Exemple #1
0
def auth_logout():
    """Log out and delete cookie.
    """
    logout()
    rv = redirect('/goodbye/')
    rv.delete_cookie(website.settings.COOKIE_NAME)
    return rv
Exemple #2
0
def auth_logout():
    """Log out and delete cookie.
    """
    logout()
    rv = redirect('/goodbye/')
    rv.delete_cookie(website.settings.COOKIE_NAME)
    return rv
Exemple #3
0
def reset_password(auth, **kwargs):
    if auth.logged_in:
        logout()
    verification_key = kwargs['verification_key']
    form = ResetPasswordForm(request.form)

    user_obj = get_user(verification_key=verification_key)
    if not user_obj:
        error_data = {
            'message_short':
            'Invalid url.',
            'message_long':
            'The verification key in the URL is invalid or '
            'has expired.'
        }
        raise HTTPError(400, data=error_data)

    if request.method == 'POST' and form.validate():
        user_obj.verification_key = None
        user_obj.set_password(form.password.data)
        user_obj.save()
        status.push_status_message('Password reset')
        return redirect('/account/')

    forms.push_errors_to_status(form.errors)
    return {
        'verification_key': verification_key,
    }
Exemple #4
0
def auth_logout(redirect_url=None):
    """Log out and delete cookie.
    """
    redirect_url = redirect_url or request.args.get('redirect_url')
    logout()
    resp = redirect(cas.get_logout_url(redirect_url if redirect_url else web_url_for('goodbye', _absolute=True)))
    resp.delete_cookie(settings.COOKIE_NAME)
    return resp
Exemple #5
0
def auth_logout(redirect_url=None):
    """Log out and delete cookie.
    """
    redirect_url = redirect_url or request.args.get('redirect_url')
    logout()
    resp = redirect(cas.get_logout_url(redirect_url if redirect_url else web_url_for('goodbye', _absolute=True)))
    resp.delete_cookie(settings.COOKIE_NAME)
    return resp
Exemple #6
0
def auth_login(auth, registration_form=None, forgot_password_form=None, **kwargs):
    """If GET request, show login page. If POST, attempt to log user in if
    login form passsed; else send forgot password email.

    """
    if auth.logged_in:
        if not request.args.get('logout'):
            return redirect('/dashboard/')
        logout()
    direct_call = registration_form or forgot_password_form
    if request.method == 'POST' and not direct_call:
        form = SignInForm(request.form)
        if form.validate():
            twofactor_code = None
            if 'twofactor' in website.settings.ADDONS_REQUESTED:
                twofactor_code = form.two_factor.data
            try:
                response = login(
                    form.username.data,
                    form.password.data,
                    twofactor_code
                )
                return response
            except exceptions.LoginDisabledError:
                status.push_status_message(language.DISABLED, 'error')
            except exceptions.LoginNotAllowedError:
                status.push_status_message(language.UNCONFIRMED, 'warning')
                # Don't go anywhere
                return {'next_url': ''}
            except exceptions.PasswordIncorrectError:
                status.push_status_message(language.LOGIN_FAILED)
            except exceptions.TwoFactorValidationError:
                status.push_status_message(language.TWO_FACTOR_FAILED)
        forms.push_errors_to_status(form.errors)

    if kwargs.get('first', False):
        status.push_status_message('You may now log in')

    # Get next URL from GET / POST data
    next_url = request.args.get(
        'next',
        request.form.get(
            'next_url',
            ''
        )
    )
    status_message = request.args.get('status', '')
    if status_message == 'expired':
        status.push_status_message('The private link you used is expired.')

