def me(self): if (request.method == "GET"): cookie = request.cookies.get("GFB_Cookie") if(cookie == None): return '' else: decode = Cookie.decryptCookie(cookie) return json.dumps(decode) else: #open host site cookie = request.cookies.get("GFB_Cookie") if(cookie == None): return '' else: encode = {} decode = Cookie.decryptCookie(cookie) encode['role'] = decode['role'] encode['user_name'] = decode['user_name'] encode['email'] = decode['email'] if (request.params['changed'] == 'true'): encode['host_site'] = request.params['siteID'] else: encode['host_site'] = '' cookie = Cookie(encode['user_name'],encode['email'], encode['role'], encode['host_site']) response.delete_cookie('GFB_Cookie') response.set_cookie("GFB_Cookie", cookie.encryptCookie(), max_age=180*24*3600) return render('/tools/distOrders.mako')
def login(self): """Authenticate the user on ocsmanager. """ if not "ocsmanager" in request.cookies: return self._auth_abort(403, "Invalid Session") if not "token" in session: return self._auth_abort(403, "Invalid Session") if not "token" in request.cookies: return self._auth_abort(403, "Invalid Token") if request.cookies.get("token") != session["token"]: return self._auth_abort(403, "Invalid Token") if not "login" in session: return self._auth_abort(403, "Invalid Session") payload = request.body if payload is None: log.error("Empty payload in auth:login()") return self._auth_abort(417, "Invalid Parameter") authModel = AuthenticateModel.AuthenticateModel() (error, msg) = authModel.verifyPassword(session["login"], session["token_salt"], session["salt"], payload) if error is True: response.delete_cookie("token") session["token"] = None return self._auth_abort(401, "Invalid credentials") # Authentication was successful, remove auth token - no longer needed session["token"] = None response.delete_cookie("token") session["tokenLogin"] = hashlib.sha1(os.urandom(8)).hexdigest() session.save() c.tokenLogin = encode(session["tokenLogin"]) c.ttl = 10 return render("/login.xml")
def logout(self): ''' This action deletes the cookie and redirects to the /openid/status to show the login status If the logout is called in the context of an openid authentication, the user is already logged in as a different user. In this case we forward to the /openid/login page after the logout was made. Another option for the openid authentication context would be to redirect to the return_to url by setting redirect_to = params["openid.return_to"] p["openid.mode"] = "setup_needed" which advises the openid relying party to restart the login process. ''' response.delete_cookie(COOKIE_NAME) params = {} params.update(request.params) p = {} ## are we are called during an openid auth request? if "openid.return_to" in params: redirect_to = "/openid/login" p.update(params) do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p)))) else: redirect_to = "/openid/status" do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p)))) redirect(do_redirect)
def login(self): """Authenticate the user on ocsmanager. """ if not "ocsmanager" in request.cookies: return self._auth_abort(403, 'Invalid Session') if not "token" in session: return self._auth_abort(403, 'Invalid Session') if not "token" in request.cookies: return self._auth_abort(403, 'Invalid Token') if request.cookies.get('token') != session['token']: return self._auth_abort(403, 'Invalid Token') if not "login" in session: return self._auth_abort(403, 'Invalid Session') payload = request.body if payload is None: log.error('Empty payload in auth:login()') return self._auth_abort(417, 'Invalid Parameter') authModel = AuthenticateModel.AuthenticateModel() (error, msg) = authModel.verifyPassword(session['login'], session['token_salt'], session['salt'], payload) if error is True: response.delete_cookie('token') session['token'] = None return self._auth_abort(401, 'Invalid credentials') # Authentication was successful, remove auth token - no longer needed session['token'] = None response.delete_cookie('token') session['tokenLogin'] = hashlib.sha1(os.urandom(8)).hexdigest() session.save() c.tokenLogin = encode(session['tokenLogin']) c.ttl = 10 return render('/login.xml')
def me(self): if (request.method == "GET"): cookie = request.cookies.get("GFB_Cookie") if (cookie == None): return '' else: decode = Cookie.decryptCookie(cookie) return json.dumps(decode) else: #open host site cookie = request.cookies.get("GFB_Cookie") if (cookie == None): return '' else: encode = {} decode = Cookie.decryptCookie(cookie) encode['role'] = decode['role'] encode['user_name'] = decode['user_name'] encode['email'] = decode['email'] if (request.params['changed'] == 'true'): encode['host_site'] = request.params['siteID'] else: encode['host_site'] = '' cookie = Cookie(encode['user_name'], encode['email'], encode['role'], encode['host_site']) response.delete_cookie('GFB_Cookie') response.set_cookie("GFB_Cookie", cookie.encryptCookie(), max_age=180 * 24 * 3600) return render('/tools/distOrders.mako')
