def authCallback(request, authName):
"""
This url is provided so external SSO authenticators can get an url for
redirecting back the users.
This will invoke authCallback of the requested idAuth and, if this represents
an authenticator that has an authCallback
"""
from uds.core import auths
try:
authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy()
params.update(request.POST)
logger.debug('Request session:%s -> %s, %s', request.ip,
request.session.keys(), request.session.session_key)
params['_request'] = request
# params['_session'] = request.session
# params['_user'] = request.user
logger.debug('Auth callback for {0} with params {1}'.format(
authenticator, params.keys()))
user = authenticateViaCallback(authenticator, params)
os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT'])
if user is None:
authLogLogin(request, authenticator, '{0}'.format(params),
'Invalid at auth callback')
raise auths.Exceptions.InvalidUserException()
response = HttpResponseRedirect(reverse('Index'))
webLogin(request, response, user,
'') # Password is unavailable in this case
request.session['OS'] = os
# Now we render an intermediate page, so we get Java support from user
# It will only detect java, and them redirect to Java
return response
except auths.Exceptions.Redirect as e:
return HttpResponseRedirect(request.build_absolute_uri(str(e)))
except auths.Exceptions.Logout as e:
return webLogout(request, request.build_absolute_uri(str(e)))
except Exception as e:
logger.exception('authCallback')
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def authCallback_stage2(request: HttpRequest, ticketId: str) -> HttpResponse:
try:
ticket = TicketStore.get(ticketId)
params: typing.Dict[str, typing.Any] = ticket['params']
auth_uuid: str = ticket['auth']
authenticator = Authenticator.objects.get(uuid=auth_uuid)
params['_request'] = request
# params['_session'] = request.session
# params['_user'] = request.user
logger.debug('Request session:%s -> %s, %s', request.ip,
request.session.keys(), request.session.session_key)
user = authenticateViaCallback(authenticator, params)
os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT'])
if user is None:
authLogLogin(request, authenticator, '{0}'.format(params),
'Invalid at auth callback')
raise auths.exceptions.InvalidUserException()
response = HttpResponseRedirect(reverse('page.index'))
webLogin(request, response, user,
'') # Password is unavailable in this case
request.session['OS'] = os
# Now we render an intermediate page, so we get Java support from user
# It will only detect java, and them redirect to Java
return response
except auths.exceptions.Redirect as e:
return HttpResponseRedirect(
request.build_absolute_uri(str(e)) if e.args and e.args[0] else '/'
)
except auths.exceptions.Logout as e:
return webLogout(
request,
request.build_absolute_uri(str(e))
if e.args and e.args[0] else None)
except Exception as e:
logger.exception('authCallback')
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def authCallback(request, authName):
"""
This url is provided so external SSO authenticators can get an url for
redirecting back the users.
This will invoke authCallback of the requested idAuth and, if this represents
an authenticator that has an authCallback
"""
from uds.core import auths
try:
authenticator = Authenticator.objects.get(name=authName)
params = request.GET.copy()
params.update(request.POST)
params['_request'] = request
# params['_session'] = request.session
# params['_user'] = request.user
logger.debug('Auth callback for {0} with params {1}'.format(authenticator, params.keys()))
user = authenticateViaCallback(authenticator, params)
os = OsDetector.getOsFromUA(request.META['HTTP_USER_AGENT'])
if user is None:
authLogLogin(request, authenticator, '{0}'.format(params), 'Invalid at auth callback')
raise auths.Exceptions.InvalidUserException()
response = HttpResponseRedirect(reverse('Index'))
webLogin(request, response, user, '') # Password is unavailable in this case
request.session['OS'] = os
# Now we render an intermediate page, so we get Java support from user
# It will only detect java, and them redirect to Java
return response
except auths.Exceptions.Redirect as e:
return HttpResponseRedirect(request.build_absolute_uri(str(e)))
except auths.Exceptions.Logout as e:
return webLogout(request, request.build_absolute_uri(str(e)))
except Exception as e:
logger.exception('authCallback')
return errors.exceptionView(request, e)
# Will never reach this
raise RuntimeError('Unreachable point reached!!!')
