def slo(self): """ Revokes the delivered access token. Logs out the user """ if not request.referer or request.host not in request.referer: redirect_to('/') g = model.Group.get(session['organization_id']) org_url = url_for(host=request.host, controller='organization', action='read', id=g.name, qualified=True) org_url = str(org_url) if toolkit.c.user: client = Clients.get_client(g) logout_url = client.end_session_endpoint redirect_uri = org_url + '/logout' # revoke the access token headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = 'token=' + session.get('access_token') data += '&token_type_hint=access_token' client.http_request(client.revocation_endpoint, 'POST', data=data, headers=headers) # redirect to IDP logout logout_url += '?id_token_hint=%s&' % session.get('id_token') logout_url += 'post_logout_redirect_uri=%s' % redirect_uri redirect_to(str(logout_url)) redirect_to(org_url)
def slo(): """ Revokes the delivered access token. Logs out the user """ if not request.referrer or request.host not in request.referrer: return redirect_to('/') log.info('Preparing to logging out: %s' % c.user) g = model.Group.get(session['organization_id']) org_url = url_for(host=request.host, controller='organization', action='read', id=g.name, qualified=True) org_url = str(org_url) if c.user: client = Clients.get_client(g) logout_url = client.end_session_endpoint redirect_uri = org_url + '/logout' # revoke the access token (https://doc.ozwillo.com/#1-revoke-known-tokens) headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = 'token=' + session.get('access_token') data += '&token_type_hint=access_token' client.http_request(client.revocation_endpoint, 'POST', data=data, headers=headers) # Invalidate the local session (https://doc.ozwillo.com/#2-invalidate-the-applications-local-session) id_token = session.get('id_token') session.invalidate() c.user = None c.userobj = None response = Response() for cookie in request.cookies: response.delete_cookie(cookie) # redirect to IDP logout (https://doc.ozwillo.com/#3-single-sign-out) logout_url += '?id_token_hint=%s&' % id_token logout_url += 'post_logout_redirect_uri=%s' % redirect_uri log.info('Redirecting user to: %s' % logout_url) return redirect_to(str(logout_url)) return redirect_to(org_url)
def send_user_message(self): body = {} try: request_body = json.loads(request.body) except Exception: # Didn't get appropriate JSON format bot_response = "Inappropriate body format - body must be application/json" logger.info(bot_response) body["bot"] = bot_response body["error"] = True response.body = json.dumps(body) return if not session.get("sender_id"): session["sender_id"] = session.id session.save() sender_id = session["sender_id"] message = request_body["text"] version_connector = VersionConnector() if not version_connector.query_rasa(): body["bot"] = ["Rasa server is down"] body["error"] = True else: bot_response = self.rasa_handle_message(message, sender_id) # Returns a list of responses if not bot_response: body["error"] = True bot_response ={ "type": "string", "data" : "DataBot didn't get any response. DataBot server is probably down." } body["bot"] = bot_response response.body = json.dumps(body) return
def _allow_caching(cache_force: Optional[bool] = None): # Caching Logic allow_cache = True # Force cache or not if explicit. if cache_force is not None: allow_cache = cache_force # Do not allow caching of pages for logged in users/flash messages etc. elif ('user' in g and g.user) or _is_valid_session_cookie_data(): allow_cache = False # Tests etc. elif session.get("_user_id"): allow_cache = False # Don't cache if based on a non-cachable template used in this. elif request.environ.get('__no_cache__'): allow_cache = False # Don't cache if we have set the __no_cache__ param in the query string. elif request.args.get('__no_cache__'): allow_cache = False # Don't cache if caching is not enabled in config elif not config.get_value('ckan.cache_enabled'): allow_cache = False if not allow_cache: # Prevent any further rendering from being cached. request.environ['__no_cache__'] = True
def callback(id): # Blueprints act strangely after user is logged in once. It will skip # SSO and user/login when trying to log in from different account and # directly get here. This is a workaround to force login user if not # redirected from loging page (as it sets important values in session) if not session.get('from_login'): return sso(id) session['from_login'] = False g_ = model.Group.get(session.get('organization_id', id)) client = Clients.get_client(g_) org_url = str(url_for(controller="organization", action='read', id=g_.name)) try: # Grab state from query parameter if session does not have it session['state'] = session.get('state', request.params.get('state')) userinfo, app_admin, app_user, access_token, id_token \ = client.callback(session['state'], request.args ) session['access_token'] = access_token session['id_token'] = id_token session.save() except OIDCError, e: flash_error('Login failed') return redirect_to(org_url, qualified=True)
def identify(self): '''Implementiation of IAuthenticator.identify Identify which user (if any) is logged in via this plugin ''' # FIXME: This breaks if the current user changes their own user name. user = session.get(u'ckanext-ldap-user') if user: toolkit.c.user = user else: # add the 'user' attribute to the context to avoid issue #4247 toolkit.c.user = None