def add_transient_message(cookie_name, message_title, message_text): """Add a message dict to the serialized list of message dicts stored in the named cookie. If there is no existing cookie, create one. If there is an existing cookie, assumes that it will de-serialize into a list object. """ time = datetime.now().strftime('%H:%M, %B %d, %Y') msg = dict( time = time, title = message_title, text = message_text, ) old_data = request.cookies.get(cookie_name, None) if old_data is not None: response.delete_cookie(cookie_name) if old_data: msgs = simplejson.loads(unquote(old_data)) else: msgs = [] msgs.append(msg) new_data = quote(simplejson.dumps(msgs)) response.set_cookie(cookie_name, new_data, path='/')
def logout(self): if session.get("email"): session.clear() session.save() if request.cookies.get("email"): response.delete_cookie("email") response.delete_cookie("password") redirect("/")
def cookie_delete(key): #log.debug("delete %s" % key) try: response.unset_cookie(key) except: pass try: response.delete_cookie(key) except: pass
def logout(self): """ handle the logout we delete the cookies from the server and the client and redirect to the login page """ cookie = request.cookies.get('user_selfservice') if cookie: remove_auth_cookie(cookie) response.delete_cookie('user_selfservice') self.redirect = True redirect(url(controller='selfservice', action='login'))
def current_user(): from ututi.model import User try: login = session.get('login', None) if login is None: return None login = int(login) except ValueError: return None session_secret = session.get('cookie_secret', None) cookie_secret = request.cookies.get('ututi_session_lifetime', None) if session_secret != cookie_secret: session.delete() response.delete_cookie('ututi_session_lifetime') return None return User.get_byid(login)
def login(self): ''' render the selfservice login page ''' cookie = request.cookies.get('user_selfservice') if cookie: remove_auth_cookie(cookie) response.delete_cookie('user_selfservice') c.title = _("LinOTP Self Service Login") # ------------------------------------------------------------------ -- # prepare the realms and put the default realm on the top defaultRealm = getDefaultRealm() realmArray = [defaultRealm] for realm in getRealms(): if realm != defaultRealm: realmArray.append(realm) # ------------------------------------------------------------------ -- # prepare the global context c for the rendering context c.defaultRealm = defaultRealm c.realmArray = realmArray c.realmbox = getRealmBox() context = get_pre_context(c.audit['client']) mfa_login = context['mfa_login'] mfa_3_fields = context['mfa_3_fields'] c.otp = False c.mfa_3_fields = False if mfa_login and mfa_3_fields: c.mfa_3_fields = True return render('/selfservice/login.mako')
def __call__(self, environ, start_response): """Invoke the Controller""" # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] # clean out any old cookies as they may contain api keys etc for cookie in request.cookies: if cookie.startswith('ckan') and cookie not in ['ckan', 'ckan_killtopbar']: response.delete_cookie(cookie) if cookie == 'ckan' and not c.user and not h.are_there_flash_messages(): if session.id: if not session.get('lang'): session.delete() else: response.delete_cookie(cookie) try: return WSGIController.__call__(self, environ, start_response) finally: model.Session.remove()
def __call__(self, environ, start_response): """Invoke the Controller""" # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] # Clean out any old cookies as they may contain api keys etc # This also improves the cachability of our pages as cookies # prevent proxy servers from caching content unless they have # been configured to ignore them. for cookie in request.cookies: if cookie.startswith('ckan') and cookie not in ['ckan']: response.delete_cookie(cookie) # Remove the ckan session cookie if not used e.g. logged out elif cookie == 'ckan' and not c.user and not h.are_there_flash_messages( ): if session.id: if not session.get('lang'): session.delete() else: response.delete_cookie(cookie) # Remove auth_tkt repoze.who cookie if user not logged in. elif cookie == 'auth_tkt' and not session.id: response.delete_cookie(cookie) try: return WSGIController.__call__(self, environ, start_response) finally: model.Session.remove()
def __call__(self, environ, start_response): """Invoke the Controller""" # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] # Clean out any old cookies as they may contain api keys etc # This also improves the cachability of our pages as cookies # prevent proxy servers from caching content unless they have # been configured to ignore them. for cookie in request.cookies: if cookie.startswith("ckan") and cookie not in ["ckan"]: response.delete_cookie(cookie) # Remove the ckan session cookie if not used e.g. logged out elif cookie == "ckan" and not c.user and not h.are_there_flash_messages(): if session.id: if not session.get("lang"): session.delete() else: response.delete_cookie(cookie) # Remove auth_tkt repoze.who cookie if user not logged in. elif cookie == "auth_tkt" and not session.id: response.delete_cookie(cookie) try: return WSGIController.__call__(self, environ, start_response) finally: model.Session.remove()