    code = http.OK
    if next_url:
        status.push_status_message(language.MUST_LOGIN)
        # Don't raise error if user is being logged out
        if not request.args.get('logout'):
            code = http.UNAUTHORIZED
    return {'next_url': next_url}, code
Exemple #7
0
def auth_logout(redirect_url=None):
    """Log out and delete cookie.
    """
    redirect_url = redirect_url or request.args.get('redirect_url') or web_url_for('goodbye', _absolute=True)
    logout()
    if 'reauth' in request.args:
        cas_endpoint = cas.get_login_url(redirect_url)
    else:
        cas_endpoint = cas.get_logout_url(redirect_url)
    resp = redirect(cas_endpoint)
    resp.delete_cookie(settings.COOKIE_NAME, domain=settings.OSF_COOKIE_DOMAIN)
    return resp
Exemple #8
0
def auth_logout(redirect_url=None):
    """Log out and delete cookie.
    """
    redirect_url = redirect_url or request.args.get('redirect_url') or web_url_for('goodbye', _absolute=True)
    logout()
    if 'reauth' in request.args:
        cas_endpoint = cas.get_login_url(redirect_url)
    else:
        cas_endpoint = cas.get_logout_url(redirect_url)
    resp = redirect(cas_endpoint)
    resp.delete_cookie(settings.COOKIE_NAME, domain=settings.OSF_COOKIE_DOMAIN)
    return resp
Exemple #9
0
def auth_login(auth,
               registration_form=None,
               forgot_password_form=None,
               **kwargs):
    """If GET request, show login page. If POST, attempt to log user in if
    login form passsed; else send forgot password email.

    """
    if auth.logged_in:
        if not request.args.get('logout'):
            return redirect('/dashboard/')
        logout()
    direct_call = registration_form or forgot_password_form
    if request.method == 'POST' and not direct_call:
        form = SignInForm(request.form)
        if form.validate():
            twofactor_code = None
            if 'twofactor' in website.settings.ADDONS_REQUESTED:
                twofactor_code = form.two_factor.data
            try:
                response = login(form.username.data, form.password.data,
                                 twofactor_code)
                return response
            except exceptions.LoginDisabledError:
                status.push_status_message(language.DISABLED, 'error')
            except exceptions.LoginNotAllowedError:
                status.push_status_message(language.UNCONFIRMED, 'warning')
                # Don't go anywhere
                return {'next_url': ''}
            except exceptions.PasswordIncorrectError:
                status.push_status_message(language.LOGIN_FAILED)
            except exceptions.TwoFactorValidationError:
                status.push_status_message(language.TWO_FACTOR_FAILED)
        forms.push_errors_to_status(form.errors)

    if kwargs.get('first', False):
        status.push_status_message('You may now log in')

    # Get next URL from GET / POST data
    next_url = request.args.get('next', request.form.get('next_url', ''))
    status_message = request.args.get('status', '')
    if status_message == 'expired':
        status.push_status_message('The private link you used is expired.')

    code = http.OK
    if next_url:
        status.push_status_message(language.MUST_LOGIN)
        # Don't raise error if user is being logged out
        if not request.args.get('logout'):
            code = http.UNAUTHORIZED
    return {'next_url': next_url}, code
Exemple #10
0
def auth_logout(redirect_url=None, **kwargs):
    """
    Log out, delete current session, delete CAS cookie and delete OSF cookie.
    HTTP Method: GET
    """

    redirect_url = redirect_url or request.args.get('redirect_url') or web_url_for('goodbye', _absolute=True)
    # OSF log out, remove current OSF session
    logout()
    # set redirection to CAS log out (or log in if 'reauth' is present)
    if 'reauth' in request.args:
        cas_endpoint = cas.get_login_url(redirect_url)
    else:
        cas_endpoint = cas.get_logout_url(redirect_url)
    resp = redirect(cas_endpoint)
    # delete OSF cookie
    resp.delete_cookie(settings.COOKIE_NAME, domain=settings.OSF_COOKIE_DOMAIN)

    return resp
Exemple #11
0
def reset_password(auth, **kwargs):
    if auth.logged_in:
        logout()
    verification_key = kwargs['verification_key']
    form = ResetPasswordForm(request.form)

    user_obj = get_user(verification_key=verification_key)
    if not user_obj:
        error_data = {'message_short': 'Invalid url.',
            'message_long': 'The verification key in the URL is invalid or '
            'has expired.'}
        raise HTTPError(400, data=error_data)

    if request.method == 'POST' and form.validate():
        user_obj.verification_key = None
        user_obj.set_password(form.password.data)
        user_obj.save()
        status.push_status_message('Password reset')
        return redirect('/account/')

    forms.push_errors_to_status(form.errors)
    return {
        'verification_key': verification_key,
    }
Exemple #12
0
 def get(self, request, *args, **kwargs):
     auth.logout(request)
     return render(request, "framework/logout.html", {})