def login(request, tag=None):
'''
View responsible of logging in an user
:param request: http request
:param tag: tag of login auth
'''
# request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt())
host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: {0}'.format(host))
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(True) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by('priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: {0}'.format(tag))
logger.debug(request.method)
if request.method == 'POST':
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data
request.session.cycle_key()
form = LoginForm(request.POST, tag=tag)
if form.is_valid():
os = OsDetector.getOsFromUA(request.META.get('HTTP_USER_AGENT'))
try:
authenticator = Authenticator.objects.get(pk=form.cleaned_data['authenticator'])
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey)
if tries is None:
tries = 0
if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
form.add_form_error('Too many authentication errors. User temporarily blocked.')
authLogLogin(request, authenticator, userName, 'Temporarily blocked')
else:
user = authenticate(userName, form.cleaned_data['password'], authenticator)
logger.debug('User: {}'.format(user))
if user is None:
logger.debug("Invalid credentials for user {0}".format(userName))
tries += 1
cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt())
form.add_form_error('Invalid credentials')
authLogLogin(request, authenticator, userName, 'Invalid credentials')
else:
logger.debug('User {} has logged in'.format(userName))
cache.remove(cacheKey) # Valid login, remove cached tries
response = HttpResponseRedirect(reverse('uds.web.views.index'))
webLogin(request, response, user, form.cleaned_data['password'])
# Add the "java supported" flag to session
request.session['OS'] = os
authLogLogin(request, authenticator, user.name)
return response
else:
form = LoginForm(tag=tag)
response = render_to_response(theme.template('login.html'), {'form': form, 'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True)},
context_instance=RequestContext(request))
getUDSCookie(request, response)
return response
def checkLogin( # pylint: disable=too-many-branches, too-many-statements
request: 'HttpRequest',
form: 'LoginForm',
tag: typing.Optional[str] = None
) -> typing.Tuple[typing.Optional['User'], typing.Any]:
host = request.META.get('HTTP_HOST') or request.META.get(
'SERVER_NAME'
) or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: %s', host)
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by(
'priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: %s', tag)
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return (None, errors.COOKIES_NEEDED)
if form.is_valid():
os = request.os
try:
authenticator = Authenticator.objects.get(
uuid=processUuid(form.cleaned_data['authenticator']))
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
userName = userName.lower()
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey) or 0
triesByIp = cache.get(request.ip) or 0
maxTries = GlobalConfig.MAX_LOGIN_TRIES.getInt()
if (authenticator.getInstance().blockUserOnLoginFailures is True and
(tries >= maxTries) or triesByIp >= maxTries):
authLogLogin(request, authenticator, userName,
'Temporarily blocked')
return (
None,
_('Too many authentication errrors. User temporarily blocked'))
password = form.cleaned_data['password']
user = None
if password == '':
password = '******' # Random string, in fact, just a placeholder that will not be used :)
user = authenticate(userName, password, authenticator)
logger.debug('User: %s', user)
if user is None:
logger.debug("Invalid user %s (access denied)", userName)
cache.put(cacheKey, tries + 1, GlobalConfig.LOGIN_BLOCK.getInt())
cache.put(request.ip, triesByIp + 1,
GlobalConfig.LOGIN_BLOCK.getInt())
authLogLogin(request, authenticator, userName,
'Access denied (user not allowed by UDS)')
return (None, _('Access denied'))
request.session.cycle_key()
logger.debug('User %s has logged in', userName)
cache.remove(cacheKey) # Valid login, remove cached tries
# Add the "java supported" flag to session
request.session['OS'] = os
if form.cleaned_data['logouturl'] != '':
logger.debug('The logoout url will be %s',
form.cleaned_data['logouturl'])
request.session['logouturl'] = form.cleaned_data['logouturl']
authLogLogin(request, authenticator, user.name)
return (user, form.cleaned_data['password'])
logger.info('Invalid form received')
return (None, _('Invalid data'))
def login(request, tag=None):
'''
View responsible of logging in an user
:param request: http request
:param tag: tag of login auth
'''
# request.session.set_expiry(GlobalConfig.USER_SESSION_LENGTH.getInt())
host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: {0}'.format(host))
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by('priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: {0}'.format(tag))
logger.debug(request.method)
if request.method == 'POST':
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return errors.errorView(request, errors.COOKIES_NEEDED) # We need cookies to keep session data
request.session.cycle_key()
form = LoginForm(request.POST, tag=tag)
if form.is_valid():
os = request.os
try:
authenticator = Authenticator.objects.get(pk=form.cleaned_data['authenticator'])
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
userName = userName.lower()
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey)
if tries is None:
tries = 0
if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
form.add_error(None, 'Too many authentication errors. User temporarily blocked.')
