def login(self):
log.debug("[login] selfservice login screen")
identity = request.environ.get('repoze.who.identity')
if identity is not None:
# After login We always redirect to the start page
redirect("/")
res = {}
try:
c.defaultRealm = getDefaultRealm()
res = getRealms()
c.realmArray = []
#log.debug("[login] %s" % str(res) )
for (k, v) in res.items():
c.realmArray.append(k)
c.realmbox = getRealmBox()
log.debug("[login] displaying realmbox: %i" % int(c.realmbox))
Session.commit()
response.status = '%i Logout from LinOTP selfservice' % LOGIN_CODE
return render('/selfservice/login.mako')
except Exception as e:
log.exception('[login] failed %r' % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
def login(self):
log.debug("[login] selfservice login screen")
identity = request.environ.get('repoze.who.identity')
if identity is not None:
# After login We always redirect to the start page
redirect("/")
res = {}
try:
c.defaultRealm = getDefaultRealm()
res = getRealms()
c.realmArray = []
#log.debug("[login] %s" % str(res) )
for (k, v) in res.items():
c.realmArray.append(k)
c.realmbox = getRealmBox()
log.debug("[login] displaying realmbox: %i" % int(c.realmbox))
Session.commit()
response.status = '%i Logout from LinOTP selfservice' % LOGIN_CODE
return render('/selfservice/login.mako')
except Exception as e:
log.exception('[login] failed %r' % e)
Session.rollback()
return sendError(response, e)
finally:
Session.close()
def _get_realms_():
realms = {}
if getRealmBox():
realms = getRealms()
else:
def_realm = getDefaultRealm()
if getDefaultRealm():
realms = getRealms(def_realm)
return realms
def _get_realms_():
realms = {}
if getRealmBox():
realms = getRealms()
else:
def_realm = getDefaultRealm()
if getDefaultRealm():
realms = getRealms(def_realm)
return realms
def get_pre_context(client):
"""
get the rendering context before the login is shown, so the rendering
of the login page could be controlled if realm_box or mfa_login is
defined
:param client: the rendering is client dependend, so we need the info
:return: context dict, with all rendering attributes
"""
# check for mfa_login, autoassign and autoenroll in policy definition
mfa_login_action = get_selfservice_action_value(
action="mfa_login", default=False
)
mfa_3_fields_action = get_selfservice_action_value(
action="mfa_3_fields", default=False
)
autoassignment_action = get_selfservice_action_value(
action="autoassignment", default=False
)
autoenrollment_action = get_selfservice_action_value(
action="autoenrollment", default=False
)
footer_text_action = get_selfservice_action_value(
action="footer_text", default=None
)
imprint_url_action = get_selfservice_action_value(
action="imprint_url", default=None
)
privacy_notice_url_action = get_selfservice_action_value(
action="privacy_notice_url", default=None
)
return {
"version": get_version(),
"copyright": get_copyright_info(),
"realms": _get_realms_(),
"settings": {
"default_realm": getDefaultRealm(),
"realm_box": getRealmBox(),
"mfa_login": mfa_login_action,
"mfa_3_fields": mfa_3_fields_action,
"autoassign": autoassignment_action,
"autoenroll": autoenrollment_action,
"footer_text": footer_text_action,
"imprint_url": imprint_url_action,
"privacy_notice_url": privacy_notice_url_action,
},
}
def authenticate(self, environ, identity):
log.info("[authenticate] entering repoze authenticate function.")
