def test_alias_ko(self): from pyvac.models import Sudoer from pyvac.models import User user = User.by_login(self.session, u'jdoe') self.assertIsInstance(user, User) sudoers = Sudoer.alias(self.session, user) self.assertEqual(sudoers, [])
def test_alias(self): from pyvac.models import Sudoer from pyvac.models import User user = User.by_login(self.session, u'janedoe') self.assertIsInstance(user, User) sudoers = Sudoer.alias(self.session, user) self.assertEqual(len(sudoers), 1) sudoer = sudoers[0] self.assertIsInstance(sudoer, User)
def render(self): login_url = resource_url(self.request.context, self.request, 'login') referrer = self.request.url # never use the login form itself as came_from if referrer == login_url: referrer = '/' came_from = self.request.params.get('came_from', referrer) if came_from == '/': came_from = '/home' login = self.request.params.get('login', '') if 'submit' in self.request.params: password = self.request.params.get('password', '') if password: settings = self.request.registry.settings ldap = False if 'pyvac.use_ldap' in settings: ldap = asbool(settings.get('pyvac.use_ldap')) try: if login in self.blacklist_users: raise INVALID_CREDENTIALS user = User.by_credentials(self.session, login, password, ldap) if user is not None: log.info('login %r succeed' % user.login) headers = remember(self.request, user.login) # check for available users for sudo sudoers = Sudoer.alias(self.session, user) if sudoers: location = route_url('sudo', self.request) return HTTPFound(location=location, headers=headers) return HTTPFound(location=came_from, headers=headers) else: msg = 'Invalid credentials.' self.request.session.flash('error;%s' % msg) except SERVER_DOWN: msg = 'Cannot reach ldap server.' self.request.session.flash('error;%s' % msg) except INVALID_CREDENTIALS: msg = 'Invalid credentials.' self.request.session.flash('error;%s' % msg) except UnknownLdapUser: msg = 'Unknown ldap user %s' % login self.request.session.flash('error;%s' % msg) return { 'came_from': came_from, 'csrf_token': self.request.session.get_csrf_token(), }
def render(self): login_url = resource_url(self.request.context, self.request, "login") referrer = self.request.url # never use the login form itself as came_from if referrer == login_url: referrer = "/" came_from = self.request.params.get("came_from", referrer) if came_from == "/": came_from = "/home" login = self.request.params.get("login", "") if "submit" in self.request.params: password = self.request.params.get("password", u"") if password: settings = self.request.registry.settings ldap = False if "pyvac.use_ldap" in settings: ldap = asbool(settings.get("pyvac.use_ldap")) try: user = User.by_credentials(self.session, login, password, ldap) if user is not None: log.info("login %r succeed" % user.login) headers = remember(self.request, user.login) # check for available users for sudo sudoers = Sudoer.alias(self.session, user) if sudoers: location = route_url("sudo", self.request) return HTTPFound(location=location, headers=headers) return HTTPFound(location=came_from, headers=headers) else: msg = "Invalid credentials." self.request.session.flash("error;%s" % msg) except SERVER_DOWN: msg = "Cannot reach ldap server." self.request.session.flash("error;%s" % msg) except INVALID_CREDENTIALS: msg = "Invalid credentials." self.request.session.flash("error;%s" % msg) except UnknownLdapUser: msg = "Unknown ldap user %s" % login self.request.session.flash("error;%s" % msg) return {"came_from": came_from, "csrf_token": self.request.session.get_csrf_token()}