def render_GET(self, request): """ :type request: bouser.web.request.BouserRequest :param request: :return: """ token = request.getCookie(self.service.cookie_name) session = request.getSession() fm = IWebSession(session) if 'back' in request.args: fm.back = request.args['back'][0] elif not fm.back: fm.back = request.getHeader('Referer') or '/' try: if token: token = token.decode('hex') yield self.service.check_token(token) else: defer.returnValue(request.render_template('login.html')) except EExpiredToken: defer.returnValue(request.render_template('login.html')) else: # Token is valid - just redirect back, fm.back = fm.back, None defer.returnValue(redirectTo(back, request))
def render_POST(self, request): """ :type request: bouser.web.request.BouserRequest :param request: :return: """ session = request.getSession() fm = IWebSession(session) back = request.args.get('back', [fm.back])[0] or '/' try: login = request.args['login'][0].decode('utf-8') password = request.args['password'][0].decode('utf-8') ato = yield self.service.acquire_token(login, password) except EInvalidCredentials: fm.flash_message(dict( text=u"Неверное имя пользователя или пароль", severity='danger' )) defer.returnValue(redirectTo(request.uri, request)) except ETokenAlreadyAcquired: fm.back = None defer.returnValue(redirectTo(back, request)) else: token_txt = ato.token.encode('hex') domain = request.getHeader('Host').split(':', 1)[0] uri = request.getHeader('Referer') if uri: match = re_referrer_origin.match(uri) if match: domain = match.groupdict()['origin'] cookie_domain = self.service.get_cookie_domain(domain) request.addCookie( self.service.cookie_name, token_txt, domain=cookie_domain, path='/', comment='Castiel Auth Cookie' ) fm.back = None defer.returnValue(redirectTo(back, request))
def render_GET(self, request): """ :type request: bouser.web.request.BouserRequest :param request: :return: """ def redirect_to_ext_cas(): url = '{0}/login?service={1}'.format(self.service.ext_url, self_uri) rt = redirectTo(url, request) defer.returnValue(rt) token = request.getCookie(self.service.cookie_name) session = request.getSession() fm = IWebSession(session) if 'back' in request.args: fm.back = request.args['back'][0] elif not fm.back: fm.back = '/' self_uri = urllib2.quote(self.service.self_url + '/cas/login?back=' + fm.back) # 1) redirect from external cas which processed our login and issued service ticket # that need to be validated if 'ticket' in request.args: st = request.args['ticket'][0] ok, data = yield self.service.validate_service_ticket(st, self_uri) if not ok: redirect_to_ext_cas() else: # завершить аутентификацию, установив нашу куку try: ato = yield self.service.acquire_token(data['user'], None) logger.info( u'Пользователь {user_descr} аутентифицировался {dt:%d.%m.%Y %H:%M:%S}', user_descr=ato.object.get_description(), dt=datetime.datetime.now(), tags=['AUTH', 'EXT_CAS']) except EInvalidCredentials: log.msg('Error login: cannot find user {0}'.format( data['user'].encode('utf-8'))) logger.warn( u'Неудачная попытка аутентификации по логину {login} {dt:%d.%m.%Y %H:%M:%S} ' u'(Не найден пользователь по логину)', login=data['user'], dt=datetime.datetime.now(), tags=['AUTH', 'EXT_CAS']) redirect_to_ext_cas() except ETokenAlreadyAcquired: fm.back = None redirect_to_ext_cas() else: back = request.args.get('back', [fm.back])[0] or '/' token_txt = ato.token.encode('hex') domain = request.getHeader('Host').split(':', 1)[0] uri = request.getHeader('Referer') if uri: match = re_referrer_origin.match(uri) if match: domain = match.groupdict()['origin'] cookie_domain = self.service.get_cookie_domain(domain) request.addCookie(str(self.service.cookie_name), token_txt, domain=str(cookie_domain), path='/', comment='Castiel Auth Cookie') request.addCookie(str(self.service.ext_cookie_name), data['tgt'], domain=str(cookie_domain), path='/', comment='External CAS TGT Cookie') fm.back = None defer.returnValue(redirectTo(back, request)) # 2) user was redirected here from one of our systems; # need to check if _our_ current token is valid and if not - start login in external cas else: try: if token: token = token.decode('hex') tgt = request.getCookie(self.service.ext_cookie_name) or '' yield self.service.check_token(token, False, tgt) else: raise ENoToken() except (EExpiredToken, ENoToken, EUnsuccesfulCheckTGT): redirect_to_ext_cas() else: # _Our_ token is valid - just redirect back to our system back, fm.back = fm.back, None defer.returnValue(redirectTo(back, request))