# log.debug( identity )
username = None
realm = None
authUser = None
try:
if isSelfTest():
if ('login' not in identity
and 'repoze.who.plugins.auth_tkt.userid' in identity):
uid = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = uid
identity['password'] = uid
if getRealmBox():
username = identity['login']
realm = identity['realm']
else:
log.info("[authenticate] no realmbox")
if '@' in identity['login']:
if getSplitAtSign():
log.debug("trying to split the loginname")
username, _at_, realm = identity['login'].rpartition(
'@')
else:
log.debug("no split for the @ of the loginname")
username = identity['login']
realm = identity.get('realm', getDefaultRealm())
else:
username = identity['login']
realm = getDefaultRealm()
log.info("[authenticate]: username: %r, realm: %r" %
(username, realm))
password = identity['password']
except KeyError as e:
log.error("[authenticate] Keyerror in identity: %r." % e)
log.error("[authenticate] %s" % traceback.format_exc())
return None
# as repoze does not run through the std pylons middleware, we have to
# convert the input which might be UTF8 to unicode
username = str2unicode(username)
password = str2unicode(password)
# check username/realm, password
if isSelfTest():
authUser = "******" % (username, realm)
else:
authUser = get_authenticated_user(username, realm, password)
return authUser
def authenticate(self, environ, identity):
log.info("[authenticate] entering repoze authenticate function.")
# log.debug( identity )
username = None
realm = None
authUser = None
try:
if isSelfTest():
if ('login' not in identity and
'repoze.who.plugins.auth_tkt.userid' in identity):
uid = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = uid
identity['password'] = uid
if getRealmBox():
username = identity['login']
realm = identity['realm']
else:
log.info("[authenticate] no realmbox")
if '@' in identity['login']:
if getSplitAtSign():
log.debug("trying to split the loginname")
username, _at_, realm = identity['login'].rpartition('@')
else:
log.debug("no split for the @ of the loginname")
username = identity['login']
realm = identity.get('realm', getDefaultRealm())
else:
username = identity['login']
realm = getDefaultRealm()
log.info("[authenticate]: username: %r, realm: %r"
% (username, realm))
password = identity['password']
except KeyError as e:
log.error("[authenticate] Keyerror in identity: %r." % e)
log.error("[authenticate] %s" % traceback.format_exc())
return None
# as repoze does not run through the std pylons middleware, we have to
# convert the input which might be UTF8 to unicode
username = str2unicode(username)
password = str2unicode(password)
# check username/realm, password
if isSelfTest():
authUser = "******" % (username, realm)
else:
authUser = get_authenticated_user(username, realm, password)
return authUser
def get_pre_context(client):
"""
get the rendering context before the login is shown, so the rendering
of the login page could be controlled if realm_box or mfa_login is
defined
:param client: the rendering is client dependend, so we need the info
:return: context dict, with all rendering attributes
"""
pre_context = {}
pre_context["version"] = get_version()
pre_context["licenseinfo"] = get_copyright_info()
pre_context["default_realm"] = getDefaultRealm()
pre_context["realm_box"] = getRealmBox()
pre_context["realms"] = json.dumps(_get_realms_())
# check for mfa_login, autoassign and autoenroll in policy definition
pre_context['mfa_login'] = False
policy = get_client_policy(client=client,
scope='selfservice',
action='mfa_login')
if policy:
pre_context['mfa_login'] = True
pre_context['mfa_3_fields'] = False
policy = get_client_policy(client=client,
scope='selfservice',
action='mfa_3_fields')
if policy:
pre_context['mfa_3_fields'] = True
pre_context['autoassign'] = False
policy = get_client_policy(client=client,
scope='enrollment',
action='autoassignment')
if policy:
pre_context['autoassign'] = True
pre_context['autoenroll'] = False
policy = get_client_policy(client=client,
scope='enrollment',
action='autoenrollment')
if policy:
pre_context['autoenroll'] = True
return pre_context
def get_pre_context(client):
"""
get the rendering context before the login is shown, so the rendering
of the login page could be controlled if realm_box or mfa_login is
defined
:param client: the rendering is client dependend, so we need the info
:return: context dict, with all rendering attributes
"""
pre_context = {}
pre_context["version"] = get_version()
pre_context["licenseinfo"] = get_copyright_info()
pre_context["default_realm"] = getDefaultRealm()
pre_context["realm_box"] = getRealmBox()
pre_context["realms"] = json.dumps(_get_realms_())
# check for mfa_login, autoassign and autoenroll in policy definition
pre_context['mfa_login'] = False
policy = get_client_policy(client=client,
scope='selfservice',
action='mfa_login')
if policy:
pre_context['mfa_login'] = True
pre_context['mfa_3_fields'] = False
policy = get_client_policy(client=client,
scope='selfservice',
action='mfa_3_fields')
if policy:
pre_context['mfa_3_fields'] = True
pre_context['autoassign'] = False
policy = get_client_policy(client=client,
scope='enrollment',
action='autoassignment')
if policy:
pre_context['autoassign'] = True
pre_context['autoenroll'] = False
policy = get_client_policy(client=client,
scope='enrollment',
action='autoenrollment')
if policy:
pre_context['autoenroll'] = True
return pre_context
def authenticate(self, environ, identity):
log.info("[authenticate] entering repoze authenticate function.")