def __before__(self, action, **params): c.browser_language = self.browser_language identity = request.environ.get('repoze.who.identity') if identity is None: response.delete_cookie('userauthcookie') abort(401, _("You are not authenticated")) log.debug("getAuthFromIdentity in action %s" % action) if ';' in identity['repoze.who.userid']: self.userid, self.auth_cookie = identity['repoze.who.userid'].split(';', 1) else: self.userid = identity['repoze.who.userid'] self.auth_cookie = None try: self.context = self.get_context({"user" :self.userid}) except Exception as exx: log.error("linotp context lookup failed %r" % exx) response.delete_cookie('userauthcookie') abort(401, _("You are not authenticated")) copy_context_(self.context)
def __call__(self, environ, start_response): """Invoke the Controller""" # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] try: res = WSGIController.__call__(self, environ, start_response) finally: model.Session.remove() # Clean out any old cookies as they may contain api keys etc # This also improves the cachability of our pages as cookies # prevent proxy servers from caching content unless they have # been configured to ignore them. for cookie in request.cookies: if cookie.startswith('ckan') and cookie not in ['ckan']: response.delete_cookie(cookie) # Remove the ckan session cookie if not used e.g. logged out elif cookie == 'ckan' and not c.user: # Check session for valid data (including flash messages) # (DGU also uses session for a shopping basket-type behaviour) is_valid_cookie_data = False for key, value in session.items(): if not key.startswith('_') and value: is_valid_cookie_data = True break if not is_valid_cookie_data: if session.id: if not session.get('lang'): self.log.debug( 'No session data any more - deleting session') self.log.debug('Session: %r', session.items()) session.delete() else: response.delete_cookie(cookie) self.log.debug( 'No session data any more - deleting session cookie' ) # Remove auth_tkt repoze.who cookie if user not logged in. elif cookie == 'auth_tkt' and not session.id: response.delete_cookie(cookie) return res
def __call__(self, environ, start_response): """Invoke the Controller""" # WSGIController.__call__ dispatches to the Controller method # the request is routed to. This routing information is # available in environ['pylons.routes_dict'] try: res = WSGIController.__call__(self, environ, start_response) finally: model.Session.remove() # Clean out any old cookies as they may contain api keys etc # This also improves the cachability of our pages as cookies # prevent proxy servers from caching content unless they have # been configured to ignore them. for cookie in request.cookies: if cookie.startswith('ckan') and cookie not in ['ckan']: response.delete_cookie(cookie) # Remove the ckan session cookie if not used e.g. logged out elif cookie == 'ckan' and not c.user: # Check session for valid data (including flash messages) # (DGU also uses session for a shopping basket-type behaviour) is_valid_cookie_data = False for key, value in session.items(): if not key.startswith('_') and value: is_valid_cookie_data = True break if not is_valid_cookie_data: if session.id: if not session.get('lang'): self.log.debug('No session data any more - ' 'deleting session') self.log.debug('Session: %r', session.items()) session.delete() else: response.delete_cookie(cookie) self.log.debug('No session data any more - ' 'deleting session cookie') # Remove auth_tkt repoze.who cookie if user not logged in. elif cookie == 'auth_tkt' and not session.id: response.delete_cookie(cookie) return res
def sign_out_user(): if 'login' in session: del session['login'] response.delete_cookie('ututi_session_lifetime') session.save()
def logout(self): if response.delete_cookie('userid'): c.logoutSuccess = 0 else: c.logoutSuccess = 1 return render('logout.mako')
def clear_cookies(): response.delete_cookie('auth') response.delete_cookie('username')
def logout(self): if(request.cookies.get("FCS_GFB_Cookie") != None): response.delete_cookie("FCS_GFB_Cookie") return true_string
def logout(self): response.delete_cookie("username") return redirect(url("/"))
def logout(self): response.delete_cookie('authenticated') return
def logout(self): response.delete_cookie('username') return redirect(url('/'))
def clear(key): response.delete_cookie(QTOOLS_COOKIE_PREFIX % key)
def logout(self): if (request.cookies.get("GFB_Cookie") != None): response.delete_cookie("GFB_Cookie") return self.trueString
def _logout(self): response.delete_cookie('popego_user')
def delete_cookie(cookie): response.delete_cookie(cookie, path="/", domain=None)