def __call__(self): cfg = authomatic_cfg() if cfg is None: return "Authomatic is not configured" if not ( ISiteRoot.providedBy(self.context) or INavigationRoot.providedBy(self.context) ): # callback url is expected on either navigationroot or site root # so bevor going on redirect root = api.portal.get_navigation_root(self.context) self.request.response.redirect( "{0}/authomatic-handler/{1}".format( root.absolute_url(), getattr(self, 'provider', '') ) ) return "redirecting" if not hasattr(self, 'provider'): return self.template() if self.provider not in cfg: return "Provider not supported" if not self.is_anon: if self.provider in self._provider_names: raise ValueError( 'Provider {0} is already connected to current ' 'user.'.format(self.provider) ) # TODO: some sort of CSRF check might be needed, so that # not an account got connected by CSRF. Research needed. pass auth = Authomatic( cfg, secret=authomatic_settings().secret.encode('utf8') ) result = auth.login( ZopeRequestAdapter(self), self.provider ) if not result: logger.info('return from view') # let authomatic do its work return if result.error: return result.error.message display = cfg[self.provider].get('display', {}) provider_name = display.get('title', self.provider) if not self.is_anon: # now we delegate to PAS plugin to add the identity self._add_identity(result, provider_name) self.request.response.redirect( "{0}".format(self.context.absolute_url()) ) else: # now we delegate to PAS plugin in order to login self._remember_identity(result, provider_name) self.request.response.redirect( "{0}/login_success".format(self.context.absolute_url()) ) return "redirecting"
def __call__(self): cfg = authomatic_cfg() if cfg is None: return "Authomatic is not configured" if not ( ISiteRoot.providedBy(self.context) or INavigationRoot.providedBy(self.context) ): # callback url is expected on either navigationroot or site root # so bevor going on redirect root = api.portal.get_navigation_root(self.context) self.request.response.redirect( "{0}/authomatic-handler/{1}".format( root.absolute_url(), getattr(self, 'provider', '') ) ) return "redirecting" if not hasattr(self, 'provider'): return self.template() if self.provider not in cfg: return "Provider not supported" if not self.is_anon: if self.provider in self._provider_names: raise ValueError( 'Provider {0} is already connected to current ' 'user.'.format(self.provider) ) # TODO: some sort of CSRF check might be needed, so that # not an account got connected by CSRF. Research needed. pass secret = authomatic_settings().secret if six.PY2 and isinstance(secret, six.text_type): secret = secret.encode('utf8') auth = Authomatic(cfg, secret=secret) result = auth.login(ZopeRequestAdapter(self), self.provider) if not result: logger.info('return from view') # let authomatic do its work return if result.error: return result.error.message display = cfg[self.provider].get('display', {}) provider_name = display.get('title', self.provider) if not self.is_anon: # now we delegate to PAS plugin to add the identity self._add_identity(result, provider_name) self.request.response.redirect( "{0}".format(self.context.absolute_url()) ) else: # now we delegate to PAS plugin in order to login self._remember_identity(result, provider_name) if api.env.plone_version() < '5.2': self.request.response.redirect( "{0}/login_success".format(self.context.absolute_url()) ) else: self.request.response.redirect(self.context.absolute_url()) return "redirecting"
def new_userid(plugin, result): settings = authomatic_settings() factory = queryUtility( IUserIDFactory, name=settings.userid_factory_name, default=UUID4UserIDFactory() ) return factory(plugin, result)
def __call__(self): cfg = authomatic_cfg() if cfg is None: return "Authomatic is not configured" if not (ISiteRoot.providedBy(self.context) or INavigationRoot.providedBy(self.context)): # callback url is expected on either navigationroot or site root # so bevor going on redirect root = api.portal.get_navigation_root(self.context) self.request.response.redirect("{}/authomatic-handler/{}".format( root.absolute_url(), getattr(self, "provider", ""))) return "redirecting" if not getattr(self, "provider", None): return self.template() if self.provider not in cfg: return "Provider not supported" if not self.is_anon: if self.provider in self._provider_names: logger.warn( "Provider %s is already connected to current " "user.", self.provider) return self._redirect() # TODO: some sort of CSRF check might be needed, so that # not an account got connected by CSRF. Research needed. pass secret = authomatic_settings().secret auth = Authomatic(cfg, secret=secret) result = auth.login(ZopeRequestAdapter(self), self.provider) if not result: logger.info("return from view") # let authomatic do its work return if result.error: return result.error.message display = cfg[self.provider].get("display", {}) provider_name = display.get("title", self.provider) if not self.is_anon: # now we delegate to PAS plugin to add the identity self._add_identity(result, provider_name) else: # now we delegate to PAS plugin in order to login self._remember_identity(result, provider_name) return self._redirect()