authLogLogin(request, authenticator, userName, 'Temporarily blocked')
else:
password = form.cleaned_data['password']
user = None
if password == '':
password = '******'
user = authenticate(userName, password, authenticator)
logger.debug('User: {}'.format(user))
if user is None:
logger.debug("Invalid credentials for user {0}".format(userName))
tries += 1
cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt())
form.add_error(None, ugettext('Invalid credentials'))
authLogLogin(request, authenticator, userName, 'Invalid credentials')
else:
logger.debug('User {} has logged in'.format(userName))
cache.remove(cacheKey) # Valid login, remove cached tries
response = HttpResponseRedirect(reverse('uds.web.views.index'))
webLogin(request, response, user, form.cleaned_data['password'])
# Add the "java supported" flag to session
request.session['OS'] = os
if form.cleaned_data['logouturl'] != '':
logger.debug('The logoout url will be {}'.format(form.cleaned_data['logouturl']))
request.session['logouturl'] = form.cleaned_data['logouturl']
authLogLogin(request, authenticator, user.name)
return response
else:
logger.info('Invalid form received')
else:
form = LoginForm(tag=tag)
response = render_to_response(
theme.template('login.html'),
{
'form': form,
'customHtml': GlobalConfig.CUSTOM_HTML_LOGIN.get(True),
'version': VERSION
},
context_instance=RequestContext(request)
)
getUDSCookie(request, response)
return response
def checkLogin(request, form, tag=None):
host = request.META.get('HTTP_HOST') or request.META.get('SERVER_NAME') or 'auth_host' # Last one is a placeholder in case we can't locate host name
# Get Authenticators limitation
logger.debug('Host: {0}'.format(host))
if GlobalConfig.DISALLOW_GLOBAL_LOGIN.getBool(False) is True:
if tag is None:
try:
Authenticator.objects.get(small_name=host)
tag = host
except Exception:
try:
tag = Authenticator.objects.order_by('priority')[0].small_name
except Exception: # There is no authenticators yet, simply allow global login to nowhere.. :-)
tag = None
logger.debug('Tag: {0}'.format(tag))
if 'uds' not in request.COOKIES:
logger.debug('Request does not have uds cookie')
return (None, errors.COOKIES_NEEDED)
if form.is_valid():
os = request.os
try:
authenticator = Authenticator.objects.get(uuid=processUuid(form.cleaned_data['authenticator']))
except Exception:
authenticator = Authenticator()
userName = form.cleaned_data['user']
if GlobalConfig.LOWERCASE_USERNAME.getBool(True) is True:
userName = userName.lower()
cache = Cache('auth')
cacheKey = str(authenticator.id) + userName
tries = cache.get(cacheKey)
if tries is None:
tries = 0
if authenticator.getInstance().blockUserOnLoginFailures is True and tries >= GlobalConfig.MAX_LOGIN_TRIES.getInt():
authLogLogin(request, authenticator, userName, 'Temporarily blocked')
return (None, _('Too many authentication errrors. User temporarily blocked'))
else:
password = form.cleaned_data['password']
user = None
if password == '':
password = '******' # Random string, in fact, just a placeholder that will not be used :)
user = authenticate(userName, password, authenticator)
logger.debug('User: {}'.format(user))
if user is None:
logger.debug("Invalid user {0} (access denied)".format(userName))
tries += 1
cache.put(cacheKey, tries, GlobalConfig.LOGIN_BLOCK.getInt())
authLogLogin(request, authenticator, userName, 'Access denied (user not allowed by UDS)')
return (None, _('Access denied'))
else:
request.session.cycle_key()
logger.debug('User {} has logged in'.format(userName))
cache.remove(cacheKey) # Valid login, remove cached tries
# Add the "java supported" flag to session
request.session['OS'] = os
if form.cleaned_data['logouturl'] != '':
logger.debug('The logoout url will be {}'.format(form.cleaned_data['logouturl']))
request.session['logouturl'] = form.cleaned_data['logouturl']
authLogLogin(request, authenticator, user.name)
return (user, form.cleaned_data['password'])
logger.info('Invalid form received')
return (None, _('Invalid data'))
