def __before__(self, action):
'''
This is the authentication to self service
If you want to do ANYTHING with selfservice, you need to be
authenticated. The _before_ is executed before any other function
in this controller.
'''
try:
param = request.params
audit.initialize()
c.audit['success'] = False
c.audit['client'] = get_client(request)
c.version = get_version()
c.licenseinfo = get_copyright_info()
self.request_context['Audit'] = audit
(auth_type, auth_user) = get_auth_user(request)
if not auth_user or auth_type not in ['repoze', 'selftest']:
abort(401, "You are not authenticated")
(c.user, _foo, c.realm) = auth_user.rpartition('@')
self.authUser = User(c.user, c.realm, '')
if auth_type == "repoze":
# checking the session
if (False == check_selfservice_session(request,
request.url,
request.path,
request.cookies,
request.params
)):
c.audit['action'] = request.path[1:]
c.audit['info'] = "session expired"
audit.log(c.audit)
abort(401, "No valid session")
c.imprint = get_imprint(c.realm)
c.tokenArray = []
c.user = self.authUser.login
c.realm = self.authUser.realm
c.tokenArray = getTokenForUser(self.authUser)
# only the defined actions should be displayed
# - remark: the generic actions like enrollTT are allready approved
# to have a rendering section and included
actions = getSelfserviceActions(self.authUser,
context=self.request_context)
c.actions = actions
for policy in actions:
if "=" in policy:
(name, val) = policy.split('=')
val = val.strip()
# try if val is a simple numeric -
# w.r.t. javascript evaluation
try:
nval = int(val)
except:
nval = val
c.__setattr__(name.strip(), nval)
c.dynamic_actions = add_dynamic_selfservice_enrollment(config,
c.actions)
# we require to establish all token local defined
# policies to be initialiezd
additional_policies = add_dynamic_selfservice_policies(config,
actions)
for policy in additional_policies:
c.__setattr__(policy, -1)
c.otplen = -1
c.totp_len = -1
return response
except webob.exc.HTTPUnauthorized as acc:
# the exception, when an abort() is called if forwarded
log.info("[__before__::%r] webob.exception %r" % (action, acc))
log.info("[__before__] %s" % traceback.format_exc())
Session.rollback()
Session.close()
raise acc
except Exception as e:
log.exception("[__before__] failed with error: %r" % e)
Session.rollback()
Session.close()
return sendError(response, e, context='before')
finally:
log.debug('[__after__] done')
def __before__(self, action):
'''
This is the authentication to self service
If you want to do ANYTHING with selfservice, you need to be
authenticated. The _before_ is executed before any other function
in this controller.
'''
try:
param = request.params
audit.initialize()
c.audit['success'] = False
c.audit['client'] = get_client()
c.version = get_version()
c.licenseinfo = get_copyright_info()
if isSelfTest():
log.debug("[__before__] Doing selftest!")
uuser = getParam(param, "selftest_user", True)
if uuser is not None:
(c.user, _foo, c.realm) = uuser.rpartition('@')
else:
c.realm = ""
c.user = "******"
env = request.environ
uuser = env.get('REMOTE_USER')
if uuser is not None:
(c.user, _foo, c.realm) = uuser.rpartition('@')
if c.user in ['--u--']:
abort(401, "No valid session")
self.authUser = User(c.user, c.realm, '')
log.debug("[__before__] authenticating as %s in realm %s!"
