def handle_login_POST(): """ Carries out an actual log in. :return: """ # If this is a POST it is a login request. # username = request.values.get("username") password = request.values.get("password") guestlogin = request.values.get("guestlogin") # If we have a guestlogin then it is a DEMO login request. if guestlogin is not None: username = "******" password = "******" # We may or may not have a 'next' field. If we do, we make sure that the URL is safe. next = request.values.get("next") next = safe_redirect(next) try: session_id = weblab_api.api.login(username, password) except InvalidCredentialsError: flash("Invalid username or password", category="error") # _scheme is a workaround. See comment in other redirect. return redirect(url_for(".index", _external=True, _scheme=request.scheme)) except: traceback.print_exc() flash("There was an unexpected error while logging in.", 500) return make_response("There was an unexpected error while logging in.", 500) else: # TODO: Find proper way to do this. # This currently redirects to HTTP even if being called from HTTPS. Tried _external as a workaround but didn't work. # More info: https://github.com/mitsuhiko/flask/issues/773 # For now we force the scheme from the request. response = make_response(redirect(next or url_for(".labs", _external=True, _scheme=request.scheme))) """ @type: flask.Response """ session_id_cookie = "%s.%s" % (session_id.id, weblab_api.ctx.route) # Inserts the weblabsessionid and loginsessionid cookies into the response. # (What is the purpose of having both? Why the different expire dates?) weblab_api.fill_session_cookie(response, session_id_cookie) print "LOGGED IN WITH: (%s)" % (session_id_cookie) return response
def federated(): redirecting = session.pop('federated_redirecting', None) widget = request.args.get('widget') reservation_id = request.args.get('reservation_id') reservation_tokens = reservation_id.split(';') back_url = request.args.get('back_url') if len(reservation_tokens) == 1: reservation_id = reservation_tokens[0] else: reservation_id = reservation_tokens[0] reservation_id_plus_route = reservation_tokens[1] # The second argument is the session identifier plus a route. # Here we analyze whether this message was intended for this server or for any other with a different route. # To do this, we check the route, and if it's different, we return a redirection to the same URL but setting a cookie with the required URL # However, if we were already redirecting, then there is a problem (e.g., not using an existing route), and a message is displayed. if '.' in reservation_id_plus_route: route = reservation_id_plus_route.split('.', 1)[1] if route != weblab_api.ctx.route: if redirecting: return render_template("webclient/error.html", error_message = gettext("Invalid federated URL: you're attempting to use a route not used in this WebLab-Deusto instance"), federated_mode = True, title = gettext("Error"), back_url = back_url) session['federated_redirecting'] = "true" response = redirect(request.url) now = datetime.datetime.now() response.set_cookie('weblabsessionid', reservation_id_plus_route, expires = now + datetime.timedelta(days = 100), path = weblab_api.ctx.location) return response weblab_api.ctx.reservation_id = reservation_id try: experiment = weblab_api.api.get_reservation_experiment_info() except SessionNotFoundError: return render_template("webclient/error.html", error_message = gettext("The provided reservation identifier is not valid or has expired."), federated_mode = True, back_url = back_url) except: traceback.print_exc() return render_template("webclient/error.html", error_message = gettext("Unexpected error on the server side while trying to get the reservation information."), federated_mode = True, back_url = back_url) session['reservation_id'] = reservation_id session['back_url'] = request.args.get('back_url') kwargs = {} if request.args.get('locale'): session['locale'] = request.args.get('locale') kwargs = dict(locale=request.args.get('locale')) response = redirect(url_for('.lab', experiment_name=experiment.name, category_name=experiment.category.name, **kwargs)) reservation_id_plus_route = '%s.%s' % (reservation_id, weblab_api.ctx.route) weblab_api.fill_session_cookie(response, reservation_id_plus_route, reservation_id) return response