#log.debug( identity )
username = None
realm = None
success = None
try:
if isSelfTest():
if identity.has_key('login') == False and identity.has_key(
'repoze.who.plugins.auth_tkt.userid') == True:
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
if getRealmBox():
username = identity['login']
realm = identity['realm']
else:
log.info(
"[authenticate] no realmbox, so we are trying to split the loginname"
)
m = re.match("(.*)\@(.*)", identity['login'])
if m:
if 2 == len(m.groups()):
username = m.groups()[0]
realm = m.groups()[1]
log.info(
"[authenticate] found @: username: %r, realm: %r" %
(username, realm))
else:
username = identity['login']
realm = getDefaultRealm()
log.info(
"[authenticate] using default Realm: username: %r, realm: %r"
% (username, realm))
password = identity['password']
except KeyError as e:
log.error("[authenticate] Keyerror in identity: %r." % e)
log.error("[authenticate] %s" % traceback.format_exc())
return None
# check username/realm, password
if isSelfTest():
success = "%s@%s" % (unicode(username), unicode(realm))
else:
success = check_user_password(username, realm, password)
return success
def login(self):
'''
render the selfservice login page
'''
c.title = _("LinOTP Self Service Login")
# ------------------------------------------------------------------ --
# prepare the realms and put the default realm on the top
defaultRealm = getDefaultRealm()
realmArray = [defaultRealm]
for realm in getRealms():
if realm != defaultRealm:
realmArray.append(realm)
# ------------------------------------------------------------------ --
# prepare the global context c for the rendering context
c.defaultRealm = defaultRealm
c.realmArray = realmArray
c.realmbox = getRealmBox()
context = get_pre_context(c.audit['client'])
mfa_login = context['mfa_login']
mfa_3_fields = context['mfa_3_fields']
c.otp = False
c.mfa_3_fields = False
if mfa_login and mfa_3_fields:
c.mfa_3_fields = True
response = Response(render('/selfservice/login.mako'))
if request.cookies.get('user_selfservice'):
remove_auth_cookie(request.cookies.get('user_selfservice'))
response.delete_cookie('user_selfservice')
return response
def authenticate(self, environ, identity):
log.info("[authenticate] entering repoze authenticate function.")
