def __call__(self):
cfg = authomatic_cfg()
if cfg is None:
return "Authomatic is not configured"
if not (
ISiteRoot.providedBy(self.context) or
INavigationRoot.providedBy(self.context)
):
# callback url is expected on either navigationroot or site root
# so bevor going on redirect
root = api.portal.get_navigation_root(self.context)
self.request.response.redirect(
"{0}/authomatic-handler/{1}".format(
root.absolute_url(),
getattr(self, 'provider', '')
)
)
return "redirecting"
if not hasattr(self, 'provider'):
return self.template()
if self.provider not in cfg:
return "Provider not supported"
if not self.is_anon:
if self.provider in self._provider_names:
raise ValueError(
'Provider {0} is already connected to current '
'user.'.format(self.provider)
)
# TODO: some sort of CSRF check might be needed, so that
# not an account got connected by CSRF. Research needed.
pass
auth = Authomatic(
cfg,
secret=authomatic_settings().secret.encode('utf8')
)
result = auth.login(
ZopeRequestAdapter(self),
self.provider
)
if not result:
logger.info('return from view')
# let authomatic do its work
return
if result.error:
return result.error.message
display = cfg[self.provider].get('display', {})
provider_name = display.get('title', self.provider)
if not self.is_anon:
# now we delegate to PAS plugin to add the identity
self._add_identity(result, provider_name)
self.request.response.redirect(
"{0}".format(self.context.absolute_url())
)
else:
# now we delegate to PAS plugin in order to login
self._remember_identity(result, provider_name)
self.request.response.redirect(
"{0}/login_success".format(self.context.absolute_url())
)
return "redirecting"
def __call__(self):
cfg = authomatic_cfg()
if cfg is None:
return "Authomatic is not configured"
if not (
ISiteRoot.providedBy(self.context)
or INavigationRoot.providedBy(self.context)
):
# callback url is expected on either navigationroot or site root
# so bevor going on redirect
root = api.portal.get_navigation_root(self.context)
self.request.response.redirect(
"{0}/authomatic-handler/{1}".format(
root.absolute_url(), getattr(self, 'provider', '')
)
)
return "redirecting"
if not hasattr(self, 'provider'):
return self.template()
if self.provider not in cfg:
return "Provider not supported"
if not self.is_anon:
if self.provider in self._provider_names:
raise ValueError(
'Provider {0} is already connected to current '
'user.'.format(self.provider)
)
# TODO: some sort of CSRF check might be needed, so that
# not an account got connected by CSRF. Research needed.
pass
secret = authomatic_settings().secret
if six.PY2 and isinstance(secret, six.text_type):
secret = secret.encode('utf8')
auth = Authomatic(cfg, secret=secret)
result = auth.login(ZopeRequestAdapter(self), self.provider)
if not result:
logger.info('return from view')
# let authomatic do its work
return
if result.error:
return result.error.message
display = cfg[self.provider].get('display', {})
provider_name = display.get('title', self.provider)
if not self.is_anon:
# now we delegate to PAS plugin to add the identity
self._add_identity(result, provider_name)
self.request.response.redirect(
"{0}".format(self.context.absolute_url())
)
else:
# now we delegate to PAS plugin in order to login
self._remember_identity(result, provider_name)
if api.env.plone_version() < '5.2':
self.request.response.redirect(
"{0}/login_success".format(self.context.absolute_url())
)
else:
self.request.response.redirect(self.context.absolute_url())
return "redirecting"
def new_userid(plugin, result):
settings = authomatic_settings()
factory = queryUtility(
IUserIDFactory,
name=settings.userid_factory_name,
default=UUID4UserIDFactory()
)
return factory(plugin, result)
def new_userid(plugin, result):
settings = authomatic_settings()
factory = queryUtility(
IUserIDFactory,
name=settings.userid_factory_name,
default=UUID4UserIDFactory()
)
return factory(plugin, result)
def __call__(self):
cfg = authomatic_cfg()
if cfg is None:
return "Authomatic is not configured"
if not (ISiteRoot.providedBy(self.context)
or INavigationRoot.providedBy(self.context)):
# callback url is expected on either navigationroot or site root
# so bevor going on redirect
root = api.portal.get_navigation_root(self.context)
self.request.response.redirect("{}/authomatic-handler/{}".format(
root.absolute_url(), getattr(self, "provider", "")))
return "redirecting"
if not getattr(self, "provider", None):
return self.template()
if self.provider not in cfg:
return "Provider not supported"
if not self.is_anon:
if self.provider in self._provider_names:
logger.warn(
"Provider %s is already connected to current "
"user.", self.provider)
return self._redirect()
