def me(self):
if (request.method == "GET"):
cookie = request.cookies.get("GFB_Cookie")
if(cookie == None):
return ''
else:
decode = Cookie.decryptCookie(cookie)
return json.dumps(decode)
else: #open host site
cookie = request.cookies.get("GFB_Cookie")
if(cookie == None):
return ''
else:
encode = {}
decode = Cookie.decryptCookie(cookie)
encode['role'] = decode['role']
encode['user_name'] = decode['user_name']
encode['email'] = decode['email']
if (request.params['changed'] == 'true'):
encode['host_site'] = request.params['siteID']
else:
encode['host_site'] = ''
cookie = Cookie(encode['user_name'],encode['email'], encode['role'], encode['host_site'])
response.delete_cookie('GFB_Cookie')
response.set_cookie("GFB_Cookie", cookie.encryptCookie(), max_age=180*24*3600)
return render('/tools/distOrders.mako')
def login(self):
"""Authenticate the user on ocsmanager.
"""
if not "ocsmanager" in request.cookies:
return self._auth_abort(403, "Invalid Session")
if not "token" in session:
return self._auth_abort(403, "Invalid Session")
if not "token" in request.cookies:
return self._auth_abort(403, "Invalid Token")
if request.cookies.get("token") != session["token"]:
return self._auth_abort(403, "Invalid Token")
if not "login" in session:
return self._auth_abort(403, "Invalid Session")
payload = request.body
if payload is None:
log.error("Empty payload in auth:login()")
return self._auth_abort(417, "Invalid Parameter")
authModel = AuthenticateModel.AuthenticateModel()
(error, msg) = authModel.verifyPassword(session["login"], session["token_salt"], session["salt"], payload)
if error is True:
response.delete_cookie("token")
session["token"] = None
return self._auth_abort(401, "Invalid credentials")
# Authentication was successful, remove auth token - no longer needed
session["token"] = None
response.delete_cookie("token")
session["tokenLogin"] = hashlib.sha1(os.urandom(8)).hexdigest()
session.save()
c.tokenLogin = encode(session["tokenLogin"])
c.ttl = 10
return render("/login.xml")
def logout(self):
'''
This action deletes the cookie and redirects to the
/openid/status to show the login status
If the logout is called in the context of an openid authentication,
the user is already logged in as a different user. In this case we
forward to the /openid/login page after the logout was made.
Another option for the openid authentication context would be to
redirect to the return_to url by setting
redirect_to = params["openid.return_to"]
p["openid.mode"] = "setup_needed"
which advises the openid relying party to restart the login process.
'''
response.delete_cookie(COOKIE_NAME)
params = {}
params.update(request.params)
p = {}
## are we are called during an openid auth request?
if "openid.return_to" in params:
redirect_to = "/openid/login"
p.update(params)
do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p))))
else:
redirect_to = "/openid/status"
do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p))))
redirect(do_redirect)
def logout(self):
'''
This action deletes the cookie and redirects to the
/openid/status to show the login status
If the logout is called in the context of an openid authentication,
the user is already logged in as a different user. In this case we
forward to the /openid/login page after the logout was made.
Another option for the openid authentication context would be to
redirect to the return_to url by setting
redirect_to = params["openid.return_to"]
p["openid.mode"] = "setup_needed"
which advises the openid relying party to restart the login process.
'''
response.delete_cookie(COOKIE_NAME)
params = {}
params.update(request.params)
p = {}
## are we are called during an openid auth request?
if "openid.return_to" in params:
redirect_to = "/openid/login"
p.update(params)
do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p))))
else:
redirect_to = "/openid/status"
do_redirect = url(str("%s?%s" % (redirect_to, urlencode(p))))
redirect(do_redirect)
def login(self):
"""Authenticate the user on ocsmanager.