def get_auth(self) -> Authomatic: providers = self.providers secret = authomatic_settings().secret return Authomatic(providers, secret=secret)
def __call__(self): # callback url is expected on site root if not ISiteRoot.providedBy(self.context): root = api.portal.get() self.request.response.redirect("{0}/authomatic-handler/{1}".format( root.absolute_url(), getattr(self, 'provider', ''))) return "redirecting" self.authopas = authomatic_plugin() self.cfgs = authomatic_cfg() if self.cfgs is None: return "Authomatic is not configured" self.is_anon = api.user.is_anonymous() if not self.is_anon: self.user = api.user.get_current() self.user_providers = self.authopas._useridentities_by_userid.get( self.user.id).providers() # Validate provider if not hasattr(self, 'provider'): return self.template() if self.provider not in self.cfgs: return "Provider not supported" if not self.is_anon and self.provider in self.user_providers: action = self.request.form.get('action', None) if action == 'unlink': alsoProvides(self.request, IDisableCSRFProtection) self.authopas.remove_identity(self.user.id, self.provider) api.portal.show_message( _('Unlink account with {provider} provider', mapping={'provider': self.provider}), self.request) return self.template() #Any other action ? else: api.portal.show_message( _('Provider {provider} is already connected to current user', mapping={'provider': self.provider}), self.request) return self.template() # TODO: some sort of CSRF check might be needed, so that # not an account got connected by CSRF. Research needed. #Authomatic login auth = Authomatic(self.cfgs, secret=authomatic_settings().secret.encode('utf8')) result = auth.login(ZopeRequestAdapter(self), self.provider) if not result: logger.info('return from view') # let authomatic do its work return if result.error: return result.error.message # fetch provider specific user-data result.user.update() display = self.cfgs[self.provider].get('display', {}) provider_name = display.get('title', self.provider) if not self.is_anon: # now we delegate to PAS plugin to add the identity self._add_identity(result, provider_name) self.request.response.redirect("{0}".format( self.context.absolute_url())) else: # now we delegate to PAS plugin in order to login self._remember_identity(result, provider_name) redirect = self.cfgs[self.provider].get( 'redirect_url', "${portal_url}/login_success") redirect = redirect.replace("${portal_url}", api.portal.get().absolute_url()) self.request.response.redirect(redirect) return "redirecting"
def __call__(self): cfg = authomatic_cfg() if cfg is None: return "Authomatic is not configured" if not (ISiteRoot.providedBy(self.context) or INavigationRoot.providedBy(self.context)): # callback url is expected on either navigationroot or site root # so bevor going on redirect root = api.portal.get_navigation_root(self.context) self.request.response.redirect( "{0}/authomatic-handler/{1}{2}".format( root.absolute_url(), getattr(self, 'provider', ''), ('?' + self.request.QUERY_STRING if self.request.QUERY_STRING else ''))) return "redirecting" if not hasattr(self, 'provider'): return self.template() if self.provider not in cfg: return "Provider not supported" if not self.is_anon: if self.provider in self._provider_names: raise ValueError( 'Provider {0} is already connected to current ' 'user.'.format(self.provider)) # TODO: some sort of CSRF check might be needed, so that # not an account got connected by CSRF. Research needed. pass auth = Authomatic(cfg, secret=authomatic_settings().secret.encode('utf8')) additional_params = {} for key in ('came_from', 'next'): if key in self.request.form: additional_params[key] = self.request.form[key] # TODO: expire after 1800s (30m) # TODO: single cookie for next and came_from ? self.request.response.setCookie( 'authomatic_{0}'.format(key), self.request.form[key], http_only=True, path=api.portal.get().absolute_url_path()) del (self.request.form[key]) # TODO: expire cookie(s) after successful login, not here. elif self.request.cookies.get('authomatic_{0}'.format(key)): additional_params[key] = self.request.cookies.get( 'authomatic_{0}'.format(key)) self.request.response.expireCookie( 'authomatic_{0}'.format(key), path=api.portal.get().absolute_url_path()) result = auth.login(ZopeRequestAdapter(self), self.provider) if not result: logger.info('return from view') return if result.error: return result.error.message display = cfg[self.provider].get('display', {}) provider_name = display.get('title', self.provider) if not self.is_anon: # now we delegate to PAS plugin to add the identity logger.info('add_identity %s', additional_params) self._add_identity(result, provider_name) self.request.response.redirect( additional_params.get('came_from', self.context.absolute_url())) else: # now we delegate to PAS plugin in order to login logger.info('remember_identity %s', additional_params) self._remember_identity(result, provider_name) if additional_params: self.request.response.redirect("{0}/logged_in?{1}".format( self.context.absolute_url(), urlencode(additional_params))) else: self.request.response.redirect("{0}/login_success".format( self.context.absolute_url())) return "redirecting"