def setup_user(): """ Try to retrieve a valid user object from the request, be it either through the session or through a login. """ # init some stuff for auth processing: flaskg._login_multistage = None flaskg._login_multistage_name = None flaskg._login_messages = [] # first try setting up from session userobj = auth.setup_from_session() # then handle login/logout forms form = request.values.to_dict() if 'login_submit' in form: # this is a real form, submitted by POST userobj = auth.handle_login(userobj, **form) elif 'logout_submit' in form: # currently just a GET link userobj = auth.handle_logout(userobj) else: userobj = auth.handle_request(userobj) # if we still have no user obj, create a dummy: if not userobj: userobj = user.User(name=ANON, auth_method='invalid') # if we have a valid user we store it in the session if userobj.valid: session['user.itemid'] = userobj.itemid session['user.trusted'] = userobj.trusted session['user.auth_method'] = userobj.auth_method session['user.auth_attribs'] = userobj.auth_attribs session['user.session_token'] = userobj.get_session_token() return userobj
def setup_user(context, session): """ Try to retrieve a valid user object from the request, be it either through the session or through a login. """ # first try setting up from session userobj = auth.setup_from_session(context, session) userobj, olduser = auth.setup_setuid(context, userobj) context._setuid_real_user = olduser # then handle login/logout forms form = context.request.values if 'login' in form: params = { 'username': form.get('name'), 'password': form.get('password'), 'attended': True, 'openid_identifier': form.get('openid_identifier'), 'stage': form.get('stage') } userobj = auth.handle_login(context, userobj, **params) elif 'logout' in form: userobj = auth.handle_logout(context, userobj) else: userobj = auth.handle_request(context, userobj) # if we still have no user obj, create a dummy: if not userobj: userobj = user.User(context, auth_method='invalid') return userobj
def setup_user(context, session): """ Try to retrieve a valid user object from the request, be it either through the session or through a login. """ # first try setting up from session userobj = auth.setup_from_session(context, session) userobj, olduser = auth.setup_setuid(context, userobj) context._setuid_real_user = olduser # then handle login/logout forms form = context.request.values if "login" in form: params = { "username": form.get("name"), "password": form.get("password"), "attended": True, "openid_identifier": form.get("openid_identifier"), "stage": form.get("stage"), } userobj = auth.handle_login(context, userobj, **params) elif "logout" in form: userobj = auth.handle_logout(context, userobj) else: userobj = auth.handle_request(context, userobj) # if we still have no user obj, create a dummy: if not userobj: userobj = user.User(context, auth_method="invalid") return userobj
def xmlrpc_getAuthToken(self, username, password, *args): """ Returns a token which can be used for authentication in other XMLRPC calls. If the token is empty, the username or the password were wrong. Implementation note: token is same as cookie content would be for http session """ request = self.request request.session = request.cfg.session_service.get_session(request) u = auth.setup_from_session(request, request.session) login_required = is_login_required(request) if login_required: u = auth.handle_login(request, u, username=username, password=password) else: u = request.user if u and u.valid: request.user = u request.cfg.session_service.finalize(request, request.session) return request.session.sid else: return ""
def xmlrpc_applyAuthToken(self, auth_token): """ Applies the auth token and thereby authenticates the user. """ if not auth_token: return xmlrpclib.Fault("INVALID", "Empty token.") request = self.request request.session = request.cfg.session_service.get_session(request, auth_token) logging.debug("applyAuthToken: got session %r" % request.session) u = auth.setup_from_session(request, request.session) logging.debug("applyAuthToken: got user %r" % u) if u and u.valid: self.request.user = u return "SUCCESS" else: return xmlrpclib.Fault("INVALID", "Invalid token.")
def xmlrpc_applyAuthToken(self, auth_token): """ Applies the auth token and thereby authenticates the user. """ if not auth_token: return xmlrpclib.Fault("INVALID", "Empty token.") request = self.request request.session = request.cfg.session_service.get_session( request, auth_token) logging.debug("applyAuthToken: got session %r" % request.session) u = auth.setup_from_session(request, request.session) logging.debug("applyAuthToken: got user %r" % u) if u and u.valid: self.request.user = u return "SUCCESS" else: return xmlrpclib.Fault("INVALID", "Invalid token.")