def decorated_view(*args, **kwargs): aselect_filter = ASelectAPI() aselect_id = current_user.aselect_id #does not contain caps aselect_org = current_user.aselect_org # damn unicode ticket_attr = _ticket_store.get_ticket(aselect_id, aselect_org) if ticket_attr is None: session.clear() return _security.login_manager.unauthorized() ticket = ticket_attr.ticket attr_hash = ticket_attr.attr_hash used_aselect_id = ticket_attr.aselect_id filter_ret = aselect_filter.verify_ticket(used_aselect_id, ticket, \ aselect_org, attr_hash) if filter_ret.status == 0: if filter_ret.result_code == str('0109'): # weird ticket session.clear() # thing flash('Mismatching data. Please login again.', 'error') elif filter_ret.result_code == str('010b'): # weird ticket session.clear() # thing flash('Ticket invalid. Please login again.', 'error') #current_app.login_manager.logout() return redirect('/') else: return _security.login_manager.unauthorized() else: # 1 and 2 return fn(*args, **kwargs)
def decorated(*args, **kwargs): if request.args.get('aselect_complete') != 'yes': return f(*args, **kwargs) aselect_api = ASelectAPI() rid = request.args.get('rid') credentials = request.args.get('aselect_credentials') response = aselect_api.verify_credentials( rid=rid, aselect_cred=credentials) # verify ticket? if response.status == SUCCESS: aselect_resp = ASelectResponse(response) # only credentials used self.store_ticket( aselect_cred=response.aselect_cred, rid=rid ) return self.after_login_func(ASelectResponse(response)) elif response.status == CANCEL: self.signal_error('The request was cancelled') return redirect(self.get_current_url()) elif response.status == RELOAD: # Should do some other things too self.signal_error('Please reload the page and try again') return redirect(self.get_current_url()) self.signal_error('A-Select authentication error') return redirect(self.get_current_url())
def try_login(self, app_url): """This tries to login. This function must be called from the loginhandler. """ aselect_api = ASelectAPI() try: auth_request = aselect_api.auth_user( app_id=self.app_id,\ app_url=self.get_success_url(), \ aselect_id=None, \ forced_logon='false' ) return redirect(auth_request) except: logger.error('A-Select error, auth_request failed.') self.signal_error('A-Select request was invalid') flash('<strong>Authentication error: </strong> This is an \ internal error and has nothing to do with your A-Select ID.', 'error') return redirect('/')