def auth_login(auth, **kwargs):
"""If GET request, show login page. If POST, attempt to log user in if
login form passsed; else send forgot password email.
"""
campaign = request.args.get('campaign')
next_url = request.args.get('next')
must_login_warning = True
if campaign:
next_url = campaigns.campaign_url_for(campaign)
if not next_url:
next_url = request.args.get('redirect_url')
must_login_warning = False
if next_url:
# Only allow redirects which are relative root or full domain, disallows external redirects.
if not (next_url[0] == '/'
or next_url.startswith(settings.DOMAIN)
or next_url.startswith(settings.CAS_SERVER_URL)
or next_url.startswith(settings.MFR_SERVER_URL)):
raise HTTPError(http.InvalidURL)
if auth.logged_in:
if not request.args.get('logout'):
if next_url:
return redirect(next_url)
return redirect('/')
# redirect user to CAS for logout, return here w/o authentication
return auth_logout(redirect_url=request.url)
if kwargs.get('first', False):
status.push_status_message('You may now log in', kind='info', trust=False)
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.', trust=False)
status.push_status_message('The private link you used is expired. Please <a href="/settings/account/">'
'resend email.</a>', trust=False)
if next_url and must_login_warning:
status.push_status_message(language.MUST_LOGIN, trust=False)
# set login_url to form action, upon successful authentication specifically w/o logout=True,
# allows for next to be followed or a redirect to the dashboard.
redirect_url = web_url_for('auth_login', next=next_url, _absolute=True)
data = {}
if campaign and campaign in campaigns.CAMPAIGNS:
if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution':
data['campaign'] = campaign
data['login_url'] = cas.get_login_url(redirect_url, auto=True)
data['institution_redirect'] = cas.get_institution_target(redirect_url)
data['redirect_url'] = next_url
data['sign_up'] = request.args.get('sign_up', False)
data['existing_user'] = request.args.get('existing_user', None)
return data, http.OK
def auth_login(auth, **kwargs):
"""If GET request, show login page. If POST, attempt to log user in if
login form passsed; else send forgot password email.
"""
campaign = request.args.get('campaign')
next_url = request.args.get('next')
must_login_warning = True
if campaign:
next_url = campaigns.campaign_url_for(campaign)
if not next_url:
next_url = request.args.get('redirect_url')
must_login_warning = False
if next_url:
# Only allow redirects which are relative root or full domain, disallows external redirects.
if not (next_url[0] == '/' or next_url.startswith(settings.DOMAIN)):
raise HTTPError(http.InvalidURL)
if auth.logged_in:
if not request.args.get('logout'):
if next_url:
return redirect(next_url)
return redirect('/')
# redirect user to CAS for logout, return here w/o authentication
return auth_logout(redirect_url=request.url)
if kwargs.get('first', False):
status.push_status_message('You may now log in',
kind='info',
trust=False)
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.',
trust=False)
if next_url and must_login_warning:
status.push_status_message(language.MUST_LOGIN, trust=False)
# set login_url to form action, upon successful authentication specifically w/o logout=True,
# allows for next to be followed or a redirect to the dashboard.
redirect_url = web_url_for('auth_login', next=next_url, _absolute=True)
data = {}
if campaign and campaign in campaigns.CAMPAIGNS:
if (campaign == 'institution'
and settings.ENABLE_INSTITUTIONS) or campaign != 'institution':
data['campaign'] = campaign
data['login_url'] = cas.get_login_url(redirect_url, auto=True)
data['institution_redirect'] = cas.get_institution_target(redirect_url)
data['redirect_url'] = next_url
data['sign_up'] = request.args.get('sign_up', False)
return data, http.OK
def auth_login(auth, **kwargs):
"""
This view serves as the entry point for OSF login and campaign login.
