def logout(self, request, **kw):
""" Log a user out of the ID server
"""
# sanitize value (since this will be echoed back)
if not self.is_internal(request):
raise HTTPForbidden()
logger.debug('Logging out.')
(content_type, template) = self.get_template_from_request(request,
html_template = 'login')
uid = self.get_uid(request)
if uid is None:
body = template.render(error =
self.error_codes.get('LOGIN_ERROR'),
config = self.app.config,
request = request)
else:
# This is potentially dangerous, check that this is at least
# semi-legit
if not self.check_signature(uid, request):
raise HTTPBadRequest()
body = template.render(response = True,
request = request,
config = self.app.config)
response = Response(str(body), content_type = content_type)
return response
def send_validate_email(self, uid, email, nosend = False, **kw):
""" Send an email containing the validation token URL to the
newly registered email, and add the email to the list of
unvalidated emails.
"""
#first, generate a token:
user = self.app.storage.get_user_info(uid)
if user is None:
return False
mailserv_name = self.app.config.get('oid.mail_server',
'localhost')
reply_to = self.app.config.get('oid.reply_to',
'no-reply@' + mailserv_name)
#store the unverified email
unv_emails = user.get('unv_emails', {})
if (email not in unv_emails):
rtoken = self.app.storage.add_validation(uid, email)
else:
rtoken = self.app.storage.get_validation_token(uid, email)
# format the email and send it on it's merry way.
template = get_template('validate_email_body')
verify_url = (self.app.config.get('oid.validate_host',
'http://localhost') +
'/%s/validate/%s' % (VERSION, rtoken))
body = template.render(from_addr =
self.app.config.get('oid.from_address',
reply_to),
to_addr = email,
reply_to = reply_to,
verify_url = verify_url)
if (not nosend and not self.app.config.get('test.nomail', False)):
#for testing, we don't send out the email. (Presume that works.)
logger.debug('sending validation email to %s' % email)
server = smtplib.SMTP(mailserv_name)
server.sendmail(reply_to,
email,
body)
server.quit()
return True
def login(self, request, extra = {}, **kw):
""" Log a user into the ID server
"""
response = {}
error = {}
uid = None
email = None
storage = self.app.storage
if not self.is_internal(request):
raise HTTPForbidden()
(content_type, template) = self.get_template_from_request(request,
html_template = 'login')
# User is not logged in or the association is not present.
if (len(request.POST.get('id', '')) and
len(request.POST.get('password', ''))):
email = request.POST['id']
password = request.POST['password']
try:
username = extract_username(email)
except UnicodeError:
# Log the invalid username for diagnostics ()
logger.warn('Invalid username specified: %s (%s) '
% (email, username))
raise HTTPBadRequest()
# user normalization complete, check to see if we know this
# person
uid = self.app.auth.backend.authenticate_user(username,
password)
if uid is None:
error = self.error_codes.get('LOGIN_ERROR')
logger.debug('Login failed for %s ' % email)
body = template.render(error = error,
response = response,
extra = extra,
request = request,
config = self.app.config)
response = Response(str(body), content_type = content_type)
logger.debug('Nuking session cookie')
response.delete_cookie('beaker.session.uid')
try:
del request.environ['beaker.session']['uid']
except KeyError:
pass
return response
logger.debug('setting uid to %s' % uid)
request.environ['beaker.session']['uid'] = uid
# if this is an email validation, skip to that.
if 'validate' in request.params:
return self.validate(request)
# Attempt to get the uid.
if not email:
email = request.params.get('id', None)
if uid is None:
logger.debug('attempting to get uid')
uid = self.get_uid(request, strict = False)
if uid is None:
logger.debug('no uid present')
# Presume that this is the first time in.
# Display the login page for HTML only
body = template.render(error = error,
response = response,
config = self.app.config,
extra = extra,
request = request)
response = Response(str(body), content_type = content_type)
response.delete_cookie('beaker.session.uid')
return response
# Ok, got a UID, so let's get the user info
user = storage.get_user_info(uid)
if user is None:
user = storage.create_user(uid, email)
if email:
if email not in user.get('emails', []):
self.send_validate_email(uid, email)
if (len(request.params.get('audience', ''))):
return self.registered_emails(request)
location = "%s/%s" % (self.app.config.get('oid.login_host',
'localhost'),
quote(email))
else:
del (request.environ['beaker.session']['uid'])
location = "%s/%s/login" % (self.app.config.get('oid.login_host',
'localhost'),
VERSION)
logger.debug('Sending user to admin page %s' % location)
raise HTTPFound(location = location)