def logged_out(self): """ Accounts came_from. If specified, logs out of ckan only. If not specified, logs out of both ckan and wotkit. """ # we need to get our language info back and the show the correct page lang = session.get('lang') came_from = session.get('logout_came_from') log.debug("came from: " + str(came_from)) c.user = None session.delete() if came_from: # extract came_from and construct new came from before redirecting (next_redirect_url, comma, remaining_came_from) = came_from.partition(',') if remaining_came_from: redirect_url = next_redirect_url + "?came_from=" + remaining_came_from else: redirect_url = next_redirect_url log.debug("redirecting logout to: " + redirect_url) routes.redirect_to(str(redirect_url)) else: # redirect user to logout url url = config_globals.get_logout_success_url() routes.redirect_to(str(url))
def slo(): """ Revokes the delivered access token. Logs out the user """ if not request.referrer or request.host not in request.referrer: return redirect_to('/') g = model.Group.get(session['organization_id']) org_url = url_for(host=request.host, controller='organization', action='read', id=g.name, qualified=True) org_url = str(org_url) if c.user: client = Clients.get_client(g) logout_url = client.end_session_endpoint redirect_uri = org_url + '/logout' # revoke the access token headers = {'Content-Type': 'application/x-www-form-urlencoded'} data = 'token=' + session.get('access_token') data += '&token_type_hint=access_token' client.http_request(client.revocation_endpoint, 'POST', data=data, headers=headers) # redirect to IDP logout logout_url += '?id_token_hint=%s&' % session.get('id_token') logout_url += 'post_logout_redirect_uri=%s' % redirect_uri return redirect_to(str(logout_url)) return redirect_to(org_url)
def logout(self): log.info('Logging out user: %s' % session.get('user')) response = Response() session['user'] = None session.save() g = model.Group.get(session['organization_id']) for cookie in request.cookies: response.delete_cookie(cookie) if g: org_url = url_for(host=request.host, controller='organization', action='read', id=g.name, qualified=True) redirect_to(str(org_url)) else: redirect_to('/')
def identify(self): user_ckan = session.get('ckanext-google-user') if user_ckan: c.user = user_ckan
def identify(self): user = session.get('user') if user and not getattr(c, 'userobj', None): userobj = model.User.get(user) c.user = userobj.name c.userobj = userobj
def logged_out(self): # we need to get our language info back and the show the correct page lang = session.get('lang') c.user = None session.delete() h.redirect_to(locale=lang, controller='user', action='logged_out_page')
def identify(self): user = session.get('user') if user and not toolkit.c.userobj: userobj = model.User.get(user) toolkit.c.user = userobj.name toolkit.c.userobj = userobj
def identify(self): user = session.get('openid-user') if user: toolkit.c.user = user
def callback(id): ''' OID callback. If it fails (OIDCError), if the session has NOT been marked as been in the context of a login_to_org() call (rather than only an sso() one), tries to sso() to the organization with the next id in the order of the ozwillo_global_login_organization_names property if configured (by calling try_sso_next_login_org()) ; else displays a specific message ("not member of this org", rather than "Login Failed") ''' # Blueprint act strangely after user is logged in once. It will skip # SSO and user/login when trying to log in from different account and # directly get here. This is a workaround to force login user if not # redirected from loging page (as it sets important values in session) if not session.get('from_login'): return sso(id) from_login = session['from_login'] session['from_login'] = False g_ = model.Group.get(session.get('organization_id', id)) client = Clients.get_client(g_) org_url = str(url_for(controller="organization", action='read', id=g_.name)) try: # Grab state from query parameter if session does not have it session['state'] = session.get('state', request.params.get('state')) userinfo, app_admin, app_user, access_token, id_token \ = client.callback(session['state'], request.args) session['access_token'] = access_token session['id_token'] = id_token session.save() except OIDCError as e: is_login_to_org = 'is_login_to_org' in session and session[ 'is_login_to_org'] log.info('OIDCError is_login_to_org', is_login_to_org, e, session) # reinit for next time : session['is_login_to_org'] = False session.save() log.info('OIDCError is_login_to_org', is_login_to_org, e, session) if not is_login_to_org: sso_ok = try_sso_next_login_org(id) if sso_ok: return sso_ok flash_error("Login failed" if not is_login_to_org else "Vous n'êtes pas membre de cette organisation") return redirect_to(org_url, qualified=True) locale = None log.info('Received userinfo: %s' % userinfo) if 'locale' in userinfo: locale = userinfo.get('locale', '') if '-' in locale: locale, country = locale.split('-') org_url = str(url_for(org_url, locale=locale, qualified=True)) if 'sub' in userinfo: userobj = model.User.get(userinfo['sub']) if not userobj: user_dict = { 'id': userinfo['sub'], 'name': userinfo['sub'].replace('-', ''), 'email': userinfo['email'], 'password': userinfo['sub'] } context = { 'ignore_auth': True, 'model': model, 'session': model.Session } user_create(context, user_dict) userobj = model.User.get(userinfo['sub']) if app_admin or app_user: member_dict = { 'id': g_.id, 'object': userinfo['sub'], 'object_type': 'user', 'capacity': 'admin', } member_create_context = { 'model': model, 'user': userobj.name, 'ignore_auth': True, 'session': session } member_create(member_create_context, member_dict) if 'given_name' in userinfo: userobj.fullname = userinfo['given_name'] if 'family_name' in userinfo: userobj.fullname += ' ' + userinfo['family_name'] userobj.save() if 'nickname' in userinfo: userobj.name = userinfo['nickname'] try: userobj.save() except Exception as e: log.warning('Error while saving user name: %s' % e) session['user'] = userobj.id session.save() return redirect_to(org_url)