% (c.user, c.realm))
else:
identity = request.environ.get('repoze.who.identity')
if identity is None:
abort(401, "You are not authenticated")
log.debug("[__before__] doing getAuthFromIdentity in action %s"
% action)
user_id = request.environ.get('repoze.who.identity')\
.get('repoze.who.userid')
if type(user_id) == unicode:
user_id = user_id.encode(ENCODING)
identity = user_id.decode(ENCODING)
log.debug("[__before__] getting identity from repoze.who: %r"
% identity)
(c.user, _foo, c.realm) = identity.rpartition('@')
self.authUser = User(c.user, c.realm, '')
log.debug("[__before__] set the self.authUser to: %s, %s "
% (self.authUser.login, self.authUser.realm))
log.debug('[__before__] param for action %s: %s'
% (action, param))
# checking the session
if (False == check_selfservice_session(request.url,
request.path,
request.cookies,
request.params
)):
c.audit['action'] = request.path[1:]
c.audit['info'] = "session expired"
audit.log(c.audit)
abort(401, "No valid session")
c.imprint = get_imprint(c.realm)
c.tokenArray = []
c.user = self.authUser.login
c.realm = self.authUser.realm
c.tokenArray = getTokenForUser(self.authUser)
# only the defined actions should be displayed
# - remark: the generic actions like enrollTT are allready approved
# to have a rendering section and included
actions = getSelfserviceActions(self.authUser)
c.actions = actions
for policy in actions:
if "=" in policy:
(name, val) = policy.split('=')
val = val.strip()
# try if val is a simple numeric -
# w.r.t. javascript evaluation
try:
nval = int(val)
except:
nval = val
c.__setattr__(name.strip(), nval)
c.dynamic_actions = add_dynamic_selfservice_enrollment(config,
c.actions)
# we require to establish all token local defined
# policies to be initialiezd
additional_policies = add_dynamic_selfservice_policies(config,
actions)
for policy in additional_policies:
c.__setattr__(policy, -1)
c.otplen = -1
c.totp_len = -1
return response
except webob.exc.HTTPUnauthorized as acc:
# the exception, when an abort() is called if forwarded
log.info("[__before__::%r] webob.exception %r" % (action, acc))
log.info("[__before__] %s" % traceback.format_exc())
Session.rollback()
Session.close()
raise acc
except Exception as e:
log.error("[__before__] failed with error: %r" % e)
log.error("[__before__] %s" % traceback.format_exc())
Session.rollback()
Session.close()
return sendError(response, e, context='before')
finally:
log.debug('[__after__] done')
def __before__(self, action):
'''
This is the authentication to self service. If you want to do
ANYTHING with the selfservice, you need to be authenticated. The
_before_ is executed before any other function in this controller.
'''
try:
c.audit = request_context['audit']
c.audit['success'] = False
c.audit['client'] = get_client(request)
c.version = get_version()
c.licenseinfo = get_copyright_info()
request_context['Audit'] = audit
(auth_type, auth_user) = get_auth_user(request)
if not auth_user or auth_type not in ['repoze', 'selftest']:
abort(401, "You are not authenticated")
(c.user, _foo, c.realm) = auth_user.rpartition('@')
self.authUser = User(c.user, c.realm, '')
if auth_type == "repoze":
# checking the session only for not_form_access actions
if action not in self.form_access_methods:
call_url = "selfservice/%s" % action
valid_session = check_selfservice_session(
url=call_url,
cookies=request.cookies,
params=request.params)
if not valid_session:
c.audit['action'] = request.path[1:]
c.audit['info'] = "session expired"
audit.log(c.audit)
abort(401, "No valid session")
c.imprint = get_imprint(c.realm)
c.tokenArray = []
c.user = self.authUser.login
c.realm = self.authUser.realm
# only the defined actions should be displayed
# - remark: the generic actions like enrollTT are allready approved
# to have a rendering section and included
actions = getSelfserviceActions(self.authUser)
c.actions = actions
for policy in actions:
if policy:
if "=" not in policy:
c.__setattr__(policy, -1)
else:
(name, val) = policy.split('=')
val = val.strip()
# try if val is a simple numeric -
# w.r.t. javascript evaluation
try:
nval = int(val)
except:
nval = val
c.__setattr__(name.strip(), nval)
c.dynamic_actions = add_dynamic_selfservice_enrollment(
config, c.actions)
# we require to establish all token local defined
# policies to be initialiezd
additional_policies = add_dynamic_selfservice_policies(
config, actions)
for policy in additional_policies:
c.__setattr__(policy, -1)
c.otplen = -1
c.totp_len = -1
return response
except webob.exc.HTTPUnauthorized as acc:
# the exception, when an abort() is called if forwarded
log.info("[__before__::%r] webob.exception %r" % (action, acc))
log.info("[__before__] %s" % traceback.format_exc())
Session.rollback()
Session.close()
raise acc
except Exception as e:
log.exception("[__before__] failed with error: %r" % e)
Session.rollback()
Session.close()
return sendError(response, e, context='before')
finally:
log.debug('[__after__] done')
def __before__(self, action):
'''
This is the authentication to self service
If you want to do ANYTHING with selfservice, you need to be
authenticated. The _before_ is executed before any other function
in this controller.
