def ldap_login_func(request):
    username = request.DATA.get('username', None)
    password = request.DATA.get('password', None)

    try:
        email, full_name = connector.login(username=username, password=password)
        user = ldap_register(username=username, email=email, full_name=full_name)
        data = make_auth_response_data(user)
    except connector.LDAPLoginError:
        user = get_and_validate_user(username=username, password=password)
        data = make_auth_response_data(user)
        
    return data
Exemple #2
0
def google_login_func(request,
                      restrict_login: list = RESTRICT_LOGIN,
                      allow_domain: list = ALLOW_DOMAIN):
    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    user_info = connector.me(code)
    if (RESTRICT_LOGIN != None) and (user_info.email.split("@")[1]
                                     in restrict_login):
        raise GoogleApiError(
            {"error_message": ("Login with this Google account is disabled.")})
    if (ALLOW_DOMAIN != None) and not (user_info.email.split("@")[1]
                                       in allow_domain):
        raise GoogleApiError({
            "error_message":
            ("Login with this Google account domain is disables")
        })

    user = google_register(username=user_info.username,
                           email=user_info.email,
                           full_name=user_info.full_name,
                           google_id=user_info.id,
                           bio=user_info.bio,
                           token=token)
    data = make_auth_response_data(user)
    return data
def ldap_login_func(request):
    """TODO: desc"""
    # although the form field is called 'username', it can be an e-mail
    # (or any other attribute)
    login_input = request.DATA.get('username', None)
    password_input = request.DATA.get('password', None)

    try:
        # TODO: make sure these fields are sanitized before passing to LDAP server!
        username, email, full_name = connector.login(login = login_input, password = password_input)
    except connector.LDAPUserLoginError as ldap_error:
        # If no fallback authentication is specified, raise the original LDAP error
        if not FALLBACK:
            raise

        # Try normal authentication
        try:
            return get_auth_plugins()["normal"]["login_func"](request)
        except BaseException as normal_error:
            # Merge error messages of 'normal' and 'ldap' auth.
            raise ConnectorBaseException({
                "error_message": {
                    "ldap": ldap_error.detail["error_message"],
                    "normal": normal_error.detail
                }
            })
    else:
        # LDAP Auth successful
        user = register_or_update(username = username, email = email, full_name = full_name)
        data = make_auth_response_data(user)
        return data
def ldap_login_func(request):
    username = request.DATA.get('username', None)
    password = request.DATA.get('password', None)

    email, full_name = connector.login(username=username, password=password)
    user = ldap_register(username=username, email=email, full_name=full_name)
    data = make_auth_response_data(user)
    return data
def ldap_login_func(request):
    username = request.DATA.get('username', None)
    password = request.DATA.get('password', None)

    email, full_name = connector.login(username=username, password=password)
    user = ldap_register(username=username, email=email, full_name=full_name)
    data = make_auth_response_data(user)
    return data
Exemple #6
0
 def success_url(self):
     # Pull the next url from the session or settings--we don't need to
     # sanitize here because it should already have been sanitized.
     next_url = self.request.session.get("oidc_login_next") or "/"
     data = make_auth_response_data(self.user)
     data["type"] = "oidc"
     data["next"] = next_url
     return _make_login_url(data)
Exemple #7
0
def saml_login_func(request):
    token = request.DATA.get('token', None)

    saml_id, user_attributes = saml_mapping(request)

    user = saml_register(saml_id, user_attributes, token)

    data = make_auth_response_data(user)
    return data
def slack_login_func(request):
    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    email, user_info = connector.me(code)

    user = slack_register(username=user_info.username,
                           email=email,
                           full_name=user_info.full_name,
                           slack_id=user_info.id,
                           bio=user_info.bio,
                           token=token)
    data = make_auth_response_data(user)
    return data
def ping_federate_login_func(request):

    reference = request.DATA['REF']

    user_info = connector.call_assertion(reference)

    user = ping_federate_register(
        username=user_info.username,
        email=user_info.email,
        full_name=user_info.full_name,
        ping_federate_guid=user_info.guid,
    )
    data = make_auth_response_data(user)
    return data
Exemple #10
0
def ping_federate_login_func(request):

    reference = request.DATA['REF']

    user_info = connector.call_assertion(reference)

    user = ping_federate_register(
        username=user_info.username,
        email=user_info.email,
        full_name=user_info.full_name,
        ping_federate_guid=user_info.guid,
    )
    data = make_auth_response_data(user)
    return data
def github_login_func(request):
    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    email, user_info = connector.me(code)

