def logout(self, request, **kw): """ Log a user out of the ID server """ # sanitize value (since this will be echoed back) if not self.is_internal(request): raise HTTPForbidden() logger.debug('Logging out.') (content_type, template) = self.get_template_from_request(request, html_template = 'login') uid = self.get_uid(request) if uid is None: body = template.render(error = self.error_codes.get('LOGIN_ERROR'), config = self.app.config, request = request) else: # This is potentially dangerous, check that this is at least # semi-legit if not self.check_signature(uid, request): raise HTTPBadRequest() body = template.render(response = True, request = request, config = self.app.config) response = Response(str(body), content_type = content_type) return response
def send_validate_email(self, uid, email, nosend = False, **kw): """ Send an email containing the validation token URL to the newly registered email, and add the email to the list of unvalidated emails. """ #first, generate a token: user = self.app.storage.get_user_info(uid) if user is None: return False mailserv_name = self.app.config.get('oid.mail_server', 'localhost') reply_to = self.app.config.get('oid.reply_to', 'no-reply@' + mailserv_name) #store the unverified email unv_emails = user.get('unv_emails', {}) if (email not in unv_emails): rtoken = self.app.storage.add_validation(uid, email) else: rtoken = self.app.storage.get_validation_token(uid, email) # format the email and send it on it's merry way. template = get_template('validate_email_body') verify_url = (self.app.config.get('oid.validate_host', 'http://localhost') + '/%s/validate/%s' % (VERSION, rtoken)) body = template.render(from_addr = self.app.config.get('oid.from_address', reply_to), to_addr = email, reply_to = reply_to, verify_url = verify_url) if (not nosend and not self.app.config.get('test.nomail', False)): #for testing, we don't send out the email. (Presume that works.) logger.debug('sending validation email to %s' % email) server = smtplib.SMTP(mailserv_name) server.sendmail(reply_to, email, body) server.quit() return True
def login(self, request, extra = {}, **kw): """ Log a user into the ID server """ response = {} error = {} uid = None email = None storage = self.app.storage if not self.is_internal(request): raise HTTPForbidden() (content_type, template) = self.get_template_from_request(request, html_template = 'login') # User is not logged in or the association is not present. if (len(request.POST.get('id', '')) and len(request.POST.get('password', ''))): email = request.POST['id'] password = request.POST['password'] try: username = extract_username(email) except UnicodeError: # Log the invalid username for diagnostics () logger.warn('Invalid username specified: %s (%s) ' % (email, username)) raise HTTPBadRequest() # user normalization complete, check to see if we know this # person uid = self.app.auth.backend.authenticate_user(username, password) if uid is None: error = self.error_codes.get('LOGIN_ERROR') logger.debug('Login failed for %s ' % email) body = template.render(error = error, response = response, extra = extra, request = request, config = self.app.config) response = Response(str(body), content_type = content_type) logger.debug('Nuking session cookie') response.delete_cookie('beaker.session.uid') try: del request.environ['beaker.session']['uid'] except KeyError: pass return response logger.debug('setting uid to %s' % uid) request.environ['beaker.session']['uid'] = uid # if this is an email validation, skip to that. if 'validate' in request.params: return self.validate(request) # Attempt to get the uid. if not email: email = request.params.get('id', None) if uid is None: logger.debug('attempting to get uid') uid = self.get_uid(request, strict = False) if uid is None: logger.debug('no uid present') # Presume that this is the first time in. # Display the login page for HTML only body = template.render(error = error, response = response, config = self.app.config, extra = extra, request = request) response = Response(str(body), content_type = content_type) response.delete_cookie('beaker.session.uid') return response # Ok, got a UID, so let's get the user info user = storage.get_user_info(uid) if user is None: user = storage.create_user(uid, email) if email: if email not in user.get('emails', []): self.send_validate_email(uid, email) if (len(request.params.get('audience', ''))): return self.registered_emails(request) location = "%s/%s" % (self.app.config.get('oid.login_host', 'localhost'), quote(email)) else: del (request.environ['beaker.session']['uid']) location = "%s/%s/login" % (self.app.config.get('oid.login_host', 'localhost'), VERSION) logger.debug('Sending user to admin page %s' % location) raise HTTPFound(location = location)