Esempio n. 1
0
def session_create(request):
    password = None
    if request.POST.has_key("username"):
        username = request.POST["username"]
    if request.POST.has_key("password"):
        password = request.POST["password"]
        user = auth.authenticate(request, username, password)

    if not password and request.POST.has_key("system"):
        system = request.POST["system"]
        try:
            AuthSystem.objects.get(short_name=system)
            user = auth.authenticate(request, username, None, system)
        except AuthSystem.DoesNotExist:
            raise PermissionDenied()

    if not user:
        raise PermissionDenied()

    if user.is_active:
        # auth worked, created a session based token
        token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
    else:
        raise PermissionDenied()

    return HttpResponse(str(token), mimetype="text/plain")
Esempio n. 2
0
def session_create(request):
    """ Authenticate a user and register a web session for them.

    request.POST must contain:

    * *username*: the username of the user to authenticate.

    request.POST may contain **EITHER**:
    
    * *password*: the password to use with *username* against the
        internal password auth system.

    * *system*: An external auth system to authenticate the user
    
    Will return :http:statuscode:`200` with a valid session token 
    on success, :http:statuscode:`400` if no username was provided, :http:statuscode:`403` if the passed credentials were
    invalid or it the passed *system* doesn't exist.
    
    """

    from indivo.accesscontrol import auth
    user = None
    username = None
    password = None
    if request.POST.has_key('username'):
        username = request.POST['username']
    else:
        return HttpResponseBadRequest('No username provided')
    
    if request.POST.has_key('password'):
        password = request.POST['password']
        user = auth.authenticate(request, username, password)

        if not password and request.POST.has_key('system'):
                system = request.POST['system']
                try:
                        AuthSystem.objects.get(short_name=system)
                        user = auth.authenticate(request, username, None, system)
                except AuthSystem.DoesNotExist:
                        raise PermissionDenied()
    if not password and request.POST.has_key('system'):
        system = request.POST['system']
        try:
            AuthSystem.objects.get(short_name=system)
            user = auth.authenticate(request, username, None, system)
        except AuthSystem.DoesNotExist:
            raise PermissionDenied()

    if not user:
        raise PermissionDenied()

    if user.is_active:
        # auth worked, created a session based token
        from indivo.accesscontrol.oauth_servers import SESSION_OAUTH_SERVER
        token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
    else:
        logging.debug('indivo.views.pha.session_create(): This user is not active')
        raise PermissionDenied()
    
    return HttpResponse(str(token), mimetype='text/plain')
Esempio n. 3
0
def session_create(request):
    """ Authenticate a user and register a web session for them.

    request.POST must contain:

    * *username*: the username of the user to authenticate.

    request.POST may contain **EITHER**:
    
    * *password*: the password to use with *username* against the
        internal password auth system.

    * *system*: An external auth system to authenticate the user
    
    Will return :http:statuscode:`200` with a valid session token 
    on success, :http:statuscode:`400` if no username was provided, :http:statuscode:`403` if the passed credentials were
    invalid or it the passed *system* doesn't exist.
    
    """

    from indivo.accesscontrol import auth
    user = None
    username = None
    password = None
    if request.POST.has_key('username'):
        username = request.POST['username']
    else:
        return HttpResponseBadRequest('No username provided')
    
    if request.POST.has_key('password'):
        password = request.POST['password']
        user = auth.authenticate(request, username, password)

        if not password and request.POST.has_key('system'):
                system = request.POST['system']
                try:
                        AuthSystem.objects.get(short_name=system)
                        user = auth.authenticate(request, username, None, system)
                except AuthSystem.DoesNotExist:
                        raise PermissionDenied()
    if not password and request.POST.has_key('system'):
        system = request.POST['system']
        try:
            AuthSystem.objects.get(short_name=system)
            user = auth.authenticate(request, username, None, system)
        except AuthSystem.DoesNotExist:
            raise PermissionDenied()

    if not user:
        raise PermissionDenied()

    if user.is_active:
        # auth worked, created a session based token
        from indivo.accesscontrol.oauth_servers import SESSION_OAUTH_SERVER
        token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
    else:
        logging.debug('indivo.views.pha.session_create(): This user is not active')
        raise PermissionDenied()
    
    return HttpResponse(str(token), mimetype='text/plain')
Esempio n. 4
0
def session_create(request):
  from indivo.accesscontrol import auth
  password = None
  if request.POST.has_key('username'):
    username = request.POST['username']
  if request.POST.has_key('password'):
    password = request.POST['password']
    user = auth.authenticate(request, username, password)

  if not password and request.POST.has_key('system'):
    system = request.POST['system']
    try:
      AuthSystem.objects.get(short_name=system)
      user = auth.authenticate(request, username, None, system)
    except AuthSystem.DoesNotExist:
      raise PermissionDenied()

  if not user:
    raise PermissionDenied()

  if user.is_active:
    # auth worked, created a session based token
    from indivo.accesscontrol.oauth_servers import SESSION_OAUTH_SERVER
    token = SESSION_OAUTH_SERVER.generate_and_preauthorize_access_token(request.principal, user=user)
  else:
    raise PermissionDenied()

  return HttpResponse(str(token), mimetype='text/plain')