#log.debug( identity )
username = None
realm = None
success = None
try:
if isSelfTest():
if identity.has_key('login') == False and identity.has_key('repoze.who.plugins.auth_tkt.userid') == True:
u = identity.get('repoze.who.plugins.auth_tkt.userid')
identity['login'] = u
identity['password'] = u
if getRealmBox():
username = identity['login']
realm = identity['realm']
else:
log.info("[authenticate] no realmbox, so we are trying to split the loginname")
m = re.match("(.*)\@(.*)", identity['login'])
if m:
if 2 == len(m.groups()):
username = m.groups()[0]
realm = m.groups()[1]
log.info("[authenticate] found @: username: %r, realm: %r" % (username, realm))
else:
username = identity['login']
realm = getDefaultRealm()
log.info("[authenticate] using default Realm: username: %r, realm: %r" % (username, realm))
password = identity['password']
except KeyError as e:
log.error("[authenticate] Keyerror in identity: %r." % e)
log.error("[authenticate] %s" % traceback.format_exc())
return None
# check username/realm, password
if isSelfTest():
success = "%s@%s" % (unicode(username), unicode(realm))
else:
success = check_user_password(username, realm, password)
return success
def login(self):
"""
render the selfservice login page
"""
c.title = _("LinOTP Self Service Login")
# ------------------------------------------------------------------ --
# prepare the realms and put the default realm on the top
defaultRealm = getDefaultRealm()
realmArray = [defaultRealm]
for realm in getRealms():
if realm != defaultRealm:
realmArray.append(realm)
# ------------------------------------------------------------------ --
# prepare the global context c for the rendering context
c.defaultRealm = defaultRealm
c.realmArray = realmArray
c.realmbox = getRealmBox()
context = get_pre_context(g.audit["client"])
mfa_login = bool(context["settings"]["mfa_login"])
mfa_3_fields = bool(context["settings"]["mfa_3_fields"])
c.mfa_login = mfa_login
c.mfa_3_fields = mfa_login and mfa_3_fields
response = Response(render("/selfservice/login.mako"))
if request.cookies.get("user_selfservice"):
remove_auth_cookie(request.cookies.get("user_selfservice"))
response.delete_cookie("user_selfservice")
return response
def get_pre_context(client, context=None):
"""
get the rendering context before the login is shown, so the rendering
of the login page could be controlled if realm_box or otpLogin is
defined
:param client: the rendering is client dependend, so we need the info
:return: context dict, with all rendering attributes
"""
pre_context = {}
pre_context["version"] = get_version()
pre_context["licenseinfo"] = get_copyright_info()
pre_context["default_realm"] = getDefaultRealm()
pre_context["realm_box"] = getRealmBox()
pre_context["realms"] = json.dumps(_get_realms_())
"""
check for otpLogin, autoassign and autoenroll in policy definition
"""
pre_context["otpLogin"] = False
policy = get_client_policy(client=client, scope="selfservice", action="otpLogin", context=context)
if policy:
pre_context["otpLogin"] = True
pre_context["autoassign"] = False
policy = get_client_policy(client=client, scope="enrollment", action="autoassignment", context=context)
if policy:
pre_context["autoassign"] = True
pre_context["autoenroll"] = False
policy = get_client_policy(client=client, scope="enrollment", action="autoenrollment", context=context)
if policy:
pre_context["autoenroll"] = True
return pre_context
def get_pre_context(client):
"""
get the rendering context before the login is shown, so the rendering
of the login page could be controlled if realm_box or mfa_login is
defined
:param client: the rendering is client dependend, so we need the info
:return: context dict, with all rendering attributes
"""
# check for mfa_login, autoassign and autoenroll in policy definition
mfa_login_policy = get_client_policy(client=client,
scope='selfservice',
action='mfa_login')
mfa_3_fields_policy = get_client_policy(client=client,
scope='selfservice',
action='mfa_3_fields')
autoassignment_policy = get_client_policy(client=client,
scope='enrollment',
action='autoassignment')
autoenrollment_policy = get_client_policy(client=client,
scope='enrollment',
action='autoenrollment')
return {
"version": get_version(),
"copyright": get_copyright_info(),
"realms": _get_realms_(),
"settings": {
"default_realm": getDefaultRealm(),
"realm_box": getRealmBox(),
"mfa_login": bool(mfa_login_policy),
"mfa_3_fields": bool(mfa_3_fields_policy),
"autoassign": bool(autoassignment_policy),
"autoenroll": bool(autoenrollment_policy),
},
}
