def setup_user():
"""
Try to retrieve a valid user object from the request, be it
either through the session or through a login.
"""
# init some stuff for auth processing:
flaskg._login_multistage = None
flaskg._login_multistage_name = None
flaskg._login_messages = []
# first try setting up from session
userobj = auth.setup_from_session()
# then handle login/logout forms
form = request.values.to_dict()
if 'login_submit' in form:
# this is a real form, submitted by POST
userobj = auth.handle_login(userobj, **form)
elif 'logout_submit' in form:
# currently just a GET link
userobj = auth.handle_logout(userobj)
else:
userobj = auth.handle_request(userobj)
# if we still have no user obj, create a dummy:
if not userobj:
userobj = user.User(name=ANON, auth_method='invalid')
# if we have a valid user we store it in the session
if userobj.valid:
session['user.itemid'] = userobj.itemid
session['user.trusted'] = userobj.trusted
session['user.auth_method'] = userobj.auth_method
session['user.auth_attribs'] = userobj.auth_attribs
session['user.session_token'] = userobj.get_session_token()
return userobj
def setup_user(context, session):
""" Try to retrieve a valid user object from the request, be it
either through the session or through a login. """
# first try setting up from session
userobj = auth.setup_from_session(context, session)
userobj, olduser = auth.setup_setuid(context, userobj)
context._setuid_real_user = olduser
# then handle login/logout forms
form = context.request.values
if 'login' in form:
params = {
'username': form.get('name'),
'password': form.get('password'),
'attended': True,
'openid_identifier': form.get('openid_identifier'),
'stage': form.get('stage')
}
userobj = auth.handle_login(context, userobj, **params)
elif 'logout' in form:
userobj = auth.handle_logout(context, userobj)
else:
userobj = auth.handle_request(context, userobj)
# if we still have no user obj, create a dummy:
if not userobj:
userobj = user.User(context, auth_method='invalid')
return userobj
def setup_user(context, session):
""" Try to retrieve a valid user object from the request, be it
either through the session or through a login. """
# first try setting up from session
userobj = auth.setup_from_session(context, session)
userobj, olduser = auth.setup_setuid(context, userobj)
context._setuid_real_user = olduser
# then handle login/logout forms
form = context.request.values
if 'login' in form:
params = {
'username': form.get('name'),
'password': form.get('password'),
'attended': True,
'openid_identifier': form.get('openid_identifier'),
'stage': form.get('stage')
}
userobj = auth.handle_login(context, userobj, **params)
elif 'logout' in form:
userobj = auth.handle_logout(context, userobj)
else:
userobj = auth.handle_request(context, userobj)
# if we still have no user obj, create a dummy:
if not userobj:
userobj = user.User(context, auth_method='invalid')
return userobj
def setup_user():
"""
Try to retrieve a valid user object from the request, be it
either through the session or through a login.
"""
# init some stuff for auth processing:
flaskg._login_multistage = None
flaskg._login_multistage_name = None
flaskg._login_messages = []
# first try setting up from session
userobj = auth.setup_from_session()
# then handle login/logout forms
form = request.values.to_dict()
if 'login_submit' in form:
# this is a real form, submitted by POST
userobj = auth.handle_login(userobj, **form)
elif 'logout_submit' in form:
# currently just a GET link
userobj = auth.handle_logout(userobj)
else:
userobj = auth.handle_request(userobj)
# if we still have no user obj, create a dummy:
if not userobj:
userobj = user.User(name=ANON, auth_method='invalid')
# if we have a valid user we store it in the session
if userobj.valid:
session['user.itemid'] = userobj.itemid
session['user.trusted'] = userobj.trusted
session['user.auth_method'] = userobj.auth_method
session['user.auth_attribs'] = userobj.auth_attribs
session['user.session_token'] = userobj.get_session_token()
return userobj
def setup_user(context, session):
""" Try to retrieve a valid user object from the request, be it
either through the session or through a login. """
# first try setting up from session
userobj = auth.setup_from_session(context, session)
userobj, olduser = auth.setup_setuid(context, userobj)
context._setuid_real_user = olduser
# then handle login/logout forms
form = context.request.values
if "login" in form:
params = {
"username": form.get("name"),
"password": form.get("password"),
"attended": True,
"openid_identifier": form.get("openid_identifier"),
"stage": form.get("stage"),
}
userobj = auth.handle_login(context, userobj, **params)
elif "logout" in form:
userobj = auth.handle_logout(context, userobj)
else:
userobj = auth.handle_request(context, userobj)
# if we still have no user obj, create a dummy:
if not userobj:
userobj = user.User(context, auth_method="invalid")
return userobj
def xmlrpc_getAuthToken(self, username, password, *args):
"""
Returns a token which can be used for authentication
in other XMLRPC calls. If the token is empty, the username
or the password were wrong.
Implementation note: token is same as cookie content would be for http session
"""
request = self.request
request.session = request.cfg.session_service.get_session(request)
u = auth.setup_from_session(request, request.session)
login_required = is_login_required(request)
if login_required:
u = auth.handle_login(request,
u,
username=username,
password=password)
else:
u = request.user
if u and u.valid:
request.user = u
request.cfg.session_service.finalize(request, request.session)
return request.session.sid
else:
return ""
def xmlrpc_getAuthToken(self, username, password, *args):
"""
Returns a token which can be used for authentication
in other XMLRPC calls. If the token is empty, the username
or the password were wrong.
Implementation note: token is same as cookie content would be for http session
"""
request = self.request
request.session = request.cfg.session_service.get_session(request)
u = auth.setup_from_session(request, request.session)
login_required = is_login_required(request)
if login_required:
u = auth.handle_login(request, u, username=username,
password=password)
else:
u = request.user
if u and u.valid:
request.user = u
request.cfg.session_service.finalize(request, request.session)
return request.session.sid
else:
return ""
def xmlrpc_applyAuthToken(self, auth_token):
"""
Applies the auth token and thereby authenticates the user.
"""
if not auth_token:
return xmlrpclib.Fault("INVALID", "Empty token.")
request = self.request
request.session = request.cfg.session_service.get_session(request, auth_token)
logging.debug("applyAuthToken: got session %r" % request.session)
u = auth.setup_from_session(request, request.session)
logging.debug("applyAuthToken: got user %r" % u)
if u and u.valid:
self.request.user = u
return "SUCCESS"
else:
return xmlrpclib.Fault("INVALID", "Invalid token.")
def xmlrpc_applyAuthToken(self, auth_token):
"""
Applies the auth token and thereby authenticates the user.
"""
if not auth_token:
return xmlrpclib.Fault("INVALID", "Empty token.")
request = self.request
request.session = request.cfg.session_service.get_session(
request, auth_token)
logging.debug("applyAuthToken: got session %r" % request.session)
u = auth.setup_from_session(request, request.session)
logging.debug("applyAuthToken: got user %r" % u)
if u and u.valid:
self.request.user = u
return "SUCCESS"
else:
return xmlrpclib.Fault("INVALID", "Invalid token.")
