def static_login(self, user_name=None, password=None, **kw):
error_format = "Static login failed. Reason: %s"
if cherrypy.request.method != "POST":
errormsg = error_format % "Request method must be POST."
log.error(errormsg)
raise errors.GheimdallException(errormsg)
if user_name is None:
errormsg = error_format % "user_name required."
log.error(errormsg)
raise errors.GheimdallException(errormsg)
if password is None:
errormsg = error_format % "password required."
log.error(errormsg)
raise errors.GheimdallException(errormsg)
import urllib
url = "http://mail.google.com/a/%s" % config.get('apps.domain')
redirected_url = urllib.urlopen(url).geturl()
import re
matched = re.match('^.*SAMLRequest=(.*)&RelayState=(.*)$', redirected_url)
SAMLRequest = urllib.unquote(matched.group(1))
RelayState = urllib.unquote(matched.group(2))
log.debug("SAMLRequest: %s" % SAMLRequest)
log.debug("RelayState: %s" % RelayState)
# authentication
auth_engine = auth.createAuthEngine(engine=config.get('apps.auth_engine'),
config=config)
try:
auth_engine.authenticate(user_name, password)
except auth.AuthException, e:
if e.code == auth.NEW_AUTHTOK_REQD:
# When the user's password is expired, display password form if I can.
log.error(e)
flash(_('Password is expired. You need to set new password.'))
if not config.get('apps.use_change_passwd'):
flash(_('Password is expired. You need to set new password. ' +
'But changing password is not available here'))
return dict(user_name=user_name,
tg_template="gheimdall.templates.gheimdall-nopasswd")
# save user_name to session
cherrypy.session['user_name'] = user_name
return dict(tg_template="gheimdall.templates.gheimdall-passwd",
form=passwd_form_widget,
values=dict(backURL='',
user_name=user_name,
old_password=password,
SAMLRequest=SAMLRequest,
RelayState=RelayState))
# Failed.
flash(_('Can not login'))
time.sleep(config.get('apps.sleep_time', 3))
raise errors.GheimdallException(e.reason)
def login_do(self, SAMLRequest, RelayState, user_name, password, **kw):
if config.get('always_remember_me', False):
cherrypy.session['remember_me'] = True
else:
cherrypy.session['remember_me'] = kw.get('remember_me', False)
if config.get('apps.use_header_auth', False):
raise errors.GheimdallException(
'You can not use this method when ' +
'app.use_header_auth configration directive is set to True.')
# authentication
auth_engine = auth.createAuthEngine(engine=config.get('apps.auth_engine'),
config=config)
try:
auth_engine.authenticate(user_name, password)
except auth.AuthException, e:
if e.code == auth.NEW_AUTHTOK_REQD:
# When the user's password is expired, display password form if I can.
log.error(e)
flash(_('Password is expired. You need to set new password.'))
if not config.get('apps.use_change_passwd'):
flash(_('Password is expired. You need to set new password. ' +
'But changing password is not available here'))
return dict(user_name=user_name,
tg_template="gheimdall.templates.gheimdall-nopasswd")
# save user_name to session
cherrypy.session['user_name'] = user_name
return dict(tg_template="gheimdall.templates.gheimdall-passwd",
form=passwd_form_widget,
values=dict(backURL='',
user_name=user_name,
old_password=password,
SAMLRequest=SAMLRequest,
RelayState=RelayState))
# Failed.
flash(_('Can not login'))
time.sleep(config.get('apps.sleep_time', 3))
raise errors.GheimdallException(e.reason)