HTTP Method: GET
GET '/login/' without any query parameter:
redirect to CAS login page with dashboard as target service
GET '/login/?logout=true
log user out and redirect to CAS login page with redirect_url or next_url as target service
GET '/login/?campaign=instituion:
if user is logged in, redirect to 'dashboard'
show institution login
GET '/login/?campaign=prereg:
if user is logged in, redirect to prereg home page
else show sign up page and notify user to sign in, set next to prereg home page
GET '/login/?next=next_url:
if user is logged in, redirect to next_url
else redirect to CAS login page with next_url as target service
"""
campaign = request.args.get('campaign')
next_url = request.args.get('next')
log_out = request.args.get('logout')
must_login_warning = True
if not campaign and not next_url and not log_out:
if auth.logged_in:
return redirect(web_url_for('dashboard'))
return redirect(cas.get_login_url(web_url_for('dashboard', _absolute=True)))
if campaign:
next_url = campaigns.campaign_url_for(campaign)
if not next_url:
next_url = request.args.get('redirect_url')
must_login_warning = False
if next_url:
# Only allow redirects which are relative root or full domain, disallows external redirects.
if not (next_url[0] == '/'
or next_url.startswith(settings.DOMAIN)
or next_url.startswith(settings.CAS_SERVER_URL)
or next_url.startswith(settings.MFR_SERVER_URL)):
raise HTTPError(http.InvalidURL)
if auth.logged_in:
if not log_out:
if next_url:
return redirect(next_url)
return redirect('dashboard')
# redirect user to CAS for logout, return here w/o authentication
return auth_logout(redirect_url=request.url)
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.', trust=False)
status.push_status_message('The private link you used is expired. Please <a href="/settings/account/">'
'resend email.</a>', trust=False)
if next_url and must_login_warning:
status.push_status_message(language.MUST_LOGIN, trust=False)
# set login_url to form action, upon successful authentication specifically w/o logout=True,
# allows for next to be followed or a redirect to the dashboard.
redirect_url = web_url_for('auth_login', next=next_url, _absolute=True)
data = {}
if campaign and campaign in campaigns.CAMPAIGNS:
if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution':
data['campaign'] = campaign
data['login_url'] = cas.get_login_url(redirect_url)
data['institution_redirect'] = cas.get_institution_target(redirect_url)
data['redirect_url'] = next_url
data['sign_up'] = request.args.get('sign_up', False)
data['existing_user'] = request.args.get('existing_user', None)
return data, http.OK
def auth_login(auth, **kwargs):
"""
This view serves as the entry point for OSF login and campaign login.
HTTP Method: GET
GET '/login/' without any query parameter:
redirect to CAS login page with dashboard as target service
GET '/login/?logout=true
log user out and redirect to CAS login page with redirect_url or next_url as target service
GET '/login/?campaign=instituion:
if user is logged in, redirect to 'dashboard'
show institution login
GET '/login/?campaign=prereg:
if user is logged in, redirect to prereg home page
else show sign up page and notify user to sign in, set next to prereg home page
GET '/login/?next=next_url:
if user is logged in, redirect to next_url
else redirect to CAS login page with next_url as target service
"""
campaign = request.args.get('campaign')
next_url = request.args.get('next')
log_out = request.args.get('logout')
must_login_warning = True
if not campaign and not next_url and not log_out:
if auth.logged_in:
return redirect(web_url_for('dashboard'))
return redirect(cas.get_login_url(web_url_for('dashboard', _absolute=True)))
if campaign:
must_login_warning = False
next_url = campaigns.campaign_url_for(campaign)
if not next_url:
next_url = request.args.get('redirect_url')
must_login_warning = False
if not validate_next_url(next_url):
raise HTTPError(http.BAD_REQUEST)
if auth.logged_in:
if not log_out:
if next_url:
return redirect(next_url)
return redirect('dashboard')
# redirect user to CAS for logout, return here w/o authentication
return auth_logout(redirect_url=request.url)
status_message = request.args.get('status', '')
if status_message == 'expired':
status.push_status_message('The private link you used is expired.', trust=False)
status.push_status_message('The private link you used is expired. Please <a href="/settings/account/">'
'resend email.</a>', trust=False)
if next_url and must_login_warning:
status.push_status_message(language.MUST_LOGIN, trust=False)
# set login_url to form action, upon successful authentication specifically w/o logout=True,
# allows for next to be followed or a redirect to the dashboard.
redirect_url = web_url_for('auth_login', next=next_url, _absolute=True)
data = {}
if campaign and campaign in campaigns.CAMPAIGNS:
if (campaign == 'institution' and settings.ENABLE_INSTITUTIONS) or campaign != 'institution':
data['campaign'] = campaign
data['login_url'] = cas.get_login_url(redirect_url)
data['institution_redirect'] = cas.get_institution_target(redirect_url)
data['redirect_url'] = next_url
data['sign_up'] = request.args.get('sign_up', False)
data['existing_user'] = request.args.get('existing_user', None)
return data, http.OK
