def post(self): next_url = self.request.arguments.get('next', [None])[0] username = self.request.arguments.get('username', [None])[0] password = self.request.arguments.get('password', [None])[0] if self.current_user: return self.redirect(next_url or '/') if Settings['login_strategy'] == 'ldap': # LDAP is our basic auth strategy. if not username or not password: return self.render("login.html", page_title="Login", next_url=next_url, errors="Please enter both a username and a password.") if not authenticate_ldap(username, password): return self.render("login.html", page_title="Login", next_url=next_url, errors="Invalid username or password specified.") return login(self, username, next_url) elif Settings['login_strategy'] == 'saml': # They shouldn't be POSTing, but it's cool. Blatantly ignore their # form and redirect them to the IdP to try again. # SAML doesn't support friendly redirects to next_url for security, # so they'll end up on the landing page after auth. return self._saml_login() # TODO: Turn this into an HTTP status code along 4xx # Give them the basic auth page with an error telling them logins are currently botched. return self.render("login.html", page_title="Login", next_url=next_url, errors="No login strategy currently configured.")
def test_authenticate(self): with mock.patch.object(logging, "exception"): T.assert_equal(auth.authenticate_ldap("fake_user", "fake_password"), False)