"""
if not "ocsmanager" in request.cookies: return self._auth_abort(403, 'Invalid Session')
if not "token" in session: return self._auth_abort(403, 'Invalid Session')
if not "token" in request.cookies: return self._auth_abort(403, 'Invalid Token')
if request.cookies.get('token') != session['token']: return self._auth_abort(403, 'Invalid Token')
if not "login" in session: return self._auth_abort(403, 'Invalid Session')
payload = request.body
if payload is None:
log.error('Empty payload in auth:login()')
return self._auth_abort(417, 'Invalid Parameter')
authModel = AuthenticateModel.AuthenticateModel()
(error, msg) = authModel.verifyPassword(session['login'], session['token_salt'], session['salt'], payload)
if error is True:
response.delete_cookie('token')
session['token'] = None
return self._auth_abort(401, 'Invalid credentials')
# Authentication was successful, remove auth token - no longer needed
session['token'] = None
response.delete_cookie('token')
session['tokenLogin'] = hashlib.sha1(os.urandom(8)).hexdigest()
session.save()
c.tokenLogin = encode(session['tokenLogin'])
c.ttl = 10
return render('/login.xml')
def me(self):
if (request.method == "GET"):
cookie = request.cookies.get("GFB_Cookie")
if (cookie == None):
return ''
else:
decode = Cookie.decryptCookie(cookie)
return json.dumps(decode)
else: #open host site
cookie = request.cookies.get("GFB_Cookie")
if (cookie == None):
return ''
else:
encode = {}
decode = Cookie.decryptCookie(cookie)
encode['role'] = decode['role']
encode['user_name'] = decode['user_name']
encode['email'] = decode['email']
if (request.params['changed'] == 'true'):
encode['host_site'] = request.params['siteID']
else:
encode['host_site'] = ''
cookie = Cookie(encode['user_name'], encode['email'],
encode['role'], encode['host_site'])
response.delete_cookie('GFB_Cookie')
response.set_cookie("GFB_Cookie",
cookie.encryptCookie(),
max_age=180 * 24 * 3600)
return render('/tools/distOrders.mako')
def add_transient_message(cookie_name, message_title, message_text):
"""Add a message dict to the serialized list of message dicts stored in
the named cookie.
If there is no existing cookie, create one.
If there is an existing cookie, assumes that it will de-serialize into
a list object.
"""
time = datetime.now().strftime('%H:%M, %B %d, %Y')
msg = dict(
time = time,
title = message_title,
text = message_text,
)
old_data = request.cookies.get(cookie_name, None)
if old_data is not None:
response.delete_cookie(cookie_name)
if old_data:
msgs = simplejson.loads(unquote(old_data))
else:
msgs = []
msgs.append(msg)
new_data = quote(simplejson.dumps(msgs))
response.set_cookie(cookie_name, new_data, path='/')
def logout(self):
if session.get("email"):
session.clear()
session.save()
if request.cookies.get("email"):
response.delete_cookie("email")
response.delete_cookie("password")
redirect("/")
def cookie_delete(key):
#log.debug("delete %s" % key)
try:
response.unset_cookie(key)
except:
pass
try:
response.delete_cookie(key)
except:
pass
def logout(self):
"""
handle the logout
we delete the cookies from the server and the client and
redirect to the login page
"""
cookie = request.cookies.get('user_selfservice')
if cookie:
remove_auth_cookie(cookie)
response.delete_cookie('user_selfservice')
self.redirect = True
redirect(url(controller='selfservice', action='login'))
def current_user():
from ututi.model import User
try:
login = session.get('login', None)
if login is None:
return None
login = int(login)
except ValueError:
return None
session_secret = session.get('cookie_secret', None)
cookie_secret = request.cookies.get('ututi_session_lifetime', None)
if session_secret != cookie_secret:
session.delete()
response.delete_cookie('ututi_session_lifetime')
return None
return User.get_byid(login)
def login(self):
'''
render the selfservice login page
'''
cookie = request.cookies.get('user_selfservice')
if cookie:
remove_auth_cookie(cookie)
response.delete_cookie('user_selfservice')
c.title = _("LinOTP Self Service Login")
# ------------------------------------------------------------------ --
# prepare the realms and put the default realm on the top
defaultRealm = getDefaultRealm()
realmArray = [defaultRealm]
for realm in getRealms():
if realm != defaultRealm:
realmArray.append(realm)
# ------------------------------------------------------------------ --
# prepare the global context c for the rendering context
c.defaultRealm = defaultRealm
c.realmArray = realmArray
c.realmbox = getRealmBox()
context = get_pre_context(c.audit['client'])
mfa_login = context['mfa_login']
mfa_3_fields = context['mfa_3_fields']
c.otp = False
c.mfa_3_fields = False
if mfa_login and mfa_3_fields:
c.mfa_3_fields = True
return render('/selfservice/login.mako')
def __call__(self, environ, start_response):
"""Invoke the Controller"""
# WSGIController.__call__ dispatches to the Controller method
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
# clean out any old cookies as they may contain api keys etc
for cookie in request.cookies:
if cookie.startswith('ckan') and cookie not in ['ckan', 'ckan_killtopbar']:
response.delete_cookie(cookie)
if cookie == 'ckan' and not c.user and not h.are_there_flash_messages():
if session.id:
if not session.get('lang'):
session.delete()
else:
response.delete_cookie(cookie)
try:
return WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
def __call__(self, environ, start_response):
"""Invoke the Controller"""
# WSGIController.__call__ dispatches to the Controller method
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
# Clean out any old cookies as they may contain api keys etc
# This also improves the cachability of our pages as cookies
# prevent proxy servers from caching content unless they have
# been configured to ignore them.
for cookie in request.cookies:
if cookie.startswith('ckan') and cookie not in ['ckan']:
response.delete_cookie(cookie)
# Remove the ckan session cookie if not used e.g. logged out
elif cookie == 'ckan' and not c.user and not h.are_there_flash_messages(
):
if session.id:
if not session.get('lang'):
session.delete()
else:
response.delete_cookie(cookie)
# Remove auth_tkt repoze.who cookie if user not logged in.
elif cookie == 'auth_tkt' and not session.id:
response.delete_cookie(cookie)
try:
return WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
def __call__(self, environ, start_response):
"""Invoke the Controller"""
# WSGIController.__call__ dispatches to the Controller method
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
# Clean out any old cookies as they may contain api keys etc
# This also improves the cachability of our pages as cookies
# prevent proxy servers from caching content unless they have
# been configured to ignore them.
for cookie in request.cookies:
if cookie.startswith("ckan") and cookie not in ["ckan"]:
response.delete_cookie(cookie)
# Remove the ckan session cookie if not used e.g. logged out
elif cookie == "ckan" and not c.user and not h.are_there_flash_messages():
if session.id:
if not session.get("lang"):
session.delete()
else:
response.delete_cookie(cookie)
# Remove auth_tkt repoze.who cookie if user not logged in.
elif cookie == "auth_tkt" and not session.id:
response.delete_cookie(cookie)
try:
return WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
def __before__(self, action, **params):
c.browser_language = self.browser_language
identity = request.environ.get('repoze.who.identity')
if identity is None:
response.delete_cookie('userauthcookie')
abort(401, _("You are not authenticated"))
log.debug("getAuthFromIdentity in action %s" % action)
if ';' in identity['repoze.who.userid']:
self.userid, self.auth_cookie = identity['repoze.who.userid'].split(';', 1)
else:
self.userid = identity['repoze.who.userid']
self.auth_cookie = None
try:
self.context = self.get_context({"user" :self.userid})
except Exception as exx:
log.error("linotp context lookup failed %r" % exx)
response.delete_cookie('userauthcookie')
abort(401, _("You are not authenticated"))
copy_context_(self.context)
def __call__(self, environ, start_response):
"""Invoke the Controller"""
# WSGIController.__call__ dispatches to the Controller method
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
try:
res = WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
# Clean out any old cookies as they may contain api keys etc
# This also improves the cachability of our pages as cookies
# prevent proxy servers from caching content unless they have
# been configured to ignore them.
for cookie in request.cookies:
if cookie.startswith('ckan') and cookie not in ['ckan']:
response.delete_cookie(cookie)
# Remove the ckan session cookie if not used e.g. logged out
elif cookie == 'ckan' and not c.user:
# Check session for valid data (including flash messages)
# (DGU also uses session for a shopping basket-type behaviour)
is_valid_cookie_data = False
for key, value in session.items():
if not key.startswith('_') and value:
is_valid_cookie_data = True
break
if not is_valid_cookie_data:
if session.id:
if not session.get('lang'):
self.log.debug(
'No session data any more - deleting session')
self.log.debug('Session: %r', session.items())
session.delete()
else:
response.delete_cookie(cookie)
self.log.debug(
'No session data any more - deleting session cookie'
)
# Remove auth_tkt repoze.who cookie if user not logged in.
elif cookie == 'auth_tkt' and not session.id:
response.delete_cookie(cookie)
return res
def __call__(self, environ, start_response):
"""Invoke the Controller"""
# WSGIController.__call__ dispatches to the Controller method
# the request is routed to. This routing information is
# available in environ['pylons.routes_dict']
try:
res = WSGIController.__call__(self, environ, start_response)
finally:
model.Session.remove()
# Clean out any old cookies as they may contain api keys etc
# This also improves the cachability of our pages as cookies
# prevent proxy servers from caching content unless they have
# been configured to ignore them.
for cookie in request.cookies:
if cookie.startswith('ckan') and cookie not in ['ckan']:
response.delete_cookie(cookie)
# Remove the ckan session cookie if not used e.g. logged out
elif cookie == 'ckan' and not c.user:
# Check session for valid data (including flash messages)
# (DGU also uses session for a shopping basket-type behaviour)
is_valid_cookie_data = False
for key, value in session.items():
if not key.startswith('_') and value:
is_valid_cookie_data = True
break
if not is_valid_cookie_data:
if session.id:
if not session.get('lang'):
self.log.debug('No session data any more - '
'deleting session')
self.log.debug('Session: %r', session.items())
session.delete()
else:
response.delete_cookie(cookie)
self.log.debug('No session data any more - '
'deleting session cookie')
# Remove auth_tkt repoze.who cookie if user not logged in.
elif cookie == 'auth_tkt' and not session.id:
response.delete_cookie(cookie)
return res
def sign_out_user():
if 'login' in session:
del session['login']
response.delete_cookie('ututi_session_lifetime')
session.save()
def logout(self):
if response.delete_cookie('userid'):
c.logoutSuccess = 0
else:
c.logoutSuccess = 1
return render('logout.mako')
def clear_cookies():
response.delete_cookie('auth')
response.delete_cookie('username')
def logout(self):
if(request.cookies.get("FCS_GFB_Cookie") != None):
response.delete_cookie("FCS_GFB_Cookie")
return true_string
def clear_cookies():
response.delete_cookie('auth')
response.delete_cookie('username')
def logout(self):
response.delete_cookie("username")
return redirect(url("/"))
def logout(self):
response.delete_cookie('authenticated')
return
def logout(self):
response.delete_cookie('username')
return redirect(url('/'))
def clear(key):
response.delete_cookie(QTOOLS_COOKIE_PREFIX % key)
def logout(self):
if (request.cookies.get("GFB_Cookie") != None):
response.delete_cookie("GFB_Cookie")
return self.trueString
def _logout(self):
response.delete_cookie('popego_user')
def delete_cookie(cookie):
response.delete_cookie(cookie, path="/", domain=None)