    user = github_register(username=user_info.username,
                           email=email,
                           full_name=user_info.full_name,
                           github_id=user_info.id,
                           bio=user_info.bio,
                           token=token)
    data = make_auth_response_data(user)
    return data
def openid_login_func(request):
    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)
    accessToken = request.DATA.get('access_token', None)
    redirect_uri = request.DATA.get('url', None)

    user_info = connector.me(code, accessToken, redirect_uri)
    user = openid_register(username=user_info.username,
                           email=user_info.email,
                           full_name=user_info.full_name,
                           openid_id=user_info.id,
                           token=token)
    data = make_auth_response_data(user)
    return data
Exemple #13
0
def gitlab_login_func(request):
    code = request.DATA.get('code', None)
    redirect_uri = request.DATA.get('redirect_uri', None)

    email, user_info = connector.me(code, redirect_uri)

    user = gitlab_register(username=user_info.username,
                           email=email,
                           full_name=user_info.full_name,
                           gitlab_id=user_info.id,
                           bio=user_info.bio)

    data = make_auth_response_data(user)
    return data
Exemple #14
0
def ldap_login_func(request):
    username = request.DATA.get('username', None)
    password = request.DATA.get('password', None)

    user = get_user_by_username_or_email(username)
    if user and user.check_password(password):
        print('Login!!')
    elif user and not user.check_password(password):
         raise exc.WrongArguments(_("Username or password does not matches user."))
    else:
        email, full_name = connector.login(username=username, password=password)
        user = ldap_register(username=username, email=email, full_name=full_name)
        
    data = make_auth_response_data(user)
    return data
def google_login_func(request, restrict_login:str=RESTRICT_LOGIN):
    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    user_info = connector.me(code)
    if RESTRICT_LOGIN != None and user_info.email.split("@")[1] != restrict_login:
        raise GoogleApiError({"error_message": ("Login with this Google account is disabled.")})

    user = google_register(username=user_info.username,
                           email=user_info.email,
                           full_name=user_info.full_name,
                           google_id=user_info.id,
                           bio=user_info.bio,
                           token=token)
    data = make_auth_response_data(user)
    return data
Exemple #16
0
def ldap_login_func(request):
    """
    Login a user using LDAP.

    This will first try to authenticate user against LDAP.
    If authentication is succesful, it will register user in Django DB from LDAP data.
    If LDAP authentication fails, it will either use FALLBACK login or crash.

    Can raise `ConnectorBaseException` exceptions in case of authentication failure.
    Can raise `exc.IntegrityError` exceptions in case of conflict found.

    :returns: User
    """
    # although the form field is called 'username', it can be an e-mail
    # (or any other attribute)
    login_input = request.DATA.get('username', None)
    password_input = request.DATA.get('password', None)

    try:
        # TODO: make sure these fields are sanitized before passing to LDAP server!
        username, email, full_name = connector.login(login=login_input,
                                                     password=password_input)
    except connector.LDAPUserLoginError as ldap_error:
        # If no fallback authentication is specified, raise the original LDAP error
        if not FALLBACK:
            raise

        # Try fallback authentication
        try:
            return get_auth_plugins()[FALLBACK]["login_func"](request)
        except BaseException as normal_error:
            # Merge error messages of 'normal' and 'ldap' auth.
            raise ConnectorBaseException({
                "error_message": {
                    "ldap": ldap_error.detail["error_message"],
                    FALLBACK: normal_error.detail
                }
            })
    else:
        # LDAP Auth successful
        user = register_or_update(username=username,
                                  email=email,
                                  full_name=full_name,
                                  password=password_input)
        data = make_auth_response_data(user)
        return data
def ldap_login_func(request):
    """TODO: desc"""
    # although the form field is called 'username', it can be an e-mail
    # (or any other attribute)
    login_input = request.DATA.get('username', None)
    pass_input = request.DATA.get('password', None)