def client(): """ If there is a GET argument named %(reservation_id)s, it will take it and resend it as a POST argument. If it was passed through the history, then it will be again sent as a POST argument. Finally, if it is received as a POST argument, it will generate a redirect to the client, using the proper current structure. """ % { 'reservation_id' : RESERVATION_ID } # If it is passed as a GET argument, send it as POST reservation_id = request.args.get(RESERVATION_ID) back_url = request.args.get(BACK_URL) locale = request.args.get(LOCALE) widget = request.args.get(WIDGET) or '' if reservation_id is not None: return render_template('core_web/client_redirect.html', reason = 'GET performed', reservation_id = urllib.unquote(reservation_id), back_url = back_url, locale = locale, widget = widget) # If it is passed as History (i.e. it was not passed by GET neither POST), # pass it as a POST argument reservation_id = request.form.get(RESERVATION_ID) if reservation_id is None: return render_template('core_web/client_label.html') back_url = request.form.get(BACK_URL) widget = request.form.get(WIDGET) or '' locale = request.form.get(LOCALE) or '' reservation_id = urllib.unquote(reservation_id) route = weblab_api.ctx.route if route is not None: # If the request should not go to the current server if reservation_id.find('.') >= 0 and not reservation_id.endswith(route): if reservation_id.find(';') >= 0: partial_reservation_id = reservation_id.split(';')[1] else: partial_reservation_id = reservation_id response = make_response(render_template('core_web/client_redirect.html', reason = 'reservation_id %s does not end in server_route %s' % (reservation_id, weblab_api.ctx.route), reservation_id = reservation_id, back_url = back_url, locale = locale, widget = widget, )) weblab_api.fill_session_cookie(response, partial_reservation_id, partial_reservation_id) return response if reservation_id.find(';') >= 0: partial_reservation_id = reservation_id.split(';')[1] else: partial_reservation_id = reservation_id response = make_response() weblab_api.fill_session_cookie(response, partial_reservation_id, partial_reservation_id) # Finally, if it was passed as a POST argument, generate the proper client address weblab_api.ctx.reservation_id = reservation_id.split(';')[0] try: experiment_id = weblab_api.api.get_reservation_info() except SessionNotFoundError: response.response = render_template('core_web/client_error.html', reservation_id = reservation_id) return response client_address = url_for('core_webclient.federated', locale=locale, reservation_id=reservation_id, back_url=back_url, widget=widget) format_parameter = request.form.get(FORMAT_PARAMETER) if format_parameter is not None and format_parameter == 'text': response.response = client_address return response return redirect(client_address)
def client(): """ If there is a GET argument named %(reservation_id)s, it will take it and resend it as a POST argument. If it was passed through the history, then it will be again sent as a POST argument. Finally, if it is received as a POST argument, it will generate a redirect to the client, using the proper current structure. """ % { 'reservation_id': RESERVATION_ID } # If it is passed as a GET argument, send it as POST reservation_id = request.args.get(RESERVATION_ID) back_url = request.args.get(BACK_URL) locale = request.args.get(LOCALE) widget = request.args.get(WIDGET) or '' if reservation_id is not None: return render_template('core_web/client_redirect.html', reason='GET performed', reservation_id=urllib.unquote(reservation_id), back_url=back_url, locale=locale, widget=widget) # If it is passed as History (i.e. it was not passed by GET neither POST), # pass it as a POST argument reservation_id = request.form.get(RESERVATION_ID) if reservation_id is None: return render_template('core_web/client_label.html') back_url = request.form.get(BACK_URL) widget = request.form.get(WIDGET) or '' locale = request.form.get(LOCALE) or '' reservation_id = urllib.unquote(reservation_id) route = weblab_api.ctx.route if route is not None: # If the request should not go to the current server if reservation_id.find('.') >= 0 and not reservation_id.endswith( route): if reservation_id.find(';') >= 0: partial_reservation_id = reservation_id.split(';')[1] else: partial_reservation_id = reservation_id response = make_response( render_template( 'core_web/client_redirect.html', reason='reservation_id %s does not end in server_route %s' % (reservation_id, weblab_api.ctx.route), reservation_id=reservation_id, back_url=back_url, locale=locale, widget=widget, )) weblab_api.fill_session_cookie(response, partial_reservation_id, partial_reservation_id) return response if reservation_id.find(';') >= 0: partial_reservation_id = reservation_id.split(';')[1] else: partial_reservation_id = reservation_id response = make_response() weblab_api.fill_session_cookie(response, partial_reservation_id, partial_reservation_id) # Finally, if it was passed as a POST argument, generate the proper client address weblab_api.ctx.reservation_id = reservation_id.split(';')[0] try: experiment_id = weblab_api.api.get_reservation_info() except SessionNotFoundError: response.response = render_template('core_web/client_error.html', reservation_id=reservation_id) return response client_address = url_for('core_webclient.federated', locale=locale, reservation_id=reservation_id, back_url=back_url, widget=widget) format_parameter = request.form.get(FORMAT_PARAMETER) if format_parameter is not None and format_parameter == 'text': response.response = client_address return response return redirect(client_address)