def view_fas_login():
if not 'next' in request.args and not 'next' in get_session():
return redirect(url_for('view_main'))
if 'next' in request.args:
get_session()['next'] = request.args['next']
get_session().save()
if get_auth_module().logged_in() and not \
('timeout' in get_session() and get_session()['timeout']):
# We can also have "timeout" as of 0.4.0
# indicating PAPE or application configuration requires a re-auth
log_debug('Info', {
'message': 'User tried to login but is already authenticated'})
return redirect(get_session()['next'])
if request.method == 'POST':
username = request.form['username']
password = request.form['password']
if (not app.config['FAS_AVAILABLE_FILTER']) or \
(username in app.config['FAS_AVAILABLE_TO']):
if username == '' or password == '':
user = None
else:
user = get_auth_module().check_login(username, password)
if user:
log_info('Success', {
'username': username,
'message': 'User authenticated succesfully'})
user = user.toDict() # A bunch is not serializable...
user['groups'] = [x['name'] for x in
user['approved_memberships']]
get_session()['user'] = user
get_session()['last_auth_time'] = time()
get_session()['timeout'] = False
get_session()['trust_root'] = ''
get_session().save()
return redirect(get_session()['next'])
else:
log_warning('Failure', {
'username': username,
'message': 'User entered incorrect username or password'})
flash(_('Incorrect username or password'))
else:
log_warning('Failure', {
'username': username,
'message': 'Tried to login with an account that is not '
'allowed to use this service'})
flash(_('This service is limited to the following '
'users: %(users)s',
users=', '.join(app.config['FAS_AVAILABLE_TO'])))
return render_template(
'auth_fas_login.html',
trust_root=get_session()['trust_root'])
sreg_info = addSReg(openid_request, openid_response)
teams_info = addTeams(
openid_request,
openid_response,
filter_cla_groups(get_auth_module().get_groups()))
cla_info = addCLAs(
openid_request,
openid_response,
get_cla_uris(get_auth_module().get_groups()))
auth_level = addPape(openid_request, openid_response)
log_info('Success', {
'claimed_id': get_claimed_id(get_auth_module().get_username()),
'trust_root': openid_request.trust_root,
'security_level': auth_level,
'message': 'The user succesfully claimed the identity'})
log_debug('Info', {'teams': teams_info})
return openid_respond(openid_response)
elif authed == AUTH_TRUST_ROOT_ASK:
# User needs to confirm trust root
return user_ask_trust_root(openid_request)
elif authed == AUTH_TRUST_ROOT_NOT_OK:
log_info('Info', {
'trust_root': openid_request.trust_root,
'message': 'User chose not to trust trust_root'})
return openid_respond(openid_request.answer(False))
elif authed == AUTH_TRUST_ROOT_CONFIG_NOT_OK:
log_info('Info', {
'trust_root': openid_request.trust_root,
'message': 'Configuration blacklisted this trust_root'})
return openid_respond(openid_request.answer(False))
elif openid_request.immediate:
