them
            masterdb.VisitLog(user = identity.current.user,
                                login_time = datetime.now(),
                                logout_time = None,
                                visit_key = identity.current.visit_key,
                                ip_address = cherrypy.request.headers.get("X-Forwarded-For"))

            # Reset their superuser customer
            identity.current.user.superuser_customer = None

            # https://jira.quattrosource.com:8443/browse/PANOPTA-714
            if isinstance(forward_url, (list, tuple)):
                forward_url = forward_url[0]

            if forward_url == None: forward_url='/'
            if forward_url.find("/ResetPassword") != -1:
                forward_url = "/"
            if forward_url == "http://www.panopta.com/":
                forward_url = "/"
            if forward_url.startswith("http://www.panopta.com/order/signup"):
                forward_url = "/"
            if forward_url.endswith("/login"):
                forward_url = "/"

            # Remove password reset info
            identity.current.user.forgotpassword_code = None
            identity.current.user.forgotpassword_timestamp = None
                        

            redirect(forward_url)

        forward_url=None
        previous_url= request.path

        if "reset" in kw:
            if kw["reset"] == "1":
                msg='An email has been sent to you with required info to reset your password.'
                msg_type='success'
            else:
                msg='We could not validate your password reset verification code. Please try again.'
                msg_type='danger'
            forward_url = "/"
        else:
            if identity.was_login_attempted():
                msg=_("The username and/or password you supplied were not correct.  Please try again, or contact support for assistance.")
                msg_type='danger'
            elif identity.get_identity_errors():
                msg=_("You must login before accessing this resource.")
                msg_type='danger'
            else:
                msg=_("%s" % message)
                msg_type = None
                forward_url= request.headers.get("Referer", "/")

        # Redirect to a partner site if we don't support direct login
        host = cherrypy.request.headers.get("X-Forwarded-Host")
        brand = None
        if host and host != 'my.panopta.com':
            brand = masterdb.Brand.select(masterdb.Brand.q.base_domain == host)
            if brand.count() and brand[0].controlpanel_url and host not in brand[0].controlpanel_url:
                redirect(brand[0].controlpanel_url)

        brand, brand_logo_url, brand_textkey, brand_name, brand_favicon_url = self.getBrandSpecificUI(host)

        return dict(tg_template = template,
                    message=msg,
                    message_type=msg_type,
                    top_message=top_message,
                    previous_url=previous_url,
                    logging_in=True,
                    original_parameters=request.params,
                    forward_url=forward_url,
                    brand = brand,
                    brand_logo_url = brand_logo_url,
                    brand_textkey = brand_textkey,
                    brand_name = brand_name,
                    brand_favicon_url = brand_favicon_url,
                    )
Ejemplo n.º 23
0
class Root(plugin.RootController):

    user = User()
    group = Group()
    fpca = FPCA()
    json = JsonRequest()
    config = Config()
    help = Help()

    def __init__(self):
        # TODO: Find a better place for this.
        os.environ['GNUPGHOME'] = config.get('gpghome')
        plugin.RootController.__init__(self)

    def getpluginident(self):
        return 'fas'

    @expose(template="fas.templates.welcome", allow_json=True)
    def index(self):
        if turbogears.identity.not_anonymous():
            if request_format() == 'json':
                # redirects don't work with JSON calls.  This is a bit of a
                # hack until we can figure out something better.
                return dict()
            turbogears.redirect('/home')
        return dict(now=time.ctime())

    @identity.require(identity.not_anonymous())
    @expose(template="fas.templates.home", allow_json=True)
    def home(self):
        user_name = turbogears.identity.current.user_name
        person = People.by_username(user_name)
        (cla_done, undeprecated_cla) = undeprecated_cla_done(person)

        person = person.filter_private()
        return dict(person=person,
                    memberships=person['memberships'],
                    cla=undeprecated_cla)

    @expose(template="fas.templates.about")
    def about(self):
        return dict()

    @expose(template="fas.templates.login", allow_json=True)
    def login(self, forward_url=None, *args, **kwargs):
        '''Page to become authenticated to the Account System.

        This shows a small login box to type in your username and password
        from the Fedora Account System.

        :kwarg forward_url: The url to send to once authentication succeeds
        '''
        actual_login_dict = f_ctrlers.login(forward_url=forward_url,
                                            *args,
                                            **kwargs)

        try:
            login_dict = Bunch()
            login_dict['user'] = Bunch()
            for field in People.allow_fields['complete']:
                login_dict['user'][field] = None
            for field in People.allow_fields['self']:
                login_dict['user'][field] = getattr(actual_login_dict['user'],
                                                    field)
            # Strip out things that the user shouldn't see about their own
            # login
            login_dict['user']['internal_comments'] = None
            login_dict['user']['emailtoken'] = None
            login_dict['user']['security_answer'] = None
            login_dict['user']['alias_enabled'] = None
            login_dict['user']['passwordtoken'] = None

            # Add things that are needed by some other apps
            login_dict['user'].approved_memberships = list(
                actual_login_dict['user'].approved_memberships)
            login_dict['user'].memberships = list(
                actual_login_dict['user'].memberships)
            login_dict['user'].unapproved_memberships = list(
                actual_login_dict['user'].unapproved_memberships)
            login_dict['user'].group_roles = list(
                actual_login_dict['user'].group_roles)
            login_dict['user'].roles = list(actual_login_dict['user'].roles)
            login_dict['user'].groups = [
                g.name for g in actual_login_dict['user'].approved_memberships
            ]
            return login_dict
        except KeyError, e:
            # No problem, this usually means that we failed to login and
            # therefore we don't have a user field.
            login_dict = actual_login_dict

        if not identity.current.anonymous and identity.was_login_attempted() \
                and not identity.get_identity_errors():
            # Success that needs to be passed back via json
            return login_dict

        if identity.was_login_attempted() and request.fas_provided_username:
            if request.fas_identity_failure_reason == 'status_inactive':
                turbogears.flash(
                    _('Your old password has expired.  Please'
                      ' reset your password below.'))
                if request_format() != 'json':
                    redirect('/user/resetpass')
            if request.fas_identity_failure_reason == 'status_account_disabled':
                turbogears.flash(
                    _('Your account is currently disabled.  For'
                      ' more information, please contact %(admin_email)s' %
                      {'admin_email': config.get('accounts_email')}))
                if request_format() != 'json':
                    redirect('/login')

        return login_dict