    # TODO: sanitize before passing to LDAP server?
    username, email, full_name = connector.login(login=login_input,
                                                 password=pass_input)

    user = register_or_update(username=username,
                              email=email,
                              full_name=full_name)

    data = make_auth_response_data(user)
    return data
Exemple #18
0
def google_login_func(request, restrict_login: str = RESTRICT_LOGIN):
    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    user_info = connector.me(code)
    if RESTRICT_LOGIN != None and user_info.email.split(
            "@")[1] != restrict_login[0]:
        raise GoogleApiError(
            {"error_message": ("Login with this Google account is disabled.")})

    user = google_register(username=user_info.username,
                           email=user_info.email,
                           full_name=user_info.full_name,
                           google_id=user_info.id,
                           bio=user_info.bio,
                           token=token)
    data = make_auth_response_data(user)
    return data
def handle_openid_request(request):
    base_url = request.build_absolute_uri()
    oidconsumer = consumer.Consumer(request.session, None)
    params = {}
    for key, value in request.POST.items():
        params[key] = value
    for key, value in request.GET.items():
        params[key] = value
    info = oidconsumer.complete(params, base_url)
    display_identifier = info.getDisplayIdentifier()

    if info.status == consumer.FAILURE and display_identifier:
        print('FAILURE. display_identifier: %s' % display_identifier)
        sys.stdout.flush()
    elif info.status == consumer.CANCEL:
        print('OpenID request was cancelled')
        sys.stdout.flush()
        raise NotImplementedError()
        #if cancel_url:
        #    return flask.redirect(cancel_url)
    elif info.status == consumer.SUCCESS:
        sreg_resp = sreg.SRegResponse.fromSuccessResponse(info)

        if not sreg_resp:
            # If we have no basic info, be gone with them!
            raise NotImplementedError("Be gone with them")

        user = fas_register(username=sreg_resp.get('nickname'),
                            email=sreg_resp.get('email'),
                            full_name=sreg_resp.get('fullname'))

        data = make_auth_response_data(user)
        data['token'] = data['auth_token']  # ¯\_(ツ)_/¯
        data['type'] = 'fas-openid'

        #return_url = request.session['FAS_OPENID_RETURN_URL'] + "?" + urllib.parse.urlencode(data)
        return_url = request.build_absolute_uri('/login') + "?" + urllib.parse.urlencode(data)

        raise SneakyRedirectException(url=return_url)
    else:
        raise NotImplementedError('Strange state: %s' % info.status)
Exemple #20
0
def github_login_func(request):
    logger.debug(
        "Attempting login using taiga_contrib_github_extended_auth plugin....")

    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    auth_info = login(code)

    headers = connector.HEADERS.copy()
    headers["Authorization"] = "token {}".format(auth_info.access_token)

    user_info = connector.get_user_profile(headers=headers)
    username = user_info.username
    logger.debug("username: {0}".format(username))

    organization = getattr(settings, "TAIGA_GITHUB_EXTENDED_AUTH_ORG", None)
    logger.debug("organization: {0}".format(organization))

    if organization and check_org_membership(
            username, organization, headers=headers):
        logger.debug("confirmed membership...")

        emails = connector.get_user_emails(headers=headers)

        primary_email = next(filter(lambda x: x.is_primary, emails))

        user = github_register(username=username,
                               email=primary_email,
                               full_name=user_info.full_name,
                               github_id=user_info.id,
                               bio=user_info.bio,
                               token=token)

        return make_auth_response_data(user)
    else:
        raise exc.PermissionDenied(
            detail=
            "User {0} was not a member of GitHub organization {1} and is not permitted to register for access to this Taiga instance."
            .format(username, organization))
Exemple #21
0
def github_login_func(request):
    logger.debug("Attempting login using taiga_contrib_github_extended_auth plugin....")

    code = request.DATA.get('code', None)
    token = request.DATA.get('token', None)

    auth_info = login(code)

    headers = connector.HEADERS.copy()
    headers["Authorization"] = "token {}".format(auth_info.access_token)

    user_info = connector.get_user_profile(headers=headers)
    username = user_info.username
    logger.debug("username: {0}".format(username))

    organization = getattr(settings, "TAIGA_GITHUB_EXTENDED_AUTH_ORG",  None)
    logger.debug("organization: {0}".format(organization))

    if organization and check_org_membership(username, organization, headers=headers):
        logger.debug("confirmed membership...")

        emails = connector.get_user_emails(headers=headers)

        primary_email = next(filter(lambda x: x.is_primary, emails)).email

        logger.debug("Primary email is {}".format(primary_email))

        user = github_register(username=username,
                               email=primary_email.lower(),
                               full_name=user_info.full_name,
                               github_id=user_info.id,
                               bio=user_info.bio,
                               token=token)

        return make_auth_response_data(user)
    else:
        raise exc.PermissionDenied(detail="User {0} was not a member of GitHub organization {1} and is not permitted to register for access to this Taiga instance.".format(username, organization))