'''
try:
param = request.params
audit.initialize()
c.audit['success'] = False
c.audit['client'] = get_client()
c.version = get_version()
c.licenseinfo = get_copyright_info()
if isSelfTest():
log.debug("[__before__] Doing selftest!")
uuser = getParam(param, "selftest_user", True)
if uuser is not None:
(c.user, _foo, c.realm) = uuser.rpartition('@')
else:
c.realm = ""
c.user = "******"
env = request.environ
uuser = env.get('REMOTE_USER')
if uuser is not None:
(c.user, _foo, c.realm) = uuser.rpartition('@')
self.authUser = User(c.user, c.realm, '')
log.debug("[__before__] authenticating as %s in realm %s!" % (c.user, c.realm))
else:
# Use WebAuth instead of LinOTP auth.
identity = request.environ.get('REMOTE_USER')
if identity is None:
abort(401, "You are not authenticated")
c.user = identity
# Put their current realm as the first one we find them in.
# Doesn't really matter since tokens are realm-independent.
realms = getAllUserRealms(User(identity, "", ""))
if (realms):
c.realm = realms[0]
self.authUser = User(c.user, c.realm, '')
# Check token expiry.
age = int(request.environ.get('WEBAUTH_TOKEN_EXPIRATION')) - time.time()
# Set selfservice cookie
response.set_cookie('linotp_selfservice', 'REMOTE_USER', max_age = int(age))
# Set userservice auth cookie
self.client = get_client()
authcookie = create_auth_cookie(config, identity, self.client)
response.set_cookie('userauthcookie', authcookie, max_age=360*24)
log.debug("[__before__] set the self.authUser to: %s, %s " % (self.authUser.login, self.authUser.realm))
log.debug('[__before__] param for action %s: %s' % (action, param))
# checking the session
if (False == check_selfservice_session(request.url,
request.path,
request.cookies,
request.params)):
c.audit['action'] = request.path[1:]
c.audit['info'] = "session expired"
audit.log(c.audit)
abort(401, "No valid session")
c.imprint = get_imprint(c.realm)
c.tokenArray = []
c.user = self.authUser.login
c.realm = self.authUser.realm
c.tokenArray = getTokenForUser(self.authUser)
# only the defined actions should be displayed
# - remark: the generic actions like enrollTT are allready approved
# to have a rendering section and included
actions = getSelfserviceActions(self.authUser)
c.actions = actions
for policy in actions:
if "=" in policy:
(name, val) = policy.split('=')
val = val.strip()
# try if val is a simple numeric -
# w.r.t. javascript evaluation
try:
nval = int(val)
except:
nval = val
c.__setattr__(name.strip(), nval)
c.dynamic_actions = add_dynamic_selfservice_enrollment(config,
c.actions)
# we require to establish all token local defined
# policies to be initialiezd
additional_policies = add_dynamic_selfservice_policies(config,
actions)
for policy in additional_policies:
c.__setattr__(policy, -1)
c.otplen = -1
c.totp_len = -1
return response
except webob.exc.HTTPUnauthorized as acc:
# the exception, when an abort() is called if forwarded
log.info("[__before__::%r] webob.exception %r" % (action, acc))
log.info("[__before__] %s" % traceback.format_exc())
Session.rollback()
Session.close()
raise acc
except Exception as e:
log.error("[__before__] failed with error: %r" % e)
log.error("[__before__] %s" % traceback.format_exc())
Session.rollback()
Session.close()
return sendError(response, e, context='before')
finally:
log.debug('[__before__] done')