Exemple #1
0
 def check_login(self, username, password):
     try:
         session_id, data = self._get_fasclient().login(username, password)
         return data.user
     except AuthError:
         return False
     except Exception, ex:
         log_warning('Error', {
             'message': 'An error occured while checking username/password: %s'
             % ex})
         return False
Exemple #2
0
 def view_fas_login():
     if not 'next' in request.args and not 'next' in get_session():
         return redirect(url_for('view_main'))
     if 'next' in request.args:
         get_session()['next'] = request.args['next']
         get_session().save()
     if get_auth_module().logged_in() and not \
             ('timeout' in get_session() and get_session()['timeout']):
         # We can also have "timeout" as of 0.4.0
         # indicating PAPE or application configuration requires a re-auth
         log_debug('Info', {
             'message': 'User tried to login but is already authenticated'})
         return redirect(get_session()['next'])
     if request.method == 'POST':
         username = request.form['username']
         password = request.form['password']
         if (not app.config['FAS_AVAILABLE_FILTER']) or \
                 (username in app.config['FAS_AVAILABLE_TO']):
             if username == '' or password == '':
                 user = None
             else:
                 user = get_auth_module().check_login(username, password)
             if user:
                 log_info('Success', {
                     'username': username,
                     'message': 'User authenticated succesfully'})
                 user = user.toDict()  # A bunch is not serializable...
                 user['groups'] = [x['name'] for x in
                                   user['approved_memberships']]
                 get_session()['user'] = user
                 get_session()['last_auth_time'] = time()
                 get_session()['timeout'] = False
                 get_session()['trust_root'] = ''
                 get_session().save()
                 return redirect(get_session()['next'])
             else:
                 log_warning('Failure', {
                     'username': username,
                     'message': 'User entered incorrect username or password'})
                 flash(_('Incorrect username or password'))
         else:
             log_warning('Failure', {
                 'username': username,
                 'message': 'Tried to login with an account that is not '
                            'allowed to use this service'})
             flash(_('This service is limited to the following '
                     'users: %(users)s',
                     users=', '.join(app.config['FAS_AVAILABLE_TO'])))
     return render_template(
         'auth_fas_login.html',
         trust_root=get_session()['trust_root'])
Exemple #3
0
 def view_persona_fas_login():
     if not 'username' in request.form or not 'password' in  request.form:
         return Response('No user or pw', status=400)
     if get_auth_module().logged_in():
         return Response('Already logged in', status=409)
     username = request.form['username']
     password = request.form['password']
     if (not app.config['FAS_AVAILABLE_FILTER']) or \
             (username in app.config['FAS_AVAILABLE_TO']):
         if username == '' or password == '':
             user = None
         else:
             user = get_auth_module().check_login(username, password)
         if user:
             log_info('Success', {
                 'username': username,
                 'message': 'User authenticated succesfully'})
             user = user.toDict()  # A bunch is not serializable...
             user['groups'] = [x['name'] for x in
                               user['approved_memberships']]
             get_session()['user'] = user
             get_session()['last_auth_time'] = time()
             get_session()['timeout'] = False
             get_session()['trust_root'] = ''
             get_session().save()
             return Response('Success', status=200)
         else:
             log_warning('Failure', {
                 'username': username,
                 'message': 'User entered incorrect username or password'})
             return Response('Incorrect username or password', status=403)
     else:
         log_warning('Failure', {
             'username': username,
             'message': 'Tried to login with an account that is not '
                        'allowed to use this service'})
         return Response('Service limited to a restricted set of users', status=403)
Exemple #4
0
 elif authed == AUTH_TRUST_ROOT_ASK:
     # User needs to confirm trust root
     return user_ask_trust_root(openid_request)
 elif authed == AUTH_TRUST_ROOT_NOT_OK:
     log_info('Info', {
         'trust_root': openid_request.trust_root,
         'message': 'User chose not to trust trust_root'})
     return openid_respond(openid_request.answer(False))
 elif authed == AUTH_TRUST_ROOT_CONFIG_NOT_OK:
     log_info('Info', {
         'trust_root': openid_request.trust_root,
         'message': 'Configuration blacklisted this trust_root'})
     return openid_respond(openid_request.answer(False))
 elif openid_request.immediate:
     log_warning('Error', {
         'trust_root': openid_request.trust_root,
         'message': 'Trust root demanded checkid_immediate'})
     return openid_respond(openid_request.answer(False))
 elif authed == AUTH_TIMEOUT:
     get_session()['timeout'] = True
     get_session()['next'] = request.base_url
     get_session().save()
     return get_auth_module().start_authentication()
 elif authed == AUTH_NOT_LOGGED_IN:
     get_session()['next'] = request.base_url
     get_session()['trust_root'] = openid_request.trust_root
     get_session().save()
     return get_auth_module().start_authentication()
 else:
     log_error('Failure', {
         'username': get_auth_module().get_username(),