# TODO: some sort of CSRF check might be needed, so that
# not an account got connected by CSRF. Research needed.
pass
secret = authomatic_settings().secret
auth = Authomatic(cfg, secret=secret)
result = auth.login(ZopeRequestAdapter(self), self.provider)
if not result:
logger.info("return from view")
# let authomatic do its work
return
if result.error:
return result.error.message
display = cfg[self.provider].get("display", {})
provider_name = display.get("title", self.provider)
if not self.is_anon:
# now we delegate to PAS plugin to add the identity
self._add_identity(result, provider_name)
else:
# now we delegate to PAS plugin in order to login
self._remember_identity(result, provider_name)
return self._redirect()
def get_auth(self) -> Authomatic:
providers = self.providers
secret = authomatic_settings().secret
return Authomatic(providers, secret=secret)
def __call__(self):
# callback url is expected on site root
if not ISiteRoot.providedBy(self.context):
root = api.portal.get()
self.request.response.redirect("{0}/authomatic-handler/{1}".format(
root.absolute_url(), getattr(self, 'provider', '')))
return "redirecting"
self.authopas = authomatic_plugin()
self.cfgs = authomatic_cfg()
if self.cfgs is None:
return "Authomatic is not configured"
self.is_anon = api.user.is_anonymous()
if not self.is_anon:
self.user = api.user.get_current()
self.user_providers = self.authopas._useridentities_by_userid.get(
self.user.id).providers()
# Validate provider
if not hasattr(self, 'provider'):
return self.template()
if self.provider not in self.cfgs:
return "Provider not supported"
if not self.is_anon and self.provider in self.user_providers:
action = self.request.form.get('action', None)
if action == 'unlink':
alsoProvides(self.request, IDisableCSRFProtection)
self.authopas.remove_identity(self.user.id, self.provider)
api.portal.show_message(
_('Unlink account with {provider} provider',
mapping={'provider': self.provider}), self.request)
return self.template()
#Any other action ?
else:
api.portal.show_message(
_('Provider {provider} is already connected to current user',
mapping={'provider': self.provider}), self.request)
return self.template()
# TODO: some sort of CSRF check might be needed, so that
# not an account got connected by CSRF. Research needed.
#Authomatic login
auth = Authomatic(self.cfgs,
secret=authomatic_settings().secret.encode('utf8'))
result = auth.login(ZopeRequestAdapter(self), self.provider)
if not result:
logger.info('return from view')
# let authomatic do its work
return
if result.error:
return result.error.message
# fetch provider specific user-data
result.user.update()
display = self.cfgs[self.provider].get('display', {})
provider_name = display.get('title', self.provider)
if not self.is_anon:
# now we delegate to PAS plugin to add the identity
self._add_identity(result, provider_name)
self.request.response.redirect("{0}".format(
self.context.absolute_url()))
else:
# now we delegate to PAS plugin in order to login
self._remember_identity(result, provider_name)
redirect = self.cfgs[self.provider].get(
'redirect_url', "${portal_url}/login_success")
redirect = redirect.replace("${portal_url}",
api.portal.get().absolute_url())
self.request.response.redirect(redirect)
return "redirecting"
def __call__(self):
cfg = authomatic_cfg()
if cfg is None:
return "Authomatic is not configured"
if not (ISiteRoot.providedBy(self.context)
or INavigationRoot.providedBy(self.context)):
# callback url is expected on either navigationroot or site root
# so bevor going on redirect
root = api.portal.get_navigation_root(self.context)
self.request.response.redirect(
"{0}/authomatic-handler/{1}{2}".format(
root.absolute_url(), getattr(self, 'provider', ''),
('?' + self.request.QUERY_STRING
if self.request.QUERY_STRING else '')))
return "redirecting"
if not hasattr(self, 'provider'):
return self.template()
if self.provider not in cfg:
return "Provider not supported"
if not self.is_anon:
if self.provider in self._provider_names:
raise ValueError(
'Provider {0} is already connected to current '
'user.'.format(self.provider))
# TODO: some sort of CSRF check might be needed, so that
# not an account got connected by CSRF. Research needed.
pass
auth = Authomatic(cfg,
secret=authomatic_settings().secret.encode('utf8'))
additional_params = {}
for key in ('came_from', 'next'):
if key in self.request.form:
additional_params[key] = self.request.form[key]
# TODO: expire after 1800s (30m)
# TODO: single cookie for next and came_from ?
self.request.response.setCookie(
'authomatic_{0}'.format(key),
self.request.form[key],
http_only=True,
path=api.portal.get().absolute_url_path())
del (self.request.form[key])
# TODO: expire cookie(s) after successful login, not here.
elif self.request.cookies.get('authomatic_{0}'.format(key)):
additional_params[key] = self.request.cookies.get(
'authomatic_{0}'.format(key))
self.request.response.expireCookie(
'authomatic_{0}'.format(key),
path=api.portal.get().absolute_url_path())
result = auth.login(ZopeRequestAdapter(self), self.provider)
if not result:
logger.info('return from view')
return
if result.error:
return result.error.message
display = cfg[self.provider].get('display', {})
provider_name = display.get('title', self.provider)
if not self.is_anon:
# now we delegate to PAS plugin to add the identity
logger.info('add_identity %s', additional_params)
self._add_identity(result, provider_name)
self.request.response.redirect(
additional_params.get('came_from',
self.context.absolute_url()))
else:
# now we delegate to PAS plugin in order to login
logger.info('remember_identity %s', additional_params)
self._remember_identity(result, provider_name)
if additional_params:
self.request.response.redirect("{0}/logged_in?{1}".format(
self.context.absolute_url(), urlencode(additional_params)))
else:
self.request.response.redirect("{0}/login_success".format(
self.context.absolute_url()))
